This manual was prepared taking into account the provisions contained in Article 15 of the Political Constitution, Law 1581 of 2012 “By which general provisions are issued for the protection of personal data” and Decree 1377 of 2013 “By which partially regulates Law 1581 of 2012”. All other regulations that complement or replace the above shall be applicable to these Policies.

Due to the above, NET APPLICATIONS S.A.S, issues the present Policy of Privacy and Treatment of Personal Data contained in its databases (hereinafter the “Policy”), which belong to the natural persons, Owners of the information, who have authorized NET APPLICATIONS S.A.S., to handle them in accordance with the corporate guidelines and the present Policy.

Likewise, the following provisions are part of this policy: Law 1266 of 2008, Regulatory Decrees 1727 of 2009 and 2592 of 2010, and sentences C-1011 of 2008 and C-748 of 2011 of the Constitutional Court..

This policy shall apply to and thereby bind the following persons:

1. Legal representatives and/or corporate administrators.
2. Internal personnel of NET APPLICATIONS S.A.S, managers or not, that guard and treat personal databases.
3. Contractors and natural or legal persons who provide their services to NET APPLICATIONS S.A.S, under any type of contractual modality, by virtue of which any processing of personal data is carried out.
4. Shareholders, statutory auditors and those other persons with whom has a legal relationship of statutory order.
5. Public or private persons as users of personal data.
6. Other persons established by law.

Administrator of the Personal Database: Area in charge or person in charge that is in charge of and performs Processing to one or more Databases that have personal information.

Authorization: Prior, express and informed consent of the Data Subject for to carry out the Processing of Personal Data.

Privacy Notice: Verbal or written communication generated by the responsible , addressed to the Data Subject for the Processing of his Personal Data, through which informs him about the existence of the information processing policies that will be applicable, the way to access them and the purposes of the Processing intended to the Personal Data.

Database: Organized set of Personal Data that is the object of Processing.

Personal Data: Any information linked or that can be associated to one or several determined or determinable natural persons.

Personal Data of Children and Adolescents: Personal Data of minors, whose Processing is prohibited, except when the purpose pursues with such Processing responds to the interest of children and adolescents and ensures without exception the respect for their prevailing rights.

Public Data: Data that is not semi-private, private or sensitive. are considered public data, among others, the data related to the civil status of individuals, to their profession or trade and to their status as merchant or public servant. By their nature, public data may be contained, among others, in public records, public documents, gazettes and official gazettes and duly executed court judgments that are not subject to reserve.

Private Data: It is the data that due to its intimate or reserved nature is only relevant to the Data Subject.

Semi-private Data: Data that is not of an intimate, reserved, or public nature and whose knowledge or disclosure may be of interest not only to its Owner but also to a certain sector or group of persons or to society in general, such as financial and credit data of commercial or service activity referred to in Title IV of Law 1266 of 2008.

Sensitive Data: Sensitive Data are understood as those that affect the privacy of the Data Subject or whose improper use may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership in trade unions, social organizations, human rights organizations or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data related to health, sex life and biometric data.

Person in charge of the Processing: Natural or legal person, public or private, that by itself or in association with others, carries out the Processing of Personal Data on behalf of responsible for the Processing.

Authorized Entities: NET APPLICATIONS S.A.S., the Branches and Agencies at national level subordinated to it or linked to it.

Treatment Controller: Natural or legal person, public or private, that by itself or in association with others, decides on the Database and/or the Processing of the data.

Holder: Natural or Legal Person whose Personal Data is the object of Processing.

Transfer: Data Transfer takes place when the Controller and/or Processor of Personal Data, located in Colombia, sends the information or the Personal Data to a recipient, which in turn is Controller of the Processing and is located inside or outside of the country.

Transmission: Processing of Personal Data that involves the communication of the same within or outside the territory of the Republic of Colombia, when its purpose is the performance of a Processing by the Processor on behalf of the Controller.

Treatment: Any operation or set of operations on Personal Data , such as the collection, storage, use, circulation or deletion thereof. These definitions shall be maintained when referring to the singular and plural, and shall be understood as modified when the applicable law and/or regulation and/or the interpretations of the competent authorities, modify them.

Principle of legality in data processing: The processing referred to in this law is a regulated activity that must be subject to the provisions of and other provisions that develop it.

Principle of purpose: The processing of Personal Data collected by NET APPLICATIONS S.A.S., must obey a legitimate purpose of which the Data Subject must be informed.

