WhatsApp
WhatsApp
  • ES ES
  • EN EN
  • ZH ZH

Privacy Policy

PERSONAL DATA PROTECTION AND PROCESSING POLICY       

  1. INTRODUCTION

BLACK PACIFIC LOGISTIC SAS is a Colombian platform whose main activity is offering empty container storage services to various international players.

BLACK PACIFIC LOGISTIC SAS and in order to strictly comply with current regulations on the protection of Personal Data, in accordance with the provisions of Law 1581 of 2012, Decree 1074 of 2015 and other provisions that modify, add to or complement them, presents the following POLICY FOR THE PROTECTION AND PROCESSING OF PERSONAL DATA (hereinafter “Processing Policy”) with the purpose of protecting the personal information provided by the Holders who have a relationship with BLACK PACIFIC LOGISTIC SAS such as suppliers, clients, allies, collaborators and any other natural or legal person subject to habeas data, from which BLACK PACIFIC LOGISTIC SAS obtains, collects, processes or processes information or personal data, whether such processing is carried out by BLACK PACIFIC LOGISTIC SAS or by third parties who do so on its behalf.

The Data Processing Policy aims to protect the constitutional right of Habeas Data that all persons have to know, update, and rectify the information that has been collected and stored in the different databases of BLACK PACIFIC LOGISTIC SAS (hereinafter “BPL”), and by virtue of compliance with said right, it only collects and processes Personal Data when previously authorized by its Owner, implementing for this purpose, clear measures regarding confidentiality and privacy of Personal Data. Likewise, it details the general corporate guidelines that are taken into account in order to protect the Personal Data of the Owners, the purposes of Information Processing, the area responsible for addressing complaints and claims, and the procedures that must be exhausted to know, update, rectify and delete the information and the respective channels through which they can exercise them.

  1. DEFINITIONS

In the development, interpretation and application of this Data Processing Policy, the law, regulations and current legislation will be understood and taken into account in a harmonious and comprehensive manner, the following definitions:

RESTRICTED ACCESS : Level of access to information limited to previously defined parameters. The company will not make Personal Data available for access through the Internet or other mass media, unless technical measures are established to control access and restrict it to authorized individuals only.

AUTHORIZATION : Prior, express and informed consent of the Owner to carry out the processing of personal data.

AREA RESPONSIBLE FOR DATA PROTECTION : This is the area within the company responsible for monitoring and controlling the application of the Personal Data Protection Policy and the implementation of the Comprehensive Personal Data Protection Program.

AREA RESPONSIBLE FOR HANDLING REQUESTS, COMPLAINTS, CLAIMS AND QUERIES : Requests, complaints, claims and queries made by data subjects will be handled by whomever BPL determines.

PRIVACY NOTICE : Verbal or written communication addressed to the Holders of personal data being processed by the company, in which they are informed about the existence of the personal data processing policies that will be applied to them, how to access them, and the purposes for which their personal data will be used.

DATABASE : An organized set of Personal Data that is subject to processing. Includes physical and electronic files.

DATA QUALITY : The personal data subject to processing must be truthful, complete, accurate, up-to-date, verifiable, and understandable. When it has partial, incomplete, fragmented, or misleading personal data, BPL must refrain from processing it or request the Data Subject to complete or correct the information.

RESTRICTED CIRCULATION : Personal data will only be processed by BPL’s designated personnel or those responsible for carrying out such activities. Personal data may not be disclosed to anyone who is not authorized or has not been authorized to process it.

CONFIDENTIALITY : An information security element that allows us to determine who can access it and under what circumstances. The confidentiality of non-public data must be protected in order to guarantee the confidentiality of the information.

DATABASE CUSTODIAN : Natural person, within the company, who safeguards personal databases.

PERSONAL DATA : Any information linked to or that can be associated with one or more specific or identifiable natural persons. “Personal data” should therefore be understood as information related to a natural person (an individual considered as an individual)

PUBLIC DATA : Data that is not semi-private, private, or sensitive. Public data includes, among others, data relating to a person’s marital status, their profession or occupation, and their status as a merchant or public servant. By its nature, public data may be contained in, among other things, public registries, public documents, official gazettes and bulletins, and duly enforceable court rulings that are not subject to confidentiality.

