No products added!
POLICY FOR THE PROCESSING OF PERSONAL DATA
EMISION CREATIVA S.A.S. (hereinafter “Aura Intima”, the “Company” or “We”) is dedicated to the manufacturing, creation, innovation, development, implementation, integration, distribution, marketing, import and export of erotic items, such as toys, underwear and outerwear, cosmetics and accessories, aphrodisiac products, decoration items, intimate health items and all those that may have a direct or indirect relationship with eroticism and sensuality, identified with NIT. 9018906116, with main address in Bogotá (hereinafter the Company), recognizes the importance of the security, privacy and confidentiality of the personal data of its employees, clients, suppliers and in general, of all its stakeholders regarding which it processes personal information. For this purpose, it has created this policy for the processing of personal data (hereinafter the “Processing Policy”) which will regulate the information and data that is collected, stored and / or managed by the Company.
TITLE I: DEFINITIONS
The concepts presented below are derived from the provisions of Law 1581 of 2012 and Article 15 of the Colombian Political Constitution. In the event that the law is amended or replaced in these respects, its meaning will be that indicated in the current legal regulations:
Personal Data Protection Area/Privacy Officer: The person responsible within the Company for monitoring, controlling, and promoting the application of the Personal Data Protection Policy.
Authorization: Prior, express, and informed consent of the Data Subject to carry out the Processing of personal data.
Database: An organized set of personal data that is the subject of Processing.
Personal Data: Any information linked to or that can be associated with one or more specific or identifiable natural persons.
Data Processor: A natural or legal person, public or private, who, either alone or in association with others, processes personal data on behalf of the Data Controller.
Data Controller: A natural or legal person, public or private, who, either alone or in association with others, decides on the database and/or the processing of data.
Data Subject: A natural person whose personal data is subject to processing.
Processing: Any operation or set of operations on personal data, such as collection, storage, use, circulation, or deletion.
TITLE II: LEGAL FRAMEWORK APPLICABLE TO PROCESSING
Pursuant to this policy, the following regulatory references and procedures/guidelines issued by the Company for the processing of personal data shall apply.
Colombian Constitution.
Law 1581 of 2012.
Unique Decree 1074 of 2015.
Decree 1377 of 2013
Regulatory Decrees.
Circular 002 of 2015 of the Superintendency of Industry and Commerce.
Applicable case law.
This Personal Data Processing Policy.
Manual of procedures for the processing of personal data.
Guidelines for the supervision of the processing of personal data.
Guidelines for relations with third parties.
Other legal regulations that may be created in the future and that may be applicable.
TITLE III: PRINCIPLES TO WHICH TREATMENT IS SUBJECT
In any case, the processing of personal data carried out under this Data Processing Policy must be strictly governed by the following principles:
Legality: Processing must comply with the provisions of the law.
Purpose: The purpose of processing must be legitimate, temporary, and communicated to the data subject.
Reasonable Limit: The storage and processing of personal data will be limited to what is essentially necessary to fulfill the previously specified purposes of the business relationship, as well as the fulfillment of the purposes authorized by the Data Subject.
Freedom: Data may be processed only with the prior, express, informed, and self-determined consent of the data subject or by legal or judicial mandate.
Truthfulness or Quality: Information must be truthful, complete, accurate, up-to-date, verifiable, and understandable.
Transparency: The data subject’s right to obtain information about their data at any time and without restrictions must be guaranteed. Restricted access and circulation: Processing may only be carried out by persons authorized by the Data Subject or by those provided for by law.
Security: Information must be handled with the necessary measures to ensure the security of records and prevent tampering, loss, unauthorized or fraudulent access, or consultation.
Confidentiality: Personal data that is not public is confidential and may only be provided under the terms of the law. Any person involved in the processing of information must guarantee its confidentiality.
TITLE IV: PURPOSES OF THE PROCESSING
As the data controller, the Company declares that this data is not sensitive data. Only public data will be collected and processed for one or more of the following purposes, and that none of this data is sensitive data:
A. Administrative and Accounting Management.
Manage the engagement of suppliers and third parties to enable the Company’s various accounting and financial procedures.
Record and support financial and accounting information in the Company’s software to track transactions.
Manage the Company’s invoicing processes to support payments within internal accounting and to support external and internal audits.
Manage the formalization of the purchase contract, manage the shipping of orders, and resolve incidents.
Manage information for analytical purposes and website improvements.
Manage information to maintain a purchase history.
B. Human Resources and Occupational Health.
Promote procedures for the verification and evaluation of applicants in the selection processes, in order to fill vacancies offered by the Company.
Verify the results of comprehensive safety studies for the Company’s applicants, as a prerequisite for employment.
Control and monitor the formalization of the employment relationship of the Company’s employees.
Control and monitor the Company’s active and inactive personnel for statistical purposes.
Verify the payroll payment of the Company’s employees in order to report on employment developments that impact payroll settlement, reimbursement, and payment.
Promote the development of well-being activities, action plans, staffing, and comprehensive employee development in their work environment.
Administer the occupational health and safety management system to track employee admission and retirement medical examinations.
C. Commercial Management and Innovation.
Manage customer and supplier information to facilitate the internal management of the Company’s accounting, administrative, and financial processes.
Promote the launch of commercial promotions to track attendance at events organized by the Company.
Promote advertising and commercial prospecting by sending text messages to customers with information about promotions, special plans, and the opening of new locations.
