Cámara Colombia India de Comercio e Industria

Menu
Facebook X-twitter Instagram Linkedin
JOIN

Personal Data Processing Policy

1. IDENTIFICATION OF THE DATA CONTROLLER

The Colombia-India Chamber of Commerce and Industry, a private non-profit entity, identified with Tax ID (NIT) 900250734-4, domiciled in the city of Bogotá D.C., Colombia, is responsible for the processing of personal data collected in the course of its corporate purpose.

Contact Information of the data controller:

2. GENERAL FRAMEWORK AND PURPOSE OF THE POLICY

The purpose of this Policy is to establish the guidelines for the processing of personal data collected by the Colombia-India Chamber of Commerce and Industry, guaranteeing the exercise of the fundamental right of habeas data, in accordance with the Political Constitution of Colombia, Law 1581 of 2012, and regulations that develop it.

This Policy applies to all personal data collected, stored, used, circulated, or deleted by the Chamber, in both physical and electronic media.

3. DEFINITIONS

  1. a) Authorization: Prior, express, and informed consent granted by the Data Subject for the Controller to process their personal data.

    b) Privacy Notice: Verbal or written communication generated by the Controller, informing the Data Subject about the existence of personal data processing policies, how to access them, and the purposes of processing.

    c) Database: An organized set of personal data subject to processing, regardless of the storage medium, whether physical, electronic, or digital.

    d) Personal Data: Any information linked or that can be associated with one or more identified or identifiable natural persons.

    e) Public Data: Data that is not semi-private, private, or sensitive. Public data includes, among others, data related to marital status, profession or occupation, and status as a merchant or public servant, as well as data contained in public records.

    f) Private Data: Data that due to its intimate or reserved nature is only relevant to the Data Subject and whose processing requires authorization.

    g) Semi-Private Data: Data that is not intimate, reserved, or public, whose knowledge or disclosure may be of interest both to the Data Subject and to a specific sector or group of people.

    h) Sensitive Data: Data affecting the privacy of the Data Subject or whose misuse may lead to discrimination, such as data revealing racial or ethnic origin, political orientation, religious or philosophical beliefs, union membership, health data, sexual life, or biometric data. Providing this data is optional.

    i) Data Processor: A natural or legal person, public or private, that processes personal data on behalf of the Controller, in accordance with its instructions.

    j) Data Controller: A natural or legal person, public or private, that decides on the database and/or the processing of personal data.

    k) Data Subject: The natural person whose personal data is subject to processing.

    l) Processing: Any operation or set of operations performed on personal data, such as collection, storage, use, circulation, transmission, transfer, or deletion.

    m) Transmission of Personal Data: Processing that involves communicating personal data, within or outside the national territory, so that a Data Processor processes it on behalf of the Controller.

    n) Transfer of Personal Data: Sending personal data by the Controller or Processor to a third party acting as Controller and located within or outside the national territory.

    o) Habeas Data: The fundamental right of every person to know, update, rectify, and delete information collected about them in databases or files, as well as to revoke authorization granted for its processing, under the terms of the law.

4. PROCESSING OF PERSONAL DATA AND PURPOSES

The Colombia-India Chamber of Commerce and Industry may collect, store, use, circulate, and delete personal data, with prior authorization from the Data Subject, for legitimate purposes related to the development of its institutional activities.

In general, personal data will be processed for the following purposes:

  1. a) Managing the institutional relationship and development of Chamber activities, including planning, execution, monitoring, and control of events, programs, initiatives, and other actions related to its corporate purpose.

    b) Facilitating institutional communication and sending information, content, and materials related to the activities, services, and projects developed by the Chamber, before, during, and after their execution.

    c) Evaluating, improving, and strengthening the quality of services and activities through information analysis, participant feedback, and results measurement.

    d) Promoting participation and engagement of individuals and legal entities in the Chamber’s activities, programs, and services, as well as in future institutional initiatives.

    e) Documenting and disseminating institutional activities through photographic, audiovisual, and other records for archiving, dissemination, communication, and historical memory purposes, respecting image rights, authorship, and intellectual property, without generating any economic compensation.

    f) Transmitting personal data to national or international data processors when necessary for Chamber activities, technological support, event logistics, or service provision, under agreements guaranteeing confidentiality, security, and limited use according to the law.

    g) Transferring personal data to national or international third-party controllers when necessary for the Chamber’s corporate purpose, alliances, agreements, joint activities, or legal obligations, subject to legal requirements and, when applicable, Data Subject authorization.

    h) Preparing analyses, reports, statistics, and internal reports necessary for decision-making, institutional management, and compliance with legal, statutory, or administrative obligations.

