|CHEF BURGER COMPANY S.A.S.
|Carrera 43 No. 25ª – 127 Medellín
Article 1. With the aim of complying with current legislation on data protection, especially Law 1581 of 2012 (and other regulations that modify, add, complement or develop it) and Decree 1377 of 2013, below the company allows you to be made aware of the relevant aspects in relation to the collection, use and transfer that CHEF BURGER COMPANY S.A.S. makes your personal data, by virtue of the authorization granted by you to advance said treatment.
In accordance with the provisions of our Political Constitution in its article 15 and the applicable legislation (Law 1266 of 2008, Law 1581 of 2012, Decree 1377 of 2013 and all those regulations that regulate, add, repeal or modify), the company
A strong and clear privacy and personal data protection policy has been proposed, this is how we do not obtain personal information from third parties that have a commercial or legal relationship with CHEF BURGER COMPANY S.A.S., including Clients, Employees or Suppliers, unless they allow themselves to voluntarily supply through their prior, express and qualified consent each and every one of the data exposed to the company.
On the other hand, it is reiterated that this Privacy and Personal Data Treatment policy is prepared in accordance with the provisions of the Political Constitution, Law 1581 of 2012, Regulatory Decree 1377 of 2013 and other complementary provisions; and that it will be applied to all Databases and/or Files that contain Personal Data and that are subject to Treatment by CHEF BURGER COMPANY S.A.S., that is, it will be applied in the exercise of actions of collection, storage, use, circulation, deletion and all other activities that constitute personal data processing.
Article 2. The processing of personal data in CHEF BURGER COMPANY S.A.S. will
be governed by the following principles:
SINGLE PARAGRAPH: In accordance with the provision contained in article 6 of Law 1581 of 2012, the processing of sensitive data is prohibited, therefore, the Owner may refuse to authorize its Treatment, and it will only be allowed in the application of the exceptions raised by the same standard and developed by the treatment policies presented here.
Article 3. For the purposes of executing this policy and in accordance with legal regulations, the following definitions will apply:
Article 4. CONTENT OF DATABASES. In the databases of CHEF BURGER COMPANY S.A.S. general information such as full name, number and type of identification, gender and contact information (email, physical address,
telephone and celphone). In addition to these, and depending on the nature of the database, CHEF BURGER COMPANY S.A.S. may have specific data required for the treatment to which the data will be submitted. The databases of employees and contractors include, in addition to information on employment and academic history, sensitive data required by the nature of the employment relationship (photograph, conformation of the family group, biometric data). Sensitive information may be stored in the databases with the prior authorization of its owner, in compliance with the provisions of articles 5 and 7 of Law 1581 of 2012.
Article 5. SENSITIVE DATA. CHEF BURGER COMPANY S.A.S. will restrict the processing of sensitive personal data to what is strictly essential, and will request prior and express consent from the owners, informing them of the exclusive purpose of their processing, except when:
SINGLE PARAGRAPH: CHEF BURGER COMPANY S.A.S. meets the following
Obligations: a) inform the owner about which data subject to treatment are of
sensitive nature, the purpose of the treatment, and obtain the express consent of the
headline; b) inform the owner that because it is sensitive data, he is not obliged to
authorize its treatment, c) inform the holder explicitly and clearly the requirements
for the authorization of the collection of any sensitive data; d) not condition,
except legal mandate, no activity to which the owner provides personal data
Article 6. RIGHTS OF CHILDREN, GIRLS AND ADOLESCENTS: In harvesting, use
and treatment of personal data, respect for the rights will be ensured
prevalent among children and adolescents. Data processing is prohibited
personal data of children and adolescents, except for those data that are of an
public, and in this case the treatment must comply with the following parameters:
SINGLE PARAGRAPH: Once the above requirements have been met, the legal representative or guardian
of the boy, girl or adolescent will grant the respective authorization, estimating the
opinions of the minor based on the maturity, autonomy and capacity that he demonstrates to
understand the matter. The person in charge and manager involved in data processing
personnel must ensure their proper use.
The Political Constitution of Colombia provides in its articles 44 and 45 and in the code of the
childhood and adolescence, that the rights of minors must be interpreted and applied in a prevailing manner, therefore, they must be observed with special
Those obliged to execute and materialize the provisions contained in this policy
should keep in mind that CHEF BURGER COMPANY S.A.S. is required to comply with
duties imposed in this regard by law. Consequently, it is necessary to comply with the
Article 7. Duties when acting as responsible:
Article 8. Duties when working as Personal Data Processor.
