Cerro de Monserrate

From Tuesday 5th to Friday 8th November, only cable car service will be provided •

Data protection

1. PURPOSE

In compliance with the provisions of Law 1581 of 2012, its Decree 1377 of 2013, Decree 1074 of 2015, Decree 1759 of 2016, and the Circular Letters issued by the Superintendence of Industry and Commerce, TELEFÉRICO A MONSERRATE S.A. adopts the Personal Data Processing Policy. This policy regulates the collection, storage, use, dissemination, and deletion of personal data and will be communicated to all Data Subjects whose data is collected or may be obtained in the future through the Company's activities.

This Policy aims to inform Personal Data Subjects of their rights, the procedures and mechanisms defined by TELEFÉRICO A MONSERRATE S.A. to enforce those rights, and to clarify the scope and purpose of the Processing to which Personal Data will be subjected, should the Data Subject grant their explicit, prior authorization.

2. SCOPE

This policy encompasses the administrative, operational, technical, organizational, and control aspects that must be adhered to by managers, employees, contractors, and third parties who work with or have a direct relationship with the Company.

3. REGULATORY FRAMEWORK OF THE POLICY

  • Law 1581 of 2012, which issued the General Regime for the Protection of Personal Data.
  • Circular 002 of November 3, 2015
  • Decree 1759 of 2016
  • Single Decree 1074 of 2015
  • Decree 886 of 2014
  • Decree 1377 of 2013
  • Law 1581 of October 17, 2012
  • Resolution 35315
  • Political Constitution, Article 15.
  • Law 1266 of 2008
  • Regulatory Decrees 1727 of 2009 and 2952 of 2010
  • Constitutional Court Judgments C - 1011 of 2008, and C - 748 of 2011
  • Constitutional Ruling C-748 of 2011, which declared the Draft Statutory Law on Personal Data Protection as constitutional

4. MAIN DEFINITIONS

  • Authorization: Prior, express, and informed consent of the Data Subject to carry out the Processing of personal data.

  • Database: Organized set of personal data that is subject to Processing.

  • Personal Data: Any information linked to or that can be associated with one or more identified or identifiable natural persons.

  • Data Processor: Natural or legal person, public or private, that by itself or in association with others, performs the Processing of personal data on behalf of the Data Controller.

  • Data Controller: Natural or legal person, public or private, that by itself or in association with others, decides on the database and/or the Processing of the data.

  • Data Subject: Natural person whose personal data is subject to Processing.

  • Processing: Any operation or set of operations on personal data, such as collection, storage, use, circulation, or deletion.

  • Privacy Notice: Verbal or written communication generated by the Controller, addressed to the Data Subject for the Processing of their personal data, by means of which they are informed about the existence of the Personal Data Processing policies that will be applicable to them, the way to access them, and the purposes of the Processing intended for the personal data.

  • Public Data: Data that is not semi-private, private, or sensitive. Public data include, among others, the data related to the marital status of individuals, their profession or trade, and their status as merchant or public servant. Due to their nature, public data may be contained, among others, in public records, public documents, official gazettes and bulletins, and duly executed court rulings that are not subject to confidentiality.

  • Sensitive Data: Sensitive data are understood as those that affect the privacy of the Data Subject or whose improper use may generate their discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership in trade unions, social organizations, human rights organizations, or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data relating to health, sex life, and biometric data.

  • Transfer: The transfer of data occurs when the Data Controller and/or Data Processor of personal data, located in Colombia, sends the information or personal data to a recipient who, in turn, acts as the Data Controller and is located either within or outside the country.

  • Transmission: Processing of personal data that involves the communication of such data within or outside the territory of the Republic of Colombia, intended for the Performance of Processing by the Data Processor on behalf of the Data Controller.

  • Information Stored in the Database: The classification of personal data stored in each database, organized by categories and subcategories based on their nature.

  • Information Security Measures: Refers to the controls implemented by the Data Controller to ensure the security of the databases being recorded, considering the guidelines established in the RNBD.

  • Origin of Personal Data: The origin of the data refers to whether it is collected from the Data Subject or provided by third parties, and whether there is authorization for processing or if there is a valid exemption, in accordance with the provisions of Article 10 of Law 1581 of 2012.

  • International Transfer of Personal Data: Includes the identification of the recipient as the Data Controller, the country in which they are located, and whether the operation is covered by a declaration of conformity issued by the Delegation for the Protection of Personal Data of the SIC or by an exemption as outlined in Article 26 of Law 1581 of 2012.

  • International Transmission of Personal Data: Includes the identification of the recipient as the Data Processor, the country in which they are located, whether there is a data transmission contract as specified in Article 2.2.2.25.5.2 of Section 5 of Chapter 25 of Single Decree 1074 of 2015, or if the operation is covered by a declaration of conformity issued by the Delegation for the Protection of Personal Data of the SIC.

  • Assignment or National Transfer of the Database: Information related to the assignment or national transfer of data includes the identification of the Transferee, who will be considered responsible for the processing of the assigned database from the moment the assignment is finalized. It is not mandatory for the Transferor to register the transfer of the database. However, the Transferee, as the Data Controller, must comply with the registration of the database that has been transferred to them.

5. PRINCIPLES

  • Principle of Legality in Data Processing: The Processing referred to in this law is a regulated activity that must adhere to the provisions established therein and in other implementing regulations.

  • Principle of Purpose: Processing must be conducted for a legitimate purpose in accordance with the Constitution and the Law, which must be communicated to the Data Subject.

  • Principle of Freedom: Processing may only be carried out with the prior, express, and informed consent of the Data Subject. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal or judicial mandate that overrides consent.

  • Principle of Truthfulness or Quality: Information subject to Processing must be truthful, complete, accurate, up-to-date, verifiable, and understandable. Processing of partial, incomplete, fragmented, or misleading data is prohibited.

  • Principle of Transparency: In Processing, the Data Subject's right to obtain from the Data Controller or the Data Processor, at any time and without restrictions, information about the existence of data concerning them must be guaranteed.

  • Principle of Restricted Access and Circulation: Processing is subject to the limits derived from the nature of personal data, the provisions of this law, and the Constitution. In this regard, Processing may only be conducted by persons authorized by the Data Subject and/or by those stipulated in this law; Personal data, except for public information, may not be available on the Internet or other means of mass dissemination or communication, unless access is technically controllable to provide restricted knowledge only to the Data Subject or authorized third parties in accordance with this law.

  • Principle of Security: Information subject to Processing by the Data Controller or Data Processor referred to in this law must be handled with the technical, human, and administrative measures necessary to ensure the security of records, preventing their adulteration, loss, consultation, unauthorized or fraudulent use or access.

  • Principle of Confidentiality: All persons involved in the Processing of Personal Data that are not of a public nature are obliged to guarantee the confidentiality of the information, even after the termination of their relationship with any of the tasks that comprise the Processing, and may only supply or communicate personal data when it corresponds to the development of activities authorized in this law and under its terms.

6. IDENTIFICATION OF DATA HANDLING: DATA CONTROLLER AND DATA PROCESSOR OF THE DATABASE. CUSTOMER SERVICE CONTACT.

NAME OR COMPANY NAME: TELEFÉRICO A MONSERRATE S.A
ADDRESS: CR 2 ESTE 21 48 PS Bolívar Estación Funicular Bogotá
DOMICILE: Bogotá
PHONE: 57(1) 2845700 Ext: 107
EMAIL: info@cerromonserrate.com

6.1 Processing to which the data will be subjected and its purpose when there has been a failure upon its delivery through Privacy Notice.

For the proper development of activities related to the management of labor and commercial contracts, as well as to strengthen relationships with third parties, we proceed to request, collect, store, use, circulate, and delete personal data. The personal data contained in the databases can be processed both automatically and manually. Manual databases refer to those files whose information is organized and physically stored, while automated databases are those that are managed and stored with the support of computer tools.

6.2 Purposes from the Capture, Use, and Processing of Personal Data

The personal data that TELEFÉRICO A MONSERRATE S.A. collects, stores, uses, circulates, and deletes will be used for any of the following purposes:

  • For the linking, performance of functions or provision of services, retirement, or termination, depending on the type of legal relationship established (including, among others, officials, former officials, judges, trainees, and applicants for positions).

  • The processing of the data will be carried out for purposes related to the development of the contractual management process of products or services that the Company requires for its operation in accordance with current regulations.

  • Registration of the Company's suppliers.

  • Registration of the Company's customers.

  • Sending emails and/or text messages informing the status of the product and service request process requested by TELEFÉRICO A MONSERRATE S.A.

  • Sending emails and/or text messages for marketing activities, statistics, research, and other commercial purposes that do not contravene current legislation in Colombia.

  • Handling judicial or administrative requirements.

  • Fulfillment of judicial or legal mandates.

6.3 Identification of the Data Controller Responsible for the Processing

6.3.1 Data Controller for the Processing of the Database. When the Data Controller of the Database is a legal person, it must indicate its name or corporate name and its tax identification number, as well as its location and contact information. When the Data Controller is a natural person, they shall register their identification, location, and contact information.

6.3.2 Data Processor of the Database. When the Data Processor(s) in charge of the Processing of the Database is/are a legal person, the Data Controller must indicate in the National Database Registration the complete name or corporate name and the tax identification number of such Data Processor(s), as well as their location and contact information. When the Data Processor(s) is/are a natural person, their identification, location, and contact information shall be registered.

7. SENSITIVE DATA

The Data Subject has the right to opt out of providing any Sensitive Data requested by TELEFÉRICO A MONSERRATE S.A related, among others, to data on their racial or ethnic origin, membership in trade unions, social or human rights organizations, political or religious convictions, sexual life, biometric data, or health data.

  • Data of Minors

    The provision of personal data of minors is optional and must be done with the authorization of the parents or legal representatives of the minor.

  • Data Subject's Authorization

    In order to achieve the aforementioned purposes, TELEFÉRICO A MONSERRATE S.A. requires free, prior, express, and duly informed authorization from the Data Subjects and has therefore provided appropriate mechanisms to ensure, in each case, the ability to verify the delivery of such authorization.

    Such authorization may be recorded in any medium, whether a physical or electronic document or in any format that guarantees subsequent consultation through technical and technological tools and public IT security developments on our website www.monserrate.co.

    Notwithstanding the exceptions provided by law, Processing requires the prior, express, and informed Authorization of the Data Subject, which must be obtained by any means that can be subject to subsequent consultation and verification.

  • Cases in which Authorization is not required:

    The Data Subject's Authorization shall not be required when it concerns:

    • Information required by a public or administrative entity in the exercise of its legal functions or by court order.

    • Data of a public nature.

    • Cases of medical or health emergency.

    • Processing of information authorized by law for historical, statistical, or scientific purposes.

    • Data related to the Civil Registration of Persons.

8. PROCESSING AND PURPOSES

The Personal Data processed by TELEFÉRICO A MONSERRATE S.A. shall only be subject to the purposes shown below. Likewise, the Data Processors or third parties that have access to Personal Data by virtue of law or contract shall keep the Processing within the following purposes:

To manage all the information necessary to comply with the labor, tax, commercial, corporate, and accounting registration obligations of TELEFÉRICO A MONSERRATE S.A.

To comply with the internal processes of TELEFÉRICO A MONSERRATE S.A. regarding the administration of suppliers, contractors, and workers.

To comply with the service contracts entered among different clients. (Private, public, multilateral organizations among others).

To provide services in accordance with the needs of customers, in order to fulfill the service contracts entered into.

The execution and fulfillment of the contracts entered into.

Other purposes determined by the Data Controllers in processes of obtaining Personal Data for Processing and that are communicated to the Data Subjects at the time of collecting the personal data.

The process of filing, updating systems, protecting, and safeguarding the information and databases of the Company.

Processes within the Company, for development or operational purposes and/or systems administration.

The transmission of data to third parties with whom contracts have been entered into for this purpose, for commercial, administrative, and/or operational purposes, including, but not limited to, the issuance of ID cards, personalized certificates, and certifications to third parties, in accordance with current legal provisions.

To maintain and process by computer or other means, any type of information related to the client's business in order to provide the relevant services and products.

The other purposes are determined by the Data Controllers in the processes of obtaining Personal Data for Processing, in order to comply with legal and regulatory obligations, as well as with the Company's policies.

8.1 Rights of the Data Subject of Personal Data

In accordance with the Law, Data Subjects have the following rights:

  1. To know, update, and rectify their Personal Data with the Company or the Data Processors thereof. This right may be exercised, among others, against partial, inaccurate, incomplete, fragmented, misleading data, or data whose Processing is expressly prohibited or has not been authorized.

  2. To request proof of the Authorization granted to the Company, unless the Law indicates that such Authorization is not necessary.

  3. To submit requests to the Company or the Data Processor regarding the use that has been made of their Personal Data, and to have such information provided to them.

  4. To file complaints with the Superintendence of Industry and Commerce for violations of the Law.

  5. To revoke their Authorization and/or request the deletion of their Personal Data from the Company's databases when the Superintendence of Industry and Commerce has determined by definitive administrative act that in the Processing the Company or the Data Processor has engaged in conduct contrary to the Law or when there is no legal or contractual obligation to maintain the Personal Data in the Data Controller's database.

  6. To request access and obtain free access to their Personal Data that has been subject to Processing in accordance with Article 21 of Decree 1377 of 2013.

  7. To be informed of any modifications to the terms of this Policy prior to and efficiently with the implementation of new modifications or, failing that, of the latest information Processing policy.

  8. To have easy access to the text of this Policy and its modifications.

  9. To access the Personal Data easily and straightforwardly under the control of the Company in order to effectively exercise the rights granted to Data Subjects by the Law.

  10. To know the department or authorized person within the Company to whom they may submit complaints, inquiries, claims, and any other requests regarding their Personal Data.

Data Subjects may exercise their legal rights and carry out the procedures established in this Policy by presenting their citizenship card or original identification document. Minors may exercise their rights personally or through their parents or legal guardians, who must demonstrate such authority through relevant documentation. Likewise, the rights of the Data Subject may be exercised by assignees who can prove such capacity, the representative and/or attorney-in-fact of the Data Subject with the corresponding accreditation, and those who have made a stipulation in favor of another or for another.

9. ATTENTION TO INQUIRIES, COMPLAINTS AND/OR CLAIMS

Person in Charge of Personal Data Protection

The person in charge of Customer Service as the Responsible Party for receiving and addressing requests, complaints, claims, and inquires of all kinds related to Personal Data. The person in charge of Customer Service shall handle inquiries and claims regarding Personal Data in accordance with the Law and this Policy.

  1. Receive requests from the Data Subject, process and respond to those that are based on the Law or these Policies, such as: requests to update Personal Data; requests to access Personal Data; requests to delete Personal Data when the Data Subject submits a copy of the decision of the Superintendence of Industry and Commerce (SIC) in accordance with the provisions of the Law; requests for information on the use given to their Personal Data; requests to update Personal Data; requests for proof of the Authorization granted, when it has been granted in accordance with the Law.

  2. Respond to Data Subjects regarding those requests that do not comply with the Law.

10. PROCEDURES TO EXERCISE THE RIGHTS OF THE DATA SUBJECTS OF PERSONAL DATA

10.1 Inquiries

Data Subjects or their successors in title may inquire about the personal information of the Data Subject contained in any Database, whether in the public or private sector. The Data Controller or Data Processor shall provide them with all the information contained in the individual Registration or linked to the Data Subject's identification.

The inquiry shall be made through the means provided by the Data Controller or Data Processor if proof of such consultation can be maintained.

The inquiry will be answered within a maximum term of ten (10) working days from the date of receipt thereof. When it is not possible to respond to the consultation within such term, the interested party will be informed, stating the reasons for the delay and indicating the date on which the consultation will be answered, which in any case may exceed five (5) business days following the expiration of the initial term.

PARAGRAPH. The provisions contained in special laws or regulations issued by the National Government may establish shorter terms, depending on the nature of the Personal Data.

These mechanisms may be physical, such as a window procedure, electronic through the email info@cerromonserrate.com or by telephone at the service line 57(1) 7470189 - 2845700 Ext: 107 responsible for receiving requests, complaints, and claims over the phone.

Regardless of the means, proof of the inquiry and its response will be kept.

10.2 Claims

The Data Subject or their assignees who believe that the information contained in a Database should be corrected, updated, or deleted, or when they notice an alleged breach of any of the duties contained in this law, may file a claim with the Data Controller or Data Processor, which will be processed under the following rules:

  • The claim shall be submitted through a request addressed to the Data Controller or the Data Processor, including the identification of the Data Subject, the description of the facts giving rise to the claim, the address, and accompanied by the documents to be asserted. If the claim is incomplete, the interested party will be required within five (5) days following the receipt of the claim to rectify the deficiencies. After two (2) months from the date of the requirement, without the applicant providing the required information, it will be understood that the claim has been discarded.
    If the person receiving the claim is not competent to resolve it, they will transfer it to the appropriate party within a maximum term of two (2) business days and inform the interested party of the situation.

  • Once the complete claim is received, a notation stating “claim in process” and the reason for the claim will be included in the Database within a term not exceeding two (2) business days. This notation shall be maintained until the claim is decided. The maximum term to address the claim shall be fifteen (15) business days from the day following the date of receipt. If it is not possible to address the claim within such term, the interested party shall be informed of the reasons for the delay and the date on which the claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the initial term.

These mechanisms may be physical, such as attending in window hours, electronic through the Customer Service email info@monserrate.co or by telephone at the service line (+57-1) 7470189- 2845700 , responsible for receiving requests, complaints, and claims over the phone.

The claim must be submitted by the Data Subject, their assignees, representatives, or accredited individuals in accordance with Law 1581 and Decree 1377, as follows:

  • It must be addressed to TELEFÉRICO A MONSERRATE S.A electronically to the email address info@monserrate.co; physically to the address CR 2 ESTE 21 48 Ps Bolívar Funicular Station Bogotá; or telephonically on the service line 57(1) 2845700- 7470189.

  • It must include the Data Subject's name and identification document.

  • A description of the facts that give rise to the claim and the objective pursued (update, correction, or deletion, or fulfillment of duties).

  • It must indicate the address and contact and identification data of the claimant.

  • It must be accompanied by all the documentation that the claimant wishes to assert.

Security measures and/or controls implemented in the Database to minimize the risks of inappropriate use of the personal data processed.

11. EFFECTIVENESS

This Policy is effective as of October 1, 2024. Personal Data that is stored, used, or transmitted will remain in our Database based on the criteria of temporality and necessity, for as long as necessary for the purposes mentioned in this Policy, for which they were collected.

12. PRIVACY NOTICE – (HABEAS DATA)

In compliance with Statutory Law 1581 of 2012, which establishes the General Regime for the Protection of Data, and Regulatory Decree 1377 of 2013, TELEFÉRICO A MONSERRATE S.A. is responsible and is in charge of the Processing (collection, storage, use, circulation, or deletion) of personal data included in its Databases and files for the development of its mission as an entity aimed to the promotion of exports, tourism, foreign investment, and the country brand. Data Subjects have the right to know, update, rectify, or delete the information collected in the Databases or files, in the terms established by current regulations and the Company's Internal Information Processing Policies. These may be accessed at any time on the website: https://monserrate.co/. The purposes of the Processing of Personal Data currently held by TELEFÉRICO A MONSERRATE S.A. are as follows: 1) In the development of the Entity's own activities. 2) To make commercial contacts with companies that require our services in Colombia.

We appreciate that you contact us in case you need to clarify, update, correct, or delete any of your personal data, provided that it is appropriate with the applicable legislation. For this purpose, the established communication channels are the telephone line in Bogotá (+60-1) 7470189 - 2845700, and/or the email info@monserrate.co.

HÉCTOR MAURICIO ACUÑA VÁSQUEZ
General Manager

Secure your place at the top. Get your tickets here!

Get your ticket