Principle of freedom: Processing may only be carried out with the prior, express and informed consent of the Data Subject, . Personal Data may not be obtained or disclosed without prior authorization, or in the absence of legal or judicial mandate that relieves consent.

Principle of truthfulness or quality: The information subject to Processing must be truthful, complete, accurate, updated, verifiable and understandable. The processing of partial, incomplete, fractioned or misleading data is prohibited.

Principle of transparency: In the Treatment, the right of the Holder to obtain from NET APPLICATIONS S.A.S., at any time and without restrictions, information about the existence of data concerning him/her, must be guaranteed.

Principle of restricted access and circulation: The Processing may only be done by persons authorized by the Data Subject and/or by the persons provided for in the Law. The Personal Data, except for public information, may not be made available on the Internet or other means of dissemination or mass communication, unless access is technically controllable to provide restricted knowledge only to the Holders or authorized third parties.

Security principle: The information subject to treatment by NET APPLICATIONS S.A.S., must be protected by the use of technical, human and administrative measures that are necessary to provide security to the records avoiding its adulteration, loss, consultation, use or unauthorized or fraudulent access.

Principle of confidentiality: All persons involved in the Processing of Personal Data are obliged to guarantee the confidentiality of the information, including after the end of their relationship with any of the tasks involved in the Processing.

The information subject to treatment by NET APPLICATIONS S.A.S., will be protected through the use of technical, human and administrative measures that are necessary to provide security to the records avoiding their adulteration, loss, consultation, use or access not authorized or fraudulent.

NET APPLICATIONS S.A.S., in its capacity as Data Controller of Personal Data, has provided the necessary mechanisms to obtain the Authorization of the Owners of the data, prior to the collection of their data, ensuring in any case that it is possible to verify and prove the granting of such Authorization. The personal data of the Data Controllers will be kept in the Databases of NET APPLICATIONS S.A.S., for as long as the are used for the authorized purposes, unless the Data Controller requests its elimination.

6.1 Form and mechanisms for granting the authorization

The Authorization may be recorded in a physical or electronic document, data message, Internet, website or also verbally or by telephone or in any other format that allows to guarantee its subsequent consultation; or through an unequivocal conduct of the Data Subject that allows to reasonably conclude that he/she granted the authorization; or through a suitable technical or technological mechanism by which it can be unequivocally concluded that if had not obtained the consent of the Data Subject, the data would never have been collected and stored in.

With the consent authorization procedure, it is guaranteed that has been made known to the Holder of the Personal Data, that their personal information will be collected and used for determined and known purposes in accordance with this Policy and the corresponding Privacy Notice and the right to request access, update, rectification and deletion of their Personal Data at any time, through the mechanisms made available by NET APPLICATIONS S. A.S. The above in order for the Holder to make informed decisions regarding their Personal Data and control the use of their personal information.

The Authorization is a statement that informs the Data Subject of the Personal Data:

1. Who collects your personal information.
2. What is collected (data collected).
3. Why do you collect the data (the purposes of the processing).
4. How to exercise rights of access, correction, updating or deletion of the Personal Data provided.
5. Inform the Data Subject that since it is Sensitive Data (if applicable), he/she is not obliged to authorize its Processing.

This statement is made through the Privacy Notice, as defined below.

6.2 Proof of authorization

NET APPLICATIONS S.A.S. will adopt the necessary measures to keep records or suitable technical or technological mechanisms of when and how it obtained the Authorization by of the holders of Personal Data for the Processing of such data.

The Privacy Notice is the physical document, electronic or in any other format, which is made available to the Holder so that it is informed of the Treatment that NET APPLICATIONS S.A.S. will give to its Personal Data, prior to the time that the collection of Personal Data is authorized. Through this document, the Holder is informed of the existence of the Information Treatment Policies that will be applicable, the way to access and the characteristics of the Treatment that is intended to be given to the Personal Data.

7.1 Minimum content of the privacy notice

The Privacy Notice, at a minimum, shall contain the following information:

1. The identity, address and contact details of the data controller.
2. The type of processing to which the data will be subjected and its purpose.
3. The rights of the Holder.
4. The general mechanisms provided by the responsible for the Holder to know the policy of Treatment of information and substantial changes that occur in it or in the corresponding Privacy Notice. In all cases, it must inform the Holder how to access or consult the information processing policy.
5. Notwithstanding the foregoing, when Sensitive Personal Data is collected, the Privacy Notice will expressly indicate the optional nature of the response to the questions dealing with this type of data.