Additionally, the Chamber processes personal data according to authorized purposes, defined based on the type of relationship with the entity, as follows:

4.1. Members, Affiliates, and Institutional Participants

Personal data of affiliates, members, strategic allies, and regular participants are processed to:

  1. Manage institutional, commercial, and cooperation relationships.

  2. Maintain updated affiliation and participation records.

  3. Send institutional, commercial, academic, and relevant information.

  4. Organize and manage participation in events, committees, meetings, trade missions, and business rounds.

  5. Conduct networking and relationship-building activities.

  6. Prepare internal reports, statistics, and analyses.

  7. Comply with legal, statutory, accounting, administrative, and reporting obligations.

4.2. Event Attendees and Participants

Personal data of individuals registering for or attending events is processed to:

  1. Manage event registration and participation.

  2. Send confirmations, reminders, logistics information, and materials.

  3. Measure event quality and participant satisfaction.

  4. Invite participants to future activities or services.

  5. Record photographic and audiovisual material during events.

  6. Prepare participation statistics and reports.

4.3. Suppliers, Contractors, and Operational Partners

Personal data is processed to:

  1. Manage selection, evaluation, and contracting processes.

  2. Execute contractual relationships, including administrative and payment processes.

  3. Verify legal and contractual compliance.

  4. Maintain historical commercial and contractual records.

  5. Share necessary information with third parties under confidentiality obligations.

4.4. Legal Representatives and Business Contacts

Personal data is processed to:

  1. Facilitate institutional and commercial communication.

  2. Manage commercial relationships and cooperation agreements.

  3. Verify representation authority and legal compliance.

  4. Send relevant information about Chamber activities.

  5. Maintain business relationship and international cooperation records.

4.5. Employees, Collaborators, and Candidates (When Applicable)

Personal data is processed to:

  1. Conduct recruitment and hiring processes.

  2. Manage employment or contractual relationships.

  3. Comply with labor and social security obligations.

  4. Develop training and internal wellbeing activities.

  5. Maintain legally required historical records.

4.6. Visitors to Physical Facilities

Personal data is processed to:

  • Control access to facilities.

  • Guarantee security of facilities and people.

  • Maintain access logs according to internal protocols.

5. AUTHORIZATION

Personal data processing is carried out with prior, express, and informed authorization from the Data Subject, except in cases legally exempted.

Authorization may be obtained through physical or electronic means, including registration forms, event registrations, digital platforms, emails, written communications, or any mechanism that records consent.

The Data Subject may revoke authorization or request data deletion unless legal or contractual obligations prevent it.

5.1. Proof of Authorization

The Chamber implements measures to preserve proof of authorization, which may include physical documents, electronic records, databases, system logs, or recordings.

5.2. Cases Where Authorization Is Not Required

  • Information requested by public authorities or court order.

  • Public data.

  • Medical or health emergencies.

  • Data processing authorized by law for historical, statistical, or scientific purposes.

  • Civil registry data.

6. DATA SUBJECT RIGHTS

Data Subjects have the right to know, update, rectify, delete their data, request proof of authorization, be informed about data use, revoke authorization, access data free of charge, file complaints before the Superintendence of Industry and Commerce (SIC), and refrain from answering questions about sensitive data or minors.

7. AREA RESPONSIBLE FOR REQUESTS AND CLAIMS

The administrative area is responsible for handling data-related requests.

Contact:
Email: info@camaracolombiaindia.org

8. PROCEDURE FOR EXERCISING RIGHTS

Requests must include:

  • Name and identification

  • Clear request description

  • Contact details

  • Supporting documents (if applicable)

8.1 Response Terms:

  • Inquiries: up to 10 business days (+5 extension).

  • Claims: up to 15 business days (+8 extension).

9. SENSITIVE DATA AND MINORS’ DATA

Sensitive data and minors’ data will be processed only with express authorization and protecting the minor’s best interests.

10. INFORMATION SECURITY

The Chamber adopts reasonable technical, human, and administrative measures to protect personal data from loss, misuse, unauthorized access, alteration, or disclosure.

11. POLICY AND DATABASE VALIDITY

This Policy becomes effective upon publication and remains valid as long as necessary for its purposes.

Personal data will be retained while a legal, contractual, or institutional relationship exists and thereafter as required by law or legitimate purposes.

Any substantial changes to this Policy will be communicated to Data Subjects before implementation.