- INTRODUCTION
The company, EMMIR-MILANO S.A.S., identified with NIT 901726107-4, hereinafter referred to as EMMIR-MILANO, is committed to the protection of privacy and all information that may be associated or related to natural persons (hereinafter “Personal Data”) to which it has access in the course of its activities and functions. EMMIR-MILANO receives, collects, uses, manages, analyzes, segments, transmits, transfers, stores, and, in general, processes Personal Data that may be obtained during the course and for the development of its activities and functions. Your Personal Data is very important to us and will be treated based on the principles established by Law 1581 of 2012 and other related regulations, and will be used only for the purposes stated in this Policy. - DATA PROCESSING CONTROLLER
EMMIR-MILANO, as the data processing controller, hereby provides its identification details through this Policy: NIT: 901726107-4 Main Address: ______ - PURPOSE
This Policy on the Processing of Personal Data and Privacy by EMMIR-MILANO (the “Policy”) aims to clearly and precisely describe the guidelines, principles, and procedures to protect the rights of data subjects and ensure compliance with the General Data Protection Regime of Colombia. It describes the purposes and types of Processing (as defined below) to which Personal Data will be subjected and identifies the department that will address queries, questions, claims, and complaints. - SCOPE
The Policy is directed at employees, former employees, visitors, clients and prospects, suppliers, contractors, both active and inactive creditors, business partners of EMMIR-MILANO, and any other third party related or involved in a transaction with EMMIR-MILANO in the course of its corporate purpose, whether in person, by phone, or in writing, and in general, to anyone whose Personal Data is being or will be processed by EMMIR-MILANO (the “Data Subjects”). This Policy will apply to all Processing carried out within the territory of the Republic of Colombia by EMMIR-MILANO and, where applicable, to those third parties with whom EMMIR-MILANO agrees to carry out all or part of any activity related to the Processing of Personal Data for which EMMIR-MILANO acts as the Controller (as defined below). The Policy will also apply to third parties with whom EMMIR-MILANO may eventually enter into Transmission agreements, so that such third parties are aware of the obligations that apply to them, the purposes to which they must adhere, and the security and confidentiality standards they must adopt when carrying out the Processing on behalf of EMMIR-MILANO. - APPLICABLE REGULATIONS
This Policy has been developed in accordance with the General Data Protection Regime applicable in Colombia, especially Articles 15 and 20 of the Political Constitution of Colombia, Law 1581 of 2012, Regulatory Decrees 1377 of 2013 and 1074 of 2015, and other regulations that modify, add, complement, or develop it. - DEFINITIONS
Expressions in parentheses, underscored, and written with initial capitals in this Policy shall have the meaning given to them before the parentheses. Undefined terms shall have the meaning that the law or applicable jurisprudence in Colombia grants them. Despite the foregoing, the following are the most relevant terms defined in this Policy:
Authorization: Prior, express, and informed consent of the Data Subject to carry out the Processing of personal data.
Authorized: It refers to EMMIR-MILANO and all persons under the responsibility of EMMIR-MILANO who, under the Authorization and this Policy, have legitimacy to carry out the Processing.
Privacy Notice: Verbal or written communication generated by the Controller (with EMMIR-MILANO being the Controller) addressed to the Data Subject for the Processing of their personal data. It informs the Data Subject about the existence of the information processing policies applicable to them, how to access them, and the purposes of the intended Processing of personal data.
Database: Organized set of personal data subject to Processing, electronic or not, in any modality of its formation, storage, organization, and access. EMMIR-MILANO will keep separate Databases in which it has the role of Processor from those in which it is the Controller.
Biometric Data: Physical, biological, or behavioral traits of an individual that identify them as unique from the rest of the population, such as fingerprints, DNA analysis, video images.
Personal Data: Any information linked or that can be associated with one or more specific or determinable natural persons, such as identification data (name, ID, age, gender), contact information (phone, email, address), information about profession or occupation, among other data.
Private Data: Data that, due to its intimate or reserved nature, is only relevant to the Data Subject.
Public Data: Data considered public include, among others, data related to the marital status of individuals, their profession or occupation, and their status as a merchant or public servant. By nature, public data may be contained in public records, public documents, gazettes, official bulletins, and duly executed judicial decisions that are not subject to confidentiality.
Semiprivate Data: Data that is not intimate, reserved, or public and whose knowledge or disclosure may be of interest not only to the Data Subject but also to a certain sector of people or society in general, such as financial and credit information.
Sensitive Data: Data that affects the privacy of the Data Subject or whose improper use could lead to discrimination, such as data revealing racial or ethnic origin, political orientation, religious or philosophical beliefs, membership in trade unions, social organizations, human rights organizations, or promoting the interests of any political party or guaranteeing the rights and guarantees of opposition political parties, as well as data related to health, sexual life, and biometric data.
Processor: Natural or legal person, public or private, who, on their own or in association with others, carries out the Processing of personal data on behalf of the Controller.
Legitimate: Individuals who can exercise the rights of the Data Subject, such as the Data Subject themselves, their successors, representatives, attorneys, and those who, by stipulation in favor of another or for another, are accredited, provided they can prove their status.
Processing Policy: Refers to this document, as a policy for the Processing of personal data applied by EMMIR-MILANO in accordance with the guidelines of current legislation.
Third Parties: Any natural or legal person with whom the Company has had, has, or may have commercial, labor, contractual, legal, or any other kind of relationships. These include employees, former employees, visitors, clients and prospects, suppliers, contractors, both active and inactive creditors, and business partners.
Data Controller: Natural or legal person, public or private, who, on their own or in association with others, decides on the database and/or the Processing of Data. For the purposes of this document, the data controller will be EMMIR-MILANO.
Processing: Any operation or systematic procedure, electronic or not, including tools such as cookies, that allows the collection, preservation, ordering, storage, modification, indexing, profiling, linking, use, circulation, analysis, segmentation, compilation, evaluation, blocking, destruction, and, in general, the processing of Personal Data, as well as its delivery to third parties through communications, queries, interconnections, assignments, data messages, and other means that serve the purpose.
Transfer: The Processing that involves the sending of information or Personal Data to a recipient, who is the Controller and may be located outside or inside the territory of the Republic of Colombia. In the Transfer, the recipient will act as the Controller and will not be subject to the terms and conditions of this Policy.
