Privacy policy and authorization for the treatment of your personal information

The company MINKA COLOMBIA S.A.S., domiciled in the city of Bogotá D.C., and identified with NIT 901.047.009-7 (after this, the "Company" or "MINKA"), complying with the regulations contained in Statutory Law 1581 of 2012, Decree 1074 of 2015 and the other concordant regulations, by which general provisions are issued for the protection of personal data, in its capacity as Responsible for the Treatment of Personal Data, it is allowed to make known this Policy of Privacy and Protection of Personal Data (hereinafter the "Policy") to regulate the collection, storage, treatment, administration, transfer, transmission, protection, and deletion of information received from the owners of personal data or third parties through the different channels of data collection that it has arranged in the development of its activities.

1. Definitions:

For the purposes of this Policy, the words defined below will have the meaning assigned in this chapter, whether or not they are written in capital letters or whether they are in the plural or singular.

i) Authorization: Prior, express, and informed consent of the Holder to carry out the Processing of Personal Data.

ii) Database: Organized set of Personal Data that is subject to Treatment.

iii) Personal Data: Any information linked to or that may be associated with one or more determined or determinable natural persons.

iv) Sensitive Data: Sensitive data is understood to be those that affect the privacy of the Holder or whose improper use may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership of unions, social, human rights organizations or that promote the interests of any political party or that guarantee the rights and warrants of opposition political parties as well as data related to health, sexual life and biometric data, among others.

v) Person in charge of the Treatment: Natural or legal person, public or private, that by itself or in association with others, carries out the Treatment of Personal Data on behalf of the person in charge of the Treatment of Personal Data.

vi) Responsible for Treatment: Natural or legal person, public or private, that by itself or in association with others, decides on the database and/or the Treatment of the data. For the purposes of this Policy, the Responsible Party will be the Company.

vii) Holder: Natural person whose personal data is subject to Treatment.

viii) Treatment: Any operation or set of operations on Personal Data, such as collection, storage, use, circulation, or deletion.

II. Authorization to carry out the Processing of Personal Data:

Given that the Policy is available to anyone who wishes to consult it, it is established that the Processing of Personal Data carried out by the Company will have the free, prior, express, and informed consent of the Holder of said data and will be previously authorized. when indicated by means of a physical, electronic document or any other format, or by any other unequivocal conduct such as the mere fact of supplying your Personal Data, on your behalf or through an interposed person, either i) directly to the Company or ii) to third parties who in turn have the authorization to transfer or transmit them to other people. If the Holder wants his Personal Data to be deleted from the Company's Databases, he must expressly state it from the moment in which he has provided his Personal Data or becomes aware of this Policy to the email admin@minka.io

III. Responsible for Treatment:

The legal person responsible for processing personal data and therefore of the database in which they are located is MINKA COLOMBIA S.A.S., a legally constituted company, identified with 901.047.009-7, with the primary address in the city of Bogota DC, Colombia.

Telephone: 350 538 9480

Email: admin@minka.io

IV. Treatment of Personal Data:

The Company, in its capacity as duly authorized Data Controller, and any Data Processor designated by it, may perform the processing of the Personal Data provided, which includes the collection, storage, processing, use, updating, circulation, administration, transfer, transfer, transmission, protection and deletion of the same.

Likewise, it is highlighted that the Company may, among others:

a) Appoint one or more Persons in Charge of the Treatment of Personal Data;

b) Transfer and/or transmit the Personal Data subject to Treatment to the companies that are part of its business group, that is, to parent companies, affiliates, or subsidiaries, as well as to any other third party, inside or outside the national territory, either they are legal or natural persons, national or foreign, even when in the country of location of the receiver there are no regulations that establish a data protection standard similar to those in force in the national territory;

c) Provide said Personal Data to agents, subcontractors, and other third parties to achieve the purposes listed in the following section, and

d) Reveal the information when required by the authorities duly empowered by administrative or judicial order.

