In compliance with the provisions of Law 1581 of 2012 “By which general provisions are issued for the protection of personal data”, and Decree 1377 of 2013, we make available to you the Information Processing Policies that have been adopted by JAO MARKETING SAS with NIT 900.409.619-0, hereinafter JAO, a company dedicated to the management and implementation of major events and marketing actions for the public and private sectors.
OBJECT
Establish the policies and procedures that JAO applies for the proper processing of personal data that has been or is being provided to it by its employees (or candidates for employees), suppliers (or candidates for suppliers), clients and users, as well as any natural person who intends to establish or has a relationship with JAO, in respect of which the company has been accepted and authorized to use and process the personal data and information provided under the protection of stated purposes for the proper development of the company's own activities.
SCOPE
This policy applies to all personal information recorded in the databases of JAO MARKETING SAS, which acts as the Data Controller. All employees of our company are covered by this policy. Likewise, our business partners, suppliers, and contractors are covered when, in the course of their work, they have access to personal data managed by JAO.
GLOSSARY
The definitions set forth below are those described in Law 1582 of 2012, the General Law on the Protection of Personal Data and other regulations that govern it.
Authorization: It is the prior and express consent given by the Owner, in which he or she authorizes the processing of his or her personal data.
Privacy Notice: Document generated by the Data Controller, which informs the Data Subject of the existence of the data processing policies applicable to them, the means to access them, and the characteristics of the intended processing of personal data.
Database: A set of data belonging to the same context and systematically ordered to be processed.
Personal Data: It is any information linked to one or more specific or determinable persons or that can be associated with a natural person.
Public data: It is the data classified as such according to the mandates of the law or the Political Constitution and all those that are not semi-private, private or sensitive.
Semi-private data: It is data that is not of an intimate, reserved or public nature and whose knowledge or disclosure may be of interest not only to its Owner but also to a certain sector or group of people or to society in general, such as financial and credit data of commercial or service activity.
Private Data: It is the data that, due to its intimate or reserved nature, is only relevant to the Owner.
Data Controller: Natural or legal person, public or private, who decides on the database and/or the processing of personal data.
Holder: Natural person whose personal data is subject to processing.
Treatment: Any operation that directly affects personal data, such as collection, storage, circulation, use or deletion.
PRINCIPLES OF PERSONAL DATA PROCESSING
It is a commitment of JAO MARKETING SAS in the development of its management, to understand and harmoniously apply the principles established in the General Law.
ANNEX I
JAO MARKETING SAS PRIVACY NOTICE
1. Responsible Party and Personal Data Processing Policy
The person responsible for the processing of personal data is the company:
JAO MARKETING SAS
NIT: 900.409.619-0
Address: Calle 9 SUR 32 210 INT 102
Medellín –Antioquia.
2. Communication channels for requests, complaints and claims related to habeas data:
The company has made available the following contact channel for personal data holders whose information is stored in our databases:
Contact channel for habeas data: customerservice@grupojao.com Any additional questions please call +57 3218553951, we will be happy to assist you.
3. Processing of data managed by JAO
JAO is committed to respecting the personal data protection regime, Law 1581 of 2012, and applies it together with its Data Processing Policy, to guarantee the proper processing of personal data that has been or is provided to it by its employees (or candidates for employees), suppliers (or candidates for suppliers), clients and users, as well as any natural person who intends to establish or has a relationship with JAO, in respect of which the company has been accepted and authorized to use and process the personal data and information provided under the protection of certain purposes informed for the proper development of the company's own activities.
4. Purposes of the Treatment
The Company processes your data for the purposes listed below:
4.1. Intended purposes for our clients and partners: Develop JAO's services activities, which primarily relate to the management, planning, organization, and execution of events for the public and private sectors, including fairs, parades, sports races, and the provision of advertising services for the companies that hire us.
The data is also used to formalize the business relationship and develop the service provision contract throughout all stages of the contract. Therefore, the contact information of the contact persons who represent and/or work with the client and/or partner is stored.
These services are provided by qualified employees and suppliers hired by the company, depending on the specific needs of each client and/or partner.
4.2. Purposes intended for our users: Develop JAO's services activities, which primarily relate to the planning, organization, and execution of events for the public and private sectors, including fairs, parades, sports races, and the provision of advertising services for our clients and partners.
Consequently, the following activities are usually carried out: registration of people attending the event, identification of the same, delivery of kits, general assistance during the event, medical assistance if required, delivery of prizes and/or recognitions, taking of images and videos as well as their publication on JAO's and/or our clients' social networks (such as Facebook, Instagram, Twitter, Website), photographic record for digital or printed pieces, in general, information is collected before and during the event for the proper realization, remembrance and dissemination of the same as well as for the sending of advertising information that may be of interest to the Owner.
