For this policy, it is called A3Sec Group in representation of the three headquarters that comprise it: Spain: A3Sec Grupo S.L., Mexico: A3Sec Sociedad Anónima de Capital Variable, Colombia: A3Sec S.A.S Sociedad por acciones simplificada.

The objective of this Policy is to establish the necessary action framework in order to protect the information resources against threats, internal or external, whether deliberate or accidental, with the purpose of ensuring that the confidentiality, integrity and availability of the information are respected, guaranteeing the adequate treatment of the personal information registered in the company's databases. A3Sec Group establishes its Corporate Security and Privacy Policy as follows:

Therefore, to A3Sec Group, information is a fundamental asset for the provision of its services and decision making, for this reason, through the protection of information, we seek to reduce the impact generated on the information assets by the risks identified in a systemic way; with the purpose of maintaining an acceptable level of exposure that allows us to respond for the confidentiality, availability and integrity of the information, according to the needs of the identified interested parties.

A3Sec Group, understanding the importance of an adequate information management, establishes and is committed to the implementation, operation and continuous improvement of the Information Security and Privacy Management System (SGSPI), seeking to establish a framework of trust for stakeholders, in the exercise of the operation of its services, supported by clear guidelines and aligned with the mission and vision; supporting the achievement of its strategic objectives and compliance with legal, regulatory and contractual requirements of security and privacy of information.

 

Our Employees and the Personal Data

When you start working with or for A3Sec Group, we collect some personal data from you in order to manage our relationship and for tax and legal purposes. This form provides you with details about what data we collect, how we process it and what is the purpose for which we collect it. You will also access certain personal data under the responsibility of the company, and the annex to this document regulates how you should process this information.

In accordance with the General Data Protection Regulation 2016/679 ("GDPR") of Spain and the law 1581 of 2012, its regulatory decree 1377 of 2013 of Colombia. A3Sec Group has a legitimate interest in processing the personal data of our staff, of which you are a part (hereinafter "Staff Member"). However, even if it is not strictly necessary, by acknowledging receipt of this document, you authorize us to collect and process your personal data in the course of your employment or your engagement in the manner set out below and as indicated in the formalized contract.

We assure you that our legitimate interest in administering our personnel and complying with the legal obligations arising from the employment or the contract will not prejudice your fundamental rights and your freedom. In fact, your personal data will only be used for the purposes detailed below.

For the purposes of the provisions set forth in the General Data Protection Regulation 2016/679 ("GDPR") of Spain , law 1581 of 2012 and its regulatory decree 1377 of 2013 of Colombia. A3Sec Group informs you that it will treat your data for the following purposes:

  1. Establish, manage and maintain the contractual relationship with you, including the payment of your compensation through financial institutions and interacting with tax agencies and social security offices, unions, mutual insurance companies and insurance entities;

  2. In order to enable you to perform your duties and tasks as staff within A3Sec Group;

  3. To carry out, where appropriate, a control of your time and access to the company's facilities (video-surveillance);

  4. Evaluate your aptitude for the job or task, in order to offer you training and professional transition services, as well as to manage contracts and tasks, and for selection, evaluation and professional improvement processes;

  5. Inform you about the products and services and payment and/or incentive schemes that A3Sec Group offers to its staff and how to join them, including incentive plans, employee benefits or other similar benefits.

  6. To monitor your use of our information systems (including computers, servers, PCs and mobile devices such as tablets, laptops and cell phones) and, under the conditions established by law, your email communications, to verify compliance with your obligations and duties under your relationship and job functions within A3Sec Group, as well as for the prevention and/or investigation of fraud and other crimes or torts; g) To manage and defend any claims and legal actions, to comply with court orders and other legal obligations and regulatory requirements;

  7. Manage and defend any legal claims and actions, to comply with court orders and other legal obligations and regulatory requirements;

  8. For all other purposes authorized by law.

A3Sec Group collects, processes and discloses your sensitive personal data only as necessary to comply with obligations imposed by law or if there is a compelling business reason to do so as permitted by applicable law or with the consent of the staff member.

A3Sec for the duration of our contract with you and, thereafter, blocked, for the period prescribed by law to meet any liabilities or legal or administrative reasons (generally 6 years).

In order to conduct our business, your data will be processed and communicated to the following entities (limiting such data to what is necessary to perform the contract of these entities with A3Sec Group and, in your case, for the legal reason):

  • Our customers: professional contact details and your cell phone number for the purpose of contacting the staff member within your job roles.

  • Other companies within the A3Sec Group corporate group, if applicable.

  • Service providers who provide services for A3Sec Group, including the following: communications, networking, file sharing, training companies, travel and transportation companies, restaurant tickets, social and employee benefits, occupational health and safety, banks, for the proper provision of services.

  • To third parties that we are required by law or by administrative or judicial order to communicate such data. For example, to the Tax Office, Social Security, Unions, Mutual Benefit Societies and Public Prosecutor's Office.
  • Investors (potential and current), potential buyers, advisors, in the context of any due diligence or audit.

The personal information you provide to us may be transferred, for the aforementioned purposes, to third parties in countries outside the European and American Economic Area, including those that do not offer an adequate level of protection in accordance with the General Data Protection Regulation 2016/679 ("GDPR") of Spain , the law 1581 of 2012 and its regulatory decree 1377 of 2013 of Colombia. Notwithstanding the foregoing, data will be shared under agreements that provide adequate safeguards as required by data protection regulations. We do not allow our third party service providers to use your personal data for their own purposes and only allow them to process your personal data for specific purposes and in accordance with our instructions. 

When you acknowledge the receipt of this policy, you declare that the data you provide to us are true, accurate and up to date, and that you have been informed to exercise your right of access, rectification, erasure, limitation, opposition to the processing of your personal data, and restriction of the processing, to the transfer of data and to withdraw any consent at any time, without affecting the lawfulness of the consent-based processing prior to your withdrawal, under the terms of the General Data Protection Regulation 2016/679 ("GDPR") of Spain , the law 1581 of 2012 and its regulatory decree 1377 of 2013 of Colombia. You can do so by sending an email to the address dataprotection@a3sec.com or by mail to A3Sec Group at Calle 98 N° 70-91, Pontevedra Office 913. You can also exercise your rights by sending a written request to the Human Resources Area.

Through this document, you are informed that you have the right to file a claim before the Spanish Data Protection Agency, Calle Jorge Juan, 6, 28001, Madrid, www.aepd.es, and in Colombia before the Superintendence of Industry and Commerce (SIC), located at Carrera 13 No. 27 - 00, Pisos 1 y 3 in Bogotá, www.sic.gov.co, although we request that you first contact us to address any claim.

Finally, with respect to the treatment of personal data of A3Sec Group or third parties to which you may have access during the performance of your work, you agree to comply with the obligations contained in this document.

Isotipo A3Sec