Transmission: The Processing that involves the communication of Personal Data within or outside the territory of the Republic of Colombia for the Processor to carry out the Processing of such Personal Data on behalf of the Controller. In the Transmission, the recipient will act as the Processor and will be subject to the Policy or the terms established in the corresponding Transmission contract.
Data Subject: The natural person to whom the Personal Data refers, whose information may be stored in a Database, and who is the subject of the right to habeas data.
- AUTHORIZATION
Any Processing of personal data that is not public must be preceded by obtaining Authorization. Therefore, EMMIR-MILANO, its employees, and authorized persons, prior to the collection of Personal Data, will obtain the Authorization signed by the Data Subject and will keep a copy of this document for future consultations. EMMIR-MILANO, as the Controller, has established the necessary mechanisms to obtain the Authorization of the Data Subjects, ensuring in any case that it is possible to verify the granting of said Authorization. The Authorization may be recorded in a physical document, electronic document, voice recording, or any other format that allows its subsequent consultation, or through a technical or technological mechanism by which it can be unequivocally concluded that, had there been no conduct by the Data Subject, the Personal Data would never have been captured and stored in the Database. The Authorization of the Data Subject will not be necessary when it comes to:
Information required by a public or administrative entity in the exercise of its legal functions or by court order.
Data of a public nature.
Cases of medical or health emergency.
Processing of information authorized by law for historical, statistical, or scientific purposes.
Data related to the Civil Registry of Persons.
- MEANS FOR AUTHORIZATION AND COLLECTION
EMMIR-MILANO may obtain Authorization for the Processing of Personal Data through different means:
Electronic: EMMIR-MILANO may use technological means, such as data messages, the internet, the official website, official social media chat accounts of the brands it sells, mobile applications, Google Forms or similar, and WhatsApp.
Written: EMMIR-MILANO may request the Data Subject’s Authorization physically and in person through their signature for the Processing of their Personal Data at their Points of Sale and at events and/or forums they organize.
Verbal: EMMIR-MILANO may request the Data Subject to provide Authorization verbally and audibly through its contact center.
Unambiguous Conduct: EMMIR-MILANO may obtain Authorization through unambiguous conduct, through which it can be unequivocally concluded that, had the Data Subject or the person authorized for this purpose not carried out such conduct
- DATA SUBJECT TO PROCESSING
To carry out the purposes described in this Policy, EMMIR-MILANO will process the following personal data:
9.1. Workers/Candidates/Interns/Former Workers
Contact information
Identification data
Demographic data (age, gender, place of residence, interests, occupation, income, and similar)
Financial data
Biometric data
Medical data
Data necessary for compliance with legal obligations
Sensitive data
Socioeconomic content data
9.2. Suppliers/Contractors
Contact information
Identification data
Data related to the profession or occupation
9.3. Customers/Prospects
Contact information
Identification data
Demographic data (age, gender, place of residence, and interests)
Financial data
Data related to the profession or occupation
Sensitive data
9.4. Visitors
Contact information
Identification data
9.5. Business Partners
Contact information
Identification data
Financial data
Data related to the profession or occupation
EMMIR-MILANO may also collect additional Personal Data considered relevant for the purposes authorized by the Data Subject (as described below).
- PURPOSES
In the course of its commercial activities, EMMIR-MILANO will process Personal Data. The Personal Data processed by EMMIR-MILANO shall be subject exclusively to the purposes outlined below and/or those accepted by the Data Subjects at the time of the collection of Personal Data. Likewise, Processors or third parties who have access to Personal Data by virtue of the Law, contract, or other binding document shall carry out the Processing for the achievement of the following purposes:
10.1. Workers/Candidates/Interns/Former Workers
Providing the Data Subject with relevant information, including payslips, statements, settlements, among others.
Conducting surveys of any kind.
Inviting to corporate events of EMMIR-MILANO, its partners, and investors.
Inviting to selection processes conducted by EMMIR-MILANO.
Evaluation of entry and the applicant’s recruitment process, including private investigations on individuals for security purposes and medical information about the entry examination.
Management of existing employment relationships, as well as the development of various activities established by EMMIR-MILANO.
For former workers, EMMIR-MILANO will store, even after the employment contract has ended, the information necessary to comply with obligations arising from the employment relationship under Colombian law.
Providing work certificates requested by former workers or third parties involved in a selection process.
Maintaining the security of EMMIR-MILANO buildings and facilities.
Conducting internal disciplinary processes and investigations.
Monitoring the use of work tools provided by EMMIR-MILANO.
Processing personal data to comply with legal and contractual obligations.
Managing cultural activities.
Conducting sociological and opinion surveys.
Granting and managing permits, licenses, and authorizations.
Reservations and issuance of transport and/or accommodation tickets.
Judicial procedures.
Carrying out activities within the human resources department, including personal training activities, payroll management, personnel management, compliance with social benefits, occupational risk prevention, promotion and management of employment, and promotion and selection of personnel.
Complying with obligations contracted by EMMIR-MILANO regarding salary payments, social benefits, and other remunerations established in the employment contract or as provided by law.
Complying with anti-money laundering regulations applicable to them.
Offering corporate wellness programs and planning business activities for the Data Subject and their beneficiaries (parents, children, spouse, permanent partner).
Providing information to third parties with whom EMMIR-MILANO has a contractual relationship and to whom it is necessary to deliver it for the fulfillment of the contracted purpose.
Epidemiological research and similar activities.
Knowledge about the mental health of workers.
10.2. Suppliers/Contractors
Compliance with legal or contractual obligations of EMMIR-MILANO with third parties.
Confirming and updating information and identity and that of their legal representative, as applicable.
Provision of services to EMMIR-MILANO.
Compliance with internal policies of EMMIR-MILANO.
Verification of compliance with obligations.
Offering and promoting new and existing products.
Managing and consolidating supplier and contractor records.
Conducting data update campaigns.
Conducting security studies.
Fraud prevention, money laundering, and terrorism financing prevention.
Carrying out and organizing promotional activities.
Administration of their information and communication systems.
Reporting information to competent authorities.
n. Consolidating and updating databases.
10.3. Visitors
Confirming and updating identity and contact information.
Maintaining the security of EMMIR-MILANO premises and facilities.
10.4. Customers/Prospects
Establishing and managing a contractual relationship.
Verifying identity and updating personal data.
