BLACK DAYS 26 al 28 NOVIEMBRE
-25% OFF en TODOS los recursos Premium ⬅
BLACK DAYS 26 al 28 NOVIEMBRE
-25% OFF en TODOS los recursos Premium ⬅
BLACK DAYS 26 al 28 NOVIEMBRE
-25% OFF en TODOS los recursos Premium ⬅
BLACK DAYS 26 al 28 NOVIEMBRE
-25% OFF en TODOS los recursos Premium ⬅
Días
Horas
Min
Seg
Facebook-f Instagram Youtube Pinterest

Aviso: Semanas atrás, Facebook por equivocación eliminó nuestras redes y no las hemos podido recuperar. Te pedimos que nos apoyes en oración y síguenos en nuestras nuevas redes:

@masimpulsoglobal
Más Impulso
@masimpulsoglobal
Más Impulso
POLICIES AND PROCEDURES MANUAL ON PERSONAL DATA PROTECTION AT MÁS IMPULSO S.A.S. ARE HEREBY ESTABLISHED.

TABLE OF CONTENTS

    1. Objective
    2. Scope
    3. Applicable regulations
    4. Content of the policy manual for the management and processing of information and personal data.
    5. Policies for the processing of personal data.
      5.1. General information of MÁS IMPULSO S.A.S. as the party responsible for the processing of Personal Data.
      5.2. Objectives of the Personal Data Processing Policy Manual.
      5.3. Who the personal data processing policy is addressed to.
      5.4. Scope of application.
      5.5. Important definitions in data processing.
      5.6. Guiding principles for the processing of personal data.
      5.7. Databases:
       5.7.1. Client’s Database.
       5.7.2. Database of partners and employees of MÁS IMPULSO S.A.S.
       5.7.3. Database of Impulsores (subscribers).
       5.7.4. Database of free downloads (email).
       5.7.5. Registration of databases.
    6. Authorization of the data subject for data processing.
    7. Authorization of the data subject for the processing of sensitive data.
    8. Use and purpose of personal data processing.
    9. Privacy Notice.                                                    
    10. Revocation of authorization and/or deletion of data.
    11. Rights of the data subjects.
    12. Procedure for exercising the rights of the data subject.
    13. Duties of MÁS IMPULSO S.A.S. as responsible party and processor of personal data.
    14. Security measures applied to the processing of databases.
    15. Prohibitions.
    16. Designation of department or person in charge of handling requests, inquiries, and claims from the data subject.
    17. Effective date and updates of the Personal Data Processing Policy Manual.


    • Objective

This document establishes the Policy Manual for the Management and Processing of Information and Personal Data of MÁS IMPULSO S.A.S., developed in compliance with Law 1581 of 2012, “By which general provisions are issued for the protection of personal data,” and its regulatory decrees.

Such regulations require all public and private entities that collect and process personal data to adopt an internal manual of policies and procedures that ensures compliance with the law, especially regarding the effective exercise of the rights of the data subjects.

All information received by MÁS IMPULSO S.A.S., through its different communication channels, both digital and physical, which make up its databases (clients, employees, suppliers, subscribers, among others), will be managed according to the policies described in this manual.

This document has been prepared following the guidelines established in current regulations and will apply to all databases containing personal information and subject to processing by MÁS IMPULSO S.A.S.

    1. Scope

This policy applies to the processing of personal information of all individuals who have a relationship with MÁS IMPULSO S.A.S., whether as clients, users, employees, contractors, suppliers, subscribers, collaborators, or any other third party who provides or has provided their personal data to the company, in accordance with the provisions of Law 1581 of 2012 and its regulatory norms.

    1. Applicable regulations

The most important aspects to take into account according to data protection laws in Colombia are: Law 1581 of 2012, Decree 1377 of 2013, Decree 886 of 2014, and all regulations that amend, add to, or complement them, which must be applied by MÁS IMPULSO S.A.S. to ensure the proper management, processing, and protection of collected personal data.

