In compliance with the provisions of Law 1581 of 2012 "By which general provisions are issued for the protection of personal data" and other concordant regulations, C.I. COLOMBIAN MINT S.A.S, hereinafter (Colombian Mint or the Company), identified with NIT. 811009244 - 3, with address at Carrera 48 No. 16 - 24, Medellín, Antioquia, recognizes the importance of the security, privacy and confidentiality of personal and sensitive data of its clients, suppliers, collaborators, shareholders and in general of all its counterparties of which it processes personal information, therefore, in compliance with the constitutional and legal provisions, it adopted this POLICY FOR THE PROCESSING OF PERSONAL DATA.
The regulations applicable in Colombia regarding the protection of personal data, to which Colombian Mint is fully committed for the purposes of developing this policy and the comprehensive personal data management system:
• Article 15 of the Colombian Political Constitution
• Ley Estatutaria 1266 de 2008
• Law 1273 of 2009
• Statutory Law 1581 of 2012
• Decree 1377 of 2013
• Decree 886 of 2014
• Decree 1074 of 2015
Any other provision that modifies, regulates, replaces, or repeals the aforementioned regulations.
Colombian Mint's data processing applies to all personal information recorded in its databases. It acts as the data controller. Therefore, it will ensure the security and quality of information handling and regulatory compliance, as well as Article 15 of the Colombian Constitution, as established in Law 1581 of 2012, Decree 1377 of 2013, and other provisions that regulate, modify, add to, replace, or complete it.
Likewise, the processing carried out by the company will be based on the authorization granted by the data subject and will be taken into account in accordance with the expressly stated purposes.
This policy is intended for those individuals who, for a specific reason, provide personal or sensitive data through official Colombian Mint channels, a relationship that arises as a result of the development of their economic activity.
For all purposes of this data processing policy (hereinafter PTD), COLOMBIAN MINT adheres to the definitions and principles established in Law 1581 of 2012 and other regulations that complement, supplement, or modify it.
Authorization may be provided in a physical or electronic document, or in any other format that allows for subsequent consultation, or through a suitable technical or technological mechanism that allows for the unequivocal conclusion that, had the Data Subject's conduct not occurred, the data would never have been collected and stored in the database. The authorization form will be prepared by the Colombian Mint and made available to the Data Subject prior to the processing of their personal data, in accordance with Law 1581 of 2102 and Decree 1377 of 2013.
Colombian Mint SA, recognizing the Data Subjects' expectation of privacy and their right to know how their personal data is processed, expresses that it will use personal data solely and exclusively for:
With clients, suppliers, and contractors.
a) To promote and facilitate dealings with goods, products, services, and other relationships that exist or may exist between the Data Subject and Colombian Mint.
b) To publicize goods or services by sending advertising and promotional messages, either its own or those of a third party, directly by Colombian Mint or through third parties.
c) To conduct market research and improve the goods and services offered or purchased.
d) Facilitar el desarrollo de las obligaciones adquiridas por o a favor de Colombian Mint, tales como ventas, arriendos, facturaciones, gestiones de cobro, recaudo, verificaciones y consultas, control,comportamiento, medios y hábitos de pago. Hacer seguimiento de los compromisos adquiridos entre el Titular y Colombian Mint.
e) Notify of any relevant situation or changes related to the Corporate Purpose of Colombian Mint.
f) Send the information contained therein to private and public entities, in accordance with the authorizations granted by the data subject.
g) Support audits, both internal and external.
h) Enter the information into the respective customer and supplier databases.
i) Comply with the obligations inherent to and arising from the role of Data Controller and Data Processor.
j) Any other purpose required in connection with the activities of Colombian Mint SA with its customers and suppliers.
k) Transfer and/or transmit personal data to commercial and/or business partners, within or outside the country, with whom a data transmission contract has been signed and where it is necessary to provide it to fulfill the contractual purpose.
l) To comply with the legal and regulatory obligations applicable to our company.
m) Manage procedures, requests, inquiries, complaints, and/or compliments from clients, suppliers, and contractors, and direct them to the areas responsible for issuing the corresponding responses.
n) Conduct technical, financial, and security analyses to control and prevent fraud and money laundering, including, but not limited to, consulting and reporting to restricted lists.
o) Conduct inquiries with credit bureaus.
p) Control access to company headquarters facilities and establish security measures, including video surveillance areas.
