LEGAL WARNING
IDENTIFICATION DATA

Responsible identity: SULY MARCELA MURIEL
Business name: MDE BNB SAS
NIT / C.C / C.E: 901221795-3
Email: sales@mdebnb.com

PRIVACY POLICY
general
Definitions
General Regulation for the Protection of Personal Data
Treatment Policy or Personal Data Management
Holder Authorization for Data Processing
Purposes and Uses of Personal Data
Express Authorization for the Transfer of Personal Data
Rights of the holders of the data
Retention of Information
Duties of NAME COMPANY as responsible for the Treatment
Information received from the owners
Database
Collection of the information of the Holders
Transfer of Data to Third Parties
Advertisements
Cookies and local storage
Security
Changes in the Privacy Policy
Attention to inquiries, requests, complaints and claims
Revocation of authorization and / or deletion of data
Information privacy
Validity
general
Concerns or doubts of the Owners
Notification and Contact Information of MDE BNB SAS

1. General

PLEASE READ THESE PRIVACY POLICIES CAREFULLY, AS THEY CONTAIN IMPORTANT INFORMATION REGARDING THE CONDITIONS AND CLAUSES REGARDING THE HANDLING OF THE INFORMATION, AS WELL AS THE OBLIGATIONS AND LEGAL AND REGULATORY PROVISIONS RELATING TO THE USE OF THIS BY US. In order to develop our social purpose, we take care of the processing of personal data, and we also collect, store and transfer them, all in accordance with what the law authorizes. We will talk about the people from whom we use personal data as a Holder. NAME COMPANY is committed to protecting the information of the Owner. Therefore, it respects and protects the data of the Holders to guarantee the adequate compliance of the current law (Law 1581 of 2012 and Regulatory Decree 1377 of 2013), by which the constitutional right of all persons known is developed, update and rectify the information that has been collected about them in databases, and the other rights, liberties and constitutional guarantees referred to in Article 15 of the Political Constitution; as well as the right to information enshrined in article 20 thereof.

2. Definitions

Before entering the subject, it is important to establish the definitions of some concepts so that you know what we mean by them. Whenever you have any doubt in this regard, you can return to this list to resolve it. Owner: Each one of the natural persons with whom the personal data is related. Personal Data: A set of information likely to be related to one or more natural persons. Data Processing (or "Treatment"): Any operation or set of operations on personal data, such as collection, recording, registration, organization, conservation, modification, extraction, consultation, transmission, deletion, destruction, use. Responsible for the Treatment: Natural or legal person, public or private, that by itself or in association with others, decides on the database and / or the treatment of the data. Responsible for the Treatment: Natural or legal person, public or private, that by itself or in association with others, performs the processing of personal data on behalf of the Treatment Manager. Database: Organized set of personal data that is subject to Treatment.

3. General

Regulation for the Protection of Personal Data NAME COMPANY implements its data collection and processing, in accordance with current legal regulations, so: It has a security protocol established and implemented by the entire work team, which is trained with all the security rules on personal data that are collected and stored in NAME COMPANY, for an appropriate use of this information. Use for the management of information, tools and integrations with third parties that comply with the law for specific purposes without the right to be shared or used for a purpose other than the one initially authorized by the Owner. It complies with the general principles of law in terms of data quality, consent and right of information; and offers all data owners the rights of access, rectification, portability of data, restriction, deletion and opposition. It complies with the general criteria of legality, loyalty and transparency of data processing. The ends are determined, explicit and legitimate. Applies the minimization of data, by collecting only the appropriate data, relevant and limited to what is necessary. It guarantees the accuracy and updating of them and keeps them only for the time necessary for the purposes of the treatment. It adapts the appropriate technical and organizational measures to guarantee an adequate level of security.

4. Treatment Policy or Personal Data Management

MDE BNB SAS requires the free, prior, express and informed consent of the Owner of personal data for the treatment thereof, except in cases expressly authorized by law. Said authorization will be granted by the Holder, who must prove his identity in sufficient form, according to the conditions indicated by us; or the beneficiaries, guardians, representatives or representatives of the owner, who must prove such quality, representation or empowerment. The Owner authorizes MDE BNB SAS to use, transfer to third parties, store and use the personal information of the Owner to improve the service on the Platform and offer the commercial services it provides. MDE BNB SAS, has as its main address the city of MEDELLÍN - COLOMBÍA - CARRETERA 34 11 B 51 IN 402. The data processing policy as well as the Terms of Use and the Privacy Policy can be found on our website (https://mdebnb.com)

