Terms & Conditions

TRANSPORTE FERROPORTUARIO DE COLOMBIA 

TRANSFERPORT S.A.S. 

DATA PRIVACY POLICY VIA WEB

1.     IDENTIFICATION OF THE RESPONSIBLE PARTY

2.    LEGAL BASIS AND SCOPE OF APPLICATION

The data privacy processing policy via web is developed in compliance with Articles 15 and 20 of the Political Constitution of Colombia; Articles 17(k) and 18(f) of Statutory Law 1581 of 2012, which establishes general provisions for the Protection of Data Privacy (hereinafter “LEPD”) and Article 13 of Decree 1377 of 2013, which partially regulates the mentioned Law.

 This policy (hereinafter the “Policy”) shall be applicable to all personal data recorded in databases that are subject to processing by the data controller.

Transporte Ferroportuario de Colombia – TRANSFERPORT S.A.S., through this Policy informs the Personal Data Holders about the rights they have, the channels, procedures and mechanisms available to exercise them, as well as the information of the person(s) or authorized person(s) within Transporte Ferroportuario de Colombia – TRANSFERPORT S.A.S., to deal with  claims and complaints, and to inform them about the scope and purpose of the Processing (as defined below) to which the Personal Data will be submitted in case the Holder grants its express, prior and informed authorization. 

3.     DEFINITIONS ESTABLISHED IN ARTICLE 3 OF LEPD AND ARTICLE 3 OF DECREE 1377 OF            2013

1. Authorization: Prior, express and informed consent of the holder, to carry out the processing of personal data.
2. Privacy Notice: Verbal or written communication generated by the responsible party, addressed to the holder, for the Processing of his Personal Data, by means of which he is informed about the existence of the information Processing policies that will be applicable, the way to access them, and the purposes of the Processing that is intended to be given to the Personal Data.
3. Databases: Organized set of personal data that are subject to processing.
4. Personal Data: Any information linked or that may be associated to one or several determined or determinable natural persons.
5. Public Data: Data that is not semi-private, private or sensitive. Public data includes, among others, data related to the marital status of individuals, their profession or trade, and their status as merchants or public servants. Due to their nature, public data may be contained, among others, in public records, public documents, official gazettes and bulletins and duly executed court rulings, which are not subject to confidentiality.
6. Data Processor: Natural or legal person, public or private, who by itself or in association with others, carries out the processing of Personal Data on behalf of the data controller.
7. Data Controller: Natural or legal person, public or private, that by itself or in 8. association with others, decides on the database and/or the processing of the data.
8. Data Subject: Natural person whose Personal Data is the object of processing.
9. Processing: Any operation or set of operations on Personal Data, such as collection, storage, use, circulation or deletion.
10. Transfer: The transfer of data takes place when the Controller and/or Processor of Personal Data, located in Colombia, sends the information or Personal Data to a recipient, which in turn is the Controller of the Processing and is located inside or outside the country.
11. Transmission: Processing of Personal Data involves the communication of such data within and outside the territory of the Republic of Colombia, when its purpose is the performance of a Processing by the processor, on behalf of the Controller.

4.       AUTHORIZATION OF THE PROCESSING POLICY

In accordance with article 9 of the LEPD, for the Processing of Personal Data, the prior and informed authorization of the owner is required. By accepting the present policy, any holder who provides information related to his Personal Data is approving the Processing of his data by Transporte Ferroportuario de Colombia – TRANSFERPORT S.A.S., under the terms and conditions included in it.

The holder’s authorization shall not be necessary when dealing with:

1. Information required by a public or administrative entity in the exercise of its legal functions or by court order.
2. Data of public nature.
3. Cases of medical or health emergency.
4. Processing of information authorized by law for historical, statistical or scientific purposes.
5. Data related to the Civil Registry of persons.

