Chevron

HOLY DEARNESS BOUTIQUE

Shipping box

INTERNATIONAL SHIPPING

Chevron
What's New! Women Accessories Salts Gift Cards
Account
Account

PERSONAL DATA PROCESSING POLICY

The purpose of this Personal Data Processing Policy is to determine the parameters and rules that guarantee the correct processing of personal information, as well as to explain the procedure for handling queries and complaints regarding personal data that are submitted by the owners of personal information.

This policy has been prepared in accordance with the provisions of the Colombian Political Constitution and in compliance with the provisions of the data protection regime, which is composed of Law 1581 of 2012, Regulatory Decree 1377 of 2013, Decree 886 of 2014, External Circular 002 of 2015, Decree 1074 of 2015, External Circular 005 of 2017, Decree 090 of 2018 and covers other complementary provisions and the regulations that repeal or modify them, in order to guarantee the rights to privacy and habeas data of the owners of personal information.

For the purposes of this policy, the following will be understood as responsible for such treatment of our consumers' information: CARIÑO SANTO SAS, identified with NIT: 901.171.330-7, domiciled in the Carrera 81 # 36 – 10 Laureles Neighborhood, Medellín, Colombia , email: carinosanto2018@hotmail.com and cell phone: 322 541 7234.

At CARIÑO SANTO SAS we request information from our customers in an effort to improve the experience and communication of products, services and promotions. We collect data such as your name, email and address, which you provide to us when you register on our site or when you place an order. For security reasons, we do not ask for information about your payment methods directly and it remains private between you and our electronic payment system provider.

We reserve the right to update or change the Terms and Conditions at any time without prior notice, which is why we recommend that you read this section each time you use this site. By accessing and using our website, you agree that you are bound by the Terms and Conditions, and all applicable laws will govern and be interpreted in accordance with Colombian laws.

GLOSSARY

Authorization: It refers to the expression of the prior, express and informed consent of the owner for CARIÑO SANTO SAS, or its Managers to carry out the processing of the owner's personal data.

Privacy Notice: This is the physical, electronic or any other format document generated by CARIÑO SANTO SAS, which has been made available to the owner for the processing of his/her personal data, which communicates to the owner the information regarding the existence of the personal data processing policies that will be applicable to him/her, the way to access them and the characteristics of the processing that is intended to be given to the Personal Data.

Database: It consists of an organized set of personal data that is subject to processing, and includes physical and electronic files. The databases owned by CARIÑO SANTO SAS are detailed in section VI of this policy.

Personal Data: According to Law 1581 of 2012, it is any information linked to or that can be associated with one or more specific or identifiable natural persons.

Public Data: Personal data classified as public by law or the Political Constitution. Public data includes, among others, data relating to the civil status of individuals, their profession or occupation, or their status as a merchant or public servant.

Sensitive Data: Personal data whose use affects the privacy of the holder or whose misuse may lead to discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical beliefs, membership in unions, social organizations, human rights organizations or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data relating to health, sexual life and biometric data.

Data Protection Officer: This is the person within CARIÑO SANTO SAS, whose function is to monitor and control the application of the personal data protection policy, under the guidance and guidelines of the Board of Directors, which is the governing body that must appoint the Data Protection Officer.

Holder: Natural person whose personal data is processed.

Treatment: It is any operation or set of operations on personal data carried out by CARIÑO SANTO SAS, or by those responsible for processing on behalf of CARIÑO SANTO SAS, such as collection, storage, use, circulation or deletion.

Transfer: It consists of sending personal data to a recipient who, in turn, is responsible for the processing under the terms of Law 1581 of 2012.

Transmission: It is the communication of personal data within or outside the territory of the Republic of Colombia, for the purpose of carrying out a treatment by the person in charge on behalf of CARIÑO SANTO SAS

RIGHTS OF THE OWNER OF THE INFORMATION

Holders of personal information may exercise the right to Habeas Data before the data controller, that is, they may access, know, rectify or oppose the processing of their personal data, which is why we proceed to describe the content and details of each of the rights.

1. Right to Knowledge:
The owner of the information has the right to know whether his or her personal data has been subjected to any form of processing and may exercise the right to know the origin of his or her data, the form of authorization and whether the data has been transmitted or transferred to third parties, as well as to know the identification of those third parties.

2. Right to Update.
The owner of the information has the right to update the information kept.

3. Rights of Rectification.
The owner of the information may verify the accuracy and veracity of the information with the person responsible for processing it, and in the event of any discrepancy, whether due to inaccuracy, incompleteness or error, may request rectification of his/her personal information.

4. Right of Objection.
The owner of the personal information may object to the processing of his/her personal information when its use is excessive or inappropriate, for which he/she must indicate the data that must be cancelled, with the aim of generating a block of his/her data or definitive cancellation of the data or cessation of the processing of unauthorized use. The data may be kept for the periods provided for in the applicable regulations and the
It may not be completely deleted when the owner has a legal or contractual obligation to remain in the database of the data controller.