 

    1. Content of the Policy Manual for the Management and Processing of Information and Personal Data

    • General information of MÁS IMPULSO S.A.S. as the party responsible for the processing of Personal Data.
    • Objectives of the Personal Data Processing Policy Manual.
    • Who the personal data processing policy is addressed to.
    • Scope of application.
    • Important definitions in data processing.
    • Guiding principles for the processing of personal data.
    • Databases:
       Client Database.
       Database of partners and employees of MÁS IMPULSO S.A.S.
       Database of Impulsores (subscribers).
       Database of free downloads (email).
       Registration of the databases.

    • Authorization of the data subject for data processing.
    • Authorization of the data subject for the processing of sensitive data.
    • Use and purpose of the processing of personal data.
    • Privacy Notice.
    • Revocation of authorization and/or deletion of the data.
    • Rights of the data subjects.
    • Procedure for the exercise of the rights of the data subject.
    • Duties of MÁS IMPULSO S.A.S. as the party responsible and in charge of processing personal data.
    • Security measures applied to the processing of the databases.
    • Prohibitions.
    • Designation of the department or person in charge of the procedure so that the data subject may exercise their rights of petitions, inquiries, and claims.


    • Personal Data Processing Policies

5.1 General information of MÁS IMPULSO S.A.S. as the party responsible for the processing of personal data

Company Name: MÁS IMPULSO S.A.S.

NIT: 901532164-0

Main Address: Calle 14a N 5-67 Chiquinquirá, Boyacá – Colombia

Phone Numbers: +57 3112085913 or +57 3142555942

Email: [email protected]

  5.2. Objectives of the Policy Manual for the Management and Processing of Information and Personal Data.

This manual aims to protect the right that all individuals have to know, update, and rectify the information collected about them in the databases or files owned by MÁS IMPULSO S.A.S., or whose processing has been entrusted to it, in the development and fulfillment of its corporate purpose. It also seeks to safeguard the constitutional rights, freedoms, and guarantees established in Articles 15 (right to privacy) and 20 (right to information) of the Political Constitution of Colombia.

MÁS IMPULSO S.A.S. understands data protection as all physical, technical, and legal measures implemented to ensure that the information of the data subjects—natural persons such as employees, clients, subscribers, or others registered in the company’s databases—is secure against any unauthorized access. Likewise, it seeks to ensure that its use and conservation are carried out according to the specific purpose for which the personal data was collected.

5.3. To whom the Policy Manual for the Management and Processing of Information and Personal Data is directed


This policy is addressed to all natural persons who have or have had any relationship with MÁS IMPULSO S.A.S., including but not limited to: clients, subscribers, contractors, suppliers, employees, collaborators, beneficiaries, strategic partners, and any other third party whose personal data is stored in the company’s databases, whether in active or inactive status.

5.4 Scope of Application

The scope of this Manual, in accordance with Law 1581 of 2012 and its regulatory decrees, includes all personal data of natural persons recorded in the databases owned by MÁS IMPULSO S.A.S., or whose processing has been entrusted to it, both within Colombian territory and outside of it.

This Manual will apply to the processing of personal data carried out from Colombia, regardless of the country of origin of the data subject. In cases where personal data is collected from data subjects located abroad, MÁS IMPULSO S.A.S. will apply Colombian regulations, without prejudice to complying, when required, with the local data protection laws of the data subject’s country, in accordance with international treaties or principles of good faith and respect for the rights of the data subject.

The personal data protection regime contained in this manual will not apply to the following cases, in accordance with current legislation:

    1. Databases or files maintained for an exclusively personal or domestic purpose. If shared with third parties, the data subject must be informed in advance and authorization must be obtained, with the processing then being subject to the Habeas Data Law.
    2. Databases and files whose purpose is national security and defense, as well as the prevention, detection, monitoring, and control of money laundering and the financing of terrorism.
    3. Databases and files containing intelligence and counterintelligence information.
    4. Databases and files with journalistic content and other editorial content.
    5. Databases and files regulated by Law 1266 of 2008 (related to financial, credit, and commercial information).
    6. Databases and files regulated by Law 79 of 1993 (Territorial Census).

