Personal Data Privacy Policy

General considerations

Quantil S.A.S. is a company fully aware of the privacy rights imposed on the Personal Data (PD) of every natural person, legal entity, or company and is committed to safeguarding all rights regarding this right. It will protect private and confidential information obtained within the ordinary course of business in the development of its corporate purpose. The purpose of this policy is to protect the information entrusted to it, from the intention of delivery, the means by which it is sent, and its storage. It is always specified that all such information is provided voluntarily by the client and that the client has full power and ownership over it.

Policy Description

  1. In accordance with its corporate purpose (providing services related to the application of data analytics, software development, and support and consulting for the organization's services), Quantil handles information provided by clients for the provision of contracted services. Therefore, it considers the processing of such information to be as important as the development of its activities and services. Therefore, it will spare no effort in complying with regulations for the protection of such information.
  2. Quantil S.A.S. in hisAs the person responsible for managing personal information, he or she is responsible for processing it in strict compliance with applicable regulations, guaranteeing the rights of the information holders.
  3. Quantil S.A.S., in its commercial activities, handles personal information about its clients, collaborators, and suppliers in general. Quantil is responsible for processing personal information provided by clients under a service contract, for the purpose of transforming such information to enable the application of analytical strategies for decision-making.
  4. The aforementioned information is maintained in repositories and databases designated for the purposes of the contracted services.
  5. In the course of its activities, the collection of personal data by Quantil S.AS. will be limited to those personal data that are relevant and appropriate for the purpose for which they are collected or required in accordance with current regulations and its corporate purpose. Except in cases expressly provided for by law, personal data may not be collected withoutauthorization of the owner.
  6. The repositories and databases have the necessary security measures for the proper preservation of personal data and are currently maintained in the company's software and its own servers.
  7. Quantil S.A.S. has websites and social media platforms where individuals interested in the company's services have the option to subscribe to receive information of interest, service proposals, and other information. The data of the information holders will be compiled, stored, consulted, used, shared, exchanged, transmitted, transferred, and processed for the following purposes:
    • Maintain efficient communication of information that is useful to subscribers.
    • Treat subscribers as potential customers and send them information of interest.
  8. Quantil S.A.S provides services related to the application of mathematics, data analytics and software development to improve decision-making, within which it consolidates its clients' information, and in it, it incorporates personal information of suppliers and clients of those who have a contract with Quantil, in general they are records with pertinent and necessary information for due analysis. This information is maintained in the repositories and databases designated for this purpose and is used by the client in the implemented software. This information belongs exclusively to our clients, who are responsible for its processing. It will be stored solely for the following purposes: Under a service provision contract with our clients, in which information uploading, information processing, and disclosure for business intelligence purposes have been offered. Although this information has not been collected by Quantil, it has been contracted to process it for data analysis and transformation into metrics, and will be retained solely for those purposes, ensuring the privacy of this client-specific information.
  9. In the contractual relationships established by Quantil, you may assign the processing of your personal information to various individuals or legal entities for the company's mission and service delivery purposes. Those responsible for the information must have clear policies and adhere to our policy. The data processor's obligations include the following:
    • Take the necessary measures to ensure the confidentiality of the information.
    • Use the information provided by the data controller who discloses the information only in the manner and for the purposes set forth in this contract.
    • Refrain from making, for yourself or for third parties, copies, arrangements, reproductions, adaptations or any other type of mutilation, deformation or modification of confidential information.
    • Not to disclose confidential information to third parties or any other person or entity without the prior, express, written consent of the data controller.
    • Ensure that the communication systems and technological infrastructure in which the data received from the data controller are stored have the necessary security features to safeguard the information. When using information exchange media such as email and the Internet, the same measures will be applied to ensure that the information is not viewed or modified by persons outside the process.
    • Always respect the information security policies established by the data controller.
    • Do not reproduce the confidential information provided, unless necessary to fulfill the purpose for which it was provided, and it will only be disclosed to those employees, workers, or advisors who have a need to know, as directed by the contract supervisor.
    • Under no circumstances may they transfer personal data to which they have access to third parties, not even for the purposes of storing it.
    • Upon termination of business relationships for any reason, the data controller must destroy all documentation or information containing the data that may come into its possession as a result of any contractual relationship between the parties, using appropriate destruction methods, which in all cases must be approved by the data controller in accordance with the level of sensitivity and the medium on which it is stored.

Purpose of the processing of personal data

The personal data provided to Quantil will be processed (collected, stored, used, circulated, or deleted) for the specific purpose for which it was provided and to fulfill the entity's other constitutional and legal functions.

Exercise of the rights of personal data holders

Data subjects may access, update, and rectify their data; be informed about its use; submit inquiries and complaints regarding the handling of said data; revoke authorization or request deletion of their data, where appropriate; and exercise other rights granted by law.
To exercise your fundamental right to habeas data, you may use the contact mechanisms provided by Quantil.
The procedures and terms for handling inquiries, complaints, and other requests related to the exercise of the right to habeas data will follow the provisions of Law 1266 of 2008 and the data protection principles set forth in Law 1581 of 2012.

Consultations, access and provision of information

The Data Owner may make his/her query to QUANTIL through the following channels: email (info@quantil.com.co), indicating the request in the subject; in the Contact Us section of our website (https://quantil.co/ ), The application must have the following information:
  • Name and surname of the Holder.
  • Petition in which the request for access or consultation is specified.
  • Address for notifications, date and signature of the applicant.
  • Supporting documents for the request made, where applicable.
In accordance with the provisions of the Law, the Company's term to resolve these queries is ten (10) business days from the date of receipt thereof, and will respond via regular or electronic mail. When it is not possible to attend to the query within this term, the interested party will be informed, expressing the reasons for the delay and indicating the date on which your query will be attended to, which in no case may exceed five (5) business days after the expiration of the first term.

Claims

In data processing, four types of complaints are basically distinguished: correction complaints, deletion complaints, revocation complaints, and infringement complaints. The Data Owner may make his/her claim toQUANTIL,through the following channels: email (info@quantil.com.co), indicating the request in the subject line; in the Contact Us section of our website (quantil.com.co). The request must include the following information:
  • Name and surname of the Holder.
  • Description of the facts and request specifying the request for correction, deletion, revocation or infringement.
  • Address for notifications, date and signature of the applicant.
  • Supporting documents for the petition filed that is to be asserted, where applicable. If the claim is incomplete, the interested party will be required within five (5) days following receipt of the claim to correct the deficiencies. If the applicant fails to submit the required information within two (2) months from the date of the request, the claim will be deemed to have been withdrawn.
Once the complete claim has been received, a legend stating "Claim in process" and the reason for the claim will be added to the database within a period of no more than two (2) business days. This legend must remain in effect until the claim is decided. In accordance with the law, the Company has a term to resolve these claims within fifteen (15) business days from the date of receipt, and will respond via regular or electronic mail. When it is not possible to address the query within this term, the interested party will be informed, stating the reasons for the delay and indicating the date on which their query will be addressed, which in no case may exceed eight (8) business days following the expiration of the first term.