Privacy Policy - Ihost
1. IDENTIFICATION OF THE DATA CONTROLLER
IHOST, hereinafter referred to as “THE COMPANY,” is a commercial entity with Tax ID (NIT) 9017798751. It was established by private document dated 7 de dicember de 2023.
“THE COMPANY” is headquartered in the city of Medellín and is located at Carrera 29D No. 6A – 05. It can be contacted via email at info@ihost.com.co or by phone at +57 324 4715902..
2. GENERAL INFORMATION
For “THE COMPANY,” the confidentiality and integrity of personal data are a priority. As the data controller, it establishes this policy in compliance with the Colombian Constitution, Statutory Law 1581 of 2012, Regulatory Decree 1273 of 2012, and other applicable regulations.
3. SCOPE OF APPLICATION
The Personal Data Processing Policy applies to all personal data collected from data subjects, recorded in databases, and processed by “THE COMPANY.” This includes data pertaining to employees, clients, suppliers, and others whose data is processed by “THE COMPANY.”
4. DEFINITIONS
- Authorization: Prior, express, and informed consent granted by the Data Subject to “THE COMPANY” to process their data.
- Privacy Notice: Verbal or written communication generated by “THE COMPANY” to inform the Data Subject about its Data Processing Policy, the applicable processing purposes, and how to access the policy.
- Database: An organized collection of Personal Data subject to processing by “THE COMPANY.”
- Personal Data: Any information associated with or that can be linked to one or several identified or identifiable natural persons.
- Sensitive Data: Data that affects the privacy of the Data Subject or misuse of which may lead to discrimination, such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, union membership, health, sexual life, and biometric data.
- Data Processor: A natural or legal person, public or private, that processes personal data on behalf of the Data Controller.
- Data Controller: A natural or legal person, public or private, that decides on the database and/or the processing of personal data.
- Terms and Conditions: General framework that establishes the conditions for participants in promotional or similar activities.
- Data Subject: The natural person whose personal data is processed.
- Processing: Any operation or set of operations performed on personal data, such as collection, storage, use, circulation, or deletion.
- Transfer: When the Data Controller and/or Processor in Colombia sends data to a recipient responsible for its processing, located either within or outside the country.
- Transmission: The communication of personal data within or outside Colombia for processing by a Processor acting on behalf of the Controller.
5. DATA PROCESSING AND ITS PURPOSE
Personal data collected by “THE COMPANY” will be stored and processed securely, with precautionary measures to prevent loss, misuse, unauthorized access, or fraudulent use. Data will only be processed for purposes authorized under this policy, including but not limited to:
- Developing “THE COMPANY’s” corporate purpose in accordance with its legal statutes.
- Complying with applicable tax and commercial regulations.
- Meeting Colombian labor and social security legal requirements.
- Conducting surveys related to services or products.
- Fulfilling contractual commitments.
- Advertising and marketing campaigns via email, SMS, MMS, social media, direct mail, or phone calls.
- Conducting market studies, credit analyses, and risk assessments.
- Partnering with third parties for commercial agreements or events.
- Sharing with third parties collaborating with “THE COMPANY.”
5.1 Processing of Children’s and Adolescents’ Data
Personal data of minors will be processed only if it respects their best interest and ensures their rights. The consent of the legal guardian will be required in such cases.
6. DATA SUBJECT RIGHTS
According to current data protection laws, Data Subjects have the right to:
- Know what personal data is processed by “THE COMPANY.”
- Update and correct their data if incomplete or incorrect.
- Revoke consent and request data deletion.
- File complaints with the relevant authority for irregularities in data processing.
- Access their personal data free of charge.
7. CONSENT
Authorization will be obtained in writing or verbally, with proof maintained.
8. RESPONSIBILITIES OF “THE COMPANY”
- Guarantee full and effective exercise of data subject rights.
- Inform data subjects about the purpose of data collection.
- Maintain data security.
- Process requests for data updates, corrections, or deletion.
9. PROCEDURES FOR HANDLING REQUESTS
Requests will be addressed within 10 business days. If incomplete, the Data Subject will have five additional days to provide missing information.
10. RESPONSIBLE AREA
The legal department will handle requests related to data rights.
11. INFORMATION SECURITY MEASURES
“THE COMPANY” will implement technical, human, and administrative measures to ensure data security.
12. EFFECTIVE DATE
This policy is effective as of January 1, 2025.