8.1 Rights of the owners of the information

In accordance with the provisions of Article 8 of Law 1581 of 2012 and Articles 21 and 22 of Decree 1377 of 2013 the Personal Data Subject has the following rights:

1. Know, update and rectify your Personal Data before NET APPLICATIONS S.A.S., in its capacity as Data Controller.
2. Request proof of the Authorization granted to NET APPLICATIONS S.A.S., in its capacity as Data Controller.
3. Be informed by NET APPLICATIONS S.A.S., upon request, regarding the use of your Personal Data.
4. To file complaints before the Superintendence of Industry and Commerce for violations of the provisions of of Law 1581 of 2012 and other regulations that modify, add or complement it, once the consultation or complaint process has been exhausted before the Data Controller.
5. To revoke the Authorization and/or request the deletion of the data when the Processing does not respect the constitutional and legal principles, rights and guarantees.
6. Access free of charge to their Personal Data that have been subject to Processing. NET APPLICATIONS S.A.S. will maintain enabled means of contact so that the Data Holders can exercise their rights and apply the procedures provided in this Policy, which will be informed and made available in the Privacy Notice.

8.2 Duties of NET APPLICATIONS S.A.S. as responsible for the processing of personal data

NET APPLICATIONS S.A.S. will keep in mind, at all times, that Personal Data are property of the persons to whom they refer and that only they can decide about them. In this sense, it will use them only for those purposes for which it is duly empowered and respecting in any case the Law 1581 of 2012, Decree 1377 of 2013 and other applicable rules on protection of Personal Data in accordance with the established in Article 17 of Law 1581 of 2012 and Articles 21 and 22 of Decree 1377 of 2013, NET APPLICATIONS S.A.S., commits to comply permanently with the following duties in relation to in the Processing of Personal Data:

1. Guarantee to the Data Subject, at all times, the full and effective exercise of the right of habeas data.
2. Request and keep, under the conditions provided for in this law, a copy of the respective authorization granted by the Holder.
3. Duly inform the Data Subject about the purpose of the collection and the rights he/she has by virtue of the authorization granted.
4. Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access. adulteration, loss, consultation, use or unauthorized or fraudulent access.
5. Ensure that the information provided to the Data Controller is truthful, complete, accurate, updated, verifiable and understandable, complete, accurate, updated, verifiable and understandable.
6. Update the information, communicating in a timely manner to the person in charge of the the data controller, all the news regarding the data previously provided and to take other and to adopt the other necessary measures so that the information provided to this provided to the data controller is kept up to date.
7. Rectify the information when it is incorrect and communicate the pertinent to the person in charge of the Treatment.
8. To provide the data controller, as the case may be, only data whose processing is previously authorized in accordance with the provisions of this law. processing is previously authorized in accordance with the provisions of this law.
9. To demand from the data controller at all times, the respect for the conditions of security and privacy of the security and privacy of the data subject's information.
10. To process the consultations and claims formulated under the terms set forth in this law.
11. Adopt an internal manual of policies and procedures to ensure adequate compliance with this law and, in particular, for the handling of inquiries and complaints.
12. Inform the Data Controller when certain information is in dispute by the Data Subject, once the in dispute by the Data Subject, once the claim has been filed and has not been finalized. the respective process has not been completed.
13. Inform upon request of the Data Subject about the use given to his/her data.
14. To inform the data protection authority when there are violations to the security codes and there are risks in the security codes and there are risks in the administration of the data subjects' information.
15. Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce.

NOTE: NET APPLICATIONS S.A.S. guarantees and requires any person who intervenes in any phase of the processing of personal data of a private, sensitive or minor, nature, confidentiality, with respect to these.

8.3 Right of access

The Data Subject's power of disposition or decision over the information that concerns them necessarily entails the right to access and consult whether their personal information is being processed, as well as the scope, conditions, and generalities of said processing. Therefore, NET APPLICATIONS S.A.S. must guarantee the Data Subject's right of access in three ways:

1. The first implies that the Data Subject may know the effective existence of the Processing to which his Personal Data are subjected.
2. The second, that the Data Subject may have access to his/her Personal Data held by the Controller.
3. The third implies the right to know the essential circumstances of the Treatment, which translates into the duty to NET APPLICATIONS S.A.S., to inform the Data Subject about the type of Personal Data processed and each and every one of the purposes justifying the Processing.