5. Holder's Authorization for Data Processing

MDEBNB in order to guarantee the principle of consent, obtains the authorization of the owner for the processing of data for free, clear and transparent, through different means, including the physical document, email, web page, forms, telephone call , or in any other format that demonstrates that the Information Treatment Policy was disclosed and that the owner authorizes the processing of their personal data. MDEBNB may deliver the information of the Data Holders to the following: To the Holders of the data, their heirs or representatives at any time and through any means when they request it to MDE BNB SAS. To the judicial or administrative entities in the exercise of functions that elevate any requirement to MDE BNB SAS so that the information is delivered to it. To third parties that are authorized by any law. To third parties to whom the Data Holder expressly authorizes to deliver the information and whose authorization is delivered to the MDE BNB SAS. The Holder's Authorization will not be necessary in the following cases: Information required by a public or administrative entity in the exercise of its legal functions or by court order. Data of public nature. Cases of medical or sanitary emergency. Treatment of information authorized by law for historical, statistical or scientific purposes. Data related to the Civil Registry of Persons. The holders of personal data may at any time revoke the authorization granted to MDE BNB SAS for the processing of their personal data or request the deletion of the same, provided it is not prevented by a legal or contractual provision.

6. Purposes and Uses of Personal Data

MDE BNB SAS in the development of its corporate purpose and relations with employees, customers, suppliers, creditors, strategic allies, subsidiaries, distributors, among others, collects data that is limited to personal data that are relevant and appropriate for the following purposes : Develop administrative activities, human resources, payroll and internal management of the website and platform of Establish consolidated and updated information of customers and third parties. Develop commercial, promotional, advertising and information activities of its own and of third parties. Send own and third party advertising, by phone or email. Create close knowledge of your clients and third parties for segmentation, marketing and sales activities. Contact the Owners to monitor and evaluate the quality of our services. Develop supplier management activities, including billing, commercial management and collections. Improve the Holder's experience. Know the preferences of the Owners. In relation to the above purposes, MDEBNB may: Obtain, store, compile, exchange, update, collect, process, reproduce and / or dispose of the data or partial or total information of the Holders of personal data. Sort, order and segment the information provided by the Data Owner. Compare, verify and validate the data you obtain in due form with credit risk centers with which you have business relationships. Extend the information obtained, under the terms of the Law, to the companies with which it contracts the services of collection, storage, handling and treatment of its Databases prior to the corresponding authorizations and legal requirements that in that sense are necessary. Transfer the data or partial or total information to its subsidiaries, businesses, companies and / or affiliated entities and strategic allies.

7. Express Authorization for the Transfer of Personal Data

Your data will be processed in Colombia and may be processed in any other country depending on the location of affiliates, business partners and other entities that are allowed access to this information under the conditions of these Privacy Policies. By accessing or using the MDE BNB SAS digital platforms, or by transmitting your personal data, you specifically agree to such transfer and to any other purpose related to it. It is important to point out that among the places where your data could be processed could be countries that do not enjoy the same degree of data protection as the country from which the information has been provided. If this is the case, we will adopt all reasonable measures to ensure that your data is treated with the levels of protection and security that they would receive if they were in Colombia with the protection, among others, of Law 1266 of 2008 that regulates the management and privacy of information and data protection in accordance with public order.

8. Rights of the holders of the data

Know, access, update, rectify, delete and consult your Personal Data at any time regarding data that you consider partial, inaccurate, incomplete, split, those that lead to error or those whose Treatment is expressly prohibited or has not been authorized. Request at any time proof of the authorization granted to Be informed by MDE BNB SAS of the use that has been given to Personal Data, upon request. Consult the control and security mechanisms arranged and request specific related information. Request the deletion of any data and / or revoke the authorization when it considers that MDE BNB SAS has not respected its constitutional rights and guarantees, or simply when it wishes to do so. Submit to the Superintendency of Industry and Commerce the complaints it deems pertinent to enforce its right to Habeas Data against MDE BNB SAS. Object, claim, complain and request the portability of your data.

9. Information Retention

MDE BNB SAS retains your personal information for as long as necessary for the purposes set forth in this privacy policy. At times, you may withhold information for longer periods as allowed or required by law, for example, to maintain deletion lists, prevent abuse, if required in connection with a claim or legal proceeding, to enforce our agreements, for tax or accounting reasons, or to comply with other legal obligations. When we no longer have a legitimate need to process the information, we will delete or anonymize your information from our active databases. We will also store the information securely and isolate it on backup discs to prevent it from being processed until the removal can be done.

10. Duties of MDE BNB SAS as responsible for the Treatment

MDE BNB SAS recognizes that the Personal Data are the property of its Owners and that only they can decide on these. In accordance with the above, MDEBNB assumes the following duties in its capacity as Responsible for Treatment: Have the channel to obtain the express authorization by the Owner to perform any type of data processing. Request and keep, under the conditions provided in the Law on Protection of Personal Data, a copy of the respective authorization granted by the Holder. Inform in a clear and express way to Data Holders the Treatment to which they will be submitted and the Purpose of said Treatment by virtue of the authorization granted. Guarantee the Holder of the information, at all times, the full and effective exercise of the right of habeas data. Provide the Data Processor, as the case may be, only data whose treatment is previously authorized in accordance with the provisions of the Personal Data Law. Inform the rights of all the Holders regarding their data. Maintain and ensure the security of stored Personal Data records to prevent their deterioration, loss, alteration, unauthorized or fraudulent use. Perform periodic and timely update and rectification of data, whenever the owners of the same report news or requests. Inform the identification, physical and / or electronic address and telephone number of the person or area that will have the quality of Responsible for the Treatment. If there are substantial changes in the content of this Information Processing Policy which may affect the content of the authorization that the Owner has given to MDE BNB SAS, this will promptly and efficiently communicate the changes before or at the latest. at the time of implementation of the new policies.

