CASES WHERE AUTHORIZATION IS NOT REQUIRED:
The authorization of the Holder shall not be necessary in the case of:
7.1. Information required by the SFC in the exercise of its legal functions or by court order. 7.2. Data of a public nature. 7.3. Medical or health emergency cases. 7.4. Processing of information authorized by law for historical, statistical or scientific purposes. 7.5. Data related to the Civil Registry of Persons.
1 Main definitions
Authorization: Prior, express and informed consent of the Owner to carry out the Processing of personal data;
Database: Organized set of personal data that is processed;
Personal Data: Any information linked to or that may be associated with one or more natural persons determined or determinable;
Data Controller: Natural or legal person, public or private, who by herself or in partnership with others, performs the Processing of personal data on behalf of the Data Controller;
Data Controller: Natural or legal person, public or private, who by herself or in partnership with others, decides on the basis of data and / or the processing of the data;
Owner: Natural person whose personal data are processed;
Processing: Any operation or set of operations on personal data, such as collection, storage, use, circulation or deletion.
Privacy Notice: Verbal or written communication generated by the Controller, addressed to the Holder for the Processing of his/her personal data, through which he/she is informed about the existence of the information processing policies that will be applicable to him/her, the way to access them and the purposes of the Processing that is intended to be given to personal data.
Public fact: This is the data that is not semi-private, private or sensitive. Public data are considered, among others, data relating to the marital status of persons, their profession or profession and their status as a trader or public servant. By their nature, public data may be contained, among others, in public registers, public documents, gazettes and official gazettes and duly enforced court judgments that are not subject to reservation.
Sensitive data: Sensitive data means data that affect the privacy of the Holder or whose misuse may result in its discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical beliefs, membership of trade unions, social organizations, human rights organizations or that promotes the interests of any political party or that guarantee the rights and guarantees of opposition political parties , as well as data on health, sex life, and biometric data.
Transfer: The transfer of data takes place when the Data Controller and/or Data Processor, located in Colombia, sends the information or personal data to a recipient, who in turn is Data Controller and is located inside or outside the country.
Transmission: Processing of personal data involving the communication of the same within or outside the territory of the Republic of Colombia when it is intended to carry out a Processing by the Processor on behalf of the Responsible.
Information stored in the database: It is the classification of personal data stored in each database, grouped by categories and subcategories, according to the nature of the same.
Information security measures: Corresponds to the controls implemented by the Data Controller to ensure the security of the databases that you are registering, taking into account the questions prepared for the purpose in the GNI.
Origin of personal data: The origin of the data refers to whether they are collected from the owner of the information or provided by third parties and whether the authorization for the processing is available or if there is a cause of exoneration, in accordance with the provisions of Article 10 of Law 1581 of 2012.
International Transfer of Personal Data: Includes the identification of the recipient as Data Controller, the country in which it is located and whether the transaction is covered by a declaration of conformity issued by the Delegate for the protection of personal data of the SIC or by a cause of exception in the terms referred to in Article 26 of Law 1581 of 2012
International Transmission of Personal Data: Includes the identification of the recipient as processor, the country in which you are located, if you have a data transmission contract under the terms referred to in Article 2.2.2.25.5.2 of Section 5 of Chapter 25 of Single Decree 1074 of 2015 or if the transaction is referred to by a declaration of conformity issued by the Deegature for the protection of personal data of the SIC.
National transfer or transfer of the database: Information relating to the transfer or national transfer of data includes the identification of the assignee, who shall be deemed responsible for the processing of the database transferred from the time the transfer is perfected. It is not mandatory for the transferor to register the transfer of the database. However, the assignee, as the controller, must comply with the registration of the database that has been assigned to him.