DATA POLICY
DATA POLICY

POLICY OF TREATMENT OF PERSONAL DATA - PHIDIAS S.A.S.

In accordance with the provisions of Law 1581 of 2012, Decree 1377 of 2013, Decree 1074 of 2015, Decree 1078 of 2015 and Circular SIC 002 of 2015, this information processing policy of Phidias S.A.S. is issued. The data of Phidias as "Responsible" for data processing, is described below:

Corporate name: Phidias S.A.S.
Tax Identification Number - NIT: 830.502.641-7
Address: Avenida 4 norte # 6N-67 oficina 706, Edificio Siglo XXI, Cali (Valle del Cauca)
Telephone: (571) 508 70 55
Personal Data Protection Officer: Angel Díaz
Email: seguridad@phidias.com.co

GENERAL DEFINITIONS
a. Authorization: Prior, express and informed consent of the holder to carry out the processing of personal data.
b. Database: Organized set of personal data that is subject to processing.
c. Personal Data: Any information linked or that may be associated to one or several determined or determinable natural persons.
d. Data Processor: Natural or legal person, public or private, who by himself or in association with others, carries out the processing of personal data on behalf of the data controller.
e. Data Controller: Natural or legal person, public or private, who by himself or in association with others, decides on the database and/or the processing of the data.
f. Data Subject: Natural person whose personal data is the object of processing.
g. Processing: Any operation or set of operations on personal data, such as collection, storage, use, circulation or deletion.

The personal data kept by PHIDIAS S.A.S. in its capacity as responsible or in charge of the treatment, will be treated in compliance with the principles and regulations provided in the Colombian laws in accordance with the provisions of Law 1581 of 2012 by which the General Regime for the Protection of Personal Data was issued, Decree 1377 of 2013 and other rules that complement or modify it.

PURPOSES ACCORDING TO DATABASE
Personal data held by PHIDIAS S.A.S. will be treated according to the following general purposes for each of the databases identified in the personal data protection program:

PHIDIAS S.A.S. collects data from its prospective Clients for the following purposes:
a. Maintain a history of potential customers and contact them for the offering of services and / or products.
b. Offer information through the means provided (email, landline and cell phone, physical address) related to our services, offers, promotions, partnerships, contests, training, content, etc..
c. Elaboration of statistical studies, surveys, analysis of market trends and customer needs surveys.

2. PHIDIAS S.A.S. collects personal data from its Customers for the following purposes:
a. Maintain and manage the information required to maintain the contractual and commercial relationship.
b. The remission of any type of informative communication, request for information or collection to the customer through the various channels provided by Phidias.
c. Preparation of statistical studies, surveys, analysis of market trends, satisfaction surveys on the services provided by Phidias.
d. Sending information and offers of products and services of Phidias and its potential allies, as well as carrying out marketing activities and / or marketing of services and / or products through the various commercial channels established by Phidias (service portfolio, email, phone calls, etc.).
e. Segmentation of data to offer new services or products offered by Phidias.
f. Demanding the fulfillment of contracts.
g. Validate and deliver reports of commercial, tax and corporate information.
h. Validate, legalize and constitute insurance policies, etc.

On the other hand, Phidias has the role of "Responsible" on the personal data collected by its customers (educational institutions), associated with students (minors and adults), employees, relatives, among others; and as responsible for this data, Phidias' responsibility is to protect, safeguard and ensure their safety in terms of availability, integrity and confidentiality. In no case and under no circumstances Phidias collects this information under its own name.

3. PHIDIAS S.A.S. collects data from its Selection Processes for the following purposes:
a. Maintain a history of potential employees and independent contractors to contact according to the needs of Phidias.
b. Identify you as an applicant and / or future employee or independent contractor, which may be consulted or contacted by the various means provided as fixed and cell phones, email, physical address, etc..
c. Consider applicants as candidates for current or future vacancies according to their skills and abilities, with respect to the requirements of the position requested by Phidias.

4. PHIDIAS S.A.S. collects data from its Employees for the following purposes:
a. Determine the suitability of its employees for the performance of the assigned functions.
b. To monitor their work performance.
c. Maintain evidence of contractual compliance.
d. Ensure their safety, security and access control through the use of biometric devices, video surveillance cameras and occupational health and safety systems.
e. Have control of salary, social security and parafiscal payments.
f. Generate information to control agencies that require it.
g. Comply with legal, statutory and/or regulatory provisions.
h. Establishment of the employee's contract and working conditions.
i. Evaluate the employee's health conditions according to the functions performed by the employee as part of his or her responsibility.
j. Maintain relationships and communications with former employees for future job offers, aspects of settlements after termination (if required) and validation of information in case of emergencies or requests from control entities.