SEMI-PRIVATE DATA : This is information that is not of an intimate, reserved or public nature and whose knowledge or disclosure may be of interest not only to its owner but also to a certain sector or group of people or to society in general, as is the case with financial, credit or commercial activity data.

SENSITIVE DATA : Data that affects the privacy of the owner or whose improper use may lead to discrimination, such as data that reveals racial or ethnic origin, political orientation, religious or philosophical beliefs, membership in unions, social organizations, human rights organizations or that promotes the interests of any political party or that guarantees the rights and guarantees of opposition political parties, as well as data related to health, sexual life and biometric data.

RIGHTS OF CHILDREN AND ADOLESCENTS : The prevailing rights of children and adolescents will be respected in the processing of data. Only data of a public nature may be processed.

DATA PROCESSOR : A natural or legal person, public or private, who, either alone or in association with others, processes personal data on behalf of the Data Controller. BPL acts as the personal data processor in cases where it, either alone or in association with others, processes personal data on behalf of a data controller.

WAYS TO COLLECT PERSONAL DATA : BPL, by any means, may know, collect, store, and manage the information of the information owner in accordance with the data use policy contained in this document through the following means: (i) Acceptance and use of the application; (ii) Registration and use of the BLACK PACIFIC LOGISTIC SAS website or platform; (iii) Subscription to any type of contract, alliance, and/or agreement with BLACK PACIFIC LOGISTIC SAS; (iv) Registration as an ally of BLACK PACIFIC LOGISTIC SAS

HABEAS DATA : This is the right of the owner of personal data to demand from the administrators of the data access, inclusion, exclusion, correction, addition, updating and rectification of the data, as well as the limitation of its disclosure, publication or transfer.

DIGITAL INFORMATION : All information that is stored or transmitted by electronic and digital means such as email or other information systems.

DATA CONTROLLER : A natural or legal person, public or private, who, either alone or in association with others, decides on the database and/or the processing of data. BPL acts as the personal data controller for all personal data over which it directly decides, in compliance with its legally recognized functions.

OWNER : Natural or legal person whose personal data is being processed. In the context of this personal data processing policy, owners may be: (i) subscribers/clients; (ii) contractors; (iii) suppliers; (iv) partners; (v) all persons not affiliated with BLACK PACIFIC LOGISTIC SAS whose personal data is being processed.

TRANSFER OF PERSONAL DATA : Data transfer occurs when the Controller and/or Processor of personal data, located in Colombia, sends the information or personal data to a recipient, who is in turn the Controller and is located within or outside the country.

TRANSMISSION OF PERSONAL DATA : Processing of personal data that involves communicating the same within or outside the territory of the Republic of Colombia when the purpose is to carry out processing by the Data Processor on behalf of the Controller.

PROCESSING : Any operation or set of operations on Personal Data carried out by BPL or the Data Processors, such as collection, storage, use, circulation or deletion.

VIOLATION OF PERSONAL DATA : It is the crime defined in article 269 of the Penal Code, which establishes: ” Whoever, without being authorized to do so, for personal benefit or that of a third party, obtains, compiles, removes, offers, sells, exchanges, sends, buys, intercepts, discloses, modifies or uses personal codes, personal data contained in files, archives, databases or similar means, will incur a prison sentence of forty-eight (48) to ninety-six (96) months and a fine of 100 to 1000 current legal monthly minimum wages.

  1. GUIDING PRINCIPLES FOR THE PROCESSING OF PERSONAL DATA

As established in Title II of Statutory Law 1581 of 2012, the protection of personal data shall be governed by the harmonious and comprehensive application of the following principles:

Principle of legality in the processing of personal data : The processing of personal data referred to in Statutory Law 1581 of 2012 is a regulated activity that must be subject to the provisions of the Statutory Law and other provisions that develop it.

Principle of purpose : The processing of personal data must comply with a legitimate purpose in accordance with the Constitution and the law, which must be communicated to the Data Subject.

Principle of freedom : Personal data may only be processed with the prior, express, and informed consent of the Data Subject. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal or judicial order that waives consent.

Principle of truthfulness or quality : The information subject to processing must be truthful, complete, accurate, up-to-date, verifiable, and understandable. The processing of partial, incomplete, fragmented, or misleading data is prohibited.

