Our Policies

This personal data processing policy is prepared in accordance with the provisions of Law 1581 of 2012, regulated by Decree 1377 of 2013, and other complementary provisions, which will be applied by FRANCHESCA in relation to the processing of personal data.

​

A. PURPOSE
In this policy, FRANCHESCA establishes the necessary guidelines to protect the Personal Data of the Owners, as well as the purpose of collecting the information, establishes the criteria for the collection, storage, use and deletion of the data of the owners, their rights , the obligations of FRANCHESCA as the person in charge, the query and claim attention channels, the procedures for attending to these, and the validity of the databases.

​

B. DEFINITIONS:
● Authorization: prior, express and informed consent of the holder to carry out the processing of personal data.
● Database (BB.DD): organized set of personal data that is subject to treatment.
● Personal data: any information linked or that can be associated with one or several specific or determinable natural persons.
● Owner: natural person whose personal data is being processed.
● Person in charge of the treatment: natural or legal person, public or private, that by itself or in association with others, carries out the processing of personal data, on behalf of the person in charge of the treatment.
● Responsible for the treatment: natural or legal person, public or private, that by itself or in association with others, decides on the database and/or the treatment of the data.

​

C. PRINCIPLES:
● Principle of legality regarding data processing: the processing of personal data is a regulated activity that must be subject to the provisions of Law 1581 of 2012 and other provisions that develop it.
● Principle of security: the information subject to Treatment by the Person Responsible for Treatment or Person in Charge of Treatment referred to in Law 1581 of 2012, must be handled with the technical, human and administrative measures that are necessary to grant security to the records, avoiding its adulteration, loss, consultation, use or unauthorized or fraudulent access.
● Principle of purpose: the processing of personal data is due to a legitimate purpose in accordance with the Constitution and Law 1581 of 2012, which must be reported to the Owner.
● Principle of freedom: Treatment may only be exercised with the prior, express and informed consent of the Holder. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal or judicial mandate that relieves consent.
● Principle of veracity or quality: the information subject to treatment must be truthful, complete, exact, verifiable and understandable. The Processing of partial, incomplete, fragmented or misleading data is prohibited.
● Principle of transparency: in the Processing, the Holder's right to obtain from the Data Controller or the Data Processor, at any time and without restrictions, information about the existence of data that concerns him or her must be guaranteed.
● Principle of restricted access and circulation: Treatment is subject to the limits derived from the nature of personal data, the provisions of this law and the Constitution. In this sense, the Treatment can only be done by persons authorized by the Owner and/or by the persons provided for in Law 1581 of 2012.
● Principle of confidentiality: all persons involved in the Processing of personal data that are not of a public nature are obliged to guarantee the confidentiality of the information, even after the end of their relationship with any of the tasks that the Processing comprises, being able to only carry out supply or communication of personal data when this corresponds to the development of the activities authorized in Law 1581 of 2012 and in the terms thereof.

​

D. RESPONSIBLE:
● Company name: FRANCHESCA JARAMILLO
● Address: Calle 18 # 106-98 office 303
● City: Cali- Valle
● Email: designfranchesca@gmail.com
● Telephone: (57) 3163556561
● Area in charge: customer service and sales

​

E. TREATMENT TO WHICH THE PERSONAL DATA/PURPOSES WILL BE SUBJECTED:
We use the personal information you provide to us for purposes including, but not limited to:
● We use your email address to help you create, manage and maintain an account on our Services, to communicate with you, to provide updates or information you request, to respond to comments and questions.
● We use your email address and phone number to send you security alerts, shipping notifications, and other administrative messages and to provide customer support.
● Fill requests for products, services or information.
● Track and confirm orders online.
● Deliver products
● Manage any loyalty or fidelization program
● Provide customer service, respond to requests, complaints or claims.
● Administer sweepstakes, promotions or surveys.
● Offer new products and services.
● Improve the effectiveness of our web portal, our marketing efforts and our services and offers.
● Conduct research and analysis for business purposes.
● Evaluate the quality of our products and carry out studies on consumption habits, preference, purchase interest, product testing, concept, service evaluation, satisfaction and others related to our products.
● Send marketing communications, offers or promotions.
● Control and prevent fraud in all its forms.
● To monitor and analyze trends, usage, and activities, and to improve our Services and product offerings;
● To facilitate transactions and payments;
● To record purchases you have made through our Services.
● Eventually queries may be made in external databases to guarantee the reliability and conformity of the information provided by the client.
● Control and prevent fraud in all its forms.
If you provide us with information about other people, or if other people give us information about you, we will only use that information for the specific reason for which it was provided. Some examples include providing a shipping address for advertising, purchases shipped to a different address than the buyer as a gift, gift registry.

