Padiplast SAS, in compliance with the provisions of Statutory Law 1581 of 2012 and its Regulatory Decree 1377 of 2013, adopts this Policy for the processing of personal data, which will be informed to all owners of the data collected or that in the future They will be obtained in the exercise of commercial or work activities.

In this way, Padiplast SAS states that it guarantees the rights of privacy, intimacy, good name and autonomy, in the processing of personal data; and consequently all its actions will be governed by the principles of legality, purpose, freedom, truthfulness or quality, transparency, security and confidentiality.

All people who, in the development of different commercial, labor, contractual activities, among others, whether permanent or occasional, who will provide Padiplast SAS with any type of information or personal data, will be able to know, update and rectify it.

To comply with this policy, Padiplast SAS will have the human, technical, physical and financial resources at its disposal.

I. IDENTIFICATION OF THE RESPONSIBLE FOR THE TREATMENT

COMPANY NAME: PADIPLAST SAS, identified with NIT 900.047.662-3 with registration of the Bogotá Chamber of Commerce N. 01535752 of September 30, 2005, its legal representative LUIS FERNANDO PADILLA OCHICA identified with Citizenship Card N. 79,554. 812 of Bogotá; Its main address is 162 Street # 16C-42 in the city of Bogotá.

Your email: customerservice@padiplast.com

Contact telephone numbers: (601) 672 4732

II. LEGAL FRAMEWORK

Political Constitution of Colombia, art. fifteen
Law 1266 of 2008
Law 1581 of 2012
Regulatory Decrees 1727 of 2009 and 2952 of 2010
Partial Regulatory Decree 1377 of 2013
Sentences C – 1011 of 2008 and C-748 of 2011 of the Constitutional Court

III. AREA OF APPLICATION

This policy will be applicable to personal data registered in our database and whose owners are natural and legal persons with whom PADIPLAST SAS has an employment, commercial, contractual relationship, among others.

IV. DEFINITIONS

For the purposes of this policy and in accordance with current regulations on the protection of personal data, the following definitions will be taken into account1:

Authorization: prior, express and informed consent of the Owner to carry out the processing of personal data.

Privacy notice: Verbal or written communication generated by the person responsible, addressed to the Owner for the processing of their personal data, through which they are informed about the existence of the information processing policies that will be applicable to them, the way to access to them and the purposes of the treatment that is intended to be given to personal data.

Database: organized set of personal data that is subject to processing.

Incumbent: Person who has succeeded another due to the latter’s death (heir).

Personal Data: Any information linked or that can be associated with one or several specific or determinable natural persons.

Public data: is data that is not semi-private, private or sensitive. Without being considered public data, among others, data relating to the marital status of people, their profession or trade and their status as a merchant or public servant. Due to its nature, the data may be contained, among others, in public records, public documents, official gazettes and bulletins, and duly executed court rulings that are not reserved.

Sensitive data: Sensitive data is understood to be data that affects the privacy of the Owner or whose improper use may lead to discrimination, such as revealing racial or ethnic origin, political orientation, religious or philosophical convictions,

membership in unions, social organizations, human rights organizations or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data related to health, sexual life, and biometric data.

Data Processor: Natural or legal person, public or private, who, by themselves or in association with others, carries out the Processing of personal data on behalf of the Data Controller.

Data Controller: Natural or legal person, public or private, who alone or in association with others, decides on the database and/or the processing of data.

Owner: Natural person whose personal data is processed.

Processing: Any operation or set of operations on personal data, such as collection, storage, use, circulation or deletion.

Transfer: The transfer of data takes place when the person responsible and/or in charge of the