Transparency Principle : In the processing of personal data, the right of the Data Subject to obtain from the Data Controller or the Data Processor, at any time and without restrictions, information about the existence of data concerning him or her must be guaranteed.

Security Principle : The information subject to processing by the Data Controller or Data Processor referred to in Statutory Law 1581 of 2012 must be handled with the technical, human and administrative measures necessary to ensure the security of the records, preventing their adulteration, loss, consultation, use or unauthorized or fraudulent access.

Confidentiality Principle : All persons involved in the processing of personal data that are not public in nature are required to guarantee the confidentiality of the information, even after their relationship with any of the tasks comprising the processing has ended, and may only provide or communicate personal data when this corresponds to the development of the activities authorized in Statutory Law 1581 of 2012 and under the terms thereof.

Principle of restricted access and circulation : Processing is subject to the limits arising from the nature of the personal data, the provisions of Statutory Law 1581 of 2012, and the Constitution. In this regard, processing may only be carried out by persons authorized by the Data Controller and/or by the persons provided for in the aforementioned law

  1. RIGHTS OF THE HOLDERS

In compliance with the fundamental guarantees enshrined in the Constitution and the law, and without prejudice to the provisions of other regulations governing the matter, personal data subjects may exercise the following rights free of charge and without restrictions:

  1. Know, update and rectify the Data in front of him or the Data Processors.
  2. Request proof of the authorization granted, or any other authorization signed by the owner of the Personal Data for this purpose, except when expressly exempted as a requirement for data processing in accordance with the law.
  3. To be informed by the Entity or the Data Processor, upon request, regarding the use that has been given to the data.
  4. Submit complaints to the Competent Authority for violations of the provisions of the law and other regulations that modify, replace or add to it.
  5. Revoke authorization and/or request the deletion of data when the processing does not respect constitutional and legal principles, rights, and guarantees.

The revocation and/or deletion will be reviewed by the company’s departments. Data deletion will only occur when the Competent Authority has determined that, in processing the data, the company or those responsible for processing personal data have engaged in conduct contrary to the law and the Constitution.

Revocation will proceed as long as there is no legal or contractual obligation to retain the personal data.

  1. Access free of charge to the Personal Data that has been processed.
  2. DUTIES OF THE DATA CONTROLLER

BPL, as the Data Controller, must comply with the following obligations, without prejudice to other provisions established by law and other provisions governing its activity:

  1. Guarantee the Holder, at all times, the full and effective exercise of the right to habeas data.
  2. Request and retain, under the conditions provided by law, a copy of the respective authorization granted by the Owner.
  3. Properly inform the Owner about the purpose of the collection and the rights to which he or she is entitled by virtue of the authorization granted.
  4. Keep information under the necessary security conditions to prevent its alteration, loss, unauthorized or fraudulent consultation, use, or access.
  5. Ensure that the information provided to the Data Processor is truthful, complete, accurate, up-to-date, verifiable and understandable.
  6. Update the information, promptly communicating to the Data Processor any new developments regarding the data previously provided and adopting any other measures necessary to ensure that the information provided remains up-to-date.
  7. Rectify information when it is incorrect and communicate the relevant information to the Data Processor.
  8. Provide the Data Processor, as the case may be, only with data whose processing has been previously authorized in accordance with the provisions of the law.
  9. Demand that the Data Processor respect the security and privacy conditions of the Data Subject’s information at all times.
  10. Process inquiries and complaints submitted in accordance with the terms established by law.
  11. Adopt specific procedures to ensure proper compliance with the law and, in particular, to address inquiries and complaints.
  12. Inform the Data Processor when certain information is being disputed by the Data Subject, once the claim has been filed and the respective process has not been completed.
  13. Inform the Owner, upon request, about the use of their data.
  14. Inform the data protection authority when security code violations occur and when there are risks in the management of Data Subjects’ information.
  15. METHOD OF COLLECTING DATA

The collection of personal data from potential users and BPL users/clients/consumers will be carried out in the following ways, but not limited to:

  • Through access to the company’s web pages: https://www.black-pacific.com
  • Through phone calls.
  • Through events held by BLACK PACIFIC LOGISTIC SAS
  • By exchanging emails.
  • Through the contract with the allies and its annexes.
  • Through the formats of BLACK PACIFIC LOGISTIC SAS
  • Through physical forms.
  1. PURPOSES OF THE PROCESSING OF PERSONAL DATA

The Personal Data collected by BPL is included in a Database, either its own or through the provision of services by a third party, to which authorized personnel or personnel who, in the exercise of their duties, must have access have access. It is noted that in no case is the processing of information authorized for purposes other than those described herein, and that it is communicated directly to the Owner no later than the time of collection.

