Privacy Policy

AUTHORIZATION FOR DATA PROCESSING


I have been informed (a) by Retorno S.A.S. (Data Controller) of the following: (i) The data provided in this document will be processed for the following purposes: Send or use the Information for contractual purposes, customer service, marketing (such as consumption analysis, brand traceability, among others), commercial (such as benefits, promotions, discounts, current campaigns, promotional events, writings, images, data messages, allied brands and programs of own brands or allies, among others), update data and provide relevant Information; For consultation, to answer queries about products and services offered, to carry out studies for statistical purposes, to know the customer. For Information, inform the data holders about news, products, services, and special offers for the development of activities related to telephone service, collections, or other similar activities. Allows you to transfer or transmit the data or Information, in whole or in part, to its subsidiaries, businesses, companies, affiliated entities, and strategic or commercial allies that operate or are not in another Colombian jurisdiction or territory. (ii) It is optional to answer questions about sensitive data or data of minors; (iii) As the owner of the data and representative of the minor, I have the right to know, update, rectify or delete my Information or revoke the authorization granted; (iv) In the event that my request is not resolved directly, and subsidiarily, I have the right to file complaints with the Superintendence of Industry and Commerce, in accordance with Law 1581 of 2012, Decree 1377 of 2013 and other complementary regulations; (v) My rights and obligations can be exercised by strictly observing the Data Processing Policy of RETORNO S.A.S. Available at www.retornobirding.com and by contacting the email address dcasas@retornobirding.com


PERSONAL DATA PROCESSING POLICY

GENERAL CONSIDERATIONS.


Article 15 of the Constitution of the Republic of Colombia establishes the right of any person to know, update and rectify the personal data that exists about them in databases or files of public or private entities. Likewise, it orders those who have personal data of third parties to respect the rights and guarantees provided for in the Constitution when collecting, processing and circulating this type of information.

Likewise, in balance, justice and equity with Article 15, Article 20 of the Constitution of the Republic of Colombia establishes the right of any person, Responsible or in Charge, to receive truthful and impartial information.

RETORNO S.A.S. (The Company), As an intermediary in the relationship with various tourist service providers, I recognize the paramount importance of complying with personal data protection regulations and respecting the rights of data owners. Therefore, we adopt this Personal Data Processing Policy, which is not just a formality but a crucial framework that guides all our activities involving personal data processing. This policy is mandatory for the Company, its administrators, employees, and officials, underscoring its significance in our operations.

The Company, within the development of its corporate purpose, receives, transmits and processes Personal Data internally and externally for the missionary and support activities it carries out in accordance with its statutes, its corporate purpose, and the law. These policies are mandatory and strictly enforced by RETORNO S.A.S., its administrators, employees in Colombia and the contractors and third parties that act on behalf of RETORNO S.A.S. All RETORNO S.A.S. employees must observe and respect these policies in the performance of their duties.


1. PURPOSE OF THE POLICY.


With this document, the Company guarantees proper compliance with the applicable personal data protection law and for the attention of queries and claims from the owners of the Personal Data on which the Company performs Treatment.


• Authorization: Prior, express and informed consent must be obtained from the owner of the data to carry out the Treatment. This can be written, verbal or through unequivocal conduct that allows one to conclude that the owner granted authorization reasonably.


• Database: It is the organized set of Personal Data that is subject to Treatment, electronic or not, whatever the modality of its formation, storage, organization and access.


• Consultation: Request of the owner of the data or of the persons authorized by him or by law to know the information that rests on him in databases or files. • Personal data: Any information linked to or that can be associated with one or several determined or determinable natural persons. These data are classified as sensitive, public, private and semi-private.


• Sensitive personal data: Information that affects a person's privacy or whose misuse may lead to discrimination, such as information that reveals racial or ethnic origin, political orientation, religious or philosophical beliefs, membership in unions, social organizations, human rights organizations, or that promotes the interests of any political party or that guarantees the rights and guarantees of opposition political parties, as well as data relating to health, sexual life, and biometric data (fingerprints, among others).