5.     PROCESSING AND PURPOSE OF THE DATABASE

Transporte Ferroportuario de Colombia – TRANSFERPORT S.A.S., in the development of its business activity, carries out the Processing of Personal Data, related to persons, which are contained and treated in Databases destined to legitimate purposes, complying with the constitution and the law.

The following table presents the purpose assigned to our database of third parties in the use of the website:

6.     NAVIGATION DATA

The navigation system and software necessary for the functioning of the website collect Personal Data whose transmission is implicit in the use of Internet communication protocols.

By their nature, the information collected could allow the identification of users through their association with data from third parties, although it is not obtained for this purpose. This category of data includes: (i) the IP address, (ii) the domain name of the computer used by the user to access the website, (iii) the URL address, (iv) the date and time, and other parameters related to the user’s operating system.

This data isused exclusively to obtain anonymous statistical information about the use of the website, control its technical functioning, and cancel it immediately after verification.

7.     COOKIES OR WEB BUGS

The website does not use cookies or web bugs to collect the user’s Personal Data, but their use is limited to facilitating the user’s access to the website. The use of session cookies, not permanently stored on the user’s computer, disappears when the browser is closed, limiting itself to collecting technical information to identify the session to facilitate secure and efficient access to the website. If you do not wish to allow the use of cookies, you can reject them or delete the existing ones by configuring your browser and disabling the browser’s JavaScript code in the security settings.

8.     PROCESSING OF PERSONAL DATA OF MINORS

Transporte Ferroportuario de Colombia – TRANSFERPORT S.A.S., will treat the Personal Data of a minor under 18 years old, if there is a previous and express consent of the persons who are empowered to represent them. In these cases, parents or legal guardians may change or revoke the Authorization as described in this Policy.

Additionally, the Processing of Personal Data of children and adolescents shall comply with the following parameters and requirements:

• Processing shall respond to and respect the best interests of children and adolescents.
• Respect for their fundamental rights shall be always ensured.
• The child or adolescent will be heard, and his or her opinion will be valued considering the maturity, autonomy and capacity to understand the matter.

9.     RIGHTS OF THE DATA SUBJECTS

According to Article 8 of the LEPD and Articles 21 and 22 of Decree 1377 of 2013, Data Subjects may exercise several rights concerning the Processing of their Personal Data. These rights may be exercised by the following persons:

1. By the Data Subject, who must sufficiently prove their identity by the different means made available by the responsible party.
2. By their successors, who must prove their status.
3. By the representative and/or proxy of the Data Subject, upon accreditation of the representation or power of attorney.
4. By stipulation in favor of another or for another.

The rights of the Data Subject are as follows:

1. 1. Right of Access or Consultation: The Data Subject’s right to be informed by the Data Controller, upon request, about the origin, use, and purpose given to their Personal Data.
   2. Rights of Complaints and Claims: The Law distinguishes four types of claims:
   • Correction Claim: The Data Subject’s right to have partial, inaccurate, incomplete, fragmented data updated, rectified, or modified, leading to error or those whose Processing is expressly prohibited or not authorized.
   • Deletion Claim: The Data Subject’s right to have inadequate, excessive data deleted or that does not respect constitutional and legal principles, rights, and guarantees.
   • Revocation Claim: The Data Subject’s right to invalidate the Authorization previously granted for the Processing of their Personal Data.
   • Infringement Claim: The Data Subject’s right to request the rectification of the non-compliance with the data protection regulations.
   3. Right to Request Proof of the Authorization Granted to the Data Controller: Except when expressly exempted as a requirement for the Processing under Article 10 of the LEPD.
   4. Right to File Complaints with the Superintendence of Industry and Commerce for Violations: The Data Subject or their successor may file this complaint only after the consultation or claim procedure has been exhausted with the Data Controller or Data Processor.

10.   ATTENTION TO DATA SUBJECTS

TRANSPORTE FERROPORTUARIO DE COLOMBIA – TRANSFERPORT S.A.S., with NIT. 900.519.515-5, will oversee the attention of requests, queries and claims to which the Data Subject may exercise his/her rights.