COLOMBIAN MINT will process the personal data of its employees and contractors, as well as those applying for vacancies, at three points: before, during, and after the employment relationship or service.
a) For personnel selection processes.
b) Psychometric tests, interviews, family visits, security studies, etc.
c) Contracting personnel selection processes through third parties.
a) Manage the contractual relationship between Colombian Mint and the employee.
b) Social security affiliation, legally required reports, payroll payments, and other legal and contractual purposes.
c) Maintain, develop, and/or monitor the employment relationship between the data subject and Colombian Mint.
d) Processes within the company, for operational development and/or systems administration and accounting management purposes.
e) Human resources management regarding social benefits and, in general, payroll-related matters.
f) Staff promotion process.
g) Information related to staff health conditions.
h) Issuance of certifications related to employee status, such as income and withholding certificates, employment certificates, etc.
i) Report to supervisory and control authorities.
j) Send internal communications, whether or not related to your employment or contractual relationship.
k) Monitor and use images captured through video surveillance systems for the purpose of maintaining the physical security of people and property.
l) Transmit and/or transfer personal data to third parties within or outside the country with whom a data transmission contract has been signed and where it is necessary to provide it to fulfill the contractual purpose and/or manage the benefits of the employment contract.
m) To comply with internal policies applied for regulatory compliance and organization, such as the occupational health and safety system, and any others applicable to the company.
n) Provide information to third parties with whom we have signed a contract to provide the obligations or services contracted with us.
o) Manage procedures, requests, inquiries, complaints, and/or compliments.
p) Contact the Owner by telephone to conduct surveys, studies and/or confirm personal data necessary for the execution of a contractual relationship.
a) Employment history, social security, tax and parafiscal obligations.
b) Reporting to state entities. This information will only be used in the ways indicated above, ensuring that it will not be sold or licensed.
a) Respond to requests from judicial or administrative authorities.
b) Manage relationships, rights, and duties with data subjects.
c) Ensure security management at our facilities.
d) Manage risks or accidents within the facilities.
e) Control the access and exit of people from the facilities.
f) Perform administrative management activities.
g) Receive and manage requests regarding products or services, and provide customer service (PQR Management).
h) Conduct investigations in the event of risk situations or security breaches.
COLOMBIAN MINT takes photographs and/or video recordings, fingerprints, and/or Face ID for:
1) Employee recognition.
2) Access to company facilities.
3) Protection aimed at the security and surveillance of people and physical facilities.
4) Comply with legal and contractual requirements.
These images may be collected from: clients, suppliers, employees, and/or visitors.
These images are collected with the express or unequivocal authorization of the data subject, or the legal representative if the subject is a minor, in order to monitor the activities carried out.
This information will be stored in the databases generated for the purposes for which its collection is required, and its processing will continue as long as the purposes for which it was collected and/or the legal obligation to maintain the storage of said data remain in place, or in which case your data will be retained until you object.
COLOMBIAN MINT will strictly observe the legal limitations on the processing of sensitive data, ensuring that:
a) The Data Subject has given explicit authorization for such processing, except in cases where such authorization is not required by law.
b) The processing is necessary to safeguard the vital interests of the Data Subject and the Data Subject is physically or legally incapacitated. In these cases, the legal representatives must provide their authorization.
c) The processing is carried out in the course of legitimate activities and with due guarantees by a foundation, NGO, association, or any other non-profit organization whose purpose is political, philosophical, religious, or trade union-related, provided that it relates exclusively to its members or to individuals with whom it maintains regular contact due to its purpose. In these cases, the data may not be provided to third parties without the Data Subject's authorization.
d) The processing relates to data that is necessary for the recognition, exercise, or defense of a right in a legal proceeding.
e) The processing is for historical, statistical, or scientific purposes. In this event, measures must be taken to erase the identity of the data subjects.
This information will be stored in the databases generated for the purposes for which its collection is required, and its processing will continue as long as the purposes for which it was collected and/or the legal obligation to maintain the storage of said data are maintained, or in which case your data will be retained until you object.