• Public personal data: Data classified as such according to the mandates of the law or the Political Constitution and all data that are not semi-private or private. Public data includes, among others, data contained in public documents, public records, official gazettes and bulletins, and duly executed court rulings that are not subject to reservation, data relating to the marital status of individuals, their profession or trade, and their status as a merchant or public servant. Personal data contained in the commercial register of the Chambers of Commerce are public (Article 26 of the C.Co.). Likewise, data that, by virtue of a decision by the owner or a legal mandate, is found in freely accessible and accessible files are public.


These data can be obtained and offered without reservation and regardless of whether they refer to general, private or personal information.


• Private personal data. This is data that, due to its intimate or reserved nature, is only relevant to the owner of the data. Examples: merchants' books, private documents, and information obtained from a home inspection.


• Semi-private personal data. Semi-private data is data that is not of an intimate, reserved, or public nature and whose knowledge or disclosure may be of interest not only to its owner but also to a particular sector or group of people or society in general, such as among others, data regarding compliance and non-compliance with financial obligations or data relating to relations with social security entities.


• Data processor: A person who processes data on behalf of the data controller.


• “Authorized” means the Company and all persons under the responsibility of the Company, who by virtue of the Authorization and the Policy have the legitimacy to process the Personal Data of the Owner. The Authorized includes the gender of Authorized Persons. • “Authorization” or being “Authorized” is the legitimation that the Company expressly and in writing grants to third parties, through a contract or document that takes its place, in compliance with the applicable Law, for the Processing of Personal Data, converting such third parties into Data Processors of the Personal Data delivered or made available.


• Complaint: A request by the data owner or persons authorized by him or by Law to correct, update, or delete his or her personal data or when they notice an alleged breach of the data protection regime, according to Article 15 of Law 1581 of 2012.


• Data owner: The natural person to whom the information refers. • Processing: Any operation or set of operations on personal data such as, among others, the collection, storage, use, circulation or deletion of this type of information.


• Transmission: Processing of personal data that involves the communication of the same within (national transmission) or outside Colombia (international transmission) and that has as its object the realization of treatment by the Person in Charge on behalf of the Person Responsible.


• Transfer: The transfer of data takes place when the Person Responsible and in charge of the processing of personal data, located in Colombia, sends the information or personal data to a recipient, who in turn is responsible for the treatment and is located within or outside the country.


• Procedural requirement: The Holder or successor in title may only file a complaint with the Superintendence of Industry and Commerce once he or she has exhausted the consultation or claim process before the Person Responsible for the Treatment or the Person in Charge of the Treatment, the above according to Article 16 of Law 1581 of 2012.


2. PRINCIPLES FOR THE PROCESSING OF PERSONAL DATA.


The processing of personal data must be carried out in compliance with the general and special regulations on the subject and for activities permitted by law. In the development, interpretation and application of this policy, the following principles will be applied harmoniously and comprehensively:


2.1  Principles Related to the Collection of Personal Data.

Principle of Freedom: The collection of data is a process that respects the individual's rights. It may only be carried out with the prior, express and informed authorization of the Owner. Personal data may not be obtained or disclosed without the prior consent of the Owner or in the absence of a legal or judicial mandate that waives consent. The Owner of the data must be informed in a clear, sufficient and prior manner about the purpose of the information provided. Therefore, data may not be collected without a precise specification of the purpose thereof.

The principle of freedom must be observed both for the case of data collected through forms and those that are part of the annexes or documents that the data owners provide to RETORNO S.A.S.

Principle of Limitation of Collection: Only the personal data that is strictly necessary for the fulfillment of the purposes of the treatment must be collected in such a way that the registration and disclosure of data that is not closely related to the objective of the treatment is prohibited. Consequently, everything reasonably possible must be done to limit the processing of personal data to the minimum necessary. That is, the data must be (i) adequate, (ii) pertinent, and (iii) in accordance with the purposes for which they were intended.


2.2 Principles Related to the Use of Personal Data.

The principle of purpose in data use is a fundamental aspect of data processing. It stipulates that the treatment must obey a legitimate purpose in accordance with the Constitution and the Law, which must be informed to the Owner. The data subject must be informed in a clear, sufficient, and prior manner about the purpose of the information provided, and data may not be collected without a specific purpose.