The collection, storage, use and/or circulation of personal data of BPL users has the main purpose of providing the services offered and/or contracted in an appropriate manner, complying with current regulations. Therefore, the purposes of collection and processing of Personal Data of BLACK PACIFIC LOGISTIC SAS Users and Clients will be the following: Develop the Company’s own activities, make contacts by the company or designated third parties in order to recover amounts owed by any means authorized by the Owner, as well as order, catalog, classify, divide or separate, store, transfer, transmit, circulate and/or delete all personal data within the systems and files of BLACK PACIFIC LOGISTIC SAS or those contracted by BPL.

Specific purposes of the processing of personal data:

  • Provide maintenance, development and/or control of the commercial relationship between the owner of the personal data and BLACK PACIFIC LOGISTIC SAS
  • Provide users with the necessary information, through the website and WhatsApp application, about the company’s products, to formalize the consumer relationship with said products.
  • Carry out processes within the company, for operational development and/or systems administration purposes.
  • Provide the company’s services and follow up according to the user’s specific needs, in order to provide the appropriate services and products to meet their specific needs.
  • Sending information about new developments, news, newsletters, educational forums, advertising or marketing, and distance sales.
  • Maintain a historical record of information for the purpose of user satisfaction by developing analyses based on interests and needs, thereby providing better service.
  • Implement marketing strategies by studying user behavior regarding offers and thereby improving their content, personalizing presentation and service.
  • Preparation of commercial prospects and market segmentation.
  • Conduct satisfaction surveys and offer or recognize benefits from our loyalty program and after-sales service, to rate service and attention through the channels provided for this purpose.
  • Carry out the necessary activities to manage requests, complaints, and claims from company or third-party users and direct them to the areas responsible for issuing the appropriate responses.
  • Submit reports to inspection, surveillance, and control authorities, and process requests made by administrative or judicial entities.
  • Administrative, commercial and advertising uses established in the agreements signed with the clients who are the owners of the information.
  • Accounting, economic, tax and administrative management of clients.
  • Have access to credit bureaus to understand clients’ financial status.
  • Conservation of information for the terms established in the Law, especially the one referring to the information of the books and papers of the merchant that must be stored for a period of ten (10) years, as provided in article 28 of Law 962 of 2005.
  • Transfer or transmission of Personal Data nationally or internationally to suppliers with whom BLACK PACIFIC LOGISTIC SAS carries out activities in fulfillment of its corporate purpose. Transfers may also be made to the company’s strategic partners to carry out marketing, advertising, and promotional activities related to its corporate purpose; all in accordance with Colombian regulations.
  • Send information to Data Processors to facilitate and improve the quality of the service of BLACK PACIFIC LOGISTIC SAS
  • Reports to risk centers for non-compliance with obligations arising from the business relationship.
  • Request collection authorization from the entities defined and authorized for this purpose.
  • If other types of purposes are used for the processing of personal data, the prior, express and informed authorization of the Data Subject will be requested.
  • Maintain financial, accounting, tax, and administrative records for managing collections and payments, invoicing, and compliance with financial obligations.
  • Advance processes within the company, for operational development and/or systems administration purposes.
  • Perform internal statistics management to monitor the service.

Purpose of the processing of the personal data of the Allies:

The collection and processing of the allies’ personal data will be done for the purpose of contacting and contracting the products or services that BLACK PACIFIC LOGISTIC SAS offers in the normal course of its operations. It will also have the following purposes:

  • Request or perform consultancies, audits, advisory services or services related to suppliers.
  • Comply with the company’s internal processes regarding the management of allies, suppliers and/or contractors.
  • Advance processes within the company, for operational development and/or systems administration purposes.
  • Prepare tax returns or manage tax and collection information.
  • Keep track of allies’ information.
  • Make reports to inspection, surveillance, and control authorities and/or respond to requests from administrative entities.
  • Carry out payment and collection procedures in the contractual relationship.
  • Verify the information provided by partners to control and prevent fraud.
  • Manage administrative procedures to carry out any other activities in compliance with the relationship between the allies and BPL.
  • Conservation of information for the terms established in the Law, especially the one referring to the information of the books and papers of the merchant that must be stored for a period of ten (10) years, as provided in article 28 of Law 962 of 2005.
  • Transfer or transmission of data nationally or internationally, if applicable, for purposes related to BPL’s operations, in accordance with legal provisions and always ensuring compliance with the requirements established in Colombian regulations.
  • All other administrative and commercial uses established in the contracts or derived from its activity.
  • For other purposes or processing, prior, express and informed authorization will be requested from the Owner, provided that they are not within the general scope of this point.
  1. AUTHORIZATION AND CONSENT OF THE HOLDER

Consent and authorization from the Data Subject is a constitutional and legal requirement that must be met by those responsible for processing personal data.

Consent must meet the following conditions:

Prior : Authorization must be given by the Data Subject prior to any type of processing of personal data.

Express : Authorization must be granted unequivocally, clearly and specifically.

Informed : The Data Subject must clearly understand why his or her personal data will be processed and the purposes that may arise from the processing thereof.

  1. ACCESS CHANNELS AND MECHANISMS PROVIDED BY BLACK PACIFIC LOGISTIC SAS

In compliance with the constitutional guarantee of Habeas Data regarding the rights of access, updating, rectification, and deletion by the Owner of personal data, their successors in title, legal representatives, and/or attorneys-in-fact, BLACK PACIFIC LOGISTIC SAS will enable access channels for the Owners.

All communications, queries, complaints and/or claims must be directed to the CUSTOMER SERVICE AREA of BLACK PACIFIC LOGISTIC SAS, by any of the following means:

Email: xxxx

  1. LEGAL PROCEDURE FOR INQUIRIES, COMPLAINTS AND CLAIMS

Questions, complaints, or claims may be submitted through a document with the characteristics described in each of the cases or through the query, complaint, and claim form, which can be found at https://www.black-pacific.com/ under the PQRS option.

  1. Origin of the Queries and their procedure:

In the case of the right to petition for information and/or queries, BLACK PACIFIC LOGISTIC SAS will respond within a maximum period of fifteen (15) business days counted from the day following the date of receipt of the petition or query.

If it is not possible to respond to the request within this period, the interested party will be informed, stating the reasons for the delay and indicating the date on which it will be addressed. This extension may not, under any circumstances, exceed the initial deadline.

  1. The consultation document should contain the following:
  • Area to which it is addressed (Customer Service).
  • The name and identification number of the Holder.
  • Copy of the holder’s identity document.
  • Full description of the consultation.
  • Address and contact details of the consulting Owner.
  1. In the event that the Holder’s successor in title requests the consultation, he/she must attach:
  • Area to which it is addressed (Customer Service).
  • The name and identification number of the Holder.
  • Copy of the Holder’s identity document.
  • Name, identification number and copy of the identity document of the beneficiary.
  • Copy of the civil death certificate of the Holder.
  • Document that proves the capacity in which it works (Civil registry of marriage, birth, etc.).
  • Full description of the consultation.
  • Address and contact details of the consulting successor in title.
  • If it is the legal representative and/or attorney of the Owner, he/she must present:
  • Area to which it is addressed (Customer Service).
  • The name and identification number of the Holder.
  • Copy of the Holder’s identity document or certificate of existence and legal representation.
  • Copy of the legal representative’s identity document.
  • Document that proves the capacity in which he/she acts (power of attorney, certification, etc.).
  • If the representative is a minor, they must present their identity card and/or civil registry and the document proving their status as the minor’s representative or guardian.
  • Full description of the consultation.
  • Address and contact information of the consultant.
  1. Origin of Complaints and/or Claims and their procedure:

When the Owner considers that his/her information should be corrected, updated or deleted or when he/she notices a presumed breach of any of his/her rights, the maximum term to address the complaint or claim will be fifteen (15) business days counted from the day following the date of receipt of the document.

When it is not possible to address the claim within this period, the interested party will be informed of the reasons for the delay and the date on which it will be addressed, which in no case may exceed the initial deadline. If the claim is incomplete, the interested party will be required within five (5) days following receipt of the complaint and/or claim to correct the deficiencies. After two (2) months from the date of the request without the applicant submitting the required information, the complaint or claim will be deemed withdrawn.

