Privacy Policy

INTRODUCTION

DEXOR LLC, as the Data Controller, issues this document in order to comply with applicable data protection regulations and to define the framework for handling inquiries and complaints regarding the processing of personal data collected and managed in accordance with Law 1581 of 2012 and Regulatory Decree 1377 of 2013 (incorporated into Decree 1074 of 2015), Title V of the Single Circular of the Superintendence of Industry and Commerce, and other related and supplementary regulations.

The right to Habeas Data, as established by law, allows every person to know, update, and rectify the information collected about them in public or private files and databases. This right guarantees all citizens decision-making power and control over their personal information. In this sense, DEXOR LLC sets forth these policies, taking into account that, for the development of its business purpose, it continuously collects and processes personal data.

OBJECTIVE

In this policy, DEXOR LLC establishes the necessary guidelines to protect the Personal Data of Data Subjects, as well as the purpose of collecting such information. It sets the criteria for the collection, storage, use, and deletion of the Data Subjects’ data; their rights; the obligations of DEXOR LLC as the Data Controller; the channels for handling inquiries and complaints; the procedures for addressing them; and the validity period of the databases.

DATA CONTROLLER

DEXOR LLC is responsible for the processing of personal data. For matters related to personal data processing, you may contact us at:
Phone: 3053789020
Email: marketing@dexoringrill.com

DEFINITIONS

a) Authorization: Prior, express, and informed consent of the Data Subject to carry out the processing of personal data.
b) Database: An organized set of personal data that is subject to processing.
c) Personal Data: Any information linked to or that can be associated with one or more identified or identifiable natural persons.
d) Data Processor: A natural or legal person, public or private, that processes personal data on behalf of the Data Controller.
e) Data Controller: A natural or legal person, public or private, that decides on the database and/or the processing of data, either alone or jointly with others.
f) Data Subject: The natural person whose personal data is processed.
g) Processing: Any operation or set of operations performed on personal data, such as collection, storage, use, circulation, or deletion.

SCOPE

This policy applies to all personal data databases held by DEXOR LLC, including those held by Data Processors acting on behalf of DEXOR LLC, subject to the limitations and restrictions established by law, provided that the information is not public. This policy will also apply when DEXOR LLC acts as a Data Processor.

PURPOSE OF THE DATABASE AND DATA PROCESSING

By agreeing to provide and allow the processing of your data, such data will be processed under this policy by DEXOR LLC, its affiliates, entities in which it holds an interest, entities with which it may merge or integrate (regardless of legal form), and any entities created as a result of a split or reorganization. In the course of its activities and relationships with third parties—including users, employees, suppliers, creditors, among others—DEXOR LLC constantly collects data for various purposes and uses.

By granting your authorization, in addition to the purposes expressly indicated in the corresponding authorization, you authorize DEXOR LLC to collect, store, use, share, update, and process the personal information and data provided in forms and any additional information subsequently requested, which will be used for the purposes indicated in the privacy notice and for the following purposes:

  1. Establish communication channels with Data Subjects and send newsletters and commercial and institutional information.

  2. Comply with legal and/or contractual obligations related to the development of DEXOR LLC’s business activities.

  3. Handle and process requests, complaints, and claims.

  4. Store information in inactive files when there is a legal duty to retain it after the completion of the activities or relationships that give rise to the processing, in accordance with applicable laws.

  5. Adopt control and security measures over DEXOR LLC’s facilities, property, or assets.

  6. Transfer personal data nationally and internationally to individuals or entities that are strategic partners of DEXOR LLC, or with whom DEXOR LLC has entered into or may enter into collaboration or partnership agreements.

  7. Conduct recruitment, promotion, employee welfare, payroll, performance and competency management, onboarding, training, education, occupational health and safety, and environmental processes.

  8. Carry out training and education programs.

  9. Issue and validate employment and/or commercial references.

  10. Provide personal information necessary to execute DEXOR LLC’s contractual relationships with third parties.

  11. Transfer employees’ personal data to pension funds and similar entities that link or provide services to DEXOR LLC employees.