PARAGRAPH: NET APPLICATIONS S.A.S. will guarantee the right of access when, prior to proof of the identity of the Holder or the status of his representative is made available to this, free of charge, the detail of Personal Data through the means enabled for the purpose.

8.4 Rectification and updating of data

The Data Holder has the right to request the update or rectification of their Personal Data. NET APPLICATIONS S.A.S. has the obligation to correct and update at the request of the Holder, the information of the Member State which is found to be incomplete or inaccurate, in accordance with the procedure stated in this Policy. In requests for rectification and updating of Data Personal the Holder must indicate the corrections to be made, for which in some cases request documentation to support your request.

NET APPLICATIONS S.A.S. has full freedom to enable mechanisms that facilitate the exercise of this right, provided that they benefit the Holder. Consequently, it may be enable electronic or other means as deemed relevant.

NET APPLICATIONS S.A.S. may establish simplified forms, systems and other methods, which should be informed and will be made available to interested parties on the web.

Each time NET APPLICATIONS S.A.S. provides a new tool for to facilitate the exercise of their rights by the Data Subjects or modify the , will inform you through its website.

8.5 Deletion of data

The Data Controller has the right, at any time, to ask NET APPLICATIONS S.A.S. for the deletion of his Personal Data when:

1. Wish your data to be deleted from the Databases of NET APPLICATIONS S.A.S.
2. Consider that they are not being treated in accordance with the principles, duties and obligations provided for in Law 1581 of 2012 and Decree 1377 of 2013.
3. They are no longer necessary or relevant to the purpose for which they were collected.
4. The period necessary for the fulfilment of the purposes for which were collected. Deletion implies the total or partial personnel in accordance with what is requested by the Holder in the records, files, databases of Data or Processing performed by NET APPLICATIONS S.A.S.

It is important to note that the right of cancellation is not absolute and the Responsible may deny the exercise of the right to vote if:

1. The Holder has a legal or contractual obligation to remain in the Database.
2. The deletion of data hinders judicial or administrative proceedings related to tax obligations, investigation and prosecution of crimes or updating administrative sanctions.
3. The data is necessary to protect the legally protected interests of the Holder; to perform an action in the public interest, or to fulfil an obligation legally acquired by the Holder.

If the cancellation of Personal Data is appropriate, NET APPLICATIONS S.A.S. must perform the deletion operationally in such a way that the removal does not allow retrieval of information.

8.6 Withdrawal of the authorisation

The Data Subjects of the Personal Data can revoke the consent to the Processing of their Personal Data at any time, as long as no legal provision prevents it or contractual. To do this, NET APPLICATIONS S.A.S. must establish simple mechanisms that are access and free that allow the Holder to revoke his consent, at least by the same the means by which it was granted and in the 12 terms stipulated in Law 1581 of 2012, its Decrees regulations and amending or supplementing rules.

Note that there are two ways in which consent may be revoked:

The first, can be about the totality of the consented purposes, that is, that NET APPLICATIONS S.A.S. must stop processing the Data of the Holder completely; The second, can occur on particular types of Processing, such as for advertising purposes or market studies. With the second modality, that is, the partial revocation of consent, are kept safe from other purposes of the Processing that the Controller, of in accordance with the Authorization granted, may carry out and with which the Holder is agreement.

Therefore, it will be necessary for the Holder at the time of raising the request for revocation, indicate in the notice whether the revocation you intend to make is total or partial. In the second scenario it must be indicated with which Treatment the Holder is not satisfied.

There will be cases in which consent, because it is necessary in the relationship between the Holder and the Person responsible for the performance of a contract, cannot be revoked by legal provision.

The mechanisms or procedures established by NET APPLICATIONS S.A.S. to requests for withdrawal of consent given may not exceed the time limits provided to meet the claims as referred to in Article 15 of Law 1581 of 2012.