11. 

PROCEDURES TO EXERCISE THE RIGHTS OF THE DATA SUBJECT

• Right of Access and Consultation

According to Article 21 of Decree 1377 of 2013, the Data Subject may consult their Personal Data for free in two cases:

1. At least once every calendar month.
2. Whenever there are substantial changes in the information Processing policies that motivate new consultations.

 The Data Subject may exercise the right to access or consult his/her data by means of a written request addressed to TRANSPORTE FERROPORTUARIO DE COLOMBIA – TRANSFERPORT S.A.S., through any of the channels provided in accordance with the provisions of No. 9 of the Policy.

The request
shall be made in writing and shall contain the following information:

1. Name and surname of the Holder.
2. Photocopy of the Card Holder’s identity card, and, if applicable, of the person representing him/her, as well as the document proving such representation.
3. Request in which the request for access or consultation is specified.
4. Address for notifications, date and signature of the applicant.
5. Documents accrediting the request made, when applicable.

The request will be analyzed to verify the identification of the Holder. If the request is made by a person other than the Data Controller and it is not accredited that the person is acting on behalf of the Data Controller in accordance with the laws in force, the request will be rejected.

If the applicant has the capacity to formulate the consultation, in accordance with the accreditation criteria established in LEPD and Decree 1377 of 2013, TRANSPORTE FERROPORTUARIO DE COLOMBIA – TRANSFERPORT S.A.S., shall collect all the information about the Holder that is contained in the individual record of that person or that is linked to the identification of the Holder within the TRANSPORTE FERROPORTUARIO DE COLOMBIA – TRANSFERPORT S.A.S. Data Bases.

Once the request is received, TRANSPORTE FERROPORTUARIO DE COLOMBIA – TRANSFERPORT S.A.S. will resolve the consultation request within a maximum period of ten (10) business days from the date of receipt. When it is not possible to respond to the consultation within this period, the interested party will be informed of the reasons for the delay and the date when their consultation will be addressed, which in no case may exceed five (5) business days following the first term’s expiration.

These deadlines are set in Article 14 of the LEPD. Once the consultation process is exhausted, the Data Subject or their successor may file a complaint with the Superintendence of Industry and Commerce.

• Rights of Complaints and Claims

The Data Subject can exercise their rights to claim their data by sending a written request to TRANSPORTE FERROPORTUARIO DE COLOMBIA – TRANSFERPORT S.A.S. through any of the channels provided according to No. 9 of the Policy.

The request must contain the following information:

1. Name and surname of the Data Subject.
2. Photocopy of the Data Subject’s ID card and, where applicable, that of the person representing them, as well as the document proving such representation. A clear and precise description of the Personal Data for which the Data Subject seeks to exercise any rights, as well as the facts that give rise to the claim and the request specifying the update, correction, deletion, revocation, or infringement request.
3. Address for notifications, date, and signature of the applicant.
4. Supporting documents for the request, where applicable.

The request will be analyzed to verify the Data Subject’s identification. If the request is made by a person other than the Data Subject and it is not proven that the same acts on behalf of the Data Subject under current laws, the request will be rejected.

If the claim is incomplete, the interested party will be required within five (5) days of receiving the claim to correct the faults. If two (2) months have elapsed from the date of the request without the applicant submitting the required information, it will be understood that they have withdrawn the claim.

Once the complete claim is received, a legend that says, “claim in process” and the reason for it will be included in the database within a maximum term of two (2) business days. This legend must be maintained until the claim is resolved.

TRANSPORTE FERROPORTUARIO DE COLOMBIA – TRANSFERPORT S.A.S. will resolve the claim request within a maximum period of fifteen (15) business days from the date of receipt. When it is not possible to address the claim within this period, the interested party will be informed of the reasons for the delay and the date when their claim will be addressed, which in no case may exceed eight (8) business days following the first term’s expiration.

Once the claim process is exhausted, the Data Subject or their successor may file a complaint with the Superintendence of Industry and Commerce.