5. PHIDIAS S.A.S. collects data from its suppliers of supplies and services for the following purposes:
a. Request quotes for services and products.
b. Verify the shipment and receipt of documents.
c. Update supplier and contact information within Phidias databases.
d. Request clarifications to proposals and/or services.
e. Supervise and follow up on the correct and due execution of contracts (if applicable).
f. Demand compliance with the contracts and/or delivery of products and services according to the agreed times.
g. Make reports of commercial, tax and corporate information.
h. Validate, legalize and constitute insurance policies, etc.

6. PHIDIAS S.A.S. collects the fingerprints of its employees for the following purposes (security):
a. To have control of registration of entry of employees.
b. To have physical access to the facilities of Phidias.

7. PHIDIAS S.A.S. collects data from its members of Partners and shareholders for the following purposes:
a. To make the calls to board meetings and assemblies.
b. To send relevant information for the board of directors' meetings and assemblies.
c. To register in the chamber of commerce.
d. To sign the minutes of the meetings.

DATA PROCESSING OF MINORS
Phidias can only process personal data of minors when these are of a public nature, or come from the information provided by employees or contractors at the time of their employment or provision of services with Phidias under the assumption that this is previously authorized by their representatives. The above, in accordance with the provisions of Article 7 of Law 1581 of 2012.

In any case, the treatment carried out by Phidias will always respond to and respect the best interests of children and adolescents, and will ensure respect for their fundamental rights.

On the other hand, in the case of the data of minors collected by clients (educational institutions), Phidias exercises the role of "Data Processor", and as the person in charge of this data, its responsibility is to protect, safeguard and ensure its security in terms of availability, integrity, confidentiality and privacy. In no case and under no circumstances Phidias collects this information under its own name.

Schools as "Responsible" for data collection, are responsible for correctly assigning privileges on the Phidias Academic system options in relation to access to information of students (minors and adults), employees, family members, among others, for which Phidias under its due diligence has established control mechanisms.

RIGHTS OF THE HOLDER
Any person in his condition of holder or legitimately authorized, in relation to the processing of his personal data has the right to:
a. To know, update and ratify their personal data before PHIDIAS S.A.S.
b. Request proof of authorization of treatment.
c. Be informed about the use of data when there is no prior authorization.
d. File complaints before PHIDIAS S.A.S. or before the control body (SIC).
e. Revoke the authorization and / or request the deletion of any of your data as long as the holder has no legal or contractual duty to remain in the database.

PETITIONS, COMPLAINTS AND CLAIMS
For the exercise of habeas data, the owner of the personal data or whoever demonstrates a legitimate interest as indicated in the current regulations, may do so through the only channel provided by PHIDIAS S.A.S. through the email "seguridad@phidias.com.co" establishing as the title of the message "Protection of personal data", which will be attended and managed by the Information Security Officer and Protection of Personal Data in conjunction with the legal representative.

The person exercising the habeas data must accurately provide the contact information requested in order to process and attend to his request and to deploy the charges for the exercise of his rights.

Upon receipt of the request to exercise habeas data, PHIDIAS S.A.S. will respond within the legal term of fifteen (15) working days, which may be extended for eight (8) additional days, prior communication to the person who has exercised this right.

The processing of personal data carried out by PHIDIAS S.A.S. according to this policy, will be based on the rules, procedures and instructions adopted by this company to comply with the legislation applicable to the protection of personal information.

PRINCIPLES FOR TREATMENT
PHIDIAS S.A.S. has established as part of its policy for the treatment of personal data the adoption of the following principles as established by the Law 1581 of protection of personal data.