Manage contact history, whether via email, SMS, WhatsApp, or chat, to provide better customer service and to train our teams.
D. Technology and Security.
Promote controls over the Company’s IT and technological systems to manage passwords, users, IT licenses, and technological support.
E. Legal Department
Manage client and supplier information to facilitate the internal handling of any legal proceedings that may arise.
TITLE V: RIGHTS OF THE HOLDER OF THE INFORMATION
Know, update, and rectify your personal data that is being processed by the Company or its data processors.
Request proof of the authorization granted to the Company, except when expressly exempted as a requirement for processing.
Revoke authorization and/or request the deletion of data when the processing does not respect constitutional and legal principles, rights, and guarantees.
File complaints with the Superintendency of Industry and Commerce for violations of the provisions of Law 1581 of 2012.
Know our Personal Data Processing Policy and any substantial changes that may occur.
Other rights granted by current legal regulations.
TITLE VI: INTERNATIONAL TRANSMISSION AND TRANSFER OF DATA
In connection with the Company’s activities, it may transfer and/or transmit information for processing by responsible third parties within and outside the country. This transfer of personal data must be carried out in strict compliance with this Data Processing Policy and the security standards implemented by the Company. The Company is authorized to transmit and transfer data internationally between its parent company, subsidiaries, branches, and corporate group.
TITLE VII: AUTHORIZATION OF TREATMENT
For the processing of personal information, the Company will request prior, informed authorization from the data subjects. This authorization may be provided in writing, verbally, or through unequivocal conduct. The Company will retain proof of the authorizations obtained for data processing.
TITLE VIII: PROCEDURE FOR THE PRESENTATION OF CLAIMS, INQUIRIES AND COMPLAINTS
The Company will have the following procedures for addressing inquiries and complaints submitted by Data Subjects, in accordance with the provisions of Law 1521 of 2012:
Inquiries
The data subject, their successors in title, or any other person with a legitimate interest, will submit inquiries through written communication or email, in which:
Their identity is established, including their name and identification number.
The reason for the inquiry is clearly and expressly stated.
The legitimate interest in which they are acting is proven, always attaching the appropriate supporting documentation.
The physical or electronic correspondence address to which the response to the request can be sent is indicated.
In accordance with Article fourteen (14) of Law 1581 of 2012, it is established that: “Inquiries will be addressed within a maximum period of ten (10) business days from the date of receipt.” When it is not possible to attend to it within this period, the interested party will be informed, stating the reasons for the delay and indicating the date on which his/her query will be resolved, which in no case may exceed five (5) business days following the expiration of the first term.”
Complaints
The owner, their successors in title, or any other person with a legitimate interest who considers that the information contained in a database should be corrected, updated, deleted, or the authorization granted for processing should be revoked, or when they notice an alleged breach of any of the obligations contained in Law 1581 of 2012, may, by physical or electronic means, submit a timely complaint to the responsible department. In accordance with article fifteen (15) of Law 1581 of 2012, such a complaint will be admissible once compliance with the following requirements is verified:
The complaint must: i) include the identity of the complainant, stating their name and identification number; ii) clearly and expressly specify the reason for the inquiry; iii) demonstrate the legitimate interest of the complainant, always attaching the appropriate supporting documents; and iv) indicate the physical or electronic correspondence address to which the response to the request should be sent. If the claim is found to be incomplete, “the interested party will be required within five (5) days following receipt of the same to correct the deficiencies. After two (2) months from the date of the request, if the applicant does not present the required information, it will be understood that the claim has been withdrawn.”
If the Company is not competent to resolve the claim, it will forward it to the appropriate authority within a maximum of two (2) business days and inform the interested party of the situation.
Once the complete claim is received, a message stating “claim in process” and the reason for the complaint will be included in the database within a period of no more than two (2) business days. This message must remain in effect until the claim is resolved.
The maximum period for addressing the claim will be fifteen (15) business days, starting the day following the date of receipt. When it is not possible to address it within this period, the interested party will be informed of the reasons for the delay and the date on which their claim will be resolved, which in no case may exceed eight (8) business days following the expiration of the first period.
Requests to delete information and revoke authorization will not be processed when the data subject has a legal or contractual obligation to remain in the database.
If, after the respective legal term has expired, the controller and/or processor, as applicable, have not deleted the personal data, the data subject shall have the right to request the Superintendency of Industry and Commerce to order the revocation of the authorization and/or the deletion of the personal data. For these purposes, the procedure described in Article 22 of Law 1581 of 2012 shall apply.
TITLE X: HANDLING OF QUERIES AND COMPLAINTS
The Company has a dedicated department responsible for addressing and resolving queries and complaints from personal data owners or those authorized to do so. Data owners may submit their queries and complaints through the following channels:
Name: EMISION CREATIVA S.A.S.
Email: online@aurointima.shop
Address: Auto. Norte 108A – 50
110221 Bogotá D.C.
Tax Identification Number: 9018906116
TITLE XI: MODIFICATIONS TO THE POLICY
The Company reserves the right to modify its personal information privacy policy at any time. To this end, a notice will be posted on the Company’s website or through the mechanism enabled by the Company 15 business days prior to its implementation and for the duration of the policy. If you do not agree with the new personal information management policies, the data subjects or their representatives may request the removal of their information through the means indicated above. However, the removal of data cannot be requested while maintaining any relationship with the Company.
TITLE XII: VALIDITY
This policy will be effective from March 2025.