The principle of temporality in data retention is crucial. It states that personal data will only be kept for the reasonable and necessary time to fulfill the purpose of the processing and the legal requirements or instructions of the surveillance and control authorities or other competent authorities. The data will be kept when necessary for the fulfillment of a legal or contractual obligation. To determine the term of the processing, the rules applicable to each purpose, as well as the administrative, accounting, fiscal, legal, and historical aspects of the information, will be considered.


2.3 Principles Related to the Quality of Information.

Principle of Truthfulness or Quality: the information subject to processing must be truthful, complete, accurate, up-to-date, verifiable and understandable. The processing of partial, incomplete, fractioned or misleading data is prohibited. Reasonable measures must be taken to ensure that the data is accurate and sufficient and, when requested by the Owner or when RETORNO S.A.S. determines it, it is updated, rectified or deleted when appropriate.


2.4. Principles Related to the Protection, Access and Circulation of Personal Data.

Security Principle: Each person linked to RETORNO S.A.S. must comply with the technical, human, and administrative measures established by the entity to secure personal data and avoid its adulteration, loss, consultation, use, or unauthorized or fraudulent access.

Transparency Principle: The treatment must guarantee the owner's right to obtain information about the existence of data that concerns him/her at any time and without restrictions. This principle ensures that the Owner is always aware of the data being collected and processed, empowering them to make informed decisions about their personal information.


Restricted Access Principle: Only the following persons will be allowed access to personal data:


2.4.1. Persons authorized by the Owner of the data

2.4.2 A las personas que por mandato legal u orden judicial sean autorizadas para conocer  la información del titular del dato.

Principle of Restricted Circulation: Personal data may only be sent or provided to the following persons:

1. The data owner

2. Persons authorized by the data owner

3. Public or administrative entities in the exercise of their legal functions or by court order

Principle of Confidentiality: All persons involved in the processing of personal data that are not public are required to guarantee the confidentiality of the information, even after their relationship with any of the tasks that comprise the processing has ended and may only provide or communicate personal data when this corresponds to the development of the activities authorized by law.

 

Any new project within the Company that involves the Processing of Personal Data must be consulted with THE INFORMATION SECURITY OFFICER, who is the person and department in charge of the data protection function to ensure compliance with the policy and the measures necessary to maintain the confidentiality of Personal Data.

 

3. PROCESSING TO WHICH PERSONAL DATA WILL BE SUBJECTED AND ITS PURPOSE.


·     RETORNO S.A.S. will process (collect, store, use, among other things) the personal data in accordance with the conditions established by the owner, the law, or public entities to comply, especially with the activities inherent to its corporate purpose, such as contracting, executing, and marketing the goods and services of RETORNO S.A.S.


·     Depending on the type and form of information collected, personal data may be processed through physical, automated, or digital means.


·     RETORNO S.A.S. may also process personal data, among others, for the following purposes:


·     Exercise its right to sufficiently know the user with whom it intends to establish relationships, provide services, and assess the present or future risk of the same relationships and services. Carry out the relevant procedures for the development of the pre-contractual, contractual and post-contractual stages with RETORNO S.A.S., regarding any of the products or services offered by RETORNO S.A.S., whether or not acquired or regarding any underlying business relationship with it, as well as comply with Colombian or foreign law and orders from judicial or administrative authorities.


·     Carry out marketing, sales and promotional activities, telemarketing (telephone marketing), customer service, brand activation, prizes and promotions, directly or through third parties derived from commercial alliances or any link.


·     Implement relationship strategies with clients, suppliers, shareholders and other third parties with which the Company has contractual or legal relationships.


·     • Make invitations to events, improve products and services or offer new products, and all those activities associated with the existing commercial relationship or link with RETORNO S.A.S., or any other that may be established.


·     Manage procedures (requests, complaints, claims); carry out satisfaction surveys regarding the goods and services of RETORNO S.A.S. or related companies and RETORNO S.A.S. business partners.

·      Disclose, transfer and transmit personal data within and outside the country to parent companies, affiliates or subsidiaries of RETORNO S.A.S. or to third parties as a result of a contract, law or lawful link that so requires or to implement cloud computing services.