 

5.5 Important Definitions in the Processing of Data
For the interpretation of the policies and the application of the rules contained in this manual, it is necessary to take into account the following definitions:

    • Authorization: Prior, express, and informed consent of the data subject to carry out the processing of their personal data.
    • Privacy notice: Verbal or written communication generated by the data controller, addressed to the data subject, through which they are informed about the existence of the information processing policies that will apply, how to access them, and the purposes for which their personal data will be processed.
    • Database: An organized set of personal data that is subject to processing.
    • Personal data: Any information linked or that may be associated with one or more identified or identifiable natural persons.
    • Private data: Information that, due to its intimate or reserved nature, is only relevant to the data subject.
    • Semi-private data: Information that is neither intimate, reserved, nor public, and whose knowledge or disclosure may be of interest not only to the data subject but also to a certain sector or social group (for example, financial or credit data).
    • Public data: Information that is not private, semi-private, or sensitive. Public data includes, among others, information related to marital status, profession, occupation, or status as a merchant or public servant. This data may be contained in public records, official documents, or enforceable judicial rulings.
    • Sensitive data: Data that affects the privacy of the data subject or whose misuse may lead to discrimination. This includes data revealing racial or ethnic origin, political orientation, religious or philosophical beliefs, union membership, health status, sexual life, and biometric data.
    • Processor: A natural or legal person, public or private, who, alone or in association with others, processes personal data on behalf of the data controller.
    • Data controller: A natural or legal person, public or private, who, alone or in association with others, decides on the database and/or the processing of personal data.
    • Data subject: A natural person whose personal data is subject to processing. This includes employees, former employees, suppliers, customers (active and inactive), subscribers, users, or any person who provides personal data to MÁS IMPULSO S.A.S.
    • Processing: Any operation or set of operations performed on personal data, such as collection, storage, use, circulation, or deletion.
    • Transfer: Occurs when the controller and/or processor of personal data, located in Colombia, sends the information to a recipient who is also a controller and is located inside or outside the country.
    • Transmission: Communication of personal data to a processor so that they process it on behalf of the controller, whether inside or outside Colombian territory.

 

5.6. Guiding Principles for the Processing of Personal Data
Law 1581 of 2012 establishes in its Article 4 the principles that govern the processing of personal data in Colombia. MÁS IMPULSO S.A.S., as an organization committed to regulatory compliance and the protection of personal information, declares that it adheres to and will strictly apply the following principles:

    • Principle of legality: The processing of personal data is a regulated activity that must comply with the provisions of Law 1581 of 2012, Decree 1377 of 2013, and other regulations that amend, add to, or regulate them.
    • Principle of purpose: The processing of personal data must serve a legitimate purpose, in accordance with the Constitution and the law. This purpose must be clearly communicated to the data subject.
    • Principle of freedom: Processing may only be carried out with the prior, express, and informed consent of the data subject. Personal data cannot be obtained or disclosed without authorization, except in legal or judicial cases that allow processing without consent.
    • Principle of truthfulness or quality: The information subject to processing must be truthful, complete, accurate, up-to-date, verifiable, and understandable. The processing of partial, incomplete, fragmented, or misleading data is expressly prohibited.
    • Principle of transparency: The data subject must be guaranteed the right to obtain, at any time and without restrictions, information regarding the existence of data concerning them, from the data controller or processor.
    • Principle of restricted access and circulation: Processing is limited according to the nature of the personal data, the law, and the Constitution. Only persons authorized by the data subject or by law may access the data. Except for public data, personal information may not be disclosed through mass media such as the internet, unless technical controls are in place to restrict access exclusively to data subjects or legally authorized third parties. Once the purpose of processing has been fulfilled, its use must cease.
    • Principle of security: Information subject to processing must be handled with the technical, human, and administrative measures necessary to prevent its alteration, loss, consultation, use, or unauthorized or fraudulent access.
    • Principle of confidentiality: All persons involved in the processing of personal data that is not public are obligated to maintain the confidentiality of such information, even after their relationship with any processing activity has ended. They may only provide or communicate it under the terms authorized by law.
    • Duty of information: MÁS IMPULSO S.A.S. will inform data subjects, as well as data controllers and processors, about the data protection framework adopted, including the purpose of processing and the applicable principles. It will also inform about the existence of personal databases, the rights of the data subjects, and the channels to exercise habeas data in accordance with current regulations, carrying out the registrations required by law before the competent authority.