COLOMBIAN MINT, in the exercise of some of its obligations, collects and processes data from minors. However, it has all the necessary guarantees to ensure that minors can exercise their rights. Such processing is intended to safeguard an essential public interest, which is evaluated in accordance with international human rights standards, and must, at a minimum, satisfy the criteria of legality, proportionality, and necessity, safeguarding the fundamental rights of the data subjects.
Thus, your information is processed or provided expressly through the data subject and their legal representative, granting processing that responds to and respects the best interests of children and adolescents and their fundamental rights. Once the above requirements have been met, the legal representative of the child or adolescent will grant authorization prior to the minor exercising their right to be heard. This opinion will be assessed taking into account their maturity, autonomy, and capacity to understand the matter.
This information will be stored in the database(s) generated for the purposes for which its collection is required, and its processing will continue as long as the purposes for which it was collected and collected are maintained.
COLOMBIAN MINT stores the personal data it collects for the purposes mentioned in this Policy and in the respective authorizations in physical and/or digital databases, which are identified within an internal inventory generated in compliance with the Principle of Demonstrated Responsibility.
In compliance with the provisions of the Superintendency of Industry and Commerce, COLOMBIAN MINT will register the databases for which it acts as Data Controller with the National Database Registry, as well as submit the required monthly, semi-annual, and/or annual reports. The databases, as well as the information contained therein, will be available based on the execution of the activities for which they were collected, and in accordance with the processing and storage parameters reported in the previous section and the exercise of the rights of the data subjects in the manner mentioned below.
Data controllers and various contractors have limited access to the information contained in COLOMBIAN MINT's databases for the development of its corporate purpose, with no need to share or transmit it.
Personal data may only be collected, stored, used, or circulated for as long as is reasonable and necessary, in accordance with the purposes that justified the processing, in compliance with the provisions applicable to the subject matter and the administrative, accounting, tax, legal, and historical aspects of the information. Once the purpose(s) of the processing have been fulfilled, and without prejudice to any legal regulations that provide otherwise, the personal data in its possession will be deleted.
Notwithstanding the foregoing, personal data must be retained when required to comply with a legal or contractual obligation.
The Data Subject's authorization will not be required in the case of:
a) Information requested by a public or administrative entity in the exercise of its legal functions or by court order.
b) Data of a public nature and/or data consulted in the Transparency and Access to Information section of public entities.
c) Cases of medical or health emergencies.
d) Processing of information authorized by law for historical, statistical, or scientific purposes.
e) Data related to the Civil Registry of Persons.
Law 1581 of 2012 establishes that Data Subjects shall have the following rights:
a) To know, update, and rectify their personal data for which COLOMBIAN MINT is processing. This right may be exercised, among others, against data that is partial, inaccurate, incomplete, fragmented, or misleading, or whose processing is expressly prohibited or has not been authorized;
b) Request proof of the authorization granted to COLOMBIAN MINT, except when expressly exempted as a requirement for processing, in accordance with the provisions of Article 10 of Law 1581 of 2012 (or the regulations that regulate, add to, complement, modify, or repeal it), or when the processing has continued as provided for in Section 4 of Article 10 of Decree 1377 of 2013;
c) Be informed by COLOMBIAN MINT or the Data Processor, upon request, regarding the use that has been given to your personal data;
d) Submit complaints to the Superintendency of Industry and Commerce for violations of the provisions of Law 1581 of 2012 and any other regulations that modify, supplement, or complement it, once you have exhausted the consultation or complaint process with the Company;
e) Revoke authorization and/or request the deletion of data when the Processing does not respect constitutional and legal principles, rights, and guarantees. Revocation and/or deletion will be appropriate when the Superintendency of Industry and Commerce has determined that COLOMBIAN MINT or the Data Processor has engaged in conduct contrary to the law and the Constitution in the Processing;
la Constitución;
f) Access your personal data that has been processed free of charge.
g) Refrain from answering questions about sensitive data. Responses regarding children and adolescents and those related to health data will be optional.
salud.