·      The data collected or stored about RETORNO S.A.S. employees by filling out forms, by telephone, or by submitting documents (resumes, attachments) will be treated for everything related to labor issues of a legal or contractual nature. By virtue of the above, RETORNO S.A.S. will use personal data for the following purposes: (1) Comply with laws such as, among others, labor law, social security, pensions, professional risks, family compensation funds (Comprehensive Social Security System) and taxes; (2) Comply with the instructions of the competent judicial and administrative authorities; (3) Implement labour and organizational policies and strategies. These purposes will apply to data collected or stored about RETORNO S.A.S. employees by filling out forms, by telephone, or by submitting documents (CVs, attachments). They will be treated for everything related to labour issues of a legal or contractual nature.


·      To order, catalogue, classify, divide or separate the information provided by data owners. To verify, corroborate, check, validate, investigate or compare the information provided by data owners with any information legitimately available to them, such as business relationships. Access, consult, compare and evaluate all information about the Holder that is stored in the databases of any credit, financial, judicial or security risk center, of a state or private, national or foreign nature, or any commercial or service database that allows establishing in a comprehensive and complete historical manner, the behaviour as a debtor, user, client, guarantor, endorser, affiliate, beneficiary, subscriber, taxpayer and as holder of financial, commercial or any other type of services. This comprehensive approach ensures that you are fully informed about the use of your data.


·      For the security purposes of the people, assets and facilities of RETORNO S.A.S. and may be used as evidence in any process, with respect to data (i) collected directly at security checkpoints, (ii) taken from documents provided by individuals to security personnel, and (iii) obtained from video recordings made inside or outside RETORNO S.A.S. facilities, these will be used for security purposes of RETORNO S.A.S. individuals, property, and facilities and may be used as evidence in any type of process.


·      Know, store, and process all information provided by data holders in one or more databases in the format deemed most convenient.


·      Carry out all tax, accounting, fiscal, and billing procedures.


RETORNO S.A.S., in the development of its corporate purpose and its relations with third parties, understood as clients, employees, contractors, subcontractors, creditors, strategic and commercial allies, and subordinates, among others, constantly collects data whose owners grant their authorization to carry out the treatment to which these personal data will be submitted, among others for the following purposes: To develop commercial activities, carry out promotion, marketing and advertising campaigns, to comply with the obligations derived from the contracts that are perfected with its clients, suppliers and employees; to comply with legal provisions or judicial decisions. To answer queries about products and services offered, to carry out studies for statistical purposes customer knowledge; to inform the data owners about news, products, services and special offers; for the development of activities related to telephone service, collections or others of a similar nature, also for administrative, informational, marketing and sales purposes. In relation to the above, RETORNO S.A.S. may carry out the following Treatment to which the personal data collected will be subjected: 1. Obtain, store, compile, guard, exchange, update, collect, process, reproduce and dispose of the data or information, partial or total, of those owners who grant the proper authorization in the terms required by law and in the formats and means that it deems convenient for each case. 2. Classify, order, and separate the information provided by the data owner. 3. Extend the information obtained in terms of the Habeas Data law to the companies with which it contracts the services of capture, collection, storage and management of its databases prior to the proper authorizations obtained in this regard. 4. Transfer or transmit the data or information, partial or total, to its subsidiaries, businesses, companies and affiliated entities and strategic allies that operate or not in another jurisdiction or territory. By virtue of its capacity as a travel agent in the marketing of airline tickets, RETORO S.A.S. will collect, on behalf of the airlines, the personal data of the clients so that the latter may process them accordingly, for the adequate provision of the services derived from the transport contract, and those that it, as the controller, determines, in accordance with its data processing policy.


4. RIGHTS OF DATA OWNERS.


The owners of the information have the right to:

1. Access, Rectify, Cancel, Oppose.

2. Know, update, and rectify personal data. For this purpose, it is necessary to establish the person's identity previously to prevent unauthorized third parties from accessing the data of the owner.