​

F. WHAT INFORMATION DO WE COLLECT?
to. INFORMATION PROVIDED BY THE USER:
● registration and profile information: When you create an account or place an order, we ask for your first name, last name, email address, phone number, identification number, payment information, shipping and billing address, neighborhood, city and department where you reside, demographic information may eventually be requested.
● Payment information: When you make a purchase, depending on the payment option chosen, we may use a third-party service provider that handles payments for us so we only receive your payment approval or rejection information. Payments made through the site will be processed by our online payment agent MercadoPago. your information should only be provided on our site. Such information must be accurate and truthful and must be kept up to date. If there is any change in your data, you must update it through the "My Account" page on our website.
Our e-commerce platform VTEX and our payment partner MercadoPago have PCI DSS certification for the secure handling of credit card information.
● COMMUNICATIONS: If you contact us directly, we may receive additional information about you. For example, when you contact our customer care team, we will receive your name, email address, phone number, the content of a message or attachments you may send us, and other information you may provide. We may also record your calls with our Customer Service team to handle your inquiry and for training, research and product development purposes.
b. INFORMATION WE COLLECT WHEN YOU USE OUR SITE:
● Location Information: When you use our Services, we receive your precise location information. We also infer your more general location information (for example, your IP address may indicate your more general geographic region).
● Device Information: We receive information about the device and software you use to access our Services, including Internet Protocol (IP) address, web browser type, operating system version, carrier, and phone number. manufacturer, app installs, device identifiers, mobile advertising identifiers, and push notification tokens.
● usage information: To help us understand how you use our services and help us improve them, we automatically receive information about your interactions with our Services, such as the pages or other content you view, the searches you perform, the purchases you make, and the dates and times hours. of your visits.
● User Comments: We receive information about ratings and comments that you post when you use our Services.
c. INFORMATION WE RECEIVE FROM THIRD PARTIES:
● Information from Third Party Services: If you choose to link our Services to a third party account, we may receive information about you, including your profile information, and your use of the third party account. If you want to limit the information available to us, you should visit the privacy settings of your third-party accounts to learn about your options, for example, to log in to our site, you can choose whether to do so with your google or facebook account.

​

G. PROCESSING OF SENSITIVE PERSONAL DATA
According to Law 1581 of 2012, sensitive personal data is “those that affect the privacy of the Holder or whose improper use may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership in trade unions, social or human rights organizations or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties as well as data related to health, sexual life and biometric data.” Within them, the data of minors are also recognized.

FRANCHESCA must process data of this nature, in the development of relations with its employees and/or candidates in selection processes, especially those related to health, and eventually data of a biometric nature in the implementation of security measures in control systems of access to its facilities or to some physical spaces, in any case special security measures will be adopted in the processing of said data, and in any case when authorization is to be requested for the processing of sensitive data, the owner will be notified of the purposes for which which will be treated and they will be informed that they have the right to refrain from answering questions about sensitive data or data of children and adolescents.

​

H. PROCESSING OF THE DATA OF MINORS
FRANCHESCA tries in the development of its economic activity not to collect information from minors, if you are under 18 years of age, your data may only enter our databases with the express consent of the legal representative of the minor.

Notwithstanding the foregoing and in the event that data is provided to us by minors, said data will be subject to the rules indicated below.
Special requirements for the processing of personal data of children and adolescents.
The Treatment of personal data of children and adolescents is prohibited, except in the case of data of a public nature, in accordance with the provisions of article 7 of Law 1581 of 2012 and when said Treatment complies with the following parameters and requirements:

1. That responds and respects the best interests of children and adolescents.

2. To ensure respect for their fundamental rights.
   Once the above requirements have been fulfilled, the legal representative of the child or adolescent will grant authorization prior to the minor exercising their right to be heard, an opinion that will be valued taking into account the maturity, autonomy and ability to understand the matter.
   According to the Colombian Constitutional Court, the personal data of minors under 18 years of age can be processed, as long as the prevalence of their fundamental rights is not put at risk and it unequivocally responds to the realization of the principle of their best interests, without prejudice compliance with the foregoing, the collection and any use of the data of minors that are registered in the FRANCHESCA databases or that are requested require the express authorization of the legal representative of the child or adolescent, these representatives to whom FRANCHESCA will facilitate the possibility that they may exercise the rights of access, cancellation, rectification and opposition of the data of their guardians.
   Every person in charge and in charge involved in the treatment of the personal data of children and adolescents must ensure their proper use. For this purpose, the principles and obligations established in Law 1581 of 2012 and in the regulatory decree must be applied.
   The family and society must ensure that those responsible and in charge of processing the personal data of minors comply with the obligations established in Law 1581 of 2012 and in the regulatory decree.
   By virtue of the foregoing, FRANCHESCA will only process data of minors, prior to respecting the principles already indicated in the collection of the authorization and as long as the best interests of minors are respected in their treatment.

I. AUTHORIZATION
For the treatment of personal data by FRANCHESCA, the prior, informed and express authorization of the Holder is required, which will be obtained by any verbal means (leaving its record), written, physical or electronic that may be subject to subsequent consultation; without prejudice to the exceptions provided by law, it being understood in any case that this authorization is given when registering at our offices, points of sale and/or on the website and accepting the collection and processing of data. FRANCHESCA will keep proof of such authorizations in an appropriate manner, respecting the principles of confidentiality and privacy of information.
Any changes to these policies or the way in which you use your Personal Information will be announced and published by means of a notice prior to the application of the new conditions, and all modified terms will automatically take effect five (5) days after the appearance of a notice on our website.

​

J. CASES IN WHICH AGUA BENDITA SAS DOES NOT REQUIRE AUTHORIZATION FOR THE PROCESSING OF THE DATA, OR FOR THE DELIVERY OF THE DATA THAT IT HAS IN ITS POSSESSION

• When the information is requested from FRANCHESCA by a public or administrative entity that is acting in the exercise of its legal functions or by court order.

• In the case of data of a public nature because they are not protected by the scope of application of the standard.

• Duly verified medical or health emergency events.

• In those events where the information is authorized by law to comply with historical, statistical and scientific purposes.

• In the case of data related to the civil registry of people or that rests in public records because this information is not considered as data of a private nature.

​

K. DATA SECURITY: We use certain organizational, physical and technical security measures that are designed to ensure the integrity and security of the personal information we process. We take steps to ensure that your personal information is treated securely and in accordance with this Privacy Policy. Unfortunately, the Internet cannot be guaranteed to be 100% secure and we cannot guarantee the security of the information you provide us, we will do everything possible and in our power so that the information you provide us is under our control, avoiding its alteration, loss, consultation, use or unauthorized or fraudulent access.

​

L. VALIDITY OF THE POLICY: This Policy becomes effective on February 5, 2016.
The personal data provided will be kept as long as its deletion is not requested by the interested party (unless it is requested and there is a legal duty to keep it). The FRANCHESCA databases will have an indefinite period of validity since their treatment will be necessary while FRANCHESCA exists and the development of its corporate purpose, in any case this term will not be less than (50) years. This version of this policy is effective as of the date of its publication, which completely replaces any previous data processing provision or policy, and will be in force indefinitely and for as long as FRANCHESCA carries out the activities described in the in it and the same correspond to the treatment purposes that inspired this policy.
Any modification to this policy will be published in the same way as the initial policy.