PROCEDURE FOR EXERCISING RIGHTS AS OWNER OF PERSONAL INFORMATION BEFORE THE DATA CONTROLLER.

The owner of the information may exercise his or her rights at any time to guarantee his or her right of access, rectification, deletion and proof of authorization before the person responsible through the enabled channels stated below: Carrera 81 # 36 – 10 Barrio Laureles, Medellín, Colombia, email: carinosanto2018@hotmail.com and cell phone: 322541 7234. Within the exercise of your rights, you may submit a query or a claim, and each of these requests has a particular procedure, which is described below:

1. CONSULTATION.
a. Procedural:

When the owner of personal information requires to know the personal information that is held by him or is linked in the databases owned by the person responsible, when he or she wishes to: know the origin of the data, know any other personal data of his or hers that has been obtained through any type of procedure, operation or treatment, know to whom his or her personal data has been transmitted and/or transferred or to whom it is intended to communicate the same.

b. Attention time:

The query will be answered within a maximum period of ten (10) business days from the date of receipt of the request.

c. Extension:

If it is not possible to respond to the query within this period, the interested party will be informed, stating the reasons for the delay and indicating the date on which the query will be responded to, which in no case may exceed five (5) business days following the expiration of the first period, without prejudice to the provisions contained in special laws or regulations issued by the National Government that may establish shorter terms, depending on the nature of the personal data.

d. Information to be provided:

When personal data holders make a query about their personal information, the controller, in its capacity as controller or processor of their personal data, will provide all the information contained in the individual record or that is linked to the holder of the information.

2. CLAIM.
a. Procedural:

Complaints are filed when the owner of personal data considers that the information contained in a database owned by the controller must be corrected, updated or cancelled, deleted, or when he or she notices the alleged breach of any of the duties contained in Law 1581 of 2012.

b. Attention time:

The maximum term to address the claim will be fifteen (15) business days counted from the day following the date of receipt. When it is not possible to address the claim within said term, the interested party will be informed of the reasons for the delay and the date on which the claim will be addressed, which in no case may exceed eight business days following the expiration of the first term.

c. Claim with incomplete information:

If the claim is incomplete, the interested party will be required within five (5) days following receipt of the claim to correct the deficiencies.

d. Withdrawal of the claim by the interested party:

If the claim has been submitted incompletely and timely notification was given so that the error could be corrected and the applicant has not responded within two (2) months from the date of the request, it will be understood that the claim has been withdrawn.

e. Identification of the procedure in the Database:

Once the complete claim has been received, within a period of no more than two (2) business days, a legend stating “claim in process” and the reason for it will be included in the database owned by the responsible party. This legend must be maintained until the claim is decided.

f. Competence to respond:

In the event that the person responsible receives a claim from an information holder and is not competent to resolve it, he will forward it to the appropriate person within a maximum period of two (2) business days and will inform the interested party of the situation.

DATA DELETION

The owner has the right, at any time, to request CARIÑO SANTO SAS to delete (eliminate) his/her personal data when:

  • Please note that they are not being treated in accordance with the principles, duties and obligations set forth in Law 1581 of 2012.
  • They are no longer necessary or relevant for the purpose for which they were collected.
  • The period necessary for the fulfillment of the purposes for which they were collected has been exceeded.

This deletion implies the total or partial elimination of personal information as requested by the owner in the records, files, databases or treatments carried out by CARIÑO SANTO SAS The owner must note that the right of cancellation is not absolute and the person responsible may deny the exercise of the same when:

1. The owner has a legal or contractual obligation to remain in the database.

2. Obstruct judicial or administrative actions related to tax obligations, the investigation and prosecution of crimes or the updating of administrative sanctions.

3. They are necessary to protect the legally protected interests of the owner; to carry out an action based on the public interest, or to comply with a legal obligation acquired by the owner.

In the event that the cancellation of personal data is appropriate, CARIÑO SANTO SAS must operationally carry out the deletion in such a way that the elimination does not
allow information recovery.

INFORMATION SECURITY AND SECURITY MEASURES

Pursuant to the security principle established in current regulations, CARIÑO SANTO SAS has adopted the necessary technical, human and administrative measures to ensure the security of records, preventing their tampering, loss, consultation, unauthorized or fraudulent use or access. These measures, their protocols and procedures are contained in the respective information security documents, which are reserved for the internal use of the organization.

PERIOD OF VALIDITY OF THE DATABASES

The validity period of the databases will be the same as the validity period of the company CARIÑO SANTO SAS, except for those databases whose purpose is for a specific one-time activity and their validity will be until the end of said activity.

VALIDITY AND UPDATE OF THE POLICY

This policy is effective as of January 1, 2022

Lleva esta prenda a crédito Solicítalo Aquí
Paga a crédito con Addi en hasta 6 cuotas