PERSONAL DATA PROCESSING POLICY

  1. GENERAL

    Dear customer, potential customer, suppliers, and visitors, our Privacy Policy and Personal Data Processing establishes the conditions under which we will handle the personal data we collect from you through the completion of contact forms and phone calls, as well as through the online chat on our website, or any additional data you provide to us through emails, phone calls, contracts, or documents of any kind that you supply to us by any physical, voice, or data message means. By providing the data, you agree to this policy regarding how MUSIC SOLUTIONS S.A.S. – MS CREA (hereinafter referred to as “the company”) will handle your personal information; such processing will be carried out in compliance with the guidelines set forth in the General Law on Personal Data Protection (Statutory Law 1581 of October 17, 2012) and any other regulations that govern, modify, or supersede what is outlined in this provision. If, after reading this Privacy Policy, you do not agree with how we handle your data, we kindly ask that you do not use our services and request the update, modification, or deletion of our database in accordance with the provisions of numeral 7 of this document.

    This policy is aligned with Decree 1377 of 2013, which regulates Law 1581 of 2012 regarding compliance with the privacy notice that must be provided to the holders of personal information by the company, which acts as the responsible entity for the processing of personal data. Its purpose is directed at:

    • Informing the holders of the information about the company’s personal data processing policy and allowing them to exercise their right to habeas data by establishing the necessary procedure they must follow if they wish to know, update, delete, or rectify the data in our databases and/or files. This document is aimed at protecting and guaranteeing everything concerning the processing of personal data, as well as the fundamental freedoms and rights of all natural persons.
    • Communicating to the holder of personal information the data processing policies that will be applicable to their personal data, how it will be processed, the use it will receive, and how they can access their personal data.

    This policy will be mandatory for all personal data recorded in physical or digital formats that can be processed by the company as responsible for its treatment.

    PURPOSE OF COLLECTED DATA

    At the moment you provide your personal data, you authorize us to process it, and we understand that your consent is prior, express, and informed, as you have read this document before providing your data.

    The collection of personal data through contact forms, as well as through the online chat on our website, phone calls, personal or virtual interviews, contracts, forms, or any other document you provide to the company will have the following purposes:

    Clients:

    • To advise you on matters related to the services offered by MS CREA that you have inquired about and/or requested.
    • To maintain constant communication regarding the services provided by the company.
    • To send you communications regarding the contractual relationship.
    • To carry out administrative and/or accounting management related to the contracting of services such as billing, collections, and payments.
    • To notify you of the expiration of service renewal.
    • To send service proposals and invitations to company events or those of its allies, partners, or associates.
    • To carry out activities aimed at customer loyalty, including but not limited to communications about discounts, newsletters, giveaways, and promotions.
    • To provide technical support services.
    • To receive and process requests, complaints, and claims.
    • To conduct satisfaction surveys.
    • To transfer personal data for service registration with an international entity.

    LEGAL FRAMEWORK

    • Political Constitution, Article 15.
    • Law 1581 of 2012.
    • Decree 1377 of 2013.
    • Decree 886 of 2014.
    • Decree 1074 of 2015, Chapter 25.

    In accordance with Law 1273 of 2009, anyone who “without being authorized, for their own benefit or that of a third party, obtains, compiles, removes, offers, sells, exchanges, sends, buys, intercepts, discloses, modifies, or uses personal codes or personal data contained in files, archives, databases, or similar media” commits the crime of violation of personal data.

    Both the company and the persons in charge (EMPLOYEES, SUPPLIERS, AND CONTRACTORS) must observe and respect these policies in compliance with their functions and/or activities, the corporate guidelines for the processing and protection of personal data, and the other provisions and clauses established by the company, even after legal, commercial, labor, or any other links have ended. Likewise, they must maintain strict confidentiality regarding the data processed.

    DEFINITIONS

    For the purposes of interpreting and applying this document, the definitions established by Law 1581 of 2012 and its regulatory decrees will be taken into account. For matters not established in said regulation, the definitions established by the Real Academia Española dictionary will apply, and finally, those established by different information sources from formal entities such as universities, scientific or technological institutes, and similar.