Timely processing and managing requests, complaints, claims, and inquiries through different customer service channels related to MODISHMERCH’s products and/or services and/or its business partners.
Contacting for commercial, marketing, and contractual relationship management purposes, through any means, including data messages, social networks, and WhatsApp.
Contacting through telephone means to conduct surveys, studies, or confirmation of personal data necessary for the execution of a contractual relationship, for sending invoices, news related to loyalty campaigns, and service improvements.
Invitations to commercial, marketing, and after-sales events, and offering new products and services.
Sharing with third parties (agencies) to carry out commercial prospecting campaigns.
Providing contact information to the commercial force and/or distribution network, telemarketing, market research, and any third party with whom EMMIR-MILANO has a contractual relationship for the development of such activities (market research and telemarketing, etc.) for the execution thereof.
Conducting satisfaction and quality surveys regarding the goods and services offered by EMMIR-MILANO and/or its business partners.
Development of statistical analyses.
Managing applications and social media.
Monitoring the provision of services and products marketed by EMMIR-MILANO and/or its business partners.
Verifying and managing compliance with legal and contractual obligations, including fraud control and prevention and anti-money laundering.
Validating credit information in risk centers and/or making reports to these centers when necessary.
Collecting receivables.
Notifying about the status of credit applications with financial entities with which EMMIR-MILANO has a valid agreement for the acquisition of goods and services from EMMIR-MILANO.
For after-sales activities, including the provision of after-sales or warranty services on MODISHMERCH’s products and/or services.
Consolidating and updating databases.
Conducting data update campaigns.
Transmitting personal data outside the country to third parties with whom EMMIR-MILANO has signed a data processing contract and to whom it is necessary to deliver it for the fulfillment of the contractual purpose.
Conducting security campaigns.
Notifying changes in MODISHMERCH’s policies.
10.5. Business Partners:
Establish and Manage a Contractual Relationship: Initiate and oversee the development of a contractual relationship with business partners.
Confirm and Update Information and Identity: Verify and keep updated the information and identity of business partners and their legal representatives, as applicable.
Verify and Manage Compliance with Legal and Contractual Obligations: Ensure compliance with legal and contractual obligations, including the control and prevention of fraud and money laundering.
Validate Credit Information: Verify credit information through credit bureaus and report to these bureaus when necessary.
Monitor Compliance with Contractual Obligations: Keep track of the fulfillment of contractual obligations.
Monitor Authorized Distribution and Sales Centers: Monitor the management of authorized distribution and sales centers that are not part of MODISHMERCH’s Own Network.
Monitor Quotations, Sales, and Delivery of Products/Services: Monitor quotations, sales, and delivery of products and/or services by business partners on behalf of EMMIR-MILANO.
Monitor and Verify Post-sale Services: Monitor and verify the provision of post-sale services by business partners regarding MODISHMERCH’s products and/or services.
Send Updated Information for Contractual Relationship Development: Provide updated information that is useful for the development of the contractual relationship, including institutional, administrative, advertising, and marketing information, as well as technical characteristics of MODISHMERCH’s products and/or services and information relevant to the sector.
Submit Updated Information on Characteristics: Provide updated information on the characteristics of products and/or services.
Train and Educate Business Partners: Conduct training and provide education to business partners on essential topics for the proper development of the contractual relationship.
Notify the Status of Credit Requests: Inform about the status of credit requests with financial entities with which EMMIR-MILANO has current agreements for the acquisition of goods and services.
Consolidate and Update Databases: Consolidate and update databases, and provide information to authorities or public entities when required by legal, contractual, or consensus provisions.
- SHARING INFORMATION WITH THIRD PARTIES:
To Authorities as Required by Applicable Legislation: Share information with authorities as required by applicable legislation.
In Judicial or Administrative Processes: Disclose information to authorities requesting it as part of a judicial or administrative process where disclosure is necessary.
Tools Hired by EMMIR-MILANO for Communication and Marketing: Share information with tools hired by EMMIR-MILANO for communication and marketing with consumers, and for carrying out outsourcing services.
To the Network of Commercial, Service, and/or Financial Allies: Share information with the network of commercial, service, and/or financial allies of EMMIR-MILANO.
Other Cases Provided by the Law: Share information in other cases as stipulated by the law.
- RIGHTS OF DATA SUBJECTS:
Data Subjects can exercise various rights regarding the Processing of their Personal Data. These rights can also be exercised by the following individuals:
a. By the heirs of the Data Subject, who must prove such status.
b. By the representative and/or attorney-in-fact of the Data Subject, upon accreditation of representation or power of attorney.
c. By stipulation for the benefit of another and for another.
The rights of children or adolescents will be exercised by those authorized to represent them. According to the Law, Data Subjects have the following rights:
Right to Update: Update the Personal Data held in the databases of EMMIR-MILANO to maintain its integrity and accuracy.
Right to Knowledge and Access: Know and access their Personal Data stored by EMMIR-MILANO or the Processors. This access will be granted free of charge upon request at least once a month.
Right to Proof: Request proof of the Authorization granted to EMMIR-MILANO, unless the Law indicates that such Authorization is not necessary or has been validated in accordance with the provisions of Article 10 of Decree 1377 (Article 2.2.2.25.2.7 of Decree 1074 of 2015).
Right to Complaint: File complaints with the Superintendence of Industry and Commerce for violations of the Law once the requirement of procedurality has been exhausted and, as a first instance, approach EMMIR-MILANO.
Right to Rectification: Rectify information and Personal Data under the control of EMMIR-MILANO.
Right to Revocation: Request the revocation of the Authorization, provided there is no legal duty or contractual obligation on the part of the Data Subject with EMMIR-MILANO, according to which the Data Subject does not have the right to request the deletion of their Personal Data.
Right to Request: Submit requests to EMMIR-MILANO or the Processor regarding the use they have given to their Personal Data.
Right to Deletion: Request the deletion of their Personal Data from the databases of EMMIR-MILANO, provided there is no legal duty or contractual obligation on the part of the Data Subject with EMMIR-MILANO, according to which the Data Subject does not have the right to request the deletion of their Personal Data.
- DUTIES OF MODISHMERCH:
EMMIR-MILANO, in the Processing of Personal Data, will comply with the following duties, without prejudice to those provided in the provisions regulating the matter:
Request and keep proof of the authorization granted by the data subject for the processing of personal data.
