CONTACT
  • EN-CO
    •  
  • EN-CO

    • The Firm

    Practices and Sectors

    News

    Legal knowledge

    Team

    • Find a lawyer
    • Practices and Sectors
      Position
      Office

    Talent

    BCN BOG BRU CDMX LIS LON MAD MDE MTY NYC SGP

    T: +34 91 436 04 20

    Contact us

    Home

    Privacy Notice – eDisclaimer

    eDisclaimer – Email

    This message and all attachments are sent for the sole use of the recipient and may contain confidential and/or legally privileged information. If you are not the intended recipient, you are hereby informed that the dissemination, distribution, copying or other use of this message or its attachments is strictly prohibited. If you have received this message in error, please notify the sender immediately and delete it from your computer. Unauthorised use or dissemination of this message is prohibited. We remind you that Internet communications are not secure and can be intercepted by third parties.

    Please note that all e-mails are systematically scanned by our systems and by a third-party provider to remove viruses and unsolicited promotional mail (“spam”). This practice could result in the deletion of legitimate e-mail messages before they can be read by their recipient. Please contact us if you have any questions or issues related to this automatic filtering.

    PERSONAL DATA PROCESSING POLICY

    I. Introduction

    In order to comply with current legislation on the protection of personal data, we hereby inform you of the relevant aspects relating to the processing of your personal data by PÉREZ-LLORCA GÓMEZ-PINZÓN S.A.S.  and GÓMEZ-PINZÓN PROPIEDAD INTELECTUAL S.A.S. (hereinafter referred to collectively as the “Company”) on the basis of the authorisation granted by you or other legal grounds. In this personal data processing policy you will find the corporate and legal guidelines under which the Company processes your data, the purpose, your rights as a Data Subject, as well as the internal and external procedures for exercising these rights.

    II. Definitions

    In interpreting this Policy, please note the following definitions:

    • Personal data: any information linked or capable of being linked to one or more specific or identifiable natural person(s);
    • Data Processor or Processor: a natural or legal person, public or private, who alone or in association with others, carries out the Processing of Personal Data on behalf of the Company as Data Controller;
    • Applicable law: Law 1581 of 2012, Decree 1377 of 2013 (compiled in Decree 1074 of 2015), Title V of the Sole Circular of the Superintendence of Industry and Commerce and other applicable regulations on data protection in Colombia.
    • Personal Data Processing Policy or Policy: refers to this document as the personal data processing policy applied by the Company in accordance with the guidelines of the legislation in force on the subject;
    • Data Controller: natural or legal person, public or private, who alone or in association with others, decides on the database and/or the Processing of the data. For the purposes of this policy, the Company will act as Data Controller, in principle;
    • Data subject: natural person whose personal data is the subject of Processing, whether a client, supplier, employee or any third party who, due to a commercial or legal relationship, provides personal data to the Company;
    • Transfer: refers to the transfer by the Company, as Data Controller or Data Processor, to a third party or natural/legal person (recipient), within or outside the national territory, for the effective processing of Personal Data;
    • Transmission: refers to the communication of Personal Data by the Controller to the Processor, located within or outside the national territory, so that the Processor, on behalf of the Controller, processes personal data; and
    • Processing: Any operation or set of operations on Personal Data, such as collection, storage, use, circulation or deletion.
    • For the understanding of the terms that are not included in the above list, you should refer to the legislation in force, in particular to Law 1581 of 2012 and Decree 1377 of 2013, giving the meaning used in said law to the terms whose definition is in doubt.

