Terms and conditions
DATA PROCESSING AND PERSONAL DATA PROTECTION POLICY
The purpose of this manual is to comply with Statutory Law 1581 of 2012 and its Regulatory Decree 1377 of 2013, which aims to develop the constitutional right of all individuals to know, update, and rectify the information that has been collected about them in databases or files, as well as the other rights, freedoms, and constitutional guarantees referred to in Article 15 of the Political Constitution; as well as the right to information enshrined in Article 20 of the same.
In this way, GRUPO MERCK S.A.S. states that it guarantees the rights to privacy, intimacy, and good name in the processing of personal data, and consequently, all its actions will be governed by the principles of legality, purpose, freedom, truthfulness, quality, transparency, restricted access and circulation, security, and confidentiality.
All individuals who, in the course of various contractual, commercial, labor, and other activities, whether permanent or occasional, provide any type of information or personal data to GRUPO MERCK S.A.S. will be able to know, update, and rectify it.
For this purpose and in accordance with the provisions of Article 18, literal f of Law 1581 of 2012, GRUPO MERCK S.A.S. adopts this internal manual of policies and procedures to ensure proper compliance with Law 1581 of 2012 and, in particular, to address inquiries and complaints from the holders of personal data.
Name or Business Name: GRUPO MERCK S.A.S. society identified with NIT. 900.883.729-3
Address and Location: GRUPO MERCK S.A.S. has its main residence in the city of Bogotá at 29th Avenue No. 74-86.
Telephone: 3046049228
Email: grupomercksas@gmail.com
In development of the security principle established in Law 1581 of 2012, GRUPO MERCK S.A.S will adopt the necessary technical, human, and administrative measures to ensure the security of the records, preventing their alteration, loss, consultation, unauthorized use, or fraudulent access. The Database Administrator will ensure the security of the Databases and will monitor the proper application of the Privacy Policy.
GRUPO MERCK S.A.S will maintain mandatory security protocols for personnel with access to personal data and information systems.
The procedure must consider, at a minimum, the following aspects:
A. Training of the data processing manager for the proper handling of information, whether physical or automated, that resides in the company, following the parameters established by the law, as well as the protection and security of the data.
B. Training for new employees regarding the Personal Data Processing Policy and the mechanisms and security protocols for the processing of such data.
C. Scope of application of the procedure with detailed specification of the protected resources.
D. Measures, norms, procedures, rules, and standards aimed at ensuring the level of security required by Law 1581 of 2012 and Decree 1377 of 2013.
E. Functions and responsibilities of the staff.
F. Structure of Personal Data Databases and Description of the Information Systems that Handle Them.
G. Notification, management, and response procedure for incidents.
H. Procedures for creating backup copies and data recovery.
I. Periodic controls that must be carried out to verify compliance with the provisions of the security procedure that is implemented.
J. Measures to be taken when a medium or document is transported, discarded, or reused.
K. The procedure must be kept up to date at all times and must be reviewed whenever relevant changes occur in the information system or in its organization.
L. The content of the procedure must always comply with the current regulations regarding the security of Personal Data.