12. SECURITY MEASURES

TRANSPORTE FERROPORTUARIO DE COLOMBIA – TRANSFERPORT S.A.S., to comply with the security principle enshrined in Article 4(g) of the LEPD, has implemented the necessary technical, human, and administrative measures to ensure the security of the records, preventing their alteration, loss, consultation, unauthorized or fraudulent use or access.

In this regard, TRANSPORTE FERROPORTUARIO DE COLOMBIA – TRANSFERPORT S.A.S. has designed and implemented an Information Security Policy to ensure the confidentiality, integrity, and availability of the information owned or managed by the company in the ordinary course of its business. These measures will be applied without exception to all computer systems, electronic equipment, and physical accesses to ensure the confidentiality, integrity, and availability of the information against any threat that compromises or may eventually compromise, distort, or divert the use of the information for a purpose other than what it is available for.

Furthermore, TRANSPORTE FERROPORTUARIO DE COLOMBIA – TRANSFERPORT S.A.S. through the signing of the corresponding Transmission contracts has required the data processors it works with to implement the necessary security measures to ensure the security and confidentiality of the information in the Processing of Personal Data.

13. DATA TRANSFER TO THIRD COUNTRIES

According to Title VIII of the LEPD, the Transfer of Personal Data to countries that do not provide adequate levels of data protection is prohibited. A country is considered to provide an adequate level of data protection when it meets the standards set by the Superintendence of Industry and Commerce in this matter, which in no case may be lower than those required by law from its recipients. This prohibition will not apply when it concerns:

1. Information regarding which the Data Subject has given their express and unequivocal Authorization for the Transfer.
2. Exchange of medical data when required by the Data Subject’s Treatment for health or public hygiene reasons.
3. Bank or stock exchanges under the applicable legislation.
4. Transfers agreed upon within the framework of international treaties to which the Republic of Colombia is a party based on the principle of reciprocity.
5. Transfers necessary for the execution of a contract between the Data Subject and the Data Controller or for the execution of pre-contractual measures, provided the Data Subject’s Authorization is obtained.
6. Transfers are legally required for safeguarding public interest or for the recognition, exercise, or defense of a right in a judicial process.

In cases not covered as an exception, it will correspond to the Superintendence of Industry and Commerce to issue a compliance declaration related to the international Transfer of Personal Data. The Superintendent is authorized to request information and carry out procedures to establish compliance with the requirements necessary for the operation’s viability.

International transmissions of Personal Data carried out between a data controller and a data processor to allow the processor to carry out the Processing on behalf of the data controller will not need to be informed to the Data Subject nor require their consent, provided there is a Data Transmission contract.

14. VALIDITY

The Databases managed by TRANSPORTE FERROPORTUARIO DE COLOMBIA – TRANSFERPORT S.A.S. will be subject to Processing for the time that is reasonable and necessary for the purpose for which the data was collected. Once the purpose(s) of the Processing is fulfilled and notwithstanding legal provisions to the contrary, TRANSPORTE FERROPORTUARIO DE COLOMBIA – TRANSFERPORT S.A.S. will proceed to delete the Personal Data in its possession unless there is a legal or contractual obligation requiring its retention. Therefore, this database has been created without a defined period of validity.

15. MODIFICATIONS

This Policy may be modified by TRANSPORTE FERROPORTUARIO DE COLOMBIA – TRANSFERPORT S.A.S. as required without prior notice, provided that the modifications are not substantial. Otherwise, they will be communicated to the Data Subjects in advance.

16. FOOTER

Who We Are

Our Operation

Sustainability

News and Development

Work With Us

Contact Us

Corporate Policies

Compliance

Terms and Conditions and Privacy and Web Data Usage Policies

Calle 90 N° 19 – 41 – Piso 9 – Edificio Quantum Business Center Bogotá D.C. Colombia.

+(601) 3286540

informacion@transferport.co

Contact Us