We retain contact information to provide you with event-related information, to promote events organized by JAO or its clients/partners, to send information, advertising, and promotions from JAO or its clients/partners via email, SMS, telephone, or cell phone, and, in general, to use the data for marketing, branding, and advertising purposes.
The data is eventually used to conduct surveys and/or research studies to evaluate the care process and satisfaction with the service provided by JAO.
These services are provided by the company's employees and suppliers, who are specifically contracted to meet the specific needs of each event.
4.3. Intended purposes for data obtained from candidates, employees and former employees.
The information on the candidates' resumes will help JAO form an opinion on the individual's qualities and properly address the personnel selection process.
The data collected from employees is intended to develop existing employment relationships with them and comply with legal obligations, as well as to provide extralegal benefits or coordinate welfare activities provided by their relationship with the employer.
Former employees' data is retained for a period of time that complies with the law, in order to ensure the provision of information to authorities and entities within the social security system.
4.4. Purposes envisaged for the case of natural person suppliers of the Company.
Suppliers' personal data is collected for the purpose of understanding, contacting, and eventually contracting them to provide services related to the products offered by JAO.
If you are hired, your data is used to develop the signed service provision contract, to conduct service audits, and to monitor the financial suitability and commercial performance of the services.
Additionally, they can be used to involve them in activities and campaigns that may be of interest to them, to conduct training, and to communicate company service protocols.
5. Conservation
The personal data provided will be kept as long as its deletion is not requested by the interested party and as long as there is no legal or contractual obligation to keep it.
5.1. Principle of legality in data processing: The Treatment referred to in this law is a regulated activity that must be subject to the provisions established in this law and in the other provisions that develop it;
5.2. Principle of purpose: The processing must comply with a legitimate purpose in accordance with the Constitution and the Law, which must be informed to the Owner;
5.3. Principle of freedom: Processing may only be carried out with the prior, express, and informed consent of the Data Subject. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal or judicial order that waives consent;
5.4. Principle of truthfulness or quality: The information subject to processing must be truthful, complete, accurate, up-to-date, verifiable, and understandable. The processing of partial, incomplete, fragmented, or misleading data is prohibited;
5.5. Principle of transparency: In the Processing process, the right of the Data Subject to obtain from the Data Controller or the Data Processor, at any time and without restrictions, information about the existence of data concerning him/her must be guaranteed;
5.6. Principle of restricted access and circulation: Processing is subject to the limits arising from the nature of the personal data, the provisions of this law, and the Constitution. In this regard, processing may only be carried out by persons authorized by the Data Controller and/or by the persons provided for by law;
Personal data, except for public information, may not be made available on the Internet or other means of dissemination or mass communication, unless access is technically controllable to provide restricted knowledge only to the Holders or third parties authorized in accordance with the law;
5.7. Safety principle: The information subject to processing by the Data Controller or Data Processor referred to in this law must be handled with the technical, human and administrative measures necessary to ensure the security of the records, preventing their adulteration, loss, consultation, use or unauthorized or fraudulent access;
5.8. Principle of confidentiality: All persons involved in the Processing of personal data that are not public in nature are obliged to guarantee the confidentiality of the information, even after their relationship with any of the tasks comprising the Processing has ended, and may only supply or communicate personal data when this corresponds to the development of the activities authorized by law and under the terms thereof;
5.9. Necessity and proportionality: The personal data recorded in a database must be strictly necessary to fulfill the purposes of the processing, as communicated to the Data Controller. Therefore, they must be adequate, relevant, and consistent with the purposes for which they were collected;
5.10. Temporality or expiration: The retention period for personal data will be as long as necessary to achieve the purpose for which it was collected.
DATA PROCESSING AND PURPOSE
JAO processes your data for the purposes listed below, and does so through its employees and suppliers, who are familiar with the regulations in this area, as well as our policy, and have committed to fully complying with it:
6. Changes to the policies or the Privacy Notice
Data Subjects may consult JAO's Processing Policy and Privacy Notice on the page where any changes to them will be recorded, or may request them via email: customerservice@grupojao.com
JAO reserves the right to make modifications or updates to this Personal Data Processing Policy, as well as to the Privacy Notice, at any time to address legislative developments or to update them when JAO's business activity involves new processing of personal information.
6.1. Purposes intended for our clients and partners: Develop JAO's services activities, which primarily relate to the management, planning, organization, and execution of events for the public and private sectors, including fairs, parades, sports races, and the provision of advertising services for the companies that hire us.
The data is also used to formalize the business relationship and develop the service provision contract throughout all stages of the contract. Therefore, the contact information of the contact persons who represent and/or work with the client and/or partner is stored.
