PRIVACY NOTICE


CAFÉ GRANJA LA ESPERANZA SACI , a company legally incorporated by Public Deed No. 2423 of November 29, 2002 of Notary Fifteen (15) of the Cali Circle, registered in the Chamber of Commerce of Cali under number 213857 of Book IX, with address in the city of Cali, department of Valle del Cauca, identified with NIT 805.024.170-8 (hereinafter, "THE RESPONSIBLE" or the "Company"), in compliance with the provisions of article 15 of the Political Constitution of Colombia, Statutory Law 1581 of 2012, Regulatory Decree 1377 of 2013, Single Regulatory Decree 1074 of 2015, and other concordant regulations, informs the owners of personal data that it collects, stores, uses, transmits, transfers and, in general, treats personal data within the framework of its e-commerce operation in accordance with the following terms:

IDENTIFICATION OF THE DATA CONTROLLER

Company name: CAFE GRANJA LA ESPERANZA SACI
NIT: 805.024.170-8
Address: Cali, Valle del Cauca, Colombia
Contact email: sales@cafeenigma.com

PURPOSES OF THE TREATMENT

The personal data that THE CONTROLLER collects directly from the owners, or through its digital platforms (www.cafeenigma.com), will be processed for the following purposes:

Manage user registration and authentication on the digital platform.
Execute the product purchase and sale process, including payment processing, invoicing, shipping, and logistics.
Comply with contractual, legal, accounting and tax obligations.
Respond to requests, complaints, and claims from users or customers.
Send commercial, promotional or advertising communications, in accordance with the prior authorization of the owner.
Analyze browsing habits and purchasing behavior using tracking technologies (cookies) with express authorization.
Conduct market research, satisfaction surveys, preference analysis, and profiling.
Manage relationships with suppliers, distributors or strategic allies.
Comply with requirements of administrative or judicial authorities, where applicable.

GUIDING PRINCIPLES OF TREATMENT


THE CONTROLLER guarantees that the processing of personal data is governed by the principles enshrined in Law 1581 of 2012, particularly:

Legality: All processing activities will be carried out within the applicable legal framework.
Purpose: The data will be processed for legitimate purposes, previously informed to the owner.
Freedom: The treatment will be carried out with the free, express and informed authorization of the owner.
Veracity: The accuracy and timeliness of the data collected is ensured.
Transparency: The data subject may obtain information about the processing at any time.
Restricted access and circulation: Access to data is limited to authorized persons.
Security: Appropriate technical, human and administrative measures will be implemented.
Confidentiality: Individuals who access the data will be required to maintain confidentiality even after their relationship with the Company ends.

RIGHTS OF THE HOLDER

The holders of personal data processed by the Company have the following rights:

Know, update and rectify your personal data.
Request proof of the authorization granted for the treatment.
Be informed about the use of your data.
Revoke authorization and/or request deletion of data, unless there is a legal or contractual obligation that prevents it.
Access your personal data for free.
File complaints with the Superintendency of Industry and Commerce (SIC), after filing a direct complaint with the Company.

INTERNATIONAL DATA TRANSFER AND TRANSMISSION

In the course of its operations, THE CONTROLLER may transmit personal data nationally or internationally to Data Processors located in Colombia or abroad, provided that contractual clauses guarantee compliance with the data protection regime in Colombia.

When international transfers are required to countries that do not have an adequate level of protection, specific authorization from the data subject will be requested, or the exceptions in Article 26 of Law 1581 of 2012 will be used, or the corresponding declaration of compliance will be processed before the SIC, where applicable.

USE OF COOKIES AND TRACKING TECHNOLOGIES

THE CONTROLLER informs that the website www.cafeenigma.com uses cookies and similar technologies to improve the user experience. The processing of data collected through cookies is considered personal data processing and will be carried out in accordance with the purposes previously authorized by the owner. The user may accept, configure, or reject the use of non-essential cookies through interactive mechanisms available on the website.

INFORMATION SECURITY

THE CONTROLLER has adopted administrative, technical, and organizational security measures to guarantee the confidentiality, integrity, and availability of personal information, in accordance with the security principle and the nature of the data collected, including but not limited to:

Sensitive data encryption protocols (SSL/HTTPS).
Access control, authentication and system monitoring policies.
Training programs in data protection and security incident management.
Incident reporting procedures in accordance with SIC External Circular 003 of 2018.

MECHANISMS FOR EXERCISING RIGHTS

Holders may exercise their rights through the channels provided in this notice, following the procedures established in articles 14 and 15 of Law 1581 of 2012. Requests will be attended to within the legal deadlines: ten (10) business days for inquiries, and fifteen (15) business days for claims, extendable in accordance with current regulations.

9. VALIDITY OF THE NOTICE

This Privacy Notice is effective from the date of its publication and will remain in effect as long as the purpose of the processing continues or there is a legal obligation to retain the information.

To learn in detail the conditions, procedures, mechanisms, requirements and responsibilities associated with the processing of personal data, data subjects may consult the Personal Data Processing Policy at any time, available at: www.cafeenigma.com/privacy-policies