  12. Implement access control measures for entry to and exit from DEXOR LLC facilities.

  13. Ensure the safety of persons and property of individuals who enter DEXOR LLC facilities.

  14. Ensure the security of DEXOR LLC facilities.

  15. Evaluate the quality of services and products provided or received, as applicable.

  16. Monitor compliance with obligations by customers or suppliers, as applicable.

  17. Use as an analysis element to establish and/or maintain contractual relationships.

  18. Use as an analysis element to assess risks derived from existing contractual relationships.

  19. Use as an analysis element for market studies or commercial or statistical research.

  20. Create “users” when necessary for the operation of applications or similar systems.

  21. Carry out marketing and advertising activities related to DEXOR LLC’s business purpose, as well as other programs and events organized by DEXOR LLC or in which DEXOR LLC has an interest.

PROCESSING OF SENSITIVE PERSONAL DATA

Under Law 1581 of 2012, sensitive personal data includes data that affects the Data Subject’s privacy or whose improper use may lead to discrimination, such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, membership in unions or social/human rights organizations, or data concerning health, sex life, and biometric data. Data relating to minors is also included.

DEXOR LLC may process data of this nature in the context of relationships with its employees and/or candidates in recruitment processes, especially health-related data, and may also process biometric data when implementing security measures in access control systems. In all cases, special security measures will be adopted. When authorization is requested for processing sensitive data, the Data Subject will be informed of the purposes for which it will be processed and will be informed that they may refuse to answer questions regarding sensitive data or data related to children and adolescents.

PROCESSING OF MINORS’ DATA

DEXOR LLC aims not to collect information from minors in the course of its business activities. If you are under 18, your data may only be included in our databases with the express consent of your legal guardian.

If personal data of minors is provided to us, it will be subject to the following rules: The processing of personal data of children and adolescents is prohibited, except when the data is public in nature, as provided in Article 7 of Law 1581 of 2012, and when such processing meets these requirements:

  1. It responds to and respects the best interests of children and adolescents.

  2. It ensures respect for their fundamental rights.

Once these requirements are met, the child’s legal guardian will grant authorization after the minor has exercised their right to be heard. The opinion will be assessed based on maturity, autonomy, and ability to understand the matter. In accordance with the Colombian Constitutional Court, minors’ personal data may be processed provided their fundamental rights are not put at risk and the processing clearly responds to their best interests. Any collection and use of minors’ data registered in DEXOR LLC databases requires the express authorization of the legal guardian, who will be enabled to exercise the rights of access, cancellation, rectification, and objection on behalf of their dependents.

All controllers and processors involved in the processing of minors’ data must ensure proper use, applying the principles and obligations set forth in Law 1581 of 2012 and its regulatory decree. Families and society must ensure that those responsible for processing minors’ data comply with the obligations established by law and regulation. Accordingly, DEXOR LLC will only process minors’ data after respecting the stated principles and ensuring that the minors’ best interests are protected.

RIGHTS OF DATA SUBJECTS

Any processing of personal data by any area of the company—whether of users, suppliers, employees, or any third party with whom DEXOR LLC maintains commercial, labor, or other relationships—must consider the rights of the Data Subject, which include:

a) To know, update, rectify, and consult their personal data at any time before DEXOR LLC or Data Processors. This right may be exercised, among others, with respect to partial, inaccurate, incomplete, fragmented data, data that may cause error, or data whose processing is expressly prohibited or not authorized.
b) To request proof of the authorization granted to DEXOR LLC, except where expressly exempted by law.
c) To be informed, upon request, by DEXOR LLC or the Data Processor about the use that has been given to their data.
d) To file complaints with the competent authority for infringements of the law and related regulations, to enforce their Habeas Data rights.
e) To revoke authorization and/or request deletion of the data, provided there is no contractual or legal duty that prevents deletion.
f) To request correction and/or updating of their data.
g) To access, free of charge, the personal data that has been processed, for which the company securely retains and archives authorization formats.
h) To refrain from answering questions about sensitive data. Answers regarding sensitive data or minors’ data are optional.