a. Principle of legality: The treatment given to personal data is adjusted to the parameters established by Law.
b. Principle of purpose: The personal data processed by PHIDIAS S.A.S. will be used only for the purposes described above.
c. Principle of transparency: The controller guarantees the rights of the holder at any time and without restrictions in this way is of great importance to clearly inform the data that are collected and the treatment of them.
d. Principle of security: The information subject to treatment by PHIDIAS S.A.S. has the measures required by law according to the quality of the data and in order to prevent tampering, loss, consultation, use or unauthorized or fraudulent access.
e. Principle of confidentiality: All persons involved in the processing of personal data are obliged to ensure the confidentiality of information, even after the end of their relationship with any of the tasks that comprise the treatment, and may only make provision or communication of personal data when it corresponds to the development of the activities authorized by law or by the owner of the data.
f. Principle of truthfulness or quality: The information subject to processing must be truthful, complete, accurate, updated, verifiable and understandable. The processing of partial, incomplete, fractioned or misleading data is prohibited.
g. Principle of restricted access and circulation: The treatment is subject to the limits derived from the nature of the personal data, the provisions of the Law and the political constitution. In this sense, processing may only be carried out by authorized persons. Personal data, except for public information, may not be available on the Internet or other means of dissemination or mass communication, unless access is technically controllable to provide restricted knowledge only to owners or authorized third parties in accordance with the Law.

SECURITY MEASURES
The security measures adopted by PHIDIAS S.A.S. on their databases comply with those provided by law, in order to ensure proper treatment of information and minimize the risk of unauthorized access, modification, deletion, loss and / or misuse of personal data, and thus protect its integrity, availability and confidentiality.

Likewise, the company has adopted security measures related to the implementation of a Comprehensive Personal Data Protection Program (PIPDP) based on the principle of demonstrated responsibility; as well as an Information Security Management System (ISMS) based on the ISO27001 international standards and the NIST cybersecurity framework, which is made up of a compendium of security controls that cover and seek to secure the company's information assets and the life cycle of the data, from its collection and storage, to its transfer and disposal.

DUTIES OF THE DATA CONTROLLER (PHIDIAS S.A.S.):
a. Guarantee the Data Subject, at all times, the full and effective exercise of the right of habeas data.
b. Request and keep, under the conditions provided for in this law, a copy of the respective authorization granted by the Data Subject.
c. To duly inform the Data Subject about the purpose of the collection and the rights he/she has by virtue of the authorization granted.
d. Keep the information under the security conditions necessary to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.
e. Guarantee that the information provided to the Data Processor is truthful, complete, accurate, updated, verifiable and understandable.
f. Update the information, communicating in a timely manner to the Data Processor, all developments with respect to the data previously provided and take other necessary measures to ensure that the information provided to it is kept up to date.
g. Rectify the information when it is incorrect and communicate the pertinent to the Data Processor.
h. To provide to the Data Processor, as the case may be, only data whose processing is previously authorized in accordance with the provisions of this law.
i. To demand from the Data Processor, at all times, respect for the security and privacy conditions of the data subject's information.
j. To process the queries and claims formulated under the terms set forth in this law.
k. Adopt an internal manual of policies and procedures to ensure proper compliance with this law and, in particular, for the handling of queries and claims.
l. Inform the Data Controller when certain information is under discussion by the Data Subject, once the claim has been filed and the respective process has not been completed.
m. Inform at the request of the Data Subject about the use given to his/her data.
n. Inform the data protection authority when there are violations to the security codes and there are risks in the administration of the data subject's information.
o. Comply with the instructions and requirements given by the Superintendence of Industry and Commerce.

VALIDITY OF THE POLICY
This document updates the existing policy and is effective as of September 9, 2021. The personal data stored, used or transmitted remain in PHIDIAS S.A.S. databases for the time necessary for the purposes mentioned in this policy.

UPDATES TO THE POLICY
September 9, 2021: Restructuring of the policy, recording the databases of personal information existing to date and their purposes, aligned with the life cycle of the data.

PRIVACY
PRIVACY POLICY

Data of the owner of the website:

COMPANY NAME: PHIDIAS SOFTWARE SL
NIF: B85958262
POSTAL ADDRESS: C. JORGE JUAN 4, CASA 26 28669, MONTE LAS ENCINAS (MADRID)
E-MAIL ADDRESS: juan.cortes@phidias.es
TELEPHONE NUMBERS: (+34)919038772
REGISTRO MERCANTIL: volume 27.974, folio 137, Section 8, page number M-504.157, 1st inscription.
MAIN PURPOSE: Web platform for the integral management of your educational center.