Properly inform the data subject about the purpose of the collection and the rights granted to them under the granted authorization.
Keep the information under the necessary security conditions to prevent its alteration, loss, consultation, use, or unauthorized or fraudulent access.
Ensure that the information is truthful, complete, updated, verifiable, and understandable.
Timely update the information, thus addressing all updates regarding the data of the data subject.
Rectify the information when it is incorrect and communicate accordingly.
Respect the security and privacy conditions of the information of the data subject.
Process inquiries and claims made within the terms indicated by law.
Identify when certain information is under discussion by the data subject.
Inform, at the request of the data subject, about the use given to their data.
Comply with the requirements and instructions issued by the Superintendence of Industry and Commerce on the subject in particular.
Use only data whose processing has been previously authorized in accordance with the provisions of Law 1581 of 2012.
Ensure the proper use of the personal data of children and adolescents.
Refrain from circulating information that is being disputed by the data subject and whose blocking has been ordered by the Superintendence of Industry and Commerce.
Allow access to information only to those individuals who are authorized to access it.
Use the personal data of the data subject only for those purposes for which it is duly authorized, respecting in any case the current regulations on the protection of personal data.
Report to the Superintendence of Industry and Commerce any violations of security measures and/or the existence of risks in the administration of the information of the data subjects.
- CONFIDENTIALITY AND SECURITY MEASURES:
Confidentiality and the protection of Personal Data are a priority for EMMIR-MILANO. The company has established and maintained administrative, technical, and physical security measures to prevent damage, loss, alteration, destruction, as well as unauthorized or improper use, access, or disclosure. Additionally, in compliance with the security principle established by law, EMMIR-MILANO has adopted and will adopt the technical, technological, human, and administrative measures necessary to provide security to the records, safeguarding their confidentiality, integrity, and availability.
15.1 Area Responsible for Handling Queries, Complaints, and Requests:
MODISHMERCH’s Customer Service department is responsible for receiving queries, complaints, and requests from the Data Subject related to their rights to know, update, rectify, and delete Personal Data and revoke the Authorization. It will also ensure the timely and appropriate response from each area of EMMIR-MILANO to the requests, queries, and complaints of the Data Subjects.
a. Queries:
EMMIR-MILANO will receive and resolve queries from the Data Subject or Authorized Parties regarding:
What Personal Data of the Data Subject is stored in MODISHMERCH’s Databases?
What Processing is the Personal Data subject to?
What are the purposes intended to be satisfied?
Such queries must be sent in writing to the following email address: servicioalcliente@silidubai.com. EMMIR-MILANO will keep evidence of the query and its response. The query will be addressed within a maximum term of ten (10) business days from the date of receipt. If it is not possible to address the query within this term, the interested party will be informed, stating the reasons for the delay and indicating the date on which the query will be addressed, which will in no case exceed five (5) business days following the expiration of the initial term.
b. Complaints:
EMMIR-MILANO will receive and resolve complaints filed by the Data Subject or Authorized Parties regarding:
Personal Data processed by EMMIR-MILANO that must be corrected, updated, or deleted.
The alleged breach of any of MODISHMERCH’s obligations under the Law.
Such complaints must be sent in writing to the following email address: servicioalcliente@silidubai.com. If the complaint is incomplete, the interested party will be required to remedy the deficiencies within five (5) business days following the receipt of the complaint. If two (2) months have elapsed since the date of the request without the applicant providing the requested information, it will be understood that they have withdrawn the complaint. EMMIR-MILANO will keep evidence of the complaint and its response. The maximum term to address the complaint will be fifteen (15) business days counted from the business day following the date of its receipt. If it is not possible to address the complaint within this term, the interested party will be informed of the reasons for the delay and the date on which their complaint will be addressed, which will in no case exceed eight (8) business days following the expiration of the initial term.
c. Receipt of Requests:
EMMIR-MILANO will receive information requests from Data Subjects for the exercise of the rights of access, consultation, rectification, updating, deletion, and revocation referred to in Law 1581 of 2012, through the email servicioalcliente@silidubai.com. For the filing and handling of your requests, complaints, and claims, we ask you to provide the following information:
Full name.
Contact details (physical and/or electronic address and contact numbers).
Means to receive a response to your request.
Reason(s)/fact(s) that give rise to the claim with a brief description of the right you wish to exercise (know, update, rectify, request proof of the authorization granted, revoke it, delete, access information).
Signature (if applicable) and identification number.
- AUTOMATICALLY COLLECTED INFORMATION:
a.Our Websites:
When you visit our websites, information is automatically sent by the browser used on your device to the server of our web host and temporarily stored. EMMIR-MILANO has no control over this. The following information is also collected without any action on the part of EMMIR-MILANO and is stored until automatically deleted:
1. The IP address of the requesting web-enabled device.
2. The date and time of access.
3. The name and URL of the retrieved file.
4. The website/application from which access was made (referrer URL).
5. The browser used by you and, if applicable, the operating system of your web-enabled device.
The IP address of your device and the other data listed above are used for the following purposes:
1. Ensure a smooth connection.
2. Ensure that our website/application is easy to use.
3. Analyze the security and stability of the system.
4. Conduct digital patterns. The data is stored and automatically deleted once the aforementioned purposes are achieved.
b. Cookies and Web Analysis Tools
In order to make our website more attractive and enable the use of certain functions, we use so-called “cookies.” These are small text files that are stored on your device. Some of the cookies used by us are deleted after the end of the browser session, i.e., after you close your browser (“session cookies”). Other cookies remain on your device and allow us to recognize your browser the next time you visit the site (“permanent cookies”). Cookies do not allow us to access other files on your computer or identify your email address. Cookies may be used for the following purposes:
1. Record user activities on the website.
2. Measure the effectiveness of ads.
3. Distinguish unique users to calculate visitor, session, and campaign data.
4. Measurement of clicks, heatmaps, and visibility statistics of the site.
5. Generation of marketing strategies and campaigns.
6. Conduct digital patterns and information analysis.
EMMIR-MILANO may share information obtained through cookies with external individuals or third parties (allies, clients, suppliers, or companies linked to MODISHMERCH), in order to improve user services. Additionally, the information received through cookies will be used by EMMIR-MILANO and the aforementioned third parties for the purposes described in this document and any updates.
c. Location Data
We integrate geolocation options provided by third parties. Processed data may include, in particular, IP addresses and location data of users, but this data cannot be collected without your consent (usually provided in the settings of your mobile devices).