OBLIGATIONS OF DEXOR LLC

DEXOR LLC recognizes that personal data belongs to the Data Subjects and that only they may decide over it. Accordingly, DEXOR LLC will use such data exclusively for the purposes for which it is authorized under law and assumes the following duties as Data Controller:

a) Guarantee the Data Subject full and effective exercise of their rights at all times.
b) Obtain the Data Subject’s express authorization for processing and keep a copy of such authorization.
c) Clearly and expressly inform users, employees, suppliers, and third parties about the processing to which their data will be subject, its purpose, and their rights.
d) Inform Data Subjects, in each case, of the optional nature of providing requested information.
e) Inform Data Subjects of their rights whenever data is collected.
f) Keep information under adequate security conditions to prevent alteration, loss, unauthorized consultation, use, or access, or fraudulent access.
g) Provide the identification, physical or electronic address, and phone number of the person or area responsible for processing.
h) Ensure the Data Subject’s full and effective exercise of Habeas Data and petition rights, including the ability to know what information exists about them, request updating/correction, and submit inquiries, through the mechanisms established herein.
i) Securely preserve personal data records and periodically update/rectify data when Data Subjects report changes or requests.
j) Ensure that information provided to the Data Processor is truthful, complete, accurate, updated, verifiable, and understandable.
k) Update information and promptly communicate to the Data Processor all changes regarding previously provided data.
l) Rectify incorrect information and communicate the correction to the Data Processor.
m) Provide the Data Processor, as applicable, only data whose processing has been authorized.
n) Require the Data Processor at all times to respect the security and privacy conditions of the Data Subject’s information.
o) Process inquiries, claims, and requests under the terms established by law or this manual.
p) Adopt an internal manual of policies and procedures to ensure compliance with Law 1581 of 2012, especially for handling inquiries, claims, and requests.
q) Inform the Data Processor when information is under dispute by the Data Subject, once a request has been submitted and the process has not concluded.
r) Inform the Data Subject, upon request, about the use given to their data.
s) Inform the data protection authority when security breaches occur and risks arise in the management of Data Subjects’ information.
t) Comply with instructions and requirements issued by the Superintendence of Industry and Commerce.

AUTHORIZATION

Processing of personal data by DEXOR LLC requires the Data Subject’s prior, informed, and express authorization, which may be obtained by any verbal (with record), written, physical, or electronic means that may be subsequently consulted, without prejudice to legal exceptions. DEXOR LLC will keep appropriate proof of authorization, respecting confidentiality and privacy principles.

a) Data collected by DEXOR LLC
DEXOR LLC retains copies of authorizations issued by the Data Subject and communications sent under Article 10 of Decree 1377 of 2013 regarding collected data.
b) Data provided by third parties
In addition to data collected directly from the Data Subject, DEXOR LLC may obtain personal data from third-party databases, where such third parties have previously obtained authorization from Data Subjects.

Any changes to these policies or to the way personal information is used will be announced and published through a notice prior to applying the new conditions, and all modified terms will take effect automatically five (5) days after the notice appears on our website.

CASES IN WHICH DEXOR LLC DOES NOT REQUIRE AUTHORIZATION

  • When information is requested from DEXOR LLC by a public or administrative entity acting within its legal functions or by court order.

  • When the data is public in nature, as such data is not protected by the scope of the regulation.

  • In cases of duly verified medical or sanitary emergencies.

  • When information is authorized by law for historical, statistical, or scientific purposes.

  • When the data relates to civil registration of persons or is contained in public records, as such information is not considered private.

REQUESTS, INQUIRIES, AND CLAIMS

AREA RESPONSIBLE FOR HANDLING REQUESTS, INQUIRIES, AND CLAIMS

If you wish to be removed from our databases, you must state so directly, expressly, unequivocally, and in writing by emailing marketing@dexoringrill.com or by calling 3053789020. If you do not express your wish to be removed, DEXOR LLC will be authorized to continue processing your data in accordance with Decree 1377 of 2013.

