PERSONAL DATA PROCESSING POLICY

  1. INTRODUCTION


In compliance with the provisions of article 15 of the Political Constitution, Statutory Law 1581 of 2012, Decree 1377 of 2013, Single Regulatory Decree 1074 of 2015, the jurisprudence of the Superintendence of Industry and Commerce (SIC), and other concordant regulations, CAFÉ GRANJA LA ESPERANZA SACI , identified with NIT 805.024.170-8, as Responsible for the Processing of Personal Data, establishes this Policy to define the corporate guidelines that regulate the collection, storage, use, circulation, deletion, transmission and national and international transfer of personal data, within the framework of its commercial and electronic commerce activities.


This Policy applies to all processing of personal data carried out by the Company through its physical, electronic and digital channels, including its website www.cafeenigma.com , corporate social networks, mobile applications, electronic communications and any other means of direct or indirect data collection.


2. IDENTIFICATION OF THE DATA CONTROLLER


  • Company Name: CAFE GRANJA LA ESPERANZA SACI

  • NIT: 805.024.170-8

  • Main address: Cali, Valle del Cauca, Republic of Colombia

  • Contact email: sales@cafeenigma.com

  • Contact phone number: 3113392002



3. DEFINITIONS AND KEY CONCEPTS


The terms used in this Policy shall have the meaning attributed to them by Article 3 of Law 1581 of 2012 and Decree 1377 of 2013. For illustrative purposes:


  • Personal data: Information linked to or that can be associated with one or more specific or identifiable natural persons.


  • Sensitive data: Information that affects the privacy of the data subject or whose misuse may lead to discrimination (health, biometric data, religious beliefs, sexual orientation, etc.).


  • Data controller: Legal entity that decides on the database and/or processing.


  • Data Processor: Person who processes data on behalf of the Controller.


  • Authorization: Prior, express and informed consent of the owner for the treatment.


  • Processing: Any operation or set of operations on personal data.



4. GUIDING PRINCIPLES APPLICABLE TO TREATMENT


All personal data processing carried out by CAFÉ GRANJA LA ESPERANZA is subject to the following guiding principles:


  1. Legality: The processing will be lawful and in accordance with the law.


  1. Purpose: The processing will have legitimate, explicit and previously informed purposes.


  1. Freedom: Processing will only be carried out with the prior, express and informed consent of the data subject.


  1. Truthfulness: The information must be complete, accurate and up-to-date.


  1. Transparency: The right of the data subject to know how their data is being processed is guaranteed.


  1. Restricted access and circulation: Only the owner and authorized persons may access the data.


  1. Security: Administrative, technical and physical measures will be implemented to protect information.


  1. Confidentiality: Any person involved in the processing will maintain confidentiality even after their contractual relationship has ended.

5. PERSONAL DATA PROCESSED


CAFÉ GRANJA LA ESPERANZA may collect and process the following categories of personal data:

  • Identification data: name, surname, identification number, age, sex.


  • Contact information: physical address, email, mobile phone.


  • Commercial and financial information: purchase history, bank details, payment methods.


  • Browsing and digital behavior data: cookies, IP addresses, product viewing history, geolocation.


  • Data associated with interactions: comments, surveys, PQRs, responses to marketing campaigns.


Sensitive data or data from minors will not be collected without express authorization and in accordance with current legal parameters.



6. PURPOSES OF THE PROCESSING


Personal data will be processed for the following purposes:


  1. Verify the identity of the holder.


  1. Manage purchasing, billing, shipping, and after-sales processes.


  1. Perform customer segmentation and behavioral analysis.


  1. Send commercial information about products, news and events.


  1. Send notifications about order status and policy updates.


  1. Conduct market research, satisfaction surveys, and A/B testing.


  1. Comply with accounting, tax, regulatory, and contractual obligations.


  1. Prevent digital fraud, identity theft, and unauthorized access.


  1. Manage internal databases and technology platforms.


  1. Manage international transmissions or transfers of personal data when necessary.


7. SECURITY MEASURES



CAFÉ GRANJA LA ESPERANZA has implemented technical and organizational security policies in accordance with the security principles established by Law 1581. These include:


  • Using SSL certificates and encrypting data in transit.

  • Cloud infrastructure with multi-layered protection and secure backup.

  • Reinforced authentication protocols (two-factor where required).

  • Access logging and continuous monitoring of the digital environment.

  • Security incident management and notification to the SIC in case of significant impacts.


8. USE OF COOKIES AND MONITORING TECHNOLOGIES


This website uses its own and third-party cookies (Google Analytics, Meta Pixel, among others) for the following purposes:


  • Ensure the technical functionality of the website.

  • Remember user preferences.

  • Analyze browsing behavior.

  • Offer personalized advertising and retargeting.

  • Measure the effectiveness of advertising campaigns.


Users may configure or reject the use of non-essential cookies using the consent management banner available on the website. Further details are available in our Cookie Policy .


9. DATA TRANSFER AND TRANSMISSION


CAFÉ GRANJA LA ESPERANZA may transmit or transfer data to third parties under the following circumstances:


  • Data processors (e.g., payment gateways, hosting providers, logistics services).


  • International transfers : only when the recipient country has an adequate level of protection or there is express authorization from the holder, or by virtue of a declaration of compliance from the SIC.


  • Transmission contracts: In accordance with Article 18 of Decree 1377, agreements will be entered into with those in charge that guarantee confidentiality, security, and exclusive use in accordance with the Controller's instructions.


10. RIGHTS OF THE OWNER


The owner of personal data has the following rights:


  1. Access, know and consult your processed personal data.


  1. Request the update or correction of incorrect data.


  1. Revoke authorization and/or request deletion of data, unless there is a legal or contractual impediment.


  1. Request proof of the authorization granted.


  1. Be informed about the use of your data.


  1. File complaints with the SIC if you believe any rights have been violated.




11. PROCEDURES FOR EXERCISING RIGHTS


Requests must be addressed to the Controller's official contact channel and contain, at a minimum, the following: the data subject's name, identification, a clear description of the request, contact information, and, in the case of complaints, relevant documentary evidence.


The terms of attention will be:


  • Consultations: up to 10 business days (extendable by 5 days).


  • Claims: up to 15 business days (extendable by 8 days), in accordance with Article 15 of Law 1581.


12. VALIDITY OF THE POLICY AND DATABASES


This policy will remain in effect as long as the Controller processes data.


The databases will be retained for a reasonable and necessary period to fulfill the purposes of the processing and legal obligations.


13. MODIFICATIONS TO THE POLICY


Any substantial changes will be notified to the owner at least five business days in advance by email, notice on the website, or through the usual digital channel.

Minor modifications will be incorporated without additional consent.


Would you like me to draft the specific Cookie Policy to link to this policy, or the international data transmission agreement ? I can also generate the explicit authorization form in compliance with Article 12 of Law 1581 of 2012.