5.7 Database
In the processing of the data contained in the following databases, MÁS IMPULSO S.A.S. acts as the Data Controller, since it collects the information, defines its purpose, and makes decisions regarding its use, as well as in the role of Processor, insofar as it directly carries out the processing of said data.

Below are the databases in which MÁS IMPULSO S.A.S. processes personal information:

5.7.1. Customer Database
This database contains information of natural or legal persons who have purchased products from MÁS IMPULSO S.A.S., as active or former customers.

Content
It includes personal data such as full name, contact number, email address, city, country, purchase history, among other data necessary for business management.

Purpose
To manage business relationships, process orders, carry out loyalty campaigns, customer service, send promotional information and/or administrative notifications.

Processing
Collection, storage, use, consultation, and possible deletion according to the purposes previously authorized by the data subject.

Retention
The data will be kept for the duration of the business relationship and up to ten (10) years after its termination.

5.7.2. Database of Partners and Employees of MÁS IMPULSO S.A.S.
This contains the personal data of employees, former employees, partners, and collaborators who have or have had a labor or contractual relationship with MÁS IMPULSO S.A.S.

Content
It includes information such as first and last names, type and number of identification documents, address, phone number, email, date of birth, marital status, work history, résumé, emergency contact details, social security affiliations, among others.

Purpose
Administrative management, human resources management, fulfillment of contractual, labor, tax, and social security obligations.

Processing
Collection, storage, use, updating, and deletion according to contractual or legal purposes.

Retention
While the labor or contractual relationship remains, and up to ten (10) years after its termination, in accordance with current regulations.

 

5.7.3 Database of Impulsores (subscribers).
Contains the data of natural or legal persons who have voluntarily subscribed to our curriculum platform to receive classes, communications, relevant information, or valuable content from the MÁS IMPULSO project.

Content
This corresponds to the data provided by natural or legal persons who voluntarily subscribe to receive valuable content and resources. It includes name, email, city, and country of residence.

Purpose
To send newsletters, educational resources, exclusive materials, updates, and other communications related to the objectives of MÁS IMPULSO S.A.S.

Processing
Collection through online forms, secure storage, use for sending communications, statistical analysis, and eventual deletion if the data subject requests it.

Retention
Indefinite, as long as the data subject does not request the deletion of their data or revoke authorization.

5.7.4 Database of free downloads (email).
Includes the email addresses collected when a user downloads free content from the different digital channels of MÁS IMPULSO S.A.S.

Content
Collects exclusively the email address of natural persons who access free content provided by MÁS IMPULSO S.A.S. through its website or other digital channels.

Purpose
To keep track of downloads, learn about user interests, send related or complementary content, and establish direct contact for educational or promotional purposes.

Processing
Collection, storage, and use only for the established purposes and in accordance with the express authorization of the data subject.

Retention
Indefinite, as long as the data subject does not request the deletion of their data or revoke authorization.

 

5.7.5. Registration of the databases.
In accordance with Decree 886 of 2014, the databases described above will be registered, updated, and reported to the National Database Registry (RNBD), when applicable, in accordance with the provisions of the Superintendence of Industry and Commerce.

5.8. Authorization of the data subject for data processing
In accordance with Article 5 of Decree 1377 of 2013, MÁS IMPULSO S.A.S., in its capacity as Data Controller, has developed a format of “Authorization for the Processing of Personal Data” and has implemented procedures to request such authorization from the data subject, no later than at the time of collecting the information.

At the time of obtaining the data, the following will be clearly informed:

    • Which personal data will be collected,
    • The specific purposes for which their processing is authorized,
    • And the rights of the data subject as part of the data protection regime in Colombia.
      MÁS IMPULSO S.A.S. may process those personal data found in publicly accessible sources, provided that by their nature they correspond to public data, and in no case will it exceed the limits established by law.

It will be understood that the authorization of the data subject complies with legal requirements when it is expressed through:

    • A written medium,
    • Orally,
    • Or through unequivocal conduct by the data subject, which reasonably allows the conclusion that consent was granted.