COMMON ASPECTS OF REQUESTS, INQUIRIES, AND CLAIMS:

Requests, inquiries, and claims submitted by Data Subjects whose data is processed by DEXOR LLC, to exercise rights to know, update, rectify, delete data, or revoke authorization, must be submitted through the channels indicated above. Once received, the inquiry or claim will be recorded with the date and time of receipt, and the response terms and procedures established by Law 1581 of 2012 will apply, as indicated below.

In all cases, the request to exercise any of the aforementioned rights must contain, at minimum, the following information:

  1. Full name and surname of the requester and the Data Subject.

  2. Contact information, including physical and electronic address and telephone numbers, if possible.

  3. Means to receive the response or notification address.

  4. Facts giving rise to the request.

  5. The right you wish to exercise (consultation, deletion, update, proof of authorization, rectification, etc.).

  6. Signature and identification number.

  • If the request is incomplete, the interested party will be required within five (5) days of receipt to correct the missing requirements. If two (2) months pass from the date of the request without the required information being provided, the request will be considered withdrawn.

  • If the recipient of the request is not competent to resolve it, it will be forwarded to the appropriate party within a maximum of two (2) business days and the interested party will be informed.

  • Once a complete claim is received, a note stating “Claim in Process” and the reason for it will be included in the database within no more than five (5) business days. This note will remain until the request is decided.

  • Please note that to approach the Superintendence of Industry and Commerce, Data Subjects must first exhaust the inquiry and/or claim process before DEXOR LLC.

Handling of Inquiries:
The maximum term to respond is ten (10) business days, counted from the day following receipt. If it is not possible to respond within that term, the interested party will be informed of the reasons for the delay and the date on which the request will be answered, which may not exceed five (5) additional business days.

Handling of Claims:
The maximum term to respond is fifteen (15) business days, counted from the day following receipt. If it is not possible to respond within that term, the interested party will be informed of the reasons for the delay and the date on which the request will be answered, which may not exceed eight (8) additional business days.

Response:
Responses to requests, inquiries, or claims will be provided within the terms indicated, in writing, to the physical or email address provided by the requester. If both a physical and email address (or more than one address) is provided, DEXOR LLC may choose which one to use, and the obligation will be deemed fulfilled by sending the response to any of them.

AUTHORIZED PARTIES FOR INQUIRIES/CLAIMS AND DISCLOSURE OF DATA

  • Data Subjects, their heirs, or representatives, at any time and through any means upon request to DEXOR LLC.

  • Judicial or administrative authorities acting in the exercise of their functions that require the information.

  • Third parties authorized by law.

  • Third parties expressly authorized by the Data Subject, provided such authorization is delivered to DEXOR LLC.

DATABASE RETENTION PERIOD

Personal data provided will be retained unless deletion is requested by the Data Subject (unless a legal duty exists to retain the data). DEXOR LLC databases will remain valid indefinitely, as processing will be necessary as long as DEXOR LLC exists and carries out its business purpose; in any case, such term will not be less than fifty (50) years.

This version of the policy is effective as of its publication date and fully replaces any prior data processing policy. It will remain in effect indefinitely for as long as DEXOR LLC carries out the activities described herein and such activities correspond to the processing purposes set forth in this policy. Any modification to this policy will be published in the same manner as the initial policy.

MECHANISMS FOR PROTECTING AND ENSURING THE PRIVACY OF YOUR PERSONAL INFORMATION

DEXOR LLC commits to keeping information and its content strictly confidential and stored on servers that meet the necessary security standards to prevent alteration, loss, unauthorized consultation, use, access, or fraudulent access, and to guarantee the exercise of Habeas Data rights. As a customer or supplier of DEXOR LLC, you will always have the rights to access, rectify, and delete your personal data, as well as other rights recognized by law, as described above.

All information stored by DEXOR LLC is managed with absolute confidentiality and in accordance with applicable regulations, applying all necessary security measures.