9.1 Inquiries

In accordance with the provisions of article 14 of Law 1581 of 2012 and article 21 of Decree 1377 of 2013. Decree 1377 of 2013, the Holders may consult their personal information held in any Database. any Database. Consequently, NET APPLICATIONS S.A.S., will guarantee the right to consultation, providing the Data Subject with all the information contained in the individual record or that is linked to the identification of the that is linked to the identification of the Data Subject, under the following rules:

1. The Data Subject may consult his or her personal data free of charge: at least once a calendar month, and every time there are substantial modifications to the policies for the treatment of the information that motivate new consultations.
2. The right of consultation may be exercised by:
1. The Holder, upon proof of identity, or through electronic instruments that allow him/her to identify him/herself.
2. By the representative and/or attorney-in-fact of the Holder, upon accreditation of the representation or power of attorney.
3. By stipulation in favor of or for another.
4. The rights of children or adolescents shall be exercised by the persons who are empowered to represent them.
5. When the request is made by a person other than the Holder and it is not accredited that such person is acting on behalf of the Holder, it shall be deemed not to have been filed.
3. Minimum information.
1. The name and address of the Holder or any other means to receive the response.
2. The documents proving the identity or the personality of its representative.
3. The clear and precise description of the Personal Data with respect to which the Data Subject seeks to exercise any of the rights.
4. If applicable, other elements or documents that facilitate the location of the Personal Data.
4. The means of communication that have been enabled for consultations should be used, such as:
1. Address: Calle 39 # 29 - 46, Bogotá, Colombia.
2. Phone: 7 659 195 – 310 4 813 547
3. E-mail: info@netapplications.com.co

In any case, regardless of the mechanism implemented for the attention of requests for consultation, they shall be requests for consultation, they will be answered within a maximum term of ten (10) working days from the date of receipt. from the date of receipt. If it is not possible to respond to the request within the interested party will be informed before the expiration of the ten (10) days, stating the reasons for the delay, expressing the reasons for the delay and indicating the date on which the consultation will be attended.

9.2 Claims

Pursuant to the provisions of article 15 of Law 1581 of 2012, the Data Subject or his or her successors in title who consider that the information contained in a who consider that the information contained in a Data Base should be rectified, updated or deleted, or when they rectification, updating or deletion, or when they notice the alleged breach of any of the duties contained in of any of the obligations contained in Law 1581 of 2012, Decree 1377 of 2013 or any other applicable any other applicable regulation, they may file a complaint before the Data Controller, which will be Processing, which will be processed under the following rules:

1. The right of consultation may be exercised by:
1. The Holder, upon proof of identity, or through electronic instruments that allow him/her to identify him/herself.
2. By the representative and/or attorney-in-fact of the Holder, upon accreditation of the representation or power of attorney.
3. By stipulation in favor of or for another.
4. The rights of children or adolescents shall be exercised by the persons who are empowered to represent them.
5. When the request is made by a person other than the Holder and it is not accredited that such person is acting on behalf of the Holder, it shall be deemed not to have been filed.
2. The request for rectification, updating or deletion must be submitted through means enabled by NET APPLICATIONS S.A.S. as set out in the Privacy Notice and contain, at least, the information indicated in Article 15 of Law 1581 of 2012 and article 9 of Decree 1377 of 2013, and other rules that replace or supplement:
1. The name and address of the Registrant or any other means to receive the reply.
2. The documents proving the identity or the personality of its representative.
3. The clear and precise description of the Personal Data with respect to which the Data Subject seeks to exercise any of the rights.
4. The description of the facts that give rise to the claim, the address and documents that the Holder wishes to assert.
5. If applicable, other elements or documents that facilitate the location of the Personal Data.
3. The means of communication that have been enabled for consultations should be used, such as:
1. Address: Calle 39 # 29 - 46, Bogotá, Colombia.
2. Phone: 7 659 195 – 310 4 813 547
3. E-mail: info@netapplications.com.co
4. If the claim received does not have complete information that allows it to be processed, the interested party will be the interested party will be required within five (5) days of receipt to correct the faults. correct the faults. After two (2) months have elapsed from the date of the request without the applicant having the applicant submits the required information, it shall be understood that the claim has been abandoned. claim.
5. If for some circumstance a claim is received that in reality should not be addressed against NET APPLICATIONS S.A.S., the latter shall transfer, to the extent of its within a maximum of two (2) business days, and shall inform the situation of the person concerned.
6. The maximum term to address the claim will be fifteen (15) business days from the day following the date of its receipt. from the day following the date of its receipt. If it is not possible to deal with it within the interested party will be informed before the expiration of said term the reasons for the delay and the date on which the claim will be attended, which in no case may exceed eight (8) working days following the date of receipt. (8) working days following the expiration of the first term.