3. Obtain a copy of the authorization.

4. Inform about the use that RETORNO S.A.S. has given to the personal data of the owner.

5. Process queries and complaints following the guidelines established in the law and in this policy.

6. Access the request for revocation of the authorization and deletion of personal data when the Superintendence of Industry and Commerce has determined that in the treatment by RETORNO S.A.S. The Data Subject may also revoke the authorization and request the deletion of the data, when no legal or contractual obligation requires the data to remain in the database or file of the Controller or Processor. The request for deletion of the information and the revocation of the authorization will not apply when the Data Subject has a legal or contractual obligation to remain in the database of the Controller or Processor. To initiate this process, don't hesitate to get in touch with our Data Protection Officer. Access your data free of charge. The information requested by the Data Subject may be provided by any means, including electronic means.

 

5. DUTIES OF RETORNO S.A.S. WHEN IT ACTS AS THE CONTROLLER OF PERSONAL DATA.


All those obliged to comply with this policy must bear in mind that RETORNO S.A.S. is obliged to comply with the duties imposed by law. Therefore, they must act in such a way that they comply with the following obligations:


5.1 Duties of RETORNO S.A.S. with respect to the data owner.


  • Guarantee the owner's full and effective exercise of the right to habeas data, that is, to know, update, or rectify their personal data, at all times.
  • Request and retain a copy of the respective authorization granted by the owner, under the conditions provided for in this policy.
  • Inform the owner clearly and sufficiently about the purpose of the collection and the rights that assist him by virtue of the authorization granted.
  • Inform the owner, at his/her request, about the use made of his/her personal data.
  • Process the queries and claims made in the terms indicated in this policy.
  • Duties of RETORNO S.A.S. regarding the quality, security and confidentiality of personal data.
  • Observe the principles of honesty or quality, security and confidentiality in the terms established in this policy.
  • Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.
  • Update the information when necessary.
  • Rectify personal data when appropriate.


5.2 Duties of RETORNO S.A.S.


When processing through a data processor.


  1. Provide the data processor only with personal data whose processing is previously authorized.
  2. Ensure that the information provided to the data processor is true, complete, accurate, up-to-date, verifiable and understandable.
  3. Communicate all new developments regarding the data previously provided to the data processor in a timely manner. This ensures that the data processor is always in the loop and can adopt necessary measures to keep the information up-to-date.
  4. Inform the data processor in a timely manner of any corrections made to personal data so that the data processor can proceed to make the relevant adjustments.
  5. Demand that the data processor at all times respect the security and privacy conditions of the Owner's information. 6. Inform the data controller when the Owner is discussing certain information once the claim has been submitted and the respective process has not been completed.


5.3 Duties of RETORNO S.A.S. with respect to the Superintendence of Industry and Commerce.


  1. Inform you when security codes are violated, and risks arise in managing the holders information.
  2. Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce.


6. DUTIES OF RETORNO S.A.S. WHEN IT ACTS AS THE PERSON IN CHARGE OF THE PROCESSING OF PERSONAL DATA.


If RETORNO S.A.S. processes data on behalf of another entity or organization that acts as a Data Controller, it must comply with the following duties:


  1. Always guarantee the owner’s full and effective exercise of the right to habeas data.
  2. Keep the information under the security conditions necessary to prevent its adulteration, loss, consultation, unauthorized or fraudulent use or access.
  3. Carry out the timely update, rectification or deletion of the data.
  4. Update the information reported by those responsible for the processing within five (5) business days from its receipt.
  5. Process the queries and claims made by the owners in the terms indicated in this policy.
  6. Refrain from circulating information that is being disputed by the owner and whose blocking has been ordered by the Superintendence of Industry and Commerce.
  7. Allow access to information only to persons authorized by the owner or empowered by law for such purpose.
  8. Inform the Superintendency of Industry and Commerce when security codes are violated, and there are risks in managing the owners' information.
  9. It is your duty to strictly comply with the instructions and requirements issued by the Superintendence of Industry and Commerce.
  10. AUTHORIZATION.


7. Authorization for Data Processing.


Those required to comply with this policy must obtain prior, express and informed authorization from the owner to collect and process their personal data. This obligation is not necessary when dealing with data of a public nature.

