he GRUPO ALDOR, S.A.S., which includes the companies Comestibles Aldor S.A.S., Plásticos Especiales S.A.S, FRAI Inversiones S.A.S., Gesta S.A. y Cía. S en C., Gesta S.A., CIM Comercial S.A.S., abides by the stipulations of Law 1581 of 2012 regarding personal data protection and considering the provisions of decree 1377 of June 27th of 2013, has designed the personal data protection policy.

  1. OBJECTIVE

Define the general guidelines to fulfil the provisions of Law 1581 of 2012 which rules personal data protection in Colombia.

  1. SCOPE

This policy applies to all areas and/or persons who have access to the databases with information collected by the companies of the Grupo Aldor.

  1. LEGAL FRAMEWORK

The information treatment policy is prepared pursuant to the Political Constitution of Colombia in its articles 15 and 20, Law 1581 of 2012 and Decree 1377 of 2013. Law 1581 of 2012, aims to “develop the constitutional right that all the people have to know, update and rectify the information that has been collected about them in databases or files, and all other rights, liberties and constitutional guarantees referred to in Article 15 of the Political Constitution; as well as the right to information enshrined in article 20 thereof”.

  1. DEFINITIONS

Database: An organized set of personal data that is subject to Treatment.

Personal data: Any information linked to or associated with one or several natural persons determined or to be determined.

Responsible for the Treatment: A natural or legal person, whether public or private, that by itself or in association with others, performs Treatment of personal data on behalf of the Responsible for the Treatment.

Responsible for the Treatment: A natural or legal person, whether public or private, that by itself or in association with others, decides on the database and/or the treatment of the data.

Authorization: Prior, express and informed consent of the Owner to carry out the Treatment of personal data.

Owner: A natural person whose personal data is subject to Treatment.

Treatment: Any operation or set of operations on personal data, such as collection, storage, use, circulation or deletion.

Privacy statement: A verbal or written communication generated by the Responsible, addressed to the Owner, for Treatment of his or her personal data, by which he or she is informed about the existence of the information Treatment policies that will be applicable, the way to access them, and the purposes of the Treatment intended to be given to the personal data.

Public data: It is the data that is not semi-private, private or sensitive. Public data, among others, includes data regarding the marital status of the people, their profession or occupation, and their quality of merchant or public servant. Due to their nature, public data may be contained, among others, in public records, public documents, gazettes and official bulletins and judgments duly executed and not subject to confidentiality.

Sensitive data: Sensitive data are those that affect the privacy of the Owner or whose improper use may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, union membership, social or human rights organizations, or those promoting the interests of any political party or ensuring the rights and guarantees of opposition political parties, as well as data related to health, sexual life, and biometric data.

Transfer: Data transfer takes place when the person Responsible for or in charge of the Treatment of personal data, located in Colombia, sends the information or personal data to a receiver, who in turn is Responsible for the treatment and is inside or outside the country.

Transmission: Treatment of personal data implying the communication of the same within or beyond the territory of the Republic of Colombia when the purpose is perform Treatment by the person in charge and on behalf of the Responsible.

Natural Person: A human person who exercises rights and fulfills duties on a personal basis.

Third party: Any legal or natural person different from the people who belong directly to the Grupo Aldor.

  1. DEVELOPMETN OR CONTENT

5.1. GENERAL CONDITIONS

In order to comply with Law 1581 of 2012 on the protection of personal data, the following considerations must be taken into account:

  1. Every employee or area of one of the companies of the Grupo Aldor may be in charge of data treatment at some point during their working life.
  2. The Group should be considered as a business unit and therefore is responsible for the treatment of databases.
  1. The third parties that at any given moment require access to the databases managed by the Grupo Aldor, are held responsible.
  2. The law is mandatory in all Colombian territory and to transmit information from databases to other countries, their legislation must comprise security measures equal to or higher than those contained in Law 1581 of 2012.
  3. Databases are considered to be all information provided by natural persons, suppliers, customers, consumers, employees or any other person whose information is being treated by the Grupo Aldor.
  4. It is not necessary to apply the policy for exceptions contemplated in the Law when:
  5. The databases and files are intended for national security and defense, as well as the prevention, detection, monitoring and control of money laundering and terrorism financing.
  6. The databases are intended for and contain intelligence and counterintelligence information.
  7. The databases and files contain journalistic information and other editorial content.

5.2. SPECIFIC CONDITIONS

The following specific conditions must be taken into consideration:

  1. As of the effective date of this policy, any employee who commences a work relationship with a company of the Grupo Aldor must have a clause in his or her employment contract that states the commitment to comply with Law 1581 of 2012 in the event of becoming in charge of personal databases.
  2. A text will be included in the internal work regulations regarding the obligation to comply with the law to cover the entire current universe.
  3. Any third party that requires access to the databases for being realted to areas or companies of the Group, must be requested to include a contractual clause stating his or her knowledge of the law and the responsibility to comply with it and, likewise, he or she will require prior authorization from the owner to treat personal data.
  4. Every supplier, client or customer whose information is stored in databases, provided that they are natural persons, must be requested written authorization so that his or her data can be treated without restrictions. The authorization must be for all the effects that may arise.
  5. The authorization mentioned in the above paragraph must be equally
  1. All the databases that the areas and companies of the Group manage must have guarantee of retrieval (Back up).
  2. In any case, there must have restricted access to the databases. When databases are sent by mass media, access to them must be regulated by a security password.
  3. Periodically, Group companies must promote campaigns to update personal information databases.
  4. For the treatment of personal information databases all the areas that require it must have the written procedure that guarantees fulfillment of the policy and that of Law 1581 of 2012.
  5. All Group companies must have and comply with the procedure for dealing with complaints and/or claims, guaranteeing compliance with the law governing the matter.
  6. Clients, suppliers, collaborators, ex-collaborators and other natural persons who have provided personal data to the companies of the Grupo Aldor have the right to access, query and know the personal data found in our database, as well as to rectify them if inaccurate or incomplete, and cancel them at will.

To exercise their rights, they may send an e-mail to the address protección.datos@aldoronline.com

5.3. VALIDITY

This document is effective as of June 27th of 2013 and until expressly revoked or amended.

Responsible for databases: Grupo Aldor

Headquarters: Calle 15 No. 29-69 Acopi Yumbo – Colombia
e-mail: protección.datos@aldoronline.com
Telephone: (57) (2) 57 (2) 4878780 Ext