If you process data on behalf of another entity or organization
(Responsible for the treatment) must comply with the following duties:
a) Establish that
the Data Controller is authorized to provide the personal data
who will treat as Manager
b) Guarantee the owner, at all times, the full and effective
exercise of the right of habeas data.
c) Keep the information under the conditions
necessary security measures to prevent their adulteration, loss, consultation, use or access
unauthorized or fraudulent.
d) Timely update, rectify or
e) Update the information reported by those Responsible for the
treatment within five (5) business days from receipt.
f) Process the queries and claims made by the owners in the terms
indicated in this policy.
g) Register in the database the legend “claim
pending” in the manner established in this policy.
h) Insert into the base
of data the legend “information in judicial discussion” once notified by
the competent authority on judicial processes related to the quality of the personal
i) Refrain from circulating information that is being controversial by the
owner and whose blocking has been ordered by the Superintendence of Industry and
j) Allow access to information only to authorized persons
by the owner or empowered by law for that purpose.
k) Inform the Superintendency
of Industry and Commerce when there are violations of security codes and
there are risks in the administration of the information of the holders.
l) Comply with the
instructions and requirements issued by the Superintendence of Industry and
Article 9. Duties when carrying out the treatment through a Manager:
a) Provide the person in charge of the treatment only the personal data whose
treatment is previously authorized. For purposes of national transmission or
international data, a data transmission contract must be signed
personal information or agree to contractual clauses as established in article 25 of the
decree 1377 of 2013.
b) Guarantee that the information provided to the Processor
of the treatment is true, complete, exact, updated, verifiable and understandable.
c) Communicate in a timely manner to the person in charge of the treatment all the news
regarding the data that you have previously provided and adopt the other
necessary measures so that the information provided to it is maintained
d) Inform in a timely manner to the person in charge of the treatment the
rectifications made on the personal data so that it proceeds to carry out the
e) Demand from the person in charge of the treatment, at all times, the respect
to the security and privacy conditions of the owner’s information.
f) Inform the
Person in charge of the treatment when certain information is under discussion
by the holder, once the claim has been submitted and the
Article 10. Duties regarding the Superintendence of Industry and Commerce:
a) Inform you of possible violations of security codes and the existence of
risks in the administration of the information of the holders.
b) Comply with the
instructions and requirements issued by the Superintendence of Industry and
Article 11. It is the physical document, electronic or in any other format known or
to be known, which is made available to the Owner for the processing of their data
personal. Through the privacy notice, the Owner of the
Article 12. The Personal Data managed by CHEF BURGER COMPANY S.A.S.
will maintain the treatment according to the following purposes, according to each interest group:
– 3 tablespoons Arepa cornmeal (for each arepa to prepare of normal size)
– 3 tablespoons of water.
– Salt to taste.
– Butter to taste.
– Mix the flour with the salt in a container and add the water until a firm texture is obtained. We proceed to form balls of dough and flatten them with the help of a cutting board, we continue taking them to a hot frying pan, where we will wait for them to cook, this will depend on the thickness with which we have prepared them: the thinner they are, the less time they will take to be golden. and ready to accompany with butter, cheese or the filling of your choice.
FIRST PARAGRAPH. Regarding the data a) taken from the documents that
provided by people to security personnel and b) obtained from video recordings
that are carried out inside or outside the facilities of CHEF BURGER COMPANY S.A.S.,
These will be used for purposes of safety of people, property and installations of
CHEF BURGER COMPANY S.A.S. and may be used as evidence in any type of
If personal data is provided, such information will be used only for the
purposes indicated here, and therefore, the Personal Data processed by CHEF BURGER
COMPANY S.A.S. will be used according to the purposes described, and consequently
we will not proceed to transmit, license, disclose the personal information collected except
that: a) the owner expressly authorizes us to do so; b) it is necessary in order to comply with the
contractual obligations entered into with you; c) it is necessary to allow our
contractors or agents to provide the services that we have entrusted to them, d) is related
with a merger, consolidation, acquisition, divestiture or other restructuring process
of the company; e) is required or permitted by law.
SECOND PARAGRAPH. TEMPORARY LIMITATIONS ON DATA PROCESSING
PERSONAL. CHEF BURGER COMPANY S.A.S. You may only collect, store, use or
circulate personal data for as long as is reasonable and necessary, in accordance with
with the purposes that justified the treatment, taking into account the applicable provisions
to the matter in question and to the administrative, accounting, fiscal, legal and
information histories. Once the purpose or purposes of the treatment have been fulfilled and without
prejudice to legal regulations that provide otherwise, will proceed to the suppression of the
personal data in your possession. Notwithstanding the foregoing, personal data must be
retained when required for compliance
of a legal or contractual obligation
Article 13. The holders of personal data by themselves or through their representative and/or proxy or their successor in title may exercise the following rights, with respect to the personal data that are processed by CHEF BURGER COMPANY S.A.S.:
FIRST PARAGRAPH: For purposes of exercising the rights indicated with
previously, both the owner and the person representing him must demonstrate his
identity and, if applicable, the capacity by virtue of which it represents the owner.
SECOND PARAGRAPH: The rights of minors will be exercised through
of the persons empowered to represent them.