To obtain authorization, the following instructions must be followed:

First, before the person authorizes, it is necessary to inform them clearly and expressly of the following:


  1. The processing to which their personal data will be subjected and the purpose thereof;
  2. The optional nature of the response to the questions asked, when these relate to sensitive data or the data of girls, boys and adolescents;
  3. The rights that assist you as the owner provided for in Article 8 of Law 1581 of 2012;
  4. The identification, physical or electronic address of RETORNO S.A.S.


Secondly, the consent of the owner will be obtained through any means that may be subject to subsequent consultation, such as the website, forms, formats, activities, contests, in person or on social networks, PQR, data messages or Apps.


Proof of compliance with the obligation to inform and consent must be left. Authorization may also be obtained from unequivocal conduct of the Data Owner that allows a reasonable conclusion that he/she gave his/her consent for the processing of his/her information. Such conduct(s) must be very clear so that it does not allow for doubt or mistake about the will to authorize the processing.


8. Authorization for the processing of sensitive data.


8.1 When collecting sensitive data, the following requirements must be met:


  1. The authorization must be explicit.
  2. The Data Subject must be informed that they are not obliged to authorize the processing of said information, and that their decision will not affect their rights or benefits.
  3. The Data Subject must be informed explicitly and in advance which of the data to be processed are sensitive and the purpose of the processing, which is [insert purpose here].


8.2. Authorization for the processing of data of children and adolescents (N.N.A.).


When collecting and processing data of children and adolescents, the following requirements must be met:


  1. The authorization for processing NNA data must be granted by their authorized representative. This representative is responsible for ensuring the NNA's right to be heard is respected and their opinion on the processing is valued. The process takes into account the NNA's maturity, autonomy, and capacity to understand the matter.
  2. It must be reported that it is optional to answer questions about the N.N.A.'s data.
  3. RETORNO S.A.S. ensures that the processing of personal data of children and adolescents will be carried out respecting their rights. In the commercial and marketing activities it carries out, it must have the prior, express and informed authorization of the father or mother or the legal representative of the child or adolescent, demonstrating our respect for their rights.


9. NATIONAL OR INTERNATIONAL TRANSFER OF PERSONAL DATA.


RETORNO S.A.S. may transfer data to other Data Controllers when authorized by the owner of the information or by law or by an administrative or judicial mandate.

INTERNATIONAL AND NATIONAL TRANSMISSIONS OF DATA TO PROCESSORS. RETORNO S.A.S.

May send or transmit data to one or more processors located within or outside the territory of the Republic of Colombia in the following cases:


  1. When it has authorization from the owner.
  2. When without authorization, there is a data transmission contract between the Controller and the processor.


10. PROCEDURES FOR DATA OWNERS TO EXERCISE THEIR RIGHTS


Empowering you, the data owner, with the procedures to exercise your rights to know, update, rectify, and delete information or revoke authorization is of utmost importance. Below are the steps you can take to ensure the security and accuracy of your personal data.

The rights of the Owners may be exercised by the following persons authorized in accordance with Article 20 of Decree 1377 of 2013:


  1. By the Owner, who must prove their identity sufficiently by the different means made available to them by RETORNO S.A.S.
  2. By their legal successors, who must prove such status.
  3. By the owner's representative and/or attorney proving the representation or power of attorney, which can be demonstrated through a legally valid document.
  4. By stipulation in favour of another or for another, which refers to a legal arrangement where the data owner has given someone else the right to exercise their data rights on their behalf.
  5. The rights of children or adolescents will be exercised by the persons who are authorized to represent them, such as their parents or legal guardians.
  6. For the whole and effective exercise of the rights that assist the data owners, RETORNO S.A.S. has provided the following means through which they may submit all their queries, complaints and claims: dcasas@retornobirding.com.
  7. Guidelines for handling queries and claims:
  8. All queries made by persons entitled to know the personal data held by RETORNO S.A.S. will be channelled EXCLUSIVELY through the channels that RETORNO S.A.S. has designated for this purpose. In any case, it is necessary to provide proof of the following:

1. Date of receipt of the query

2. Identity of the applicant


Once the owner's identity, OwnerIQ, is verified, the required personal data will be provided. The response to the query must be communicated to the applicant within a maximum period of ten (10) business days from the date of receipt of the same. When it is not possible to respond to the query within this period, the interested party will be informed, stating the reasons for the delay and indicating the date on which the query will be responded to, which in no case may exceed five (5) business days following the expiration of the first term.