    III. The principles

    In order to properly comply with the applicable Law, when the Company processes Personal Data, it will be governed by the following principles:

    • Principle of legality: the Processing of Personal Data is an activity that must be subject to the provisions of the rules that regulate the matter.
    • Principle of purpose: the Processing must obey a legitimate purpose in accordance with the Constitution and the applicable Law, which must be informed to the Data Subject by the means provided for by law;
    • Principle of freedom: Processing may only be carried out with the prior, express and informed consent of the Data Subject. Personal Data may not be obtained or disclosed without prior authorisation, or in the absence of a legal or judicial mandate that waives consent;
    • Principle of accuracy or quality: the information subject to processing must be accurate, complete, precise, up-to-date, verifiable and understandable. The Company must refrain from processing partial, incomplete, fragmented or misleading data;
    • Principle of transparency: the right of the Data Subject to obtain from the Controller or Processor, at any time and without restriction, information about the existence of data that concerns them, in accordance with the rules regulating this access, must be guaranteed in the Processing;
    • Principle of restricted access and circulation: Processing may only be carried out by persons authorised by the Data Subject and/or by the persons provided for in the applicable law, for which purpose the Company must take the necessary steps to obtain the corresponding authorisation from the Data Subject as necessary;
    • Principle of security: the information subject to Processing by the Company as Controller or Processor will be handled with the necessary technical, human and administrative measures to ensure the security of the data, and to prevent its falsification, loss, unauthorised access or use;
    • Principle of confidentiality: all Company personnel and others involved in the Processing of Personal Data in the name and on behalf of the Company are obliged to guarantee the confidentiality of the information; and the
    • Principle of demonstrated accountability: in collecting and processing Personal Data, the Company will implement appropriate and effective measures to comply with its obligations under applicable law.

    IV. Information about the Data Controller

    Company Name: Pérez-Llorca Gómez-Pinzón S.A.S / Gómez-Pinzón Propiedad Intelectual S.A.S.

    NIT.: 800.175.087 – 3 / 830.121.797-1

    Address: Calle 67 # 7 – 35 Of. 1204 Bogotá D.C., Colombia

    Phone: 601 3192900

    E-mail:dpo@perezllorca.com

    V. Processing and Purposes

    By virtue of the relationship established between the Company and the Data Subject, we inform you that Personal Data may be subject to collection, use, updating, circulation, transmission, transfer, deletion and, in general, any form of manual or automated processing, which will be carried out in accordance with the following purposes that will be previously communicated to the Data Subject, corresponding, in any case, to the development of its corporate purpose and the ordinary course of its commercial activities.

    1. General Purposes:

    The purposes described below apply to all data processed by the Company:

    • Recording information in the Company’s systems;
    • Monitoring access to the Company’s physical or technological facilities;
    • Conducting identity verification processes;
    • Paying contractual obligations;
    • Transmitting and transferring Personal Data to third parties within and outside Colombia, complying with the applicable legal guarantees for each of these operations. The Company may transfer or transmit Personal Data in connection with corporate name changes, mergers, spin-offs, consolidations, share sales, acquisitions, divestitures or other restructuring or transformation processes, and to support external or internal, national or international audits;
    • Transmitting and transferring Personal Data to affiliated, subsidiary or parent companies and in general to companies which are part of the Pérez-Llorca Group located in Spain and the European Economic Area, complying with the legal guarantees applicable to each of these operations;
    • Providing information to governmental or judicial bodies at their express request or in the context of disputes;
    • Supporting external or internal audit processes both national and international;
    • Reporting on material changes to the Policy adopted by the Company;
    • Establishing and managing pre-contractual and contractual relationships of a commercial, labour, civil or any other nature arising from the fulfilment of a legal or contractual obligation of the Company.
    • Responding to requests, queries, claims and/or complaints;
    • Sending information that may be of interest by e-mail, SMS, telephone or any other electronic or physical channel, in accordance with the relationship with the Company;
    • Analysing data and tracking communications for statistical and commercial purposes;
    • Consulting and verifying Personal Data in judicial and/or background databases, whether public or private, national or international, to ensure the control and prevention of fraud and money laundering, and all information necessary for SAGRILAFT; and
    • Any other purpose resulting from the relationship between the Data Subject and the Company or from the authorisation given by the Data Subject.
    1. Human Resources:

    The Company processes Personal Data of applicants, former and current employees, trainees and other members of staff and, in some cases, their family members, for the following purposes:

    • Carrying out selection processes;
    • Managing and processing job applications;
    • Conducting information queries in public and private, national and international databases for background checks and academic certification verifications;
    • Scheduling interviews;
    • Performing analyses and tests related to health;
    • Deploying evaluation processes and/or information reliability studies;
    • Including the Personal Data in the employment contract, its amendments and other documents necessary to manage the employment relationship and the obligations arising therefrom;
    • Identifying the challenges faced by employees so that the Company can improve the employee experience;
    • Analysing issues of diversity, inclusion and equal opportunities;
    • Conducting satisfaction surveys;
    • Modifying work agreements taking into account health and disability conditions;
    • Conducting job performance appraisals and employment promotion programmes;
    • Managing the information necessary for the Company to properly fulfil its obligations as an employer. For example: processing the affiliations to which employees are entitled by law with respect to the Social Security System, Family Compensation Funds and other matters related to social benefits, contributions, withholdings, taxes, labour disputes, as well as in the case of contributions or payments to other entities where employees have previously authorised the Processing of their Personal Data;
    • Managing the Personal Data of employees and their family members that they are entitled to process in order to carry out the procedures to sign them up to health insurance companies, family compensation funds, labour risk administrators and others necessary for the Company, as an employer, to comply with its legal obligations;
    • Paying wages;
    • Dealing with requests to issue certificates and other documents related to the employment relationship;
    • Making emergency contacts;
    • Keeping records relating to attendance, vacation and other leave and sickness absence;
    • Managing travel and expenses (including travel arrangements, tracking/recording corporate credit card transactions, expense report management and travel emergency management);
    • Ensuring the correct application of the provisions of the Internal Working Regulations and other internal rules, including disciplinary procedures and relevant investigations;
    • Making and sending reports to public authorities;
    • Maintaining active and historical labour records and keeping them up to date;
    • Supporting and managing the work and performance of employees, as well as any health issues;
    • Managing conflicts of interest;
    • Publishing on the Company’s internal communication channels, websites, social networks and media; and
    • Providing work tools (including IT tools such as email, corporate social networks, computers, mobile devices, access to databases, etc.) that store personal and impersonal information, which will be monitored, processed and retained by the Company for documentary, operational and legal defence purposes, even after the legal relationship has ended.
    1. Suppliers and/or Contractors:

    The Company processes the Personal Data of suppliers/contractors who are natural persons, individual contractors and their personnel, as well as that of the personnel and representatives of its suppliers/contractors if they are legal entities, in accordance with the following purposes:

    • Implementing selection and contract award processes;
    • Appropriately managing the contractual relationship;
    • Informing, communicating, organising, checking, attending to and certifying activities related to their status as supplier and/or third party related to the Company, and other associated processes under their responsibility;
    • Paying invoices and bills submitted to the Company, including the management of bank account numbers in order for the payment to be processed correctly;
    • Evaluating services or goods offered or provided;
    • Complying with any other legal obligations that fall under the Company’s responsibility;
    • Analysing the financial, technical and other aspects that allow the Company to identify the contractor/supplier’s capacity to fulfil their obligations;
    • Complying with the obligations arising from the business relationship; and
    • Providing general and/or commercial assistance and/or information.
    1. Clients and business prospects:

    The Company processes the Personal Data of clients and commercial prospects who are natural persons, and their personnel, as well as that of the personnel and representatives of its clients if they are legal entities, in accordance with the following purposes:

    • Preparing budgets and proposals;
    • Appropriately managing the contractual relationship;
    • Informing, communicating, organising, checking, attending to and certifying activities related to their status as client and/or third party related to the Company, and other associated processes under their responsibility;
    • Issuing invoices and receipts submitted to the Company;
    • Complying with any other legal obligations that fall under the Company’s responsibility;
    • Complying with the obligations arising from the business relationship;
    • Providing general and/or commercial assistance and/or information;
    • Registering requests for the provision of services; and
    • Implementing customer loyalty management actions.
    1. Persons recorded and monitored by CCTV:

    The Company employs closed-circuit television (CCTV) to monitor its physical premises, which involves the Processing of Data for the following purposes:

    • Maintaining security at the Company’s premises;
    • Conducting investigative activities related to the commission of crimes, misdemeanours and irregularities; and
    • Providing training to the Company’s human resources department.