- PRIVACY NOTICE
The Privacy Notice is read on all forms or documents through which information is collected from the Data Subjects of the Personal Data handled by EMMIR-MILANO. When collected verbally, the Privacy Notice is communicated to the Data Subject in the same manner, and Authorization is documented through technical means provided for this purpose.
- ADVERTISEMENT AND POLICY MODIFICATIONS.
This Policy may be modified and will be an integral part of contracts entered into by EMMIR-MILANO where pertinent. Any substantial modification of this Policy must be communicated in advance to Data Subjects through the EMMIR-MILANO website: https://www.silidubai.com/
- POLICY AND DATABASE EFFECTIVE PERIOD
This Policy will come into effect from 19/09/22. The Personal Data stored, used, or transmitted will remain in the EMMIR-MILANO Database based on the criterion of temporality for the time necessary to fulfill the purposes mentioned in this Policy, for which they were collected, until their deletion is requested by the interested party, and as long as there is no legal obligation to retain them. Thus, the validity of the Database is closely related to the purposes for which the Personal Data were collected.
6. DEFINITIONS
Expressions in parentheses, underscored, and written with initial capitals in this Policy shall have the meaning given to them before the parentheses. Undefined terms shall have the meaning that the law or applicable jurisprudence in Colombia grants them. Despite the foregoing, the following are the most relevant terms defined in this Policy:
- Authorization: Prior, express, and informed consent of the Data Subject to carry out the Processing of personal data.
- Authorized: It refers to MODISHMERCH and all persons under the responsibility of MODISHMERCH who, under the Authorization and this Policy, have legitimacy to carry out the Processing.
- Privacy Notice: Verbal or written communication generated by the Controller (with MODISHMERCH being the Controller) addressed to the Data Subject for the Processing of their personal data. It informs the Data Subject about the existence of the information processing policies applicable to them, how to access them, and the purposes of the intended Processing of personal data.
- Database: Organized set of personal data subject to Processing, electronic or not, in any modality of its formation, storage, organization, and access. MODISHMERCH will keep separate Databases in which it has the role of Processor from those in which it is the Controller.
- Biometric Data: Physical, biological, or behavioral traits of an individual that identify them as unique from the rest of the population, such as fingerprints, DNA analysis, video images.
- Personal Data: Any information linked or that can be associated with one or more specific or determinable natural persons, such as identification data (name, ID, age, gender), contact information (phone, email, address), information about profession or occupation, among other data.
- Private Data: Data that, due to its intimate or reserved nature, is only relevant to the Data Subject.
- Public Data: Data considered public include, among others, data related to the marital status of individuals, their profession or occupation, and their status as a merchant or public servant. By nature, public data may be contained in public records, public documents, gazettes, official bulletins, and duly executed judicial decisions that are not subject to confidentiality.
- Semiprivate Data: Data that is not intimate, reserved, or public and whose knowledge or disclosure may be of interest not only to the Data Subject but also to a certain sector of people or society in general, such as financial and credit information.
- Sensitive Data: Data that affects the privacy of the Data Subject or whose improper use could lead to discrimination, such as data revealing racial or ethnic origin, political orientation, religious or philosophical beliefs, membership in trade unions, social organizations, human rights organizations, or promoting the interests of any political party or guaranteeing the rights and guarantees of opposition political parties, as well as data related to health, sexual life, and biometric data.
- Processor: Natural or legal person, public or private, who, on their own or in association with others, carries out the Processing of personal data on behalf of the Controller.
- Legitimate: Individuals who can exercise the rights of the Data Subject, such as the Data Subject themselves, their successors, representatives, attorneys, and those who, by stipulation in favor of another or for another, are accredited, provided they can prove their status.
- Processing Policy: Refers to this document, as a policy for the Processing of personal data applied by MODISHMERCH in accordance with the guidelines of current legislation.
- Third Parties: Any natural or legal person with whom the Company has had, has, or may have commercial, labor, contractual, legal, or any other kind of relationships. These include employees, former employees, visitors, clients and prospects, suppliers, contractors, both active and inactive creditors, and business partners.
- Data Controller: Natural or legal person, public or private, who, on their own or in association with others, decides on the database and/or the Processing of Data. For the purposes of this document, the data controller will be MODISHMERCH.
- Processing: Any operation or systematic procedure, electronic or not, including tools such as cookies, that allows the collection, preservation, ordering, storage, modification, indexing, profiling, linking, use, circulation, analysis, segmentation, compilation, evaluation, blocking, destruction, and, in general, the processing of Personal Data, as well as its delivery to third parties through communications, queries, interconnections, assignments, data messages, and other means that serve the purpose.
- Transfer: The Processing that involves the sending of information or Personal Data to a recipient, who is the Controller and may be located outside or inside the territory of the Republic of Colombia. In the Transfer, the recipient will act as the Controller and will not be subject to the terms and conditions of this Policy.
- Transmission: The Processing that involves the communication of Personal Data within or outside the territory of the Republic of Colombia for the Processor to carry out the Processing of such Personal Data on behalf of the Controller. In the Transmission, the recipient will act as the Processor and will be subject to the Policy or the terms established in the corresponding Transmission contract.
- Data Subject: The natural person to whom the Personal Data refers, whose information may be stored in a Database, and who is the subject of the right to habeas data.
7. AUTHORIZATION
Any Processing of personal data that is not public must be preceded by obtaining Authorization. Therefore, MODISHMERCH, its employees, and authorized persons, prior to the collection of Personal Data, will obtain the Authorization signed by the Data Subject and will keep a copy of this document for future consultations. MODISHMERCH, as the Controller, has established the necessary mechanisms to obtain the Authorization of the Data Subjects, ensuring in any case that it is possible to verify the granting of said Authorization. The Authorization may be recorded in a physical document, electronic document, voice recording, or any other format that allows its subsequent consultation, or through a technical or technological mechanism by which it can be unequivocally concluded that, had there been no conduct by the Data Subject, the Personal Data would never have been captured and stored in the Database. The Authorization of the Data Subject will not be necessary when it comes to:
Information required by a public or administrative entity in the exercise of its legal functions or by court order.
- Data of a public nature.
- Cases of medical or health emergency.
