top of page
Frailejones - Colombia_edited.jpg

Habeas Data

1. Purpose

This Personal Data Processing Policy regulates the processing, storage, use, circulation, and deletion of personal data carried out by Aritmétika, in accordance with the provisions contained in the Political Constitution of Colombia, Statutory Law 1581 of 2012, Decree 1074 of 2015, and Colombian constitutional jurisprudence, which establish the general provisions for the protection of personal data. Terms written in capital letters throughout this document shall have the meaning assigned to them in Statutory Law 1581 of 2012, Decree 1074 of 2015, and other applicable regulations.

2. Data Controller Information

Aritmétika S.A.S.
Address: Carrera 7 # 77 - 07 Of. 1401
City: Bogotá D.C.
Phone: 601 7449783
Email: sarlaft@aritmetika.com.co

3. Principles

The processing of personal data is based on the principles established in Law 1581 of 2012:

  • Principle of legality: Personal data processing is a regulated activity that must comply with the law and applicable provisions.

  • Purpose limitation principle: Processing must pursue a legitimate purpose informed to the Data Subject.

  • Consent principle: Processing requires prior, express, and informed consent from the Data Subject.

  • Data quality principle: Data must be truthful, complete, accurate, updated, verifiable, and understandable.

  • Transparency principle: Data Subjects have the right to obtain information about their data at any time.

  • Restricted access and circulation: Data processing is limited to authorized persons and legal provisions.

  • Security principle: Technical, human, and administrative measures must protect data from unauthorized access or misuse.

  • Confidentiality principle: All individuals involved must ensure data confidentiality, even after their relationship ends.

4. Data Subject Rights

Data Subjects have the right to:

a) Know, update, and rectify their personal data.
b) Request proof of authorization.
c) Be informed about how their data is used.
d) File complaints before the Superintendence of Industry and Commerce.
e) Revoke authorization and/or request data deletion when rights are violated.
f) Access their personal data free of charge.
g) Process minors’ data through legal representatives, strictly for economic rights assignment purposes.

5. Authorization of the Data Subject

Except where legally exempt, Aritmétika requires prior and informed authorization from the Data Subject for data processing, which must be verifiable later.

Authorization is not required in cases such as:

  • Requests by public authorities or court orders

  • Public data

  • Medical emergencies

  • Statistical, historical, or scientific purposes authorized by law

  • Civil registry data

Authorizations are recorded with date and identity of the person granting them. Information may be provided through electronic or other means and must be accessible and consistent with database records.

6. Duties of the Data Controller

Aritmétika commits to:

  • Guaranteeing the exercise of Habeas Data rights

  • Requesting and preserving authorizations

  • Informing data subjects of processing purposes

  • Ensuring data security

  • Keeping information accurate and updated

  • Handling inquiries and claims

  • Reporting security breaches

  • Complying with authorities’ instructions

7. Purposes of Processing

Aritmétika processes personal data to fulfill its corporate purpose and business activities, including:

 

A. Commercial follow-up with counterparties:

  • Service delivery

  • Marketing and advertising

  • Event communication

  • Satisfaction surveys

  • Background checks (SAGRILAFT)

  • Financial and accounting compliance

 

B. Potential counterparties:

  • Lead profiling and monitoring

  • Business relationship tracking

 

C. Shareholders and investors:

  • Registry and communication

  • Legal compliance

 

D. Employees and contractors:

  • Payroll, benefits, and performance evaluation

  • Workplace safety and compliance

  • Access control (biometrics, images, video)

 

E. Candidates:

  • Recruitment and selection processes

  • Background verification

 

F. Suppliers:

  • Payment processing

  • Commercial and tax compliance

 

Additionally:

  • Compliance with legal obligations

  • Audits and legal processes

  • Government reporting

 

Aritmétika will not sell or disclose personal data unless authorized or legally required.

8. Sensitive Data

Sensitive data (e.g., biometric data, health data, video recordings) is processed with explicit authorization, except where legally exempt.

9. Database Processing

Data is:

  • Collected, stored, updated

  • Backed up

  • Reported to authorities when required

It will not be used beyond stated purposes.

10. Procedures for Requests and Complaints

  • Consultations: Answered within 10 business days

  • Claims: Processed through established channels

  • Revocation/deletion: Available unless legal obligations prevent it

11. Contact Channels

Email: notificaciones@aritmetika.com.co / sarlaft@aritmetika.com.co
 

Address: Carrera 7 # 77 - 07 Of. 1401

 

City: Bogotá D.C.

 

Phone: 601 7449783
 

Business hours: Mon–Thu 8:00–12:00 / 14:00–17:00; Fri 8:00–15:30

12. Database Description Matrix

Includes databases for:

  • Employees

  • Clients and counterparties

  • Suppliers

  • Investors

  • Shareholders

Each includes purpose, collection method, validity, and responsible area.

13. Information Security

Aritmétika implements measures to protect personal data from unauthorized access.

14. Validity

This Policy has been approved, adopted, and updated by Aritmétika’s Risk Committee.

bottom of page