V. Purposes of the Treatment of Personal Data:

The Company will carry out the Processing of Personal Data for the following specific purposes:

a) Perform basic administrative management tasks.

b) Provide services and products required and comply with the other obligations contracted with the Holder.

c) Execute and fulfill the contracts signed with its clients, suppliers, and workers, including the payment of contractual obligations.

d) Evaluate the quality of the Company’s services.

e) Develop marketing or promotional activities.

f) Develop the selection, evaluation, and employment process.

g) Carry out the necessary activities to manage the requests, complaints, and claims presented by customers, users, and/or third parties, and direct them to the areas responsible for issuing the corresponding responses.

h) Respond to legal requirements of administrative and judicial entities.

i) Support external or internal audit processes.

j) The control and prevention of fraud, money laundering, and the financing of terrorism.

k) The development of marketing activities, research and market analysis, or any other commercial activity permitted by Colombian law.

l) Consult and access the Holder’s information (private, semi-private, sensitive, or reserved) in different databases or Public or Private Entities, whether in Colombia, abroad, or internationally.

m) Consult the Holder’s information in Financial Information Centers and report information to these databases when there is merit to do so with full legal requirements for that purpose.

n) In general, to carry out the Treatment directly, as this term is defined in Law 1581 of 2012, through a treatment manager, located in Colombia or in any other country to whom the Holder’s data will be provided through international or national transmission or transfers, as the case may be.

VI. Rights of the Holders of Personal Data:

The rights that assist the Owners of Personal Data are:

a) Know, update and rectify the personal data in front of the Persons Responsible for the Treatment of Persons in Charge of the Treatment. This right may be exercised, among others, against partial, inaccurate, incomplete, fragmented, misleading data, or those whose Treatment is expressly prohibited or has not been authorized;

b) Request proof of the authorization granted to the Treatment Manager except when expressly excepted as a requirement for Treatment, in accordance with the provisions of article 10 of Law 1582 of 2012;

c) Be informed by the Treatment Manager or the Treatment Manager, upon request, regarding the use that has been given to personal data;

d) Submit complaints to the Superintendence of Industry and Commerce for violations of the provisions of Law 1581 of 2012 and other regulations that modify, add or complement it;

e) Revoke the authorization and/or request the deletion of the data when the principles, rights, and constitutional and legal guarantees are not respected in the Treatment. The revocation and/or suppression will proceed when the Superintendence of Industry and Commerce has determined that in the Treatment the Responsible or Person in Charge has incurred conduct contrary to the law and the Constitution;

f) Free access to your personal data that has been subject to Treatment.

In turn, the Holder agrees to provide true, truthful, exact, authentic, and in force and is responsible for the content of the same and the damages it causes to The company or third parties.

VII. Security measures for the Protection of Personal Data:

The Company will adopt the security techniques that are necessary to provide security to the records avoiding their adulteration, loss, consultation, use, or unauthorized or fraudulent access. Said measures will respond to the minimum requirements made by current legislation and their effectiveness will be periodically evaluated. However, the Company will not be liable in the event of a violation of its security systems when there is a force majeure or fortuitous event.

The Company does not assume any responsibility for damages of any nature that may arise from the presence of viruses or the presence of other harmful elements in the services provided by third parties that may cause alterations in the computer system, electronic documents, or files of the user.

VIII. Area responsible for the Processing of Personal Data:

The Administration and Finance area will be in charge of handling requests, queries, and claims before which the Holder of the information may exercise their rights and therefore know, update, modify, rectify, correct or delete the information provided at any time and for this purpose you must send an email with your request to admin@minka.io or call 350 538 9480.

IX. Procedure for Personal Data Owners to exercise their rights:

The Owner of the data may know, update, rectify and delete the information provided and may also exercise their right to revoke the authorization provided for their treatment by sending the respective request

X. Personal Data of Minors:

The Company does not accept or process Personal Data of children under eighteen years of age since the services offered are reserved for those who have the legal capacity to contract. Therefore, minors must refrain from contracting the services.

XI. Modifications to the Policy:

The Company may modify or amend this Policy at its discretion. When modifications or changes are made to it, the date of the same will be updated, and that modification or amendment will be effective as of the updated date. It is recommended to periodically review this Policy to be informed about the modifications that may occur.

XII. Policy Validity:

This Policy will become effective as of February 1, 2022. Both the Policy and the Databases containing the information provided may remain in force for the duration of the company MINKA COLOMBIA S.A.S. without prejudice to the fact that this policy may be modified at any time and unilaterally by the Company.