- Processing of information authorized by law for historical, statistical, or scientific purposes.
- Data related to the Civil Registry of Persons.
8. MEANS FOR AUTHORIZATION AND COLLECTION
MODISHMERCH may obtain Authorization for the Processing of Personal Data through different means:
- Electronic: MODISHMERCH may use technological means, such as data messages, the internet, the official website, official social media chat accounts of the brands it sells, mobile applications, Google Forms or similar, and WhatsApp.
- Written: MODISHMERCH may request the Data Subject’s Authorization physically and in person through their signature for the Processing of their Personal Data at their Points of Sale and at events and/or forums they organize.
- Verbal: MODISHMERCH may request the Data Subject to provide Authorization verbally and audibly through its contact center.
- Unambiguous Conduct: MODISHMERCH may obtain Authorization through unambiguous conduct, through which it can be unequivocally concluded that, had the Data Subject or the person authorized for this purpose not carried out such conduct
9. DATA SUBJECT TO PROCESSING
To carry out the purposes described in this Policy, MODISHMERCH will process the following personal data:
9.1. Workers/Candidates/Interns/Former Workers
- Contact information
- Identification data
- Demographic data (age, gender, place of residence, interests, occupation, income, and similar)
- Financial data
- Biometric data
- Medical data
- Data necessary for compliance with legal obligations
- Sensitive data
- Socioeconomic content data
9.2. Suppliers/Contractors
- Contact information
- Identification data
- Data related to the profession or occupation
9.3. Customers/Prospects
- Contact information
- Identification data
- Demographic data (age, gender, place of residence, and interests)
- Financial data
- Data related to the profession or occupation
- Sensitive data
9.4. Visitors
- Contact information
- Identification data
9.5. Business Partners
- Contact information
- Identification data
- Financial data
- Data related to the profession or occupation
MODISHMERCH may also collect additional Personal Data considered relevant for the purposes authorized by the Data Subject (as described below).
10. PURPOSES
In the course of its commercial activities, MODISHMERCH will process Personal Data. The Personal Data processed by MODISHMERCH shall be subject exclusively to the purposes outlined below and/or those accepted by the Data Subjects at the time of the collection of Personal Data. Likewise, Processors or third parties who have access to Personal Data by virtue of the Law, contract, or other binding document shall carry out the Processing for the achievement of the following purposes:
10.1. Workers/Candidates/Interns/Former Workers
- Providing the Data Subject with relevant information, including payslips, statements, settlements, among others.
- Conducting surveys of any kind.
- Inviting to corporate events of MODISHMERCH, its partners, and investors.
- Inviting to selection processes conducted by MODISHMERCH.
- Evaluation of entry and the applicant’s recruitment process, including private investigations on individuals for security purposes and medical information about the entry examination.
- Management of existing employment relationships, as well as the development of various activities established by MODISHMERCH.
- For former workers, MODISHMERCH will store, even after the employment contract has ended, the information necessary to comply with obligations arising from the employment relationship under Colombian law.
- Providing work certificates requested by former workers or third parties involved in a selection process.
- Maintaining the security of MODISHMERCH buildings and facilities.
- Conducting internal disciplinary processes and investigations.
- Monitoring the use of work tools provided by MODISHMERCH.
- Processing personal data to comply with legal and contractual obligations.
- Managing cultural activities.
- Conducting sociological and opinion surveys.
- Granting and managing permits, licenses, and authorizations.
- Reservations and issuance of transport and/or accommodation tickets.
- Judicial procedures.
- Carrying out activities within the human resources department, including personal training activities, payroll management, personnel management, compliance with social benefits, occupational risk prevention, promotion and management of employment, and promotion and selection of personnel.
- Complying with obligations contracted by MODISHMERCH regarding salary payments, social benefits, and other remunerations established in the employment contract or as provided by law.
- Complying with anti-money laundering regulations applicable to them.
- Offering corporate wellness programs and planning business activities for the Data Subject and their beneficiaries (parents, children, spouse, permanent partner).
- Providing information to third parties with whom MODISHMERCH has a contractual relationship and to whom it is necessary to deliver it for the fulfillment of the contracted purpose.
- Epidemiological research and similar activities.
- Knowledge about the mental health of workers.
10.2. Suppliers/Contractors
- Compliance with legal or contractual obligations of MODISHMERCH with third parties.
- Confirming and updating information and identity and that of their legal representative, as applicable.
- Provision of services to MODISHMERCH.
- Compliance with internal policies of MODISHMERCH.
- Verification of compliance with obligations.
- Offering and promoting new and existing products.
- Managing and consolidating supplier and contractor records.
- Conducting data update campaigns.
- Conducting security studies.
- Fraud prevention, money laundering, and terrorism financing prevention.
- Carrying out and organizing promotional activities.
- Administration of their information and communication systems.
- Reporting information to competent authorities.
n. Consolidating and updating databases.
10.3. Visitors
- Confirming and updating identity and contact information.
- Maintaining the security of MODISHMERCH premises and facilities.
10.4. Customers/Prospects
- Establishing and managing a contractual relationship.
- Verifying identity and updating personal data.
- Timely processing and managing requests, complaints, claims, and inquiries through different customer service channels related to MODISHMERCH’s products and/or services and/or its business partners.
- Contacting for commercial, marketing, and contractual relationship management purposes, through any means, including data messages, social networks, and WhatsApp.
- Contacting through telephone means to conduct surveys, studies, or confirmation of personal data necessary for the execution of a contractual relationship, for sending invoices, news related to loyalty campaigns, and service improvements.
- Invitations to commercial, marketing, and after-sales events, and offering new products and services.
- Sharing with third parties (agencies) to carry out commercial prospecting campaigns.
- Providing contact information to the commercial force and/or distribution network, telemarketing, market research, and any third party with whom MODISHMERCH has a contractual relationship for the development of such activities (market research and telemarketing, etc.) for the execution thereof.
- Conducting satisfaction and quality surveys regarding the goods and services offered by MODISHMERCH and/or its business partners.
- Development of statistical analyses.
- Managing applications and social media.
- Monitoring the provision of services and products marketed by MODISHMERCH and/or its business partners.
- Verifying and managing compliance with legal and contractual obligations, including fraud control and prevention and anti-money laundering.
- Validating credit information in risk centers and/or making reports to these centers when necessary.
- Collecting receivables.