Silence will not, under any circumstances, be interpreted as authorization by MÁS IMPULSO S.A.S.

Likewise, the company has established appropriate and accessible channels so that the data subject may exercise the right to revoke at any time the authorization granted, as well as to request the deletion of their personal data in accordance with the procedures established in this manual and the current regulations.

 

5.9. Authorization of the data subject for the processing of sensitive data.
In the processing of sensitive personal data, when permitted in accordance with Article 6 of Law 1581 of 2012, MÁS IMPULSO S.A.S., in its capacity as Data Controller, will comply with the following legal obligations:

    1. Inform the data subject that, because these are sensitive data, they are not required to authorize their processing.
    2. Explain in advance and explicitly, in addition to the general requirements for any authorization, which of the requested data are sensitive, the specific purpose of their processing, and obtain the express and written consent of the data subject.
    3. Ensure that none of the activities, services, or benefits offered by MÁS IMPULSO S.A.S. will be conditioned on the data subject providing sensitive personal data.

5.10. Use and purpose of personal data processing.
MÁS IMPULSO S.A.S., in its role as data controller and in compliance with its commitment to protecting the privacy of data subjects, informs that it collects, stores, uses, and, when necessary, transmits or transfers personal data exclusively for legitimate purposes related to the development of its corporate purpose.

These purposes are directly associated with the educational, ministerial, and training services it offers, both free and paid, as well as the management of relationships with clients, subscribers, employees, partners, and other individuals connected with the company.

Among the main purposes of personal data processing are:

    • Carry out the core activities of MÁS IMPULSO S.A.S., such as the design, promotion, and delivery of digital content, downloadable resources, subscriptions, training, educational programs, and specialized products.
    • Establish contact with data subjects for sending relevant information, promotions, news, reminders, surveys, and other communications related to the products or services offered.
    • Manage internal administrative, commercial, financial, and logistical processes associated with sales, subscriptions, billing, customer support, reporting, and statistical analysis.
    • Comply with legal, contractual, and regulatory obligations, including requirements from public entities, audits, tax reports, or social security reports, when applicable.
      Register and update databases of subscribers, clients, employees, providers, and partners, both active and inactive.
    • Develop behavioral and preference analysis of users for the purpose of continuous improvement in educational or ministerial content and strategies, without personally identifying users when the information has been collected in an automated manner.
      Support legal, contractual, or extrajudicial procedures in which MÁS IMPULSO S.A.S. has a legitimate interest.

MÁS IMPULSO S.A.S. does not sell, transfer, rent, or disclose personal data to third parties without the express authorization of the data subject, unless there is a legal obligation requiring it.

To carry out its processes, MÁS IMPULSO S.A.S. may subcontract providers or technological partners who act as data processors, and they must comply with the conditions of confidentiality, security, and legality established by law. In cases where data transmission or transfer to other entities inside or outside the country is required, the contracts required under Decree 1377 of 2013 will be signed, guaranteeing the adequate protection of personal data.

 

5.11. Privacy Notice.
MÁS IMPULSO S.A.S., in compliance with Law 1581 of 2012 and its regulatory decrees, informs that it protects the personal data provided by data subjects, and that these will be processed in accordance with the purposes established in the Internal Manual of Policies and Procedures for the Processing of Personal Data.

Since MÁS IMPULSO S.A.S. operates 100% virtually, authorization for the processing of personal data is obtained through electronic means, by voluntarily checking a box (“checkbox”) when filling out online forms, along with a visible link to the Policies Manual. This action constitutes unequivocal conduct that demonstrates the informed consent of the data subject, in accordance with Article 5 of Decree 1377 of 2013.

Personal data will be collected, stored, used, updated, backed up, and eventually deleted, in accordance with legal provisions and the internal policies adopted by MÁS IMPULSO S.A.S. Processing may be carried out directly or through third-party processors, under strict conditions of confidentiality and security.

The data subject has the right to access, update, correct, or delete their personal information and to revoke the authorization granted, as well as to submit petitions, complaints, and claims in accordance with current regulations.

The full content of the Manual can be consulted or requested through the following contact details:

Email: [email protected]
Phone: +57 314 255 5942
Address: Calle 14A No. 5-67, Chiquinquirá, Boyacá – Colombia
Responsible Department: Administrative Management – Data Protection

 

5.12. Revocation of Authorization and/or Deletion of Data.
In accordance with Article 8 of Decree 1377 of 2013, MÁS IMPULSO S.A.S. has established free, agile, and accessible mechanisms through which any personal data subject may, at any time, request the revocation of the authorization granted and/or the deletion of their personal data from our databases, provided there is no legal or contractual obligation that prevents it.

The request must be made in writing and submitted through the organization’s official channels. It will be processed in accordance with the deadlines and conditions established in Law 1581 of 2012 and its regulatory decrees.

If, after the corresponding legal term has passed, MÁS IMPULSO S.A.S. has not deleted the personal data or has not adequately responded to the request, the data subject may turn to the Superintendence of Industry and Commerce to request that the revocation of authorization and/or the definitive deletion of the data be ordered.

 

5.13. Rights of Data Subjects.
In accordance with Article 8 of Law 1581 of 2012, the data subjects whose personal data are processed by MÁS IMPULSO S.A.S. have the right to exercise the following rights concerning their information:

To know, update, rectify, and delete their personal data before MÁS IMPULSO S.A.S. in its role as data controller. This right may be exercised particularly with respect to partial, inaccurate, incomplete, or fragmented data that may lead to error, or data whose processing is prohibited or has not been previously authorized.

To request proof of the authorization granted, except in cases where it is expressly not required for processing. In the case of MÁS IMPULSO S.A.S., when authorization is obtained through digital means, such as acceptance via a checkbox on the website, electronic records will be kept to demonstrate the date, time, and content of such acceptance, in compliance with Article 7 of Decree 1377 of 2013.

To be informed, upon request, about the use that MÁS IMPULSO S.A.S. has made their personal data.

To file complaints with the Superintendence of Industry and Commerce for violations of the provisions of Law 1581 of 2012 or any other rules that amend, add to, or regulate it.

To revoke authorization and/or request the deletion of data when the processing does not respect constitutional and legal principles, rights, and guarantees, provided there is no legal or contractual duty that prevents it.

To access their personal data that has been processed free of charge, at least once every calendar month, and whenever there are substantial modifications to the data processing policies.

 

5.14. Procedure for Exercising the Rights of the Data Subject.
In accordance with Article 20 of Decree 1377 of 2013, the rights recognized in Law 1581 of 2012 may be exercised before MÁS IMPULSO S.A.S. by:

The data subject, upon proof of identity through physical or digital means.
Their successors, who must prove such status.
Their representative or attorney-in-fact, with the respective authenticated power of attorney.
By stipulation in favor of or for another, as permitted by law.

Procedure for Inquiries
The data subject or their representative may inquire about the personal information contained in our databases. To do this, they must send a clear request through the channels enabled by MÁS IMPULSO S.A.S., attaching a copy of their identification document or a document proving their representation.

Requests may be made through:

Email: [email protected]
Website: www.masimpulsoglobal.com
Physical address: Calle 14A No. 5-67, Chiquinquirá, Boyacá – Colombia.
Phone number: +57 3112085913 or +57 314 255 5942

The inquiry will be answered within a maximum of ten (10) business days. If it is not possible to resolve it within that period, the applicant will be informed within the same time frame, explaining the reasons for the delay, and a final response will be provided within no more than five (5) additional business days.

Data subjects may inquire about their data free of charge at least once per calendar month. In the case of additional inquiries, MÁS IMPULSO S.A.S. may charge shipping, reproduction, or certification costs.

Procedure for Complaints
If the data subject wishes to correct, update, or delete their data, or report a possible breach of our legal obligations, they may submit a complaint through the same channels indicated above.

The complaint must include:

Identification of the data subject.
A clear description of the facts giving rise to the complaint.
A contact address and supporting documents (including a copy of the identification document).

If the complaint is incomplete, correction will be requested within five (5) business days. If not corrected within two (2) months, it will be considered withdrawn.

Once the complete complaint is received, a note stating “complaint in process” will be added to the database. This will remain until the case is resolved.