Data protection:

In accordance with current and applicable regulations on protection of personal data, we inform you that your data will be incorporated into the processing system owned by PHIDIAS SOFTWARE SL with NIF B85958262 and registered office located at C. JORGE JUAN 4, CASA 26 28669, MONTE LAS ENCINAS (MADRID), and then listed their respective purposes, retention periods and legitimate bases. For those treatments that require it, it is also reported the possible profiling and automated decisions, as well as possible assignments and international transfers that PHIDIAS SOFTWARE SL intends to perform:

Column 1Column 2
Website managementPurpose: Processing and management of data necessary for the functionality of the website.
Retention period: for the duration of the consent given.
Legitimate basis: The consent of the data subject
Type of data: Merely identifying data
Transfers: Not foreseen
International transfers: Not foreseen
Profiling: Not foreseen.
Web formPurpose: To answer your queries and/or requests
Retention period: as long as the consent given is maintained.
Legitimate basis: The data subject's consent
Type of data: Merely identifying data
Transfers: None
International transfers: Not foreseen
Profiling: Not foreseen.
Regulatory compliance managementPurpose: Management and processing of obligations and duties arising from compliance with the regulations to which the entity is subject.
Conservation period: conservation of the copies of the documents until the statute of limitations to claim a possible responsibility.
Legitimate basis: compliance with a law
Type of data: Merely identifying data
Transfers: your data will be communicated if necessary to agencies and / or public administration with competence in the matter in order to comply with the obligations established in the applicable regulations. In addition, it is reported that the legitimate basis for the transfer is to comply with the obligations established in the applicable regulations.
International transfers: Not foreseen
Commercial ActionsPurpose: Collection, registration and processing of data for the purpose of advertising and commercial prospecting of our products and/or services.
Retention period: as long as the consent given is maintained.
Legitimate basis: The consent of the data subject
Type of data: Merely identifying data
Transfers: None
International transfers: Not foreseen
Profiling: Not foreseen.

Rights of interested parties:

PHIDIAS SOFTWARE SL informs Users that they may exercise their rights of access, rectification, limitation, deletion, portability and opposition to the processing of their personal data to the Data Controller, as well as the withdrawal of consent.

  • Right of Access: This is the user's right to obtain information about his or her specific personal data and the processing that has been or will be carried out, as well as the information available about the origin of such data and the communications made or planned for such data.
  • Right of Rectification: It is the right of the affected person to modify the data that prove to be inaccurate or incomplete. It can only be satisfied in relation to information that is under the control of PHIDIAS SOFTWARE SL, for example, delete comments posted on the page itself, images or web content containing personal data of the user.
  • Right to the Limitation of Processing: This is the right to limit the purposes of the processing originally intended by the data controller.
  • Right of Deletion: This is the right to delete the user's personal data, except as provided in the RGPD itself or in other applicable regulations that determine the obligatory nature of the conservation of the same, in time and form.
  • Right of portability: The right to receive the personal data provided by the user in a structured, commonly used and machine-readable format, and to transmit it to another data controller.
  • Right of Opposition: It is the right of the user not to carry out the processing of their personal data or cease the processing thereof by the PHIDIAS SOFTWARE SL.

In order to exercise any of the rights described above, you must comply with the following requirements:

  • Submission of a letter to the address C. JORGE JUAN 4, CASA 26 28669, MONTE LAS ENCINAS (MADRID) (to the attention of PHIDIAS SOFTWARE SL) or by e-mail to juan.cortes@phidias.es.
  • The letter sent by the owner of the data requesting the exercise must meet the following legal requirements:
    - Name, surname(s) of the data subject and a copy of the DNI/NIE or any identifying document. In the exceptional cases in which the representation is admitted, it will also be necessary the identification by the same means of the person who represents him/her, as well as the document proving the representation. The photocopy of the DNI may be substituted provided that the identity is accredited by any other legally valid means.
    - Request in which the application is made (the year in which the information to which access is requested). If you do not refer to a specific file will be provided all the information you have with your personal data. If you request information of a specific file, only the information of this file. If you request information relating to a third party can never be provided. If you request it by telephone, you will be instructed to do it in writing and you will be informed how to do it and the address to which you have to send it. You will never be given information over the telephone.
    - Address for notification purposes.
    - Date and signature of the applicant.
    - Documents accrediting the request being made.
    - The interested party must use any means that allows accreditation of the sending and receipt of the request.

Finally, we inform you that you have the right to file a complaint with the Spanish Data Protection Agency in case you have knowledge or consider that a fact may involve a breach of the applicable regulations on data protection.

PHIDIAS SOFTWARE SL undertakes to adopt the necessary technical and organizational measures, according to the level of risks that accompany the processing carried out by them and indicated in the section of the terms and conditions of use, so as to ensure its integrity, confidentiality and availability.

LAST UPDATE: June 1, 2021