- Notifying about the status of credit applications with financial entities with which MODISHMERCH has a valid agreement for the acquisition of goods and services from MODISHMERCH.
- For after-sales activities, including the provision of after-sales or warranty services on MODISHMERCH’s products and/or services.
- Consolidating and updating databases.
- Conducting data update campaigns.
- Transmitting personal data outside the country to third parties with whom MODISHMERCH has signed a data processing contract and to whom it is necessary to deliver it for the fulfillment of the contractual purpose.
- Conducting security campaigns.
- Notifying changes in MODISHMERCH’s policies.
10.5. Business Partners:
- Establish and Manage a Contractual Relationship: Initiate and oversee the development of a contractual relationship with business partners.
- Confirm and Update Information and Identity: Verify and keep updated the information and identity of business partners and their legal representatives, as applicable.
- Verify and Manage Compliance with Legal and Contractual Obligations: Ensure compliance with legal and contractual obligations, including the control and prevention of fraud and money laundering.
- Validate Credit Information: Verify credit information through credit bureaus and report to these bureaus when necessary.
- Monitor Compliance with Contractual Obligations: Keep track of the fulfillment of contractual obligations.
- Monitor Authorized Distribution and Sales Centers: Monitor the management of authorized distribution and sales centers that are not part of MODISHMERCH’s Own Network.
- Monitor Quotations, Sales, and Delivery of Products/Services: Monitor quotations, sales, and delivery of products and/or services by business partners on behalf of MODISHMERCH.
- Monitor and Verify Post-sale Services: Monitor and verify the provision of post-sale services by business partners regarding MODISHMERCH’s products and/or services.
- Send Updated Information for Contractual Relationship Development: Provide updated information that is useful for the development of the contractual relationship, including institutional, administrative, advertising, and marketing information, as well as technical characteristics of MODISHMERCH’s products and/or services and information relevant to the sector.
- Submit Updated Information on Characteristics: Provide updated information on the characteristics of products and/or services.
- Train and Educate Business Partners: Conduct training and provide education to business partners on essential topics for the proper development of the contractual relationship.
- Notify the Status of Credit Requests: Inform about the status of credit requests with financial entities with which MODISHMERCH has current agreements for the acquisition of goods and services.
- Consolidate and Update Databases: Consolidate and update databases, and provide information to authorities or public entities when required by legal, contractual, or consensus provisions.
11. SHARING INFORMATION WITH THIRD PARTIES:
- To Authorities as Required by Applicable Legislation: Share information with authorities as required by applicable legislation.
- In Judicial or Administrative Processes: Disclose information to authorities requesting it as part of a judicial or administrative process where disclosure is necessary.
- Tools Hired by MODISHMERCH for Communication and Marketing: Share information with tools hired by MODISHMERCH for communication and marketing with consumers, and for carrying out outsourcing services.
- To the Network of Commercial, Service, and/or Financial Allies: Share information with the network of commercial, service, and/or financial allies of MODISHMERCH.
- Other Cases Provided by the Law: Share information in other cases as stipulated by the law.
12. RIGHTS OF DATA SUBJECTS:
Data Subjects can exercise various rights regarding the Processing of their Personal Data. These rights can also be exercised by the following individuals:
- a. By the heirs of the Data Subject, who must prove such status.
- b. By the representative and/or attorney-in-fact of the Data Subject, upon accreditation of representation or power of attorney.
- c. By stipulation for the benefit of another and for another.
The rights of children or adolescents will be exercised by those authorized to represent them. According to the Law, Data Subjects have the following rights:
- Right to Update: Update the Personal Data held in the databases of MODISHMERCH to maintain its integrity and accuracy.
- Right to Knowledge and Access: Know and access their Personal Data stored by MODISHMERCH or the Processors. This access will be granted free of charge upon request at least once a month.
- Right to Proof: Request proof of the Authorization granted to MODISHMERCH, unless the Law indicates that such Authorization is not necessary or has been validated in accordance with the provisions of Article 10 of Decree 1377 (Article 2.2.2.25.2.7 of Decree 1074 of 2015).
- Right to Complaint: File complaints with the Superintendence of Industry and Commerce for violations of the Law once the requirement of procedurality has been exhausted and, as a first instance, approach MODISHMERCH.
- Right to Rectification: Rectify information and Personal Data under the control of MODISHMERCH.
- Right to Revocation: Request the revocation of the Authorization, provided there is no legal duty or contractual obligation on the part of the Data Subject with MODISHMERCH, according to which the Data Subject does not have the right to request the deletion of their Personal Data.
- Right to Request: Submit requests to MODISHMERCH or the Processor regarding the use they have given to their Personal Data.
- Right to Deletion: Request the deletion of their Personal Data from the databases of MODISHMERCH, provided there is no legal duty or contractual obligation on the part of the Data Subject with MODISHMERCH, according to which the Data Subject does not have the right to request the deletion of their Personal Data.
13. DUTIES OF MODISHMERCH:
MODISHMERCH, in the Processing of Personal Data, will comply with the following duties, without prejudice to those provided in the provisions regulating the matter:
- Request and keep proof of the authorization granted by the data subject for the processing of personal data.
- Properly inform the data subject about the purpose of the collection and the rights granted to them under the granted authorization.
- Keep the information under the necessary security conditions to prevent its alteration, loss, consultation, use, or unauthorized or fraudulent access.
- Ensure that the information is truthful, complete, updated, verifiable, and understandable.
- Timely update the information, thus addressing all updates regarding the data of the data subject.
- Rectify the information when it is incorrect and communicate accordingly.
- Respect the security and privacy conditions of the information of the data subject.
- Process inquiries and claims made within the terms indicated by law.
- Identify when certain information is under discussion by the data subject.
- Inform, at the request of the data subject, about the use given to their data.
- Comply with the requirements and instructions issued by the Superintendence of Industry and Commerce on the subject in particular.
- Use only data whose processing has been previously authorized in accordance with the provisions of Law 1581 of 2012.
- Ensure the proper use of the personal data of children and adolescents.
- Refrain from circulating information that is being disputed by the data subject and whose blocking has been ordered by the Superintendence of Industry and Commerce.
- Allow access to information only to those individuals who are authorized to access it.
- Use the personal data of the data subject only for those purposes for which it is duly authorized, respecting in any case the current regulations on the protection of personal data.