10.1 Policy

In order to comply with the Statutory Law 1581 of October 17, 2012 and other regulations that may modify, add or complement it, there are different modify, add or complement it, there are different processes and guidelines for the management of information of information management for Shareholders, Customers, Suppliers, Employees and other stakeholders, to which reference is referred to in this policy, and within which the following aspects are concentrated. following aspects.

• Adequate provision of services: This includes everything related to the data necessary to analyze and develop the feasibility, contracting necessary to analyze and develop the feasibility, contracting, adequacy and execution of the service of the service, in aspects such as: leasing, customer service, service improvement, customer satisfaction service, customer satisfaction, information, security; and in general all the information necessary to comply with the information necessary to comply with the scope of the contract, the regulation and the current norms. in force.
• Commercial Purposes of the company: Comprises all activities aimed at presenting offers, services, advertising, opportunities, customer offers, services, advertising, opportunities, customer loyalty, customer retention and, in general, information on information on goods, products and services that may be of interest to customers and users. customers and users.
• Other purposes: Eventually the company may establish other purposes for the treatment of personal processing of personal data, and for this purpose, it must have the prior, express, consented and informed authorization express, consented and informed authorization of the owner for the corresponding processing.

1. Customer Databases The company will inform the Owner of the Data it collects, the treatment that will be made of their personal data and its purpose. the treatment that will be made of their personal data and its purpose will be obtained in advance, the authorization of the clients for such purpose, which correspond mainly to the purposes described in the previous purposes described in the previous paragraph. The processing of the data will be done based on the user's authorization and taking into account the user's authorization of the user and taking into account their need, both in relation to the purpose and time. purpose and time. The database will have a duration equal to the duration of the contractual relationship. the contractual relationship, without prejudice to a review every two (2) years to assess the need, proportionality to evaluate the necessity, proportionality and/or the existence of a legal or contractual obligation for the permanence of the database.
2. Contractor and supplier databases Manual or automated data containing data of the natural or legal persons holding a contractual and commercial link, the processing of which is intended to comply with contractual provisions stipulated by NET APPLICATIONS S.A.S. for the acquisition of services and goods demanded by it for its normal operation or the performance of some of its functions. This database contains personal data public, private or sensitive, which aim to develop contractual. The processing of this data for purposes other than maintaining the contractual relationship or the performance of duties of a legal nature requires prior authorisation by the holder.
   Providers by authorizing, by any means, the use of their information, agree that the company may use, retain, transfer, collect, store and use information staff to:
   • Enter your information in this database
   • Collect and process your information and that of your representatives or employees with the purpose of carrying out the following activities: Payment of contractual obligations, Reporting to government entities, Provision of information to governmental or judicial entities that require it, Support in external and internal audit processes.
   • Any other purpose resulting in the performance of the contract should it be concluded.
   The database will have a duration equal to that provided under the relationship contractual, without prejudice to review every two (2) years to assess the need, proportionality and/or existence of a legal or contractual obligation for the permanence of the database.
3. Employee databases These are the manual or automated contain data of natural persons that are professionally linked to NET APPLICATIONS S.A.S., whose processing is intended to comply with the provisions legal and regulatory. This database contains so much private information, public, sensitive and minors data. The processing of data for different purposes to the obligations arising from the employment relationship shall require prior authorisation by the holder or your legal representative, as the case may be. In no event shall NET APPLICATIONS S.A.S be used. , processing sensitive or child data without prior authorisation.
   The company as an employer and by mandate of labour law and Conventional agreements must have personal information from their servers.
   In order to fulfil employment obligations, you have information and data related to the identification of the worker, placement tests, academic training, experience employment, address of residence, beneficiaries, wages, Pension Funds, Cesantías, Occupational Risks, Compensation Fund, Life and Accident Insurance, bank account for payment from the employment relationship, affiliations to external bodies that the employee has voluntarily, consciously and freely requested inclusion for authorize discounts or direct payments through the payroll, to facilitate their relations and subject to the existence of agreements with those third parties and the undertaking.
   The database will have a duration equal to that provided under the relationship contractual, without prejudice to review every two (2) years to assess the need, proportionality and/or existence of a legal or contractual obligation for the permanence of the database.
4. Potential customer databases These are manual or systematic databases containing public and private data, which are required in order to give the performance of legally assigned duties as provided for in paragraph 8 of Article 10 of Decree 898 of 2002.
   The processing of this data requires prior authorization and information on the purposes of its treatment, under formats defined for this purpose by NET APPLICATIONS S.A.S.
   The database will have a duration equal to that provided under the relationship contractual, without prejudice to review every two (2) years to assess the need, proportionality and/or existence of a legal or contractual obligation for the permanence of the database.
5. Shareholder Databases Personal data and information of individuals who become shareholders of NET APPLICATIONS S.A.S. shall be deemed to have information is reserved, as it is recorded in the trade books and has the Legal reserve status.