To adequately respond to queries, it will be necessary to have the identification of the person who, in accordance with the law, is authorized to make the query and/or claim regarding personal data.

The purpose of the claims is to correct, update, or delete data or to file a complaint for the alleged non-compliance with any of the duties established for the data protection regime and in this policy.

The claim must be submitted by means of a request addressed to RETORNO S.A.S. containing the following information:


1. Name and identification of the data owner or the legitimate person

2. Precise and complete description of the facts that give rise to the claim

3. Physical or electronic address to send the response and report on the status of the process

4. Documents and other relevant evidence that you wish to assert,


If the claim is incomplete, the interested party must correct the deficiencies within five (5) days of receipt. After two (2) months from the date of the request, without the applicant submitting the required information, it will be understood that he has withdrawn the claim.

The maximum term to address the claim will be fifteen (15) business days, counted from the day following the date of receipt. When it is not possible to address the claim within said term, the interested party will be informed of the reasons for the delay and the date on which his claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the first term.

RETORNO S.A.S. is committed to ensuring your rights as the owner of personal data. You can exercise these rights by sending a written communication to the email address dcasas@retornobirding.com. This commitment is our way of ensuring your security and protection.


11. PERSON OR AREA RESPONSIBLE FOR THE PROTECTION OF PERSONAL DATA. The INFORMATION SECURITY OFFICER,


[Lasura Luse], is the person and department in charge of the data protection function. They are responsible for overseeing the implementation of data protection policies and procedures, conducting risk assessments, and ensuring compliance with data protection regulations. The Information Security Officer can be contacted via email at dcasas@retornobirding.com.


12. DATE OF ENTRY INTO FORCE OF THIS POLICY AND PERIOD OF VALIDITY OF THE DATABASE.


This policy was approved after the issuance of Law 1581 of 2012 and modified to incorporate some aspects established by Decree 1377 of June 27, 2013, and is, therefore, in force as of July 2, 2013.

The validity of the database will be the reasonable and necessary time to fulfill the purposes of the treatment, taking into account the provisions of Article 11 of Decree 1377 of 2013.


13. DATA OF THE PERSON RESPONSIBLE FOR THE TREATMENT. Company name: RETORNO S.A.S.

Address: TRANSVERSAL 18 A NO. 97 – 10 Bogotá, Colombia Email: dcasas@retornobirding.com

WhatsApp: +573052986006

Website: www.retornophototours.com


14. INFORMATION SECURITY POLICIES


RETORNO S.A.S. is dedicated to adopting the technical, administrative, and human measures necessary to ensure the security of the personal data with which it carries out any treatment. This includes protecting the confidentiality, integrity, use, and unauthorized and fraudulent access of these data. Mandatory security protocols have been implemented for all personnel with access to personal data and information systems.

The internal security policies under which the owner's information is kept to prevent its adulteration, loss, consultation, unauthorized or fraudulent use or access are included in the security policy manual for the protection of personal data. In all events that RETORNO S.A.S. carries out that collect data, a Personal Data Protection notice will be included with the following text: "By participating in the Event, all participants declare that they know and authorize RETORNO S.A.S. freely, previously, voluntarily, expressly and duly informed to collect, record, process, disseminate, compile, exchange, update and dispose of the data or partial information that they provided, and for the purposes of participating in the Event; as well as to transfer said data to third parties with whom it has commercial and transactional links for the dispatch of orders, to answer queries about products and services offered for the realization of studies for statistical purposes, customer knowledge, to inform its clients of news, products, services and special offers, as well as telephone service, collections or other services of a similar nature of its own brands or those of third parties. The processing of personal data will be from the beginning of the Event until the day that RETORNO S.A.S. is dissolved and liquidated. 16. ADJUSTMENTS TO THE INFORMATION PROCESSING POLICY (PTI) In order to maintain the validity of the PTI, RETORNO S.A.S. may adjust and modify the PTI, indicating the date of the update on the website or by using other means, such as data messages. Mos—mostnt update: JULY 27, 2018.


Share by: