Menu

DATA PROCESSING POLICY TABI TECH INC 

1. SUBJECT 

Tabi Tech Inc, a company domiciled in United States of America, hereinafter referred to as “Tabi Tech Inc”, “Tabi”, or “The Company”; recognizes the importance of the security, privacy, and confidentiality of the Personal Data of our clients and potential clients, employees, candidates, shareholders, suppliers, contractors (hereinafter referred to as “Data Subjects”), and issues this Personal Data protection policy (hereinafter referred to as “Personal Data Protection Policy” or “the Policy”). 

The objective of this Personal Data Protection Policy is to communicate and inform you how we process your Personal Data, what type of data we collect, the principles that govern our data processing activities, your rights, and the purposes of our data processing activities. 

This Personal Data Protection Policy applies to all our activities. 

 

2. SCOPE 

This Personal Data Protection Policy applies to all Personal Data that we collect and process to provide our services and comply with the obligations we have with you and with the authorities. 

 

3. DEFINITIONS 

Authorization: Any free, specific, informed, and unequivocal expression of will by which the Data Subject accepts and authorizes the processing of their Personal Data, whether through a written declaration or a clear affirmative action. 

Database: An organized set of Personal Data, automated or not, whether physical, magnetic, digital, optical, among others, whatever the form of its creation, storage, organization, and access. 

Biometric Data: Personal Data obtained from a specific technical processing, relating to the physical, physiological, or behavioral characteristics of a natural person that allow or confirm the unique identification of said person, such as facial images or fingerprint data.    

Personal Data: Any information about an identified or identifiable individual; an identifiable individual is any person whose identity can be determined, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.    

Sensitive Personal Data: These are data that reveal racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, information concerning health or sex life or sexual orientation, genetic or biometric data for the purpose of uniquely identifying a natural person, and information related to criminal convictions.    

Data Processor: The natural or legal person, of a private or public nature, public authority, service or other body that processes Personal Data on behalf of the Data Controller. 

Security Incident: Any breach of security that results in the accidental or unlawful destruction, loss or alteration of Personal Data transmitted, stored or otherwise processed, or the unauthorized communication of or access to such data.    

Data Controller: The natural or legal person, of a private or public nature, authority, service or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.    

Data Subject: Any natural person whose Personal Data is subject to data processing activities. 

Data Processing: Any operation or set of operations performed on Personal Data or sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

   

4. PRINCIPLES FOR DATA PROCESSING 

 We process your Personal Data based on the following principles and in accordance with all those principles defined by applicable law. 

Legality, fairness, and transparency: We process your data legally, fairly, and transparently. 

 

Purpose Limitation: Your personal data is processed for specific, explicit, and legitimate purposes, and is not further processed in a manner incompatible with those purposes. These purposes are expressly stated in this personal data protection policy.    

Data Minimization: Our data processing activities are adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed. 

Accuracy: The data we process about you is accurate and, where necessary, kept up to date; we take all reasonable steps to ensure that any personal data of yours that is inaccurate, having regard to the purposes for which they are processed, is erased or rectified without delay, provided that such information is within our reach. The veracity of the personal data provided is the exclusive responsibility of the data subject.    

Integrity and confidentiality: We define processes to protect the personal data collected from loss, misuse, unauthorized access, disclosure, alteration, and destruction. Please note that, despite our efforts, no data security measure can guarantee absolute security. 

 

4.1. WHAT ARE THE RIGHTS OF THE DATA SUBJECTS? 

  • Access free of charge to the data provided. 
  • Know, update, and rectify your information in case of partial, inaccurate, incomplete, fragmented data, data that induces error, or data whose processing is prohibited or has not been authorized. 
  • Request proof of the authorization granted. 
  • File complaints with the Superintendence of Industry and Commerce (hereinafter ‘’SIC’’) for violations of the provisions of current regulations. 
  • Revoke the authorization and request the deletion of the data, provided that there is no legal or contractual obligation that prevents its deletion. 
  • Refrain from granting authorization for the processing of sensitive data or the data of children and adolescents. 
  • Be informed by the data controller or the data processor, upon request, regarding the use that has been given to your personal data. 

 

4.2. WHAT TYPE OF DATA DO WE PROCESS? 

We may collect Personal Data about you directly or automatically through the use of our website and/or from third-party sources (which we may combine with other information we have collected about you). These third-party sources may include, but are not limited to, service providers, marketing partners, advertising networks, data analytics providers, public and third-party databases, social media platforms, operating system and platform providers, government entities, business clients, payment processors, and healthcare providers. 

If you are one of our clients, potential clients, website users, suppliers, employees, candidates, or shareholders, we may collect and process the following Personal Data, if necessary and in compliance with applicable regulations: 

Data related to your personal information: 

  • Name 
  • Age 
  • Occupation 
  • Date and place of birth 
  • Type and Identification Number 
  • Gender 
  • Marital status, citizenship, country and city of residence 
  • Contact information 
  • Data necessary to develop the scope of the relationship 
  • Data for affiliation to compensation funds or entities 
  • Geolocation data: device information to determine latitude and longitude 
  • Physical or financial address 

Data related to your work references, performance, and benefits 

  • Depending on your job application, we may process sensitive data, such as your criminal record or health status. 
  • We process Personal Data related to your profession, occupation, references, and background checks. 

 

4.3. SENSITIVE DATA 

Tabi will process Sensitive Data when: 

  • It has explicit authorization for its processing, for the purposes for which it was authorized, except in cases where Law 1581 of 2012 establishes that authorization is not required. 
  • The processing is necessary to safeguard the vital interest of the data subject, and the data subject is physically or legally unable to grant authorization.    
  • The processing refers to data necessary for the recognition, exercise, or defense of a right in a judicial process. 
  • The processing has a historical, statistical, or scientific purpose, adopting the necessary measures for the suppression of the Data Subject’s identity.    
  • In no case will the authorization for the processing of sensitive data be mandatory. 
  • Authorizations and questions regarding sensitive data or the data of children and adolescents will be optional. 

Tabi may process the following Sensitive Data: 

  • Biometric data: image (videos or photographs). 
  • Health Data: Information regarding the health status of the data subject, for labor, safety, and welfare purposes within Tabi Abogados, or when necessary for the exercise or defense of a right in a judicial process. 
  • Data related to political, religious, or philosophical convictions: Only when strictly necessary for the development of a legal matter in which advice or legal representation is provided, and always with the express authorization of the data subject. 
  • Data on ethnic or racial origin: in cases where necessary for the defense of rights before judicial or administrative authorities, or for the provision of specialized legal services that require the inclusion of this information. 
  • Data on sex life or sexual orientation: Only when essential for the attention of specific legal cases, always respecting confidentiality and with the express authorization of the data subject. 

In any case, the processing of sensitive data will be carried out in accordance with current regulations on personal data protection, guaranteeing the adoption of adequate security measures to protect the privacy and integrity of the data. 

 

The processing and the purpose for which sensitive data will be processed are: 

  • To guarantee security in Tabi’s facilities. 
  • This processing would be for the same purposes expressed below, safeguarding the rights and interests of the data subject. 
  • For compliance with legal obligations. 
  • For the management of labor relations. 
  • For the development of welfare and occupational health programs. 

 

4.4. HOW DO WE USE YOUR DATA? 

It will be understood that the personal data to be processed will depend on whether you are a client, potential client, employee, candidate, supplier, or contractor. 

4.4.1 PURPOSES FOR ALL DATA SUBJECTS 

  • For all fiscal, commercial, contractual, negotiation, corporate matters, and any other type of Tabi obligation. 
  • Issue contractual certifications requested by contractors, suppliers, etc. 
  • Carry out the appropriate actions to develop the corporate purpose of the company. 
  • Manage procedures: requests, complaints, claims. 
  • Carry out the appropriate actions to develop and comply with the scope of the proposal or contract. 
  • Contact the Data Subject by any means. 
  • Provide information to third parties with whom Tabi has a contractual relationship and that is necessary for the execution of the contractual relationship with the supplier, contractor, or client. 
  • For the collection of invoices, securities, and, in general, outstanding balances. 
  • To consult or manage any matter related to the social security system and tax and accounting issues. 
  • To consult judicial, administrative, and financial records and perform due diligence. 
  • Consult the commercial, business, accounting, and financial activity of the Data Subject, provided that such information is not protected by confidentiality clauses or trade or industrial secrets. 
  • Transfer or transmit the information when necessary to comply with any of the purposes set forth in this policy. 
  • Establish communication channels with all data subjects and send institutional and commercial information. 
  • Execute advertising activities related to Tabi’s corporate purpose. 
  • Comply with all legal or contractual obligations related to the development of Tabi’s own activities. 
  • Store information in files when there is a legal duty to maintain the information after the execution of the activities or relationships that give rise to that data processing. 
  • Adopt control and security measures regarding the processing. 
  • Verify, consult, and report information related to the credit behavior of the data subjects, public or private entities, and anyone who administers or manages databases related to compliance with financial, commercial, credit, and service obligations. 
  • Verify and consult information related to the data subjects in private or public lists and databases, related to judicial records, disqualifications, incompatibilities, LA/FT/PADM/C/ST. 

 

4.4.2. PURPOSES FOR EMPLOYEES, CANDIDATES, CONTRACTORS, AND FORMER EMPLOYEES 

  • Execute selection, promotion, labor welfare, payroll, performance evaluations, skills assessments, induction, training, education, occupational safety and health processes, and all those related to the work environment. 
  • Execute tasks of investigation, analysis, and reporting of incidents and situations presented within Tabi’s facilities. 
  • Know the family environment of each employee, guaranteeing and respecting the labor rights that may arise from the composition of said environment for purposes solely aimed at labor welfare. 
  • Access, consult, and obtain medical records and their annexes for the recovery of disability payments and follow-up on recommendations, restrictions, and eventual qualifications of loss of working capacity. 
  • Execute training and development programs. 
  • Control access to Tabi’s facilities. 
  • Collect, store, consult, circulate, transmit, verify, use, reproduce, disclose, communicate, adapt, extract, and defer the image of the data subjects, in order to carry out institutional, marketing, and advertising publications related to the corporate purpose of Tabi Abogados, to be disclosed on Tabi’s website and social networks. 

 

4.4.3. PURPOSES FOR CLIENTS AND POTENTIAL CLIENTS 

  • Monitor compliance with obligations by clients. 
  • Analyze the establishment and/or maintenance of contractual relationships. 
  • Create and manage user accounts. 
  • Fulfill and manage orders. 
  • Deliver products or services. 
  • Improve products and services. 
  • Send administrative information. 
  • Send marketing and promotional communications. 
  • Send product and service updates. 
  • Respond to inquiries and offer support. 
  • Request user feedback. 
  • Improve user experience.    
  • Publish customer testimonials. 
  • Deliver targeted advertising. 
  • Enforce terms and conditions and policies. 
  • Protect against abuse and malicious users. 
  • Respond to legal requests and prevent harm. 
  • Execute and operate the website and services. 
  • Evaluate the risks arising from current contractual relationships. 

 

4.4.4. PURPOSES FOR SUPPLIERS AND POTENTIAL SUPPLIERS 

  • Monitor compliance with obligations by suppliers. 
  • Evaluate the quality of services and products received. 
  • Analyze the establishment and/or maintenance of contractual relationships. 
  • Evaluate the risks arising from current contractual relationships. 

 

4.4.5. PURPOSES FOR SHAREHOLDERS 

  • Make any annotation or operation related to you as a shareholder. 
  • Process claims and provide services for shareholders. 
  • Comply with any of the obligations we have with our shareholders. 
  • Inform you about any relevant situation regarding our products and services. 
  • Detect, prevent, and mitigate any activity that may be considered illegal or harmful. 
  • Advertising, marketing, and profiling activities, as secondary activities, as described in the section on clients of the Policy. 

 

4.5. DATA OF MINORS 

Tabi Abogados, as a general rule, will refrain from handling data whose owner is a minor, as dictated by Article 7 of Law 1581 of 2012. Exceptionally, Tabi will need to carry out processing activities on personal data of minors, so in cases where this occurs, Tabi Abogados will subject the data processing to the following rules: 

  • Respect for the best interests of children and adolescents, minor data subjects. 
  • Respect for the fundamental rights of children and adolescents, minor data subjects. 
  • Obtain authorization issued by the legal representative of the child or adolescent, minor data subject, when required, taking into account the provisions of Article 12 of Decree 1377 of 2013, which states “prior exercise by the minor of their right to be heard, an opinion that will be valued taking into account the maturity, autonomy and capacity to understand the matter.”    

 

5. SECURITY MEASURES 

The Company implements technical, administrative, and organizational measures to guarantee the security of personal data, preventing its loss, unauthorized use, alteration, disclosure, or undue access. 

Some of the security measures are: 

  • Definition and dissemination of this Personal Data Protection Policy. 
  • Assignment of a Data Protection Officer to ensure the correct implementation of the policy. 
  • Implementation of confidentiality and personal data processing clauses in contracts with employees, suppliers, and third parties who access the information. 
  • Internal procedures. 
  • Use of computer security systems, such as firewalls, antivirus, and intrusion detection tools, to prevent unauthorized access. 
  • Restriction of access to systems containing personal data, through secure credentials and user authentication. 
  • Periodic backups of information, with controls to prevent unauthorized access. 
  • Control of external storage devices (USB, hard drives, etc.) to prevent information leaks. 
  • Access control to facilities where confidential information is stored, through identification of authorized personnel and surveillance. 
  • Restriction of data transfer to countries that do not have an adequate level of protection, unless expressly authorized by the data subject or in compliance with applicable regulations. 
  • Analysis of incidents to continuously improve security controls. 

 

These measures will be reviewed and updated periodically to ensure their effectiveness and compliance with current regulations. 

6. CONTACT CHANNELS AND PROCEDURE FOR EXERCISING YOUR LEGAL RIGHTS 

In case of any request or complaint regarding this Policy, you can contact: 

  • Email: sales@tabiconnect.com 

You, as the Data Subject or your legal representative, have the right to request Tabi for information related to how we process your Personal Data, the purpose of the processing, the transfers or transmissions and their recipients, the type of Personal Data we collect, among others. 

You can also file claims or complaints about the processing of your Personal Data or related to your rights. 

This right should not affect the rights and freedoms of other interested parties, and you can exercise your rights using the aforementioned channels. 

All requests must contain the following information: 

  • Full name and surnames. 
  • Contact information (physical and email address or contact telephone numbers). 
  • Means to receive a response to your request. 
  • Reason(s)/fact(s) that give rise to the claim with a brief description of the right you wish to exercise (know, update, rectify, request proof of the authorization granted, revoke, delete, access information).    
  • Signature    
  • Identification number. 

 

 

6.1. CONSULTATIONS 

Data subjects, their attorneys-in-fact, or their successors in title may consult the personal information of the data subject contained in Tabi’s databases. 

Consultation requests will be forwarded to the designated personnel and will be received from Monday to Friday from 8:00 a.m. to 6:00 p.m. Requests received outside of these hours will be understood to have been filed on the next business day. 

The consultation will be answered within a maximum period of ten (10) business days from the date of receipt thereof. 

When it is not possible to respond to the consultation within said period, the interested party will be informed, indicating the reasons for the delay and the date on which the consultation will be addressed, which in no case may exceed five (5) business days following the expiration of the initial term.  

 

6.2. CLAIMS 

The Data Subject, their attorney-in-fact, or their successors in title who consider that the information contained in a database should be corrected, updated, or deleted, or when they notice the alleged breach of any of the duties contained in this policy or in the law, may file a complaint with Tabi.    

Claims will be forwarded to the designated personnel and will be received from Monday to Friday from 8:00 a.m. to 6:00 p.m. Requests received outside of these hours will be understood to have been filed on the next business day. 

The consultation will be addressed within a maximum period of fifteen (15) business days from the date of receipt thereof. 

When it is not possible to address the claim within said term, the interested party will be informed, indicating the reasons for the delay and the date on which the consultation will be addressed, which in no case may exceed eight (8) business days following the expiration of the first term.    

If the claim is incomplete, the interested party will be required to correct the deficiencies within five (5) business days following receipt of the claim. Two (2) months after the date of the request, if the applicant has not submitted the required information, it will be understood that the claim has been withdrawn.    

The request for the deletion of information or the revocation of authorization will not proceed when the data subject has a legal or contractual duty to remain in the database, unless it involves sensitive data.    

If within the period or extension indicated in the preceding paragraphs, a prompt resolution has not been given, it will be understood, for all legal purposes, that the respective request has been accepted. 

 

6.3. REVOCATION 

You may revoke the authorization that, where applicable, you have granted us for the processing of your Personal Data. However, it is important to note that in all cases we may not be able to comply with your request or cease use immediately, as it is possible that, due to a legal or contractual obligation, we must continue processing your Personal Data in compliance with applicable law.    

Likewise, you should consider that, for certain purposes, the revocation of your authorization will imply the termination of your relationship with us. 

In any case, the process for the revocation of authorization will be carried out in accordance with the provisions of applicable law. 

 

 

7. SUPPLY OF INFORMATION 

The requested information may be provided by any means, including electronic means, as required by the data subject. The information will be easily readable, without technical barriers that impede access, and must correspond to that contained in the Database.    

Information about Personal Data may be provided to the following persons: 

  • The data subject, the duly authorized attorney-in-fact, their duly identified successors in title, or their legal representatives; 
  • Public or administrative entities in the exercise of their legal functions or by judicial order; 
  • Third parties authorized by the data subject or by law. 

 

8. OBLIGATIONS OF TABI TECH INC 

Tabi Tech Inc, in line with the provisions of Articles 17 and 18 of Law 1581 of 2012, and by virtue of its status as “responsible for the processing of personal information,” adopts the following commitments with the data subjects: 

  • Guarantee the data subject, at all times, the full and effective exercise of the right of habeas data. 
  • Request the authorization granted by the Data Subject. 
  • Duly inform the Data Subject about the purpose of the collection and the rights they have by virtue of the authorization granted.    
  • Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, use, or unauthorized or fraudulent access. 
  • Ensure that the information provided to the data processor is truthful, complete, accurate, up-to-date, verifiable, and understandable.    
  • Update the information, promptly communicating to the data processor all changes regarding the data that has previously been provided and adopt the other necessary measures so that the information provided to it is kept up-to-date.    
  • Rectify the information when it is incorrect and communicate the relevant information to the Data Processor.    
  • Provide the Data Processor, as the case may be, only data whose processing is previously authorized in accordance with the provisions of this law.    
  • Demand that the data processor, at all times, respect the security and privacy conditions of the data subject’s information.    
  • Process the consultations and claims made in the terms indicated in this law. 
  • Adopt an internal manual of policies and procedures to guarantee the adequate compliance with this law and especially for the attention of consultations and claims. 
  • Inform the data processor when certain information is under discussion by the data subject, once the claim has been filed and the respective procedure has not been completed.    
  • Inform the data subject, upon request, about the use given to their data. 
  • Inform the data protection authority when security codes are violated and there are risks in the administration of the Data Subjects’ information.    
  • Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce. 

 

9. CHANGES TO THIS PERSONAL DATA PROTECTION POLICY 

This Personal Data Protection Policy may be modified to comply with applicable laws or to adapt to our current business practices. We will publish any changes on our website, and in the event of substantial modifications to the policy, in aspects such as the identity of the data controller and/or the means and purposes of the data processing required by applicable law, we will request the authorization of the data subject or endeavor to notify you in advance of such change by highlighting the modification on our website, in accordance with applicable law. We encourage you to revisit our website from time to time to check for updates. 

10. TEMPORAL LIMITATIONS 

Tabi may only collect, store, use, or circulate personal data for the time that is reasonable and necessary, in accordance with the purposes that justified the processing, and in accordance with the authorization granted.    

11. ENTRY INTO FORCE 

This policy governs from the date of its publication and will remain in force for as long as Tabi carries out the activities described in this policy and these correspond to the processing purposes that inspired this policy.