Consequently, access to such personal information will be carried out in accordance with the rules contained in the Commercial Code governing the matter.

NET APPLICATIONS S.A.S. will only use the personal data of shareholders for the purposes arising from the existing statutory relationship.

The database will have a duration equal to that provided under the relationship contractual, without prejudice to review every two (2) years to assess the need, proportionality and/or existence of a legal or contractual duty for the permanence of the base of data.

SENSITIVE DATA: In the case of sensitive personal data, NET APPLICATIONS S.A.S. may make use and process them when:

1. The holder has given authorization, except in cases where the granting of such authorization is not required by law.
2. The processing is necessary to safeguard the vital interest of the holder and he is physically or legally incapacitated. In these events, legal representatives must grant your authorization.
3. The processing is carried out in the course of legitimate activities and with due guarantees from a foundation, NGO, association or other body without for profit, whose purpose is political, philosophical, religious or trade union, refer exclusively to its members or to persons who maintain contacts regular due to their purpose. In these events, the data may not be provided to third parties without the holder’s authorisation.
4. Processing refers to data that is necessary for the recognition, exercise or defence of a right in legal proceedings.
5. The treatment has a historical, statistical or scientific purpose. In this event they must Measures leading to the removal of the identity of operators shall be taken.

Subject to the exceptions provided for by law, the processing of sensitive data requires prior, express and informed consent of the holder, which shall be obtained by any means which can be consulted and subsequently verified.

10.2 purpose of the processing

NET APPLICATIONS S.A.S., collects, stores, uses, circulates, Transmits and Transfers Data Personal of its customers, suppliers, employees, potential customers, shareholders and for the purposes of control, security, establishment of business or legal relations, judicial proceedings, requirements of administrative authorities and for future reference, inside and outside Colombia.

The personal data collected by NET APPLICATIONS S.A.S. will be included in one or more databases and may be transmitted and/or transferred between NET APPLICATIONS S.A.S., their subordinates of its parent or controlling company, the subordinates of its parent or controlling company, are the Authorized Entities, for which directly or through third parties, they process the data personal only in accordance with the purposes set out in this notice. Likewise, the databases of NET APPLICATIONS S.A.S. may include and integrate transmitted data and/or transferred to it by the Authorised Entities and/or third parties.

Personal Data will be processed for the purpose of:

1. Comply with the legal and/or contractual obligations of the Authorized Entities, due to the development of their civil and commercial activity.
2. Manage data related to human resources, selection processes, analysis organizational, development and management of performance reports for employment contracts, management of employment relations, processing, management, payroll and compliance with legal obligations.
3. Manage the internal affairs of NET APPLICATIONS S.A.S. including, but not limited to accounting, financial and management reporting, calculation, presentation and payment tax, other compliance records and reports, internal audit processes or external. This information includes Personal Data of directors and agents of affiliates of the company.
4. Perform the due diligence process of the Customer or Supplier, which consists in a set of procedures for the identification and acceptance of customers and suppliers.
5. Comply with legal obligations, national laws on money laundering and financing terrorism, financial services and tax compliance services and opinion 14/2011 Article 29 on data protection related to the prevention of Money laundering and terrorist financing of the "Task Force on Data".
6. To achieve efficient communication with the Data Subject, through any means of contact, related to our services, studies, events, campaigns advertising, attention channels and social networks.
7. providing our services.
8. Report on changes in services or new ones that are related to the contracted.
9. Fulfilling our obligations to our customers, suppliers and employees.
10. Assess the quality of service.
11. Deliver and offer to the Holder in a general or segmented way, information, content and/or advertising, of NET APPLICATIONS S.A.S.
12. Develop and report statistical information, satisfaction surveys, studies and analyses security, recommendations, new forms of crime and services, including the possibility of contacting you for such purposes by commercial or risk area.
13. Contacting customers, employees and/or suppliers for the submission of information; or any other purpose that results in the development or execution of the relationships contractual, commercial and legal requirements.
14. Request, capture, consult, update, supply, report, process, transmit, transfer, use, release and disclose all information relating to the credit, financial and commercial behaviour of NET APPLICATIONS Customers H.S.H., whether positive or negative, as many times as is required for transactions with NET APPLICATIONS S.A.S., to databases or financial or credit information, from Information Operators and/or Entities Financial institutions resident or not in Colombia, and/or providing the same service or who represent their rights. With this treatment, the behavior of the Clients' obligations are recorded in order to provide sufficient and adequate information to the market on the status of financial obligations, commercial, credit and/or services of the Client.
15. For security purposes, fraud prevention, investigation and prosecution.
16. For the purpose of ensuring and maintaining the safety and well-being of our customers.