  1. The complaint or claim document must contain:
  • Area to which it is addressed (Customer Service).
  • The name and identification number of the Holder.
  • Copy of the holder’s identity document.
  • Full description of the complaint or claim.
  • Address and contact details of the claimant or complainant Holder.
  1. In the event that the Holder’s legal successor requests the complaint or claim, he/she must attach:
  • Area to which it is addressed (Customer Service).
  • The name and identification number of the Holder.
  • Copy of the Holder’s identity document.
  • Name, identification number and copy of the identity document of the beneficiary.
  • Copy of the civil death certificate of the Holder.
  • Document that proves the capacity in which it works (Civil registry of marriage, birth, etc.).
  • Full description of the complaint or claim.
  • Address and contact details of the claimant or complainant.
  1. If it is the legal representative and/or attorney of the Owner, he/she must present:
  • Area to which it is addressed (Customer Service).
  • The name and identification number of the Holder.
  • Copy of the Holder’s identity document or certificate of existence and legal representation.
  • Copy of the legal representative’s identity document.
  • Document that proves the capacity in which he/she acts (power of attorney, certification, etc.).
  • If the representative is a minor, they must present their identity card and/or civil registry and the document proving their status as the minor’s representative or guardian.
  • Full description of the complaint or claim.
  • Address and contact details of the claimant or complainant.

In the event that the query does not meet any of the requirements mentioned above, the staff in charge, within the first three (3) business days of receiving the request, will send a communication to the petitioner requesting the necessary documents to prove the legitimacy, as well as the identity of the data owner, and, if so, a request for extension and specification of the purpose of the request submitted.

After one (1) month from the date of the request, if the owner of the information does not respond to the request for personal identification and/or extension of information with the requested information, the query must be archived.

After two (2) months from the date of the request without the applicant presenting the required information, it will be understood that he has withdrawn the claim.

Withdrawals from consultations will be governed by the provisions of Article 17 of Law 1755 of 2015, due to the absence of terms in Article 14 of Law 1581 of 2012.

  1. PROCESSING OF SENSITIVE PERSONAL DATA

BPL will not collect, store, or process sensitive data without the prior, express, and informed authorization of the Data Subject. In these cases, BPL will not process any data without the prior, informed, and express authorization of the Data Subject, except in cases where such authorization is not required by law and one of the following exceptions applies:

  1. When the processing is necessary to safeguard the vital interests of the Data Subject and the Data Subject is physically or legally incapacitated.
  2. When the processing is carried out in the course of legitimate activities and with due guarantees by a foundation, NGO, association or any other non-profit organization, whose purpose is political, philosophical, religious or union, provided that it refers exclusively to its members or to people who maintain regular contact due to its purpose, in which cases, the data may not be provided to third parties without the authorization of the Owner.
  3. When the processing relates to data that is necessary for the recognition, exercise or defense of a right in a judicial process.
  4. When the processing is for historical, statistical, or scientific purposes. In this case, measures must be taken to erase the identity of the Data Subjects.
  5. When carried out in compliance with a public or administrative order in the exercise of its legal functions or by court order.

Answers to questions about sensitive data are optional and therefore not mandatory. In any case, BPL will strictly observe the legal limitations on the processing of sensitive data.

BPL will not, under any circumstances, condition any activity on the provision of Sensitive Data. Sensitive Data will be treated with the utmost diligence and the highest security standards available to the Company or third parties contracted to safeguard or store the information. Limited access to Sensitive Data will be a guiding principle to safeguard its privacy, and therefore, only authorized personnel may have access to this type of information.

Sensitive data may not be processed for purposes other than those expressly authorized by the Data Controller.

  1. PROCESSING OF PERSONAL DATA OF CHILDREN AND/OR ADOLESCENTS

BPL will endeavor not to process any data from children and adolescents under the age of 18. Use of its services is restricted to adults only. However, if minors under the age of 18 with legal capacity wish to use the service, they must have express authorization from their legal representative and comply with the terms and conditions of the services provided.

If data relating to minors is processed, BPL, as Data Controller, will ensure that such personal data will be treated appropriately, applying the principles and obligations established in Law 1581 of 2012 and other applicable provisions on the protection of personal databases.