The maximum period to respond to a complaint will be fifteen (15) business days. If it is not possible to respond within this period, the data subject will be notified, and a response will be given within an additional period of up to eight (8) business days.

 

5.15. Duties of MÁS IMPULSO S.A.S. as Controller and Processor of Personal Data

As Controller of Processing
MÁS IMPULSO S.A.S., in its capacity as the controller of personal data processing, commits to complying with the duties established in Article 17 of Law 1581 of 2012, which include:

    • Guaranteeing the data subject, at all times, the full and effective exercise of the right of habeas data.
    • Requesting and keeping, under the terms provided by law, proof of the authorization granted by the data subject.
    • Clearly informing the data subject about the purpose of the data collection and their rights as the owner of the information.
    • Keeping the information under adequate security conditions to prevent its alteration, loss, consultation, or unauthorized or fraudulent use.
    • Ensuring that the information provided to the processor is truthful, complete, updated, verifiable, and understandable.
    • Timely communicating any updates to the processor and adopting measures to ensure that the information remains updated.
    • Rectifying the data when necessary and notifying the processor.
    • Providing the processor only with the data authorized by law.
    • Requiring the processor to comply with security and confidentiality conditions.
    • Responding to the inquiries and complaints of data subjects in accordance with the defined procedures.
    • Adopting an internal manual of policies and procedures to ensure compliance with the law and proper handling of inquiries and complaints.
    • Informing the processor when the information is being disputed by the data subject.
    • Informing the data subject, if requested, about the use of their data.
    • Reporting to the Superintendence of Industry and Commerce any security incidents that pose a risk in the administration of the data.
    • Complying with the instructions issued by the competent data protection authority.

As Processor of Processing
When acting as a processor, MÁS IMPULSO S.A.S. will comply with the duties established in Article 18 of the same law:

    • Guaranteeing the data subject, at all times, the exercise of their right of habeas data.
      Keeping the data under adequate security conditions to prevent unauthorized access.
    • Timely carrying out the update, rectification, or deletion of the data.
      Updating the data reported by the controller within five (5) business days from receipt.
    • Handling inquiries and complaints within the terms established by law and this manual.
    • Adopting an internal manual of policies and procedures to ensure legal compliance and proper handling of data subjects.
    • Recording the note “complaint in process” in the database when applicable.
      Inserting the note “information in judicial dispute” when notified by a competent authority.
    • Refraining from circulating information that is being disputed by the data subject and whose blocking has been ordered by the competent authority.
    • Allowing access to the data only to authorized persons.
    • Reporting to the Superintendence of Industry and Commerce any violation of security codes and associated risks.
    • Complying with all instructions and requirements issued by the competent authority.

 

5.16. Security Measures Applied to the Processing of Databases

MÁS IMPULSO S.A.S., committed to protecting the personal information of its clients, subscribers, employees, and other data subjects, applies technical, human, and administrative measures that are reasonable and proportional to the nature of the data and the type of processing carried out, in order to guarantee the security, confidentiality, integrity, and availability of the information.

These measures are designed to prevent alteration, loss, consultation, use, or unauthorized or fraudulent access to personal data, especially in the virtual environment in which our platform operates.

Among the main measures implemented are:

    • Access management: Protecting access to data through unique user credentials (username and password) and differentiated authorization levels, according to each collaborator’s role within the organization.
    • Password control: Establishing secure password policies, which include minimum complexity, periodic changes, and reinforced authentication mechanisms when considered necessary.
    • Secure storage: Personal data collected through forms, subscriptions, or virtual registrations is stored on platforms with encrypted protocols (HTTPS), secure content management systems, and hosting services that comply with international security standards.
    • Training and awareness: Our team receives periodic training on the protection of personal data, the proper use of technological tools, and confidentiality in data processing.
    • Access restriction and monitoring: Access to information on internal platforms is monitored, limiting the viewing and modification of data only to authorized personnel.
      Backup: Automatic and periodic backups of the databases are performed, ensuring recovery in case of incidents.
    • Continuous updating: Security policies and measures are periodically reviewed and updated to ensure their adequacy to technological risks and regulatory changes.