Article 14. REQUEST FOR AUTHORIZATION TO THE HOLDER OF THE PERSONAL DATA: With
in advance and/or at the time of collecting personal data, CHEF BURGER
COMPANY S.A.S. will ask the owner of the data for their authorization to carry out their collection and
treatment, indicating the purpose for which the data is requested, using for those
effects automated technical means, written or oral, that allow proof to be preserved
of the authorization and/or of the unequivocal conduct described in article 7 of Decree 1377
of 2013. Said authorization will be requested for the time that is reasonable and necessary to
satisfy the needs that gave rise to the data request and, in any case, with
observance of the legal provisions that govern the matter.
Article 15. REVOCATION OF AUTHORIZATION. The owner of the personal data may
at all times request CHEF BURGER COMPANY S.A.S. the revocation of the
authorization granted, by filing a claim. The revocation does not
proceed when the Responsible is legally or contractually bound to the
conservation of said data, this exception will be effective during the periods
established in the law. If once the legal term to respond to the claim of the
owner, CHEF BURGER COMPANY S.A.S. has not carried out the deletion of the data subject to
treatment, the owner will have the right to request the Superintendence of Industry and
Business that orders the revocation of the authorization.
Article 16. CASES IN WHICH THE AUTHORIZATION IS NOT NECESSARY. The authorization of the
Holder will not be necessary when it comes to:
Information required by a public or administrative entity in the exercise of its
legal functions or by court order;
SOLE PARAGRAPH: Whoever accesses personal data without authorization
must in any case comply with the provisions contained in the provisions
Article 17. RESPONSIBLE AREA AND PROCEDURE FOR THE EXERCISE OF THE
RIGHTS OF THE HOLDERS OF PERSONAL DATA: THE OFFICER OF PROTECTION OF
DATOS o quien éste designe, será la responsable de atender las peticiones, quejas y
claims made by the owner of the data in exercise of the rights contemplated in the
Article 13 of this policy, except for the one described in its literal e).
Article 18. SECURITY MEASURES: In development of the established security principle
in Law 1581 of 2012, CHEF BURGER COMPANY S.A.S. will adopt the technical measures,
human and administrative that are necessary to grant security to the records
avoiding its adulteration, loss, consultation, use or unauthorized or fraudulent access. He
personnel that carry out the processing of personal data will execute the protocols
established in order to guarantee the security of the information, together with the measures
exposed, it is noted that there will be inclusion in all media
contractual agreements of the company the corresponding clause of confidentiality and management of the
SINGLE PARAGRAPH. CHEF BURGER COMPANY S.A.S. may subcontract to third parties for the
processing of certain functions or information. When actually
subcontracts to third parties the processing of personal information or is provided
personal information to third party service providers, CHEF BURGER COMPANY S.A.S.
advises such third parties of the need to protect such personal information with
appropriate security measures, the use of information for own purposes and
You are requested not to disclose personal information to others.
Article 19. DATA COLLECTED BEFORE THE ISSUANCE OF DECREE 1377 OF
2013: In accordance with the provisions of numeral 3 of article 10 of Decree
Regulation 1377 of 2013 CHEF BURGER COMPANY S.A.S will proceed to publish a notice
on its official website www.chefburger.com.co addressed to the holders of personal data
For the purposes of publicizing this information treatment policy and the way
to exercise their rights as holders of personal data stored in the databases
of CHEF BURGER COMPANY S.A.S.
Article 20. MODIFICATION OF THE PROCESSING POLICIES. This policy can be
modified at any time, notifying the owners of the change and it will be made available to them.
available the latest version of this Policy or the mechanisms to obtain a copy of the
Article 21. NATIONAL DATABASE REGISTRY. CHEF BURGER COMPANY S.A.S.,
reserves, in the events contemplated in the law and in its statutes and internal regulations,
the power to maintain and catalog certain information that rests in its databases or
data banks, as confidential in accordance with current regulations, their statutes and
regulations, all of the above and in line with the right to free enterprise and
free competition. CHEF BURGER COMPANY S.A.S., will proceed in accordance with the
regulations in force and the regulations issued for this purpose by the National Government, to
perform the registration of their databases, before the National Registry of Databases
(RNBD) that will be administered by the Superintendence of Industry and Commerce. The RNBD.,
It is the public directory of the databases subject to Treatment that operate in the country; and
that will be freely consultable for citizens, in accordance with the regulations that for such
effect is issued by the competent entity.
Article 22. VALIDITY OF THE DATABASES: The databases will be valid
equal to the period in which the purpose or purposes of the treatment is maintained on each basis
of data, or the period of validity indicated by a legal, contractual or jurisprudential cause
in a specific way.
Article 23. EFFECTIVE DATE OF THE POLICIES: This Policy of
Personal Data was created on October 22, 2016, and became effective as of the day
November 3, 2016, notwithstanding the modifications included in this version, have
entered into force on February 1, 2018. Any additional changes that are
present regarding this policy, will be informed with the respective publication in the
company website www.chefburger.com.co.