The processing of personal data of children and adolescents will be subject to special treatment and rigorous protection measures. Data that is not public will comply with the following parameters and requirements:

  • It will respond to and respect the best interests of children and adolescents.
  • Respect for the fundamental rights of children and adolescents will be ensured.
  • The opinion of the minor will be valued when he or she has the necessary capacity and autonomy to understand the matter.
  • In any case, it will be up to the legal representatives of the children and adolescents to grant authorization to proceed with the processing of the personal data of minors. If the representative’s authorization is not obtained, the data will not be processed and the service cannot be provided to the minor.
  1. NATIONAL AND/OR INTERNATIONAL TRANSMISSION AND/OR TRANSFER

BPL may share personal data with third parties as necessary for the development of its activities and corporate purpose, always protecting the rights and information of the data subject.

Through the Transmission or Transfer of Personal Data, BPL may collect Personal Data, including telephone number and/or email address, through the aforementioned means, which may be shared with third parties. Likewise, within the framework of the purposes mentioned in this Data Processing Policy, BPL may validate the other applications installed by the Data Subject on their mobile device to ensure that no other applications interfere with the proper provision of the services offered.

The Transmission or Transfer of Personal Data that is carried out will observe the rules established for this purpose by the applicable regulations and the supervisory authority, especially the following:

When it comes to domestic transmissions or transfers of personal data, BPL will ensure compliance with the requirements of current data protection legislation and the protective measures implemented by the data controller or new controller, as applicable.

In the case of an international transfer, it must be ensured that the country receiving the personal data provides adequate levels of protection, in the manner established by the Control Authority in Colombia, so that it issues the declaration of compliance referred to in the first paragraph of article 26 of Law 1581 of 2012. When the receiving country does not comply with adequate data protection standards, the transmission or transfer will be prohibited unless one of the following legal exceptions is configured, and conditioned as established below:

  • That the Data Subject has given express and unequivocal authorization for the transfer or transmission of data.
  • Exchange of medical data when required by the Data Subject’s treatment for reasons of public health and hygiene.
  • Bank or stock transfers, in accordance with applicable legislation.
  • Transfers agreed upon within the framework of international treaties to which Colombia is a party, based on the principle of reciprocity
  • Transfers necessary for the execution of a contract between the Data Controller and the Data Controller, or for the execution of pre-contractual measures, provided that the Data Controller has given his or her authorization.

In the event that the receiving country does not comply with adequate data protection standards, the transmission and/or transfer will be subject to the following procedure:

Contractual clauses will be established or a personal data transfer contract will be signed, which will indicate:

  1. Scope of treatment.
  2. The activities that the person in charge will carry out on behalf of the person responsible for the processing of personal data and,
  3. The obligations of the Manager towards the owner and the person responsible.
  4. Process, on behalf of the controller, personal data in accordance with the principles that protect them.
  5. Safeguard the security of databases containing personal data.
  6. Maintain confidentiality regarding the processing of personal data

Through this contract, the Manager will undertake to apply the obligations of the controller under the information processing policy established by the controller and to carry out data processing in accordance with the purpose that the Data Subjects have authorized and with the applicable laws in force.

  1. NATIONAL DATABASE REGISTRY

Pursuant to Article 25 of Law 1581 and its implementing regulations, the Company will register its databases, where applicable, along with this Personal Data Processing Policy in the National Database Registry administered by the Superintendency of Industry and Commerce, in accordance with the procedure established for this purpose.

  1. VALIDITY

Personal Data stored, used, or transmitted will remain in BPL’s databases for as long as necessary to fulfill the purposes outlined in this manual or for the Company to fulfill its legal obligations.

However, the information will be reviewed annually to verify its accuracy and the purpose of further processing.

This personal data processing policy is effective upon signature and supplements the associated policies, remaining in effect indefinitely. Any substantial changes to the personal data processing policies will be communicated promptly through the website: https://www.black-pacific.com

If necessary, BLACK PACIFIC LOGISTIC SAS reserves the right to modify this Policy unilaterally.

VALENCIA MALAGON YESID JAVIER

CC No. 16,606,280

Legal Representative

BLACK PACIFIC LOGISTIC SAS

NIT. 900.818.581 – 4

Please complete.

Determine the area in charge.