These actions are part of the comprehensive commitment of MÁS IMPULSO S.A.S. to protect the information of those who trust our services and to guarantee transparency and responsibility in the handling of their data.

 

5.17. Prohibitions

In compliance with Law 1581 of 2012 and its regulatory decrees, and in line with the ethical commitment of MÁS IMPULSO S.A.S. to protect the personal information of its users, the following prohibitions are established for all collaborators, contractors, partners, and third parties who have access to personal data in the course of their duties:

The processing of personal data without the proper authorization of the data subject is prohibited. This includes access, use, management, transfer, communication, storage, or any other form of processing personal information that does not have the prior, express, and informed authorization of the data subject. Failure to comply with this rule may result in internal, contractual, and legal sanctions, in accordance with current legislation.

The transfer, circulation, or disclosure of personal data to third parties without the authorization of the data subject or without an express legal justification is prohibited. Any transfer or communication must be recorded in the internal data processing system and approved by the person responsible for or custodian of the MÁS IMPULSO S.A.S. database.

The processing of sensitive personal data without the express consent of the data subject is prohibited. In the exceptional case that, during internal audits or reviews of information systems, sensitive data stored without valid justification is detected, the user or collaborator will be notified for its immediate deletion. If this is not possible, MÁS IMPULSO S.A.S. will securely delete the data.

Any action that may fall under the behaviors established in Law 1273 of 2009 (Computer Crimes) is prohibited, unless there is express authorization from the data subject or a legal or contractual mandate that allows it.

The processing of personal data of children and adolescents without the express authorization of their legal representatives is prohibited. In cases where it is necessary to collect and process this type of information (for example, for enrollment in Christian training programs, educational subscriptions, or virtual activities), their prevailing rights must be respected, and reinforced protection measures applied, in accordance with the Childhood and Adolescence Code.

MÁS IMPULSO S.A.S. reserves the right to take disciplinary or legal measures against any violation of these prohibitions, in order to guarantee confidentiality, integrity, and legality in the processing of personal data.

 

    1. Designation of Department or Person in Charge of Processing for Data Subjects to Exercise Their Rights of Requests, Inquiries, and Claims
      At MÁS IMPULSO S.A.S., the responsibility for the proper processing of personal data lies with the entire organization. Each collaborator, from their role, shares the responsibility of ensuring the application of this policy, especially in the areas that manage personal information as part of their operational processes, user service, subscriptions, or commercial activities.

However, in order to clearly, efficiently, and promptly handle requests related to the exercise of data subject rights (inquiries, updates, corrections, revocations, deletions, and claims), the following department is designated as responsible for personal data attention:

Administrative Directorate – Data Protection

📍 Calle 14A No. 5-67, Chiquinquirá, Boyacá – Colombia
📧 [email protected]
📞 +57 3112085913 or +57 314 255 5942

This department will be responsible for:

Receiving, channeling, and responding to requests from data subjects.
Ensuring compliance with legal deadlines to respond to inquiries and claims as established in Law 1581 of 2012 and its regulatory decrees.

Overseeing the effective application of principles, duties, and security measures in the processing of personal data within the company.
Consolidating and keeping updated the documentation regarding authorizations and processing activities carried out.

Any data subject may exercise their rights through the mentioned channels, free of charge, in compliance with the law and the principles of transparency, legality, and access.

    1. Entry into Force and Updates of the Personal Data Processing Policy Manual
      MÁS IMPULSO S.A.S. will promptly inform data subjects in case of substantial changes to the content of this Personal Data Processing Policy Manual, especially when these affect aspects such as:
    • The identification of the data controller and/or processor.
    • The purpose of the personal data processing initially authorized.

Such changes will be communicated before their implementation or, at the latest, at the time they take effect, through our website (www.masimpulsoglobal.com).

When changes involve a new purpose for processing, a new express authorization from the data subject will be requested, as required by current regulations.

The most recent version of this manual may be consulted at any time through our website or requested directly from the Administrative Directorate – Data Protection.

This Personal Data Processing Policy was created on the seventh (7th) day of May, two thousand twenty-five (2025), and entered into force as of that same date.