​

M. RIGHTS OF THE HOLDERS: The Holders of personal data have the following rights:
d. Know, update and rectify your personal data in front of those responsible or in charge of the treatment, in the case of FRANCHESCA. This right may be exercised, among others, against partial, inaccurate, incomplete, fragmented, misleading data, or those whose treatment is expressly prohibited or has not been authorized.
and. Request proof of authorization granted to the person responsible for treatment, except when expressly excepted as a requirement for treatment, in accordance with the provisions of article 10 of Law 1581 of 2012.
F. Be informed by the person responsible or in charge of the treatment, upon request, regarding the use that has been given to your personal data.
g. Submit complaints to the Superintendency of Industry and Commerce for violations of the provisions of this Policy and the regulations that regulate it.
h. Revoke the authorization voluntarily and/or request the deletion of the data when the principles, rights and constitutional and legal guarantees are not respected in the treatment. The revocation and/or deletion will proceed when the Superintendence of Industry and Commerce has determined that in the treatment the person in charge or in charge has incurred in conduct contrary to the Constitution and the Law.
i. Free access to your personal data that has been processed.

N. PROCEDURE FOR THE EXERCISE OF THE RIGHT BY THE HOLDERS: The holders of personal data should direct their queries, requests or claims to the email: designfranchesca@gmail.com
J. Queries: FRANCHESCA., must attend to queries within a term of ten (10) business days from the date it was received. When it is not possible to comply with this time, the interested party must be informed, stating the reasons for the delay and the date on which the query will be answered within a term not exceeding five (5) days.
k. Claims: The owner or assignee who considers that the information contained in a database should be corrected, updated or deleted, or when they notice the alleged breach of any of the duties contained in the law or in this policy, may present a claim to FRANCHESCA, which will be processed under the following rules:
● The claim will be formulated by means of a request addressed to the person in charge or in charge of the treatment, to the email designfranchesca@gmail.com with the identification of the owner, the description of the facts that give rise to the claim, the address, and accompanying the documents that you want enforce.
● If the claim is incomplete, FRANCHESCA will require the interested party within five (5) days after receiving it to correct the faults.
● After two (2) months from the date of the request, without the applicant submitting the required information, it will be understood that the claim has been withdrawn.
● The maximum term to address the claim will be fifteen (15) business days from the day following the date of receipt. When it is not possible to address the claim within said term, the interested party will be informed of the reasons for the delay and the date on which his claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the first finished.
● The owner or successor in title may file a complaint with the Superintendence of Industry and Commerce, once they have exhausted the process of consultation or claim before the person in charge or in charge of the treatment without having received a satisfactory response to their request.
l. Revocation of the authorization and/or deletion of the data: The owners may at any time request FRANCHESCA., the deletion of their personal data and/or revoke the authorization granted for the treatment of the same, by presenting a claim, of in accordance with the provisions of article 15 of Law 1581 of 2012, Decree 1377 of 2013 and the procedure indicated in this policy. Said revocation may be requested by the owner or successor in title to the email designfranchesca@gmail.com In the case of emails related to marketing information of the brands that AFRANCHESCA distributes, you may also request the revocation through a link that appears at the end of each mail. If the respective legal term has expired, FRANCHESCA has not deleted the personal data, the owner shall have the right to request the Superintendence of Industry and Commerce to order the revocation of the authorization and/or the deletion of the personal data. However the foregoing, personal data must be kept when required to comply with a legal or contractual obligation.

LEGITIMATED TO FURTHER CLAIMS AND INQUIRIES AND TO WHOM INFORMATION ON THE HOLDERS MAY BE PROVIDED:
To the holders of the data, their heirs or representatives at any time and through any means when they so request FRANCHESCA.
To the judicial or administrative entities in the exercise of functions that raise any requirement to the company so that the information is delivered.
To third parties that are authorized by law.
To third parties to whom the Owner of the data expressly authorizes to deliver the information and whose authorization is delivered to FRANCHESCA
CONTACT: To learn about FRANCHESCA's data protection policy, you can contact +57 3163556561, or via email: designfranchesca@gmail.com where you can make the respective request.