Requests, complaints, acknowledgements, and suggestions made by the owners of personal data under the responsibility of Colombian Mint to exercise their rights to access, update, rectify, and delete data, or revoke authorization, will be addressed by Colombian Mint through the following channels:
a) Telephone line (604) 4018893 Ext. 103 or 110.
b) Email: pqrs@colombianmint.com
c) Website: https://colombianmint.com/
The Colombian Mint has designated a Personal Data Officer to handle requests, inquiries, or complaints related to the processing of personal data. Therefore, to file and address your request, we require you to provide the following information:
a) Full name and surname
b) Identification number
c) Contact information (address and/or email address and telephone numbers)
d) Means of receiving a response to your request
e) Reasons and facts giving rise to the claim, with a brief description of the right you wish to exercise (to know, update, rectify, request proof of authorization granted, revoke, delete, or access information).
The maximum period provided by law to resolve your claim is fifteen (15) business days, counted from the day following the date of receipt. When it is not possible to address the claim within said term, the Data Controller will inform the interested party of the reasons for the delay and the date on which their claim will be addressed, which in no case may exceed eight (8) business days after the expiration of the first term. Once the terms indicated by Law 1581 of 2012 and other regulations or complements have been met, the owner who is denied, totally or partially, the exercise of the rights of access, update, rectification, deletion and revocation may bring their case to the attention of the Superintendence of Industry and Commerce.
Information and information systems are essential assets and important for the development of Colombian Mint's corporate purpose, which is why the proper use of these elements is vitally important. Therefore, the following has been established:
a) Any person who has access to internal information owned by Colombian Mint must maintain strict confidentiality and integrity. Furthermore, it must not be shared or modified without proper authorization from Management.
b) Personnel who must access the information will do so exclusively in the performance of their duties.
c) All employees are responsible for reporting physical and technological security incidents that affect or alter the integrity of the information.
d) Colombian Mint will have the administrative and financial resources to implement the necessary elements to maintain information security.
e) The information security procedure is mandatory for all Colombian Mint employees.
f) For security reasons, each employee has a username and password, designed to maintain the security of the data they access by virtue of their duties within the Company. These passwords are for personal use and are non-transferable.
g) General Management, assisted by the department leaders, will be responsible for the implementation and enforcement of the Company's information security processes.
All employees, contractors, and third parties who have access to the Company's information and information systems must comply with the guidelines and policies established by Colombian Mint. Consequently, any misuse by these individuals may be subject to disciplinary proceedings in accordance with the internal work regulations, particularly in the case of employees, and/or sanctions for damages and/or losses pursuant to current Colombian regulations for breach of the clauses of the contract signed or confidentiality agreements between them and the Company.
We will not transfer your personal data to other entities or third parties unless:
a) The transfer of your data is necessary for the effective provision and fulfillment of our contractual obligations;
b) Your express and prior authorization exists;
c) It is necessary to allow suppliers, contractors, or collaborators to provide the services entrusted to them;
d) It is required or permitted by law. Notwithstanding the foregoing, in order to transfer your personal data to third-party processors located in Colombia or abroad, there must be (i) prior, express, and informed authorization from you, or (ii) a personal data transfer contract that contains, in accordance with the provisions of Article 2.2.2.25.5.2 of Decree 1074 of 2015, at least the following:
i. The scope of the processor's obligation to process personal data.
ii. The activities that the data processor must carry out on our behalf for the processing of personal data.
iii. The data processor's obligations toward the data subject and us.
iv. The data processor's obligation to comply with the obligations set forth in the privacy notice and the internal policies and procedures manual.
v. The data processor's obligation to process personal data in accordance with the purposes authorized by the data subjects and applicable law.
vi. The data processor's obligation to process personal data, on behalf of the data controller, in accordance with the principles that protect them.
vii. The data processor's obligation to safeguard the security of the databases containing personal data.
viii. The data processor's obligation to maintain confidentiality regarding the processing of personal data.
This Personal Data Processing Policy takes effect from the date of its approval.
Approved on December 18, 2024
Dear supplier,
To become a Colombian Mint supplier,To become a Colombian Mint supplier, you must complete the pre-registration form on the MARIA platform..
By continuing, you agree to the processing of your personal data in accordance with Law 1581 of 2012 and Decree 1377 of 2013.Your data will be used exclusively for the purpose of establishing your company as a supplier and complying with legal obligations.
If you do not consent to the processing of your data, we will not be able to process your request.
EN 
ES