These services are provided by qualified employees and suppliers hired by the company, depending on the specific needs of each client and/or partner.
6.2. Purposes intended for our users: Develop JAO's services activities, which primarily relate to the planning, organization, and execution of events for the public and private sectors, including fairs, parades, and sports races, as well as providing advertising services for our clients and/or partners.
Consequently, the following activities are usually carried out: registration of people attending the event, identification of the same, delivery of kits, general assistance during the event, medical assistance if required, delivery of prizes and/or recognitions, taking of images and videos as well as their publication on JAO's and/or our clients' social networks (such as Facebook, Instagram, Twitter, Website), photographic record for digital or printed pieces, in general, information is collected before and during the event for the proper realization, remembrance and dissemination of the same as well as for the sending of advertising information that may be of interest to the Owner.
We retain contact information to provide you with event-related information, to promote events organized by JAO or its clients/partners, to send information, advertising, and promotions from JAO or its clients/partners via email, SMS, telephone, or cell phone, and, in general, to use the data for marketing, branding, and advertising purposes.
The data is eventually used to conduct surveys and/or research studies to evaluate the care process and satisfaction with the service provided by JAO.
These services are provided by the company's employees and suppliers, who are specifically contracted to meet the specific needs of each event.
6.3. Intended purposes for data obtained from candidates, employees and former employees.
The information on the candidates' resumes will help JAO form an opinion on the individual's qualities and properly address the personnel selection process.
The data collected from employees is intended to develop existing employment relationships with them and comply with relevant legal obligations, as well as to provide extralegal benefits or coordinate welfare activities provided by their relationship with the employer.
Former employees' data is retained for a period of time that complies with the law, in order to ensure the provision of information to authorities and entities within the social security system.
6.4. Purposes envisaged for the case of natural person suppliers of the Company.
Suppliers' personal data is collected for the purpose of understanding, contacting, and eventually contracting them to provide services related to the products offered by JAO.
If you are hired, your data is used to develop the signed service provision contract, to conduct service audits, and to monitor the financial suitability and commercial performance of the services.
Additionally, they can be used to involve them in activities and campaigns that may be of interest to them, to conduct training, and to communicate company service protocols.
RIGHTS OF THE HOLDER OF THE INFORMATION: Data Subjects may exercise their rights with respect to the personal data concerning them at any time before JAO.
These rights may be exercised by:
AUTHORIZATION
The company will obtain authorization for the processing of personal data in accordance with current legislation. JAO will establish mechanisms to obtain authorization from Data Subjects or from anyone authorized to do so pursuant to Law 1581 of 2012 and its regulatory decrees. These mechanisms may be predetermined through technical means that facilitate automated declaration by the Data Subject.
Authorization will be deemed to meet these requirements when expressed (i) in writing, (ii) orally, or (iii) through unequivocal conduct by the Data Subject that reasonably allows us to conclude that the authorization was granted. Under no circumstances may silence be equated with unequivocal conduct.
The means to obtain authorization will be physical, electronic, verbal and through unequivocal conduct.
The authorization of the Holder is not necessary when it comes to:
a) Information required by a public or administrative entity in the exercise of its legal functions or by court order;
b) Data of a public nature;
c) Cases of medical or health emergencies;
d) Processing of information authorized by law for historical, statistical or scientific purposes
e) Data related to the Civil Registry of Persons.
PROCESSING OF DATA OF CHILDREN AND ADOLESCENTS
In accordance with the provisions of Article 7 of Law 1581 of 2012, the processing of data relating to children or adolescents is prohibited, except for public data. Therefore, the Data Subject understands that it is OPTIONAL to authorize JAO to process it.
For the processing of data concerning minors, it is the responsibility of the legal representatives to grant authorization, after exercising the minor's right to be heard.
The data of children and adolescents may be processed as long as the prevalence of their fundamental rights is not jeopardized and it unequivocally responds to the implementation of the principle of their best interests, the specific application of which will come from the analysis of each particular case as indicated by the Constitutional Court in ruling C-748 of 2011.
PROCESSING OF SENSITIVE DATA
In accordance with the provisions of Article 6 of Law 1581 of 2012, sensitive data is understood to be that which affects the privacy of the Owner or whose improper use may lead to discrimination, such as data that reveals racial or ethnic origin, political orientation, religious or philosophical beliefs, membership in unions, social organizations, human rights organizations or that promotes the interests of any political party or that guarantees the rights and guarantees of opposition political parties, as well as data related to health, sexual life and biometric data. The Owner understands that it is OPTIONAL to authorize their Processing to JAO.
FUNDAMENTAL RIGHT OF HABEAS DATA
Article 15 of the Political Constitution establishes the right of all persons to know, update, and rectify information collected about them in databases or files belonging to both public and private entities.