- Report to the Superintendence of Industry and Commerce any violations of security measures and/or the existence of risks in the administration of the information of the data subjects.
14. CONFIDENTIALITY AND SECURITY MEASURES:
Confidentiality and the protection of Personal Data are a priority for MODISHMERCH. The company has established and maintained administrative, technical, and physical security measures to prevent damage, loss, alteration, destruction, as well as unauthorized or improper use, access, or disclosure. Additionally, in compliance with the security principle established by law, MODISHMERCH has adopted and will adopt the technical, technological, human, and administrative measures necessary to provide security to the records, safeguarding their confidentiality, integrity, and availability.
15.1 Area Responsible for Handling Queries, Complaints, and Requests:
MODISHMERCH’s Customer Service department is responsible for receiving queries, complaints, and requests from the Data Subject related to their rights to know, update, rectify, and delete Personal Data and revoke the Authorization. It will also ensure the timely and appropriate response from each area of MODISHMERCH to the requests, queries, and complaints of the Data Subjects.
a. Queries:
- MODISHMERCH will receive and resolve queries from the Data Subject or Authorized Parties regarding:
- What Personal Data of the Data Subject is stored in MODISHMERCH’s Databases?
- What Processing is the Personal Data subject to?
- What are the purposes intended to be satisfied?
- Such queries must be sent in writing to the following email address: servicioalcliente@silidubai.com. MODISHMERCH will keep evidence of the query and its response. The query will be addressed within a maximum term of ten (10) business days from the date of receipt. If it is not possible to address the query within this term, the interested party will be informed, stating the reasons for the delay and indicating the date on which the query will be addressed, which will in no case exceed five (5) business days following the expiration of the initial term.
b. Complaints:
- MODISHMERCH will receive and resolve complaints filed by the Data Subject or Authorized Parties regarding:
- Personal Data processed by MODISHMERCH that must be corrected, updated, or deleted.
- The alleged breach of any of MODISHMERCH’s obligations under the Law.
- Such complaints must be sent in writing to the following email address: servicioalcliente@silidubai.com. If the complaint is incomplete, the interested party will be required to remedy the deficiencies within five (5) business days following the receipt of the complaint. If two (2) months have elapsed since the date of the request without the applicant providing the requested information, it will be understood that they have withdrawn the complaint. MODISHMERCH will keep evidence of the complaint and its response. The maximum term to address the complaint will be fifteen (15) business days counted from the business day following the date of its receipt. If it is not possible to address the complaint within this term, the interested party will be informed of the reasons for the delay and the date on which their complaint will be addressed, which will in no case exceed eight (8) business days following the expiration of the initial term.
c. Receipt of Requests:
- MODISHMERCH will receive information requests from Data Subjects for the exercise of the rights of access, consultation, rectification, updating, deletion, and revocation referred to in Law 1581 of 2012, through the email servicioalcliente@silidubai.com. For the filing and handling of your requests, complaints, and claims, we ask you to provide the following information:
- Full name.
- Contact details (physical and/or electronic address and contact numbers).
- Means to receive a response to your request.
- Reason(s)/fact(s) that give rise to the claim with a brief description of the right you wish to exercise (know, update, rectify, request proof of the authorization granted, revoke it, delete, access information).
- Signature (if applicable) and identification number.
16. AUTOMATICALLY COLLECTED INFORMATION:
a.Our Websites:
When you visit our websites, information is automatically sent by the browser used on your device to the server of our web host and temporarily stored. MODISHMERCH has no control over this. The following information is also collected without any action on the part of MODISHMERCH and is stored until automatically deleted:
1. The IP address of the requesting web-enabled device.
2. The date and time of access.
3. The name and URL of the retrieved file.
4. The website/application from which access was made (referrer URL).
5. The browser used by you and, if applicable, the operating system of your web-enabled device.
The IP address of your device and the other data listed above are used for the following purposes:
1. Ensure a smooth connection.
2. Ensure that our website/application is easy to use.
3. Analyze the security and stability of the system.
4. Conduct digital patterns. The data is stored and automatically deleted once the aforementioned purposes are achieved.
b. Cookies and Web Analysis Tools
In order to make our website more attractive and enable the use of certain functions, we use so-called “cookies.” These are small text files that are stored on your device. Some of the cookies used by us are deleted after the end of the browser session, i.e., after you close your browser (“session cookies”). Other cookies remain on your device and allow us to recognize your browser the next time you visit the site (“permanent cookies”). Cookies do not allow us to access other files on your computer or identify your email address. Cookies may be used for the following purposes:
1. Record user activities on the website.
2. Measure the effectiveness of ads.
3. Distinguish unique users to calculate visitor, session, and campaign data.
4. Measurement of clicks, heatmaps, and visibility statistics of the site.
5. Generation of marketing strategies and campaigns.
6. Conduct digital patterns and information analysis.
MODISHMERCH may share information obtained through cookies with external individuals or third parties (allies, clients, suppliers, or companies linked to MODISHMERCH), in order to improve user services. Additionally, the information received through cookies will be used by MODISHMERCH and the aforementioned third parties for the purposes described in this document and any updates.
c. Location Data
We integrate geolocation options provided by third parties. Processed data may include, in particular, IP addresses and location data of users, but this data cannot be collected without your consent (usually provided in the settings of your mobile devices).
17. PRIVACY NOTICE
The Privacy Notice is read on all forms or documents through which information is collected from the Data Subjects of the Personal Data handled by MODISHMERCH. When collected verbally, the Privacy Notice is communicated to the Data Subject in the same manner, and Authorization is documented through technical means provided for this purpose.
18. ADVERTISEMENT AND POLICY MODIFICATIONS.
This Policy may be modified and will be an integral part of contracts entered into by MODISHMERCH where pertinent. Any substantial modification of this Policy must be communicated in advance to Data Subjects through the MODISHMERCH website: [https://www.silidubai.com/](https://www.silidubai.com/)
19. POLICY AND DATABASE EFFECTIVE PERIOD
This Policy will come into effect from 19/09/22. The Personal Data stored, used, or transmitted will remain in the MODISHMERCH Database based on the criterion of temporality for the time necessary to fulfill the purposes mentioned in this Policy, for which they were collected, until their deletion is requested by the interested party, and as long as there is no legal obligation to retain them. Thus, the validity of the Database is closely related to the purposes for which the Personal Data were collected.