    TYPE OF INFORMATION REQUESTED

    In order to provide accommodation services for audiovisual or digital services such as corporate email services, server rentals, data center services, web page design and programming, and domain registrations on the internet, we will request private information, understood as information that allows identification of a person, such as identification document number, names, physical and electronic addresses, phone numbers, among others. However, upon entering our facilities located at Calle 93 No 12 – 14 Of 403 Bogotá (Colombia), you will be recorded by our security cameras. The images and sounds captured by these cameras will be used to ensure the safety of employees, visitors, information, and movable property within the facilities. For this reason, your image and biometric data (sensitive data) may be used as evidence before the competent authorities when necessary.

    At no time will the data collected here be subject to sale or transfer under any title.

    The authorization of the holder will not be necessary when it concerns:

    • Information required by a public or administrative entity in the exercise of its legal functions or by court order.
    • Public data.
    • Cases of medical or health emergencies.
    • Processing of information authorized by law for historical, statistical, or scientific purposes (DANE).
    • Data related to the Civil Registry of Individuals.

    Authorization cannot be revoked, nor can the suppression of information be requested when the holder has a legal or contractual obligation to remain in the database, as stipulated in Article 9 of Decree 1377 of 2013.

    SECURITY

    Our commitment is to ensure the security of your personal data. While we have the physical and technological means to adequately secure your information, we will do everything possible to protect your data, but we cannot guarantee the total security of the data you provide and to which you authorize us to access.

    If you receive an email of this type or someone claiming to work for us requesting your personal, commercial, or financial information, please forward the email requesting such information to the following email address: contacto@mscrea.com.

    INQUIRIES AND/OR CLAIMS

    For inquiries, claims, and/or requests for information, updating, rectification, and/or deletion of your personal data, a written request must be submitted in a document signed by the holder of the personal data using the Petitions, Complaints, or Claims format. It can be sent by email to contacto@mscrea.com or by authorized postal mail to Calle 93 No 12 – 14 Of 403 Bogotá, Colombia.

    All requests, inquiries, and/or claims must contain at least:

    a) Name and surname of the holder.
    b) Identification number of the holder.
    c) Contact details of the holder (email, phone, address, city).
    d) Description of the request, inquiry, or the facts giving rise to the claim.
    e) Means by which you wish to receive a response.
    f) Signature of the requester.
    g) Attach any documents deemed relevant to support the request, inquiry, or claim.

    PROCEDURE FOR MAKING INQUIRIES AND/OR CLAIMS

    Requests, complaints, and/or claims regarding knowledge, updating, rectification, and/or deletion of the data and/or revocation of authorization will be addressed within a maximum period of fifteen (15) business days from the day following the receipt date. If it is not possible to respond within the mentioned period, the holder of the data will be informed of the reasons for the delay, and the deadline for the response will be indicated, which cannot exceed five (5) business days following the expiration of the first term.

    If the request, claim, or inquiry contains any errors or is incomplete, the holder will be required within five (5) business days following the receipt date to correct the identified deficiencies. If thirty (30) business days have passed since the date of the request without a response from the holder, it will be understood that they have withdrawn the claim.

    If the company is not the competent entity to resolve the claim, it will forward the request, within the maximum response period mentioned here, to the competent entity, which will have the same term to respond, starting from the date it receives the communication regarding the transfer of the inquiry, claim, or request, and the interested party or holder will be informed of this situation to allow them to follow up accordingly.

    In accordance with Article 16 of Law 1581 of 2012, the holder or interested party may only file a complaint with the Superintendence of Industry and Commerce once they have exhausted the corresponding procedure indicated in this policy with the company.

    TRANSFER AND CONSERVATION OF INFORMATION

    MUSIC SOLUTIONS S.A.S. may:

    • Retain the personal data of the information holders in databases located in Colombia and on trusted and recognized third-party servers, complying with the purpose authorized by the data holder, as well as in accordance with the principles established by law, ensuring the rights of the holders.
    • Transfer the personal data of the information holders to service providers that process data on behalf of the company in accordance with the guidelines established in this policy.

    Your data will be kept for as long as necessary to fulfill the purposes for which it was collected or as permitted by applicable law.

    In any case, MUSIC SOLUTIONS S.A.S. is committed to keeping your personal data safe and to using it only for the purposes described in this policy.