Likewise, and in accordance with Constitutional Court Ruling C-748 of 2011, this right includes other powers such as authorizing processing, including new data, or excluding or deleting it from a database or file.
This fundamental right is developed by Law 1581 of 2012, the General Law on the Protection of Personal Data, and the procedures for exercising it are outlined below.
PROCEDURES FOR THE EXERCISE OF RIGHTS
The procedures described below may only be carried out by the Owner, his successors in title or representatives, provided that their identity or representation is previously proven.
The procedures in accordance with Law 1581 of 2012 are explained in detail below.
7. CONSULTATIONS
The Holders, their successors in title or representatives may consult the information held in the databases managed by JAO or its Representative, in accordance with Article 14 of Law 1581 of 2012, entitled "Consultations":
The query will be submitted through the means enabled by the Data Controller or Data Processor for handling habeas data requests, queries, or complaints, or, failing that, through any contact channel enabled by the Data Controller or Data Processor.
Once JAO or its Manager receives the request for information, he will proceed to review the individual record that corresponds to the name of the Holder and the identity document number provided. If he finds any difference between these two data, he will inform you within the five (5) business days following receipt, so that the applicant can clarify it.
If after reviewing the document provided and the name of the Holder, it is found that there is conformity in them, the response will be given in a term of ten (10) business days.
When it is not possible to answer the query within this period, the Owner will be informed of this situation and will respond within a period that will not exceed five (5) business days following the expiration of the term.
7.1 CLAIMS.
The Owner, their successors in title or representatives who consider that the information contained in a database managed by JAO or its Manager should be subject to correction, updating or deletion, or if they notice a breach by JAO or any of its Managers, may file a claim with JAO or the Manager in accordance with the provisions of Article 15 of Law 1581 of 2012.
The claim must be submitted through the means enabled by the Data Controller or Data Processor for handling habeas data requests, queries, or complaints, or, failing that, through any contact channel enabled by the Data Controller or Data Processor.
The claim must be submitted to JAO or its Representative, accompanied by a document identifying the Owner, a clear description of the facts giving rise to the claim, the address where the claimant wishes to receive notifications (either physical or electronic), and the attachment of any documents the claimant intends to assert.
If the claim is incomplete, the interested party will be required to do so within the five (5) days following receipt of the claim to correct the errors.
Elapsed two (2) months From the date of the request, if the applicant does not submit the required information, it will be understood that he has withdrawn the claim.
In the event that the person receiving it is not competent to resolve it, he/she will forward it to the corresponding person within a maximum period of two (2) days skilled and will inform the interested party of the situation.
JAO will use a unique email address for these purposes so that it can identify the time of transfer and the corresponding response or confirmation of receipt.
If JAO does not know the person to whom it should be transferred, it will immediately inform the Owner with a copy to the Superintendency of Industry and Commerce.
Once the complete claim has been received, the legend “claim in process” and the reason for it must be included in the corresponding database. This must occur within a maximum period ofthe (2) business days.
The maximum term to respond to the claim is fifteen (15) business daysIf it is not possible to do so within this period, the interested party will be informed of the reasons for the delay and the date on which it will be attended to, which may not exceed eight (8) business days following the expiration of the first term.
7.2 COMPLAINTS TO THE SUPERINTENDENCY OF INDUSTRY AND COMMERCE
The owner, successor in title, or representative must first complete this consultation or complaint process before contacting the Superintendency of Industry and Commerce (SIC) to file a complaint.
SECURITY AND CONFIDENTIALITY IN THE PROCESSING OF PERSONAL DATA: The protection of personal data is an activity carried out with absolute responsibility, for which administrative, physical, and technological measures have been adopted to guarantee and ensure its integrity, confidentiality, and availability.
Regarding confidentiality, JAO undertakes to enter into data transfer agreements when carrying out assignments involving the processing of personal data, as well as to enter into confidentiality and appropriate processing clauses for personal data with suppliers or employees when, in the course of their duties, they need to be aware of personal data managed by the company.
STORAGE TIMES
The personal data provided will be retained as long as the data subject does not request its deletion and as long as there is no legal or contractual obligation to retain it.
CHANGES IN POLICIES OR PRIVACY NOTICE
Holders can consult this policy and JAO's privacy notice on the page or request it via email: customerservice@grupojao.com
JAO reserves the right to make changes or updates to this Policy, as well as to the Privacy Notice, at any time to address legislative developments or to update its policy when JAO's business activity involves new processing of personal information.
Adopted in January 2010
Updated January 2024
Subscribe to our newsletter to stay up to date on all our events and much more.
CORREMITIERRA 2025. All rights reserved.