Accordingly, the holder understands and accepts that by this authorization grants to the controller and processor, permission to access your personal data in the to the extent that they require it either for the provision of services for which they were by the relationship between the parties, that is to say, the holder of the information and NET APPLICATIONS S.A.S.

11.1 security measures

In the development of the security principle established by Law 1581 of 2012, NET APPLICATIONS S.A.S., shall take the necessary technical, human and administrative measures to provide security to the records by preventing their tampering, loss, consultation, use or access authorized or fraudulent.

The Database Administrator will ensure the security of the Databases and monitor the proper application of the Privacy Policy.

11.2 Implementation of security measures

NET APPLICATIONS S.A.S. will maintain mandatory compliance security protocols for personnel with access to personal data and information systems.

The procedure should consider at least:

1. Training of the person responsible for processing databases for proper handling of the information, whether physical or automated, which rests in the company, following the parameters established by the Law, as well as data protection and security.
2. Training of incoming staff on the Treatment Policy of Personal Data and the security mechanisms and protocols for their Processing.
3. Scope of the procedure with detailed specification of protected resources.
4. Measures, rules, procedures, rules and standards aimed at ensuring the security required by Law 1581 of 2012 and Decree 1377 of 2013.
5. Functions and duties of staff.
6. Structure of personal databases and description of the information systems which process them.
7. Incident notification, management and response procedure.
8. Backup and data recovery procedures.
9. Periodic checks to be carried out to verify compliance in the safety procedure to be implemented.
10. Measures to be taken when a medium or document is transported, discarded or reused.
11. The procedure should be kept up to date at all times and reviewed whenever relevant changes occur in the information system or its organisation.
12. The content of the procedure must at all times conform to the provisions in force regarding the security of Personal Data.

In accordance with the articles of association and taking into account the nature of the relations permanent or occasional that any person holding personal data may have for with NET APPLICATIONS S.A.S., it will be able to carry out the transfer and international, of all personal data, provided that the applicable legal requirements, and accordingly, the holders with acceptance of this policy, expressly authorize the transfer and transmission of data, including at international level, personal. The data will be transferred, for all relationships that can be established with NET APPLICATIONS S.A.S.

For the international transfer of personal data of the holders, NET APPLICATIONS S.A.S. shall take all measures to ensure that third parties are aware of and undertake to observe the present policy, on the understanding that personal information they receive may only be be used for matters directly related to NET APPLICATIONS S.A.S. and only while it lasts and cannot be used or intended for a different purpose or end. For the international transfer of personal data shall comply with Article 26 of the Law 1581 of 2012.

International transfers of personal data made by NET APPLICATIONS S.A.S., no shall require to be informed of the holder or have his consent when contract is transmission of personal data in accordance with Article 25 of Decree 1377 of 2013.

NET APPLICATIONS S.A.S. may also exchange personal information with governmental or other public authorities (including, but not limited to, judicial or administrative public prosecutors and criminal, civil and administrative investigation bodies, disciplinary and fiscal), and third-party participants in civil legal proceedings and their accountants, auditors, lawyers and other advisors and representatives, because it is necessary or appropriate: (a) for comply with applicable laws, including laws other than those of your country of residence; (b) to to comply with legal processes; (c) to respond to requests from public authorities and the government other than those of your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations; (f) to protect our rights, privacy, security or property, yours or those of others; and (g) obtain compensation apply or limit the damages that may affect us.

NET APPLICATIONS S.A.S., by e-mail: info@netapplications.com.co responsible for processing personal data.

This policy is effective as of November 26, 2018 and does not affect the policies of processing of personal data that could have been taken by NET APPLICATIONS S.A.S.