    VI. Data Subjects’ Rights

    In accordance with Article 8 of Law 1581 of 2012, you, as a Data Subject, have the following rights with regard to your personal data:

    • To know, update and rectify your personal data with respect to the Company as Data Controller or Data Processors. This right may be exercised, among other things, in relation to data that is partial, inaccurate, incomplete, fragmented or misleading;
    • To request proof of the authorisation granted to the Company as Data Controllers unless expressly exempted as a requirement for the Processing;
    • To be informed by the Company, as Data Controllers or by the Processor, upon request, regarding the use made of your personal data;
    • To file complaints before the Superintendency of Industry and Commerce for infringements of the provisions of this law and other regulations that modify, add to or complement it;
    • To revoke the authorisation and/or request the deletion of the data when the Processing does not respect the constitutional and legal principles, rights and guarantees; and
    • To have access, free of charge, to your personal data that has been subject to Processing.

    In the following section, you will find the procedure through which you can exercise your rights as Data Subject.

    VII. Department responsible for dealing with queries and complaints from Data Subjects

    The person in charge of dealing with queries and complaints, and in general monitoring compliance with the applicable Law within the Company is the Data Protection Officer. Data Subjects may exercise their rights through verbal communication, by submitting a written communication and/or by sending an e-mail, through any of the following contact channels:

    Address: Calle 67 No. 7-35 Oficina 1204 Bogotá, D.C. – Colombia

    Phone: 601 319 2900

    Email: dpo@perezllorca.com

     

    VIII. Enquiries and complaints procedures

    Consultations: Data Subjects who wish to make enquiries should bear in mind that the Company, as Data Controller, will provide such persons with the information requested and, if not specified, all the information contained in the individual record or that is linked to the identification of the Data Subject. The enquiry must be made through the channels provided by the Company and will be dealt with within a maximum of ten (10) working days from the date of receipt of the request. When it is not possible to handle the enquiry within this timeframe, the interested party will be informed, with the reasons for the delay and indicating the date on which the consultation will be attended to, which in no case may exceed five (5) working days following the expiry of the first term, without prejudice to the provisions contained in special laws or regulations issued by the National Government, which may establish shorter terms, depending on the nature of the Personal Data.

    Complaints: Any Data Subject who considers that the information contained in a Company Database should be corrected, updated or deleted, or when they notice the alleged breach of any of the duties contained in the applicable Law, may file a complaint with the Company or the Data Processor, which will be processed under the following rules:

    (i) The complaint will be formulated through a request addressed to the Data Controller or the Data Processor, with the identification of the Data Subject, the description of the facts relevant to the complaint and the address, accompanied by any relevant documents.

    (ii) If the complaint is lacking information, the interested party will be required to rectify the faults within five (5) days of receipt of the claim. If two (2) months have elapsed from the date of the request without the applicant submitting the required information, it will be understood that they have withdrawn their claim.

    (iii) In the event that the person who receives the complaint is not competent to resolve it, they will transfer it to the appropriate person within a maximum period of two (2) working days and inform the interested party of the situation.

    (iv) Once the complete complaint has been received, within a period not exceeding two (2) working days, a note will be included in the Database stating “complaint being processed” and the reasons for the complaint. This note will be maintained until the complaint is resolved on the merits.

    (v) The maximum term for dealing with the complaint will be fifteen (15) working days from the day following the date of its receipt. If it is not possible to deal with the complaint within this period, the interested party will be informed of the reasons for the delay and the date on which the complaint will be dealt with, which in no case may exceed eight working days following the expiry of the first period.

    IX. Database validity period

    The Company may only carry out the Processing of Personal Data for the time that is reasonable and necessary, in accordance with the purposes that justified the Processing, taking into account the provisions applicable to the matter in question and the administrative, accounting, fiscal, legal and historical aspects of the information. Once the purpose for the Processing has been fulfilled, the Personal Data will be deleted from the Company’s files, unless there is a legal or contractual duty that requires it to keep them in its Databases.

    X. Date of entry into force

    This version of the Policy came into force on 1 July 2025.

    preload imagepreload image