11. Information received from the Holders

MDE BNB SAS can collect two types of data and information:
11.1 Non-Personal Information:
It is anonymous and non-identifiable information ("Non-Personal Information"). MDE BNB SAS does not know the identity of the Owner that enters the platform and does not leave their personal data. Non-personal information is classified into technical information and behavioral information, as detailed below:
11.1.1 Technical information
Type of operating system (Windows, Linux, etc.) Type of browser (Explorer, Firefox, Chrome, Safari, etc.) Screen resolution (for example 800 x 600, 1024 x 768, etc.) Language keyboard and browser (for example, English) IP adress. Computer configurations, adjustments and any other technical data or similar information.
11.1.2 Behavioral information
Links that the Owner uses while browsing the website. Information related to the activities of the Owner on the web page, such as the date of entry, time at which the page is accessed, duration of the visit to the page, among others. Any information about the behavior on the website.
11.1.3 Location information:
If the Owner allows the website to access the location services through the system of permissions that the mobile operating system uses, MDE BNB SAS may also collect the exact location of the Holder's device or the approximate location of the IP address.
11.1.4 Use and preferences information:
We collect information about the Owner and the visitors of the Platform when interacting with the Services, expressed preferences and selected configurations. In some cases MDE BNB SAS does so through the use of cookies, pixel tags and similar technologies that create and maintain unique identifiers.
11.1.5. Device Information:
We may collect information about the Holder's mobile device or equipment, including, for example, the hardware model, the operating system and version, the names and versions of the files and software, the preferred language, the unique identifier of device, advertising identifiers, serial number, movement information of the device and information of the mobile network.
11.1.6. Registry information:
When the Owner interacts with the web platform, MDE BNB SAS collects server logs, which may include information such as device IP addresses, access dates and times, functions of the application or pages visited, application locks and other activity of the device. system, type of browser and the third-party site or service that you were using before interacting with our Services.
11.2 Personal Information:
It is individually identifiable information ("Personal Information") that identifies the Owner and is private. The Personal Information collected by MDEBNB consists of the personal data entered voluntarily by the Owner and are the following: First name SULY MARCELA ID 901221795-3 Phone 3014459875 Address MEDELLÍN - COLOMBÍA - CARRETERA 34 11 B 51 IN 402 Email sales@mdebnb.com

12. Database

MDE BNB SAS acts as responsible and responsible for the treatment of the following databases: Database of the MDE BNB SAS Holders. Database of customers, suppliers, sales, purchases, expenses and inventories of the company that hires the service. Employee data bases Each database collects and stores the respective personal information, with prior authorization and in accordance with the purposes established in this privacy policy. This information may have internal management, that is, within MDE BNB SAS, or by external, as with suppliers or third parties. The personal information contained in these databases is kept for the duration of the business relationship plus an additional period of 10 years. If in an individual case, there are indications of a need for protection or historical interest in these data, the storage period will be extended until the legal need for protection has been clarified.

13. Collection of the information of the Holders

There are three times when MDE BNB SAS receives the information: 13.1 At the moment in which the Holder diligees the form. 13.2. When the Owner uploads any other type of information in the Platform later. 13.3. When the Owner delivers his personal data by telephone call. 13.4. When the Owner subscribes to advertising campaigns that benefit MDE BNB SAS.

14. Transfer of Data to Third Parties

As a general rule, your data will not be transmitted to third parties, except in cases where we are legally obliged to do so, in case the transfer of data is necessary for the establishment of the contractual relationship or when you have given us your explicit consent prior to the transfer of data. For the internal management of the data, these may be known by the authorized personnel of MDE BNB SAS, who must know the security procedures and data collection. For the external management of the data, that is, when I transfer or transfer personal data to third parties, such as suppliers or affiliated companies, among others, we will ensure that they comply with the legislation on data protection, with the security measures and the same guarantees granted by us. Also, we recommend you consult the data protection policy of the corresponding provider. The scope of the transmitted data will be the minimum necessary. The foregoing in accordance with the authorizations that have been granted by the Holders of personal data. MDE BNB SAS for these cases will subscribe the transmission contract that takes place under the terms of Decree 1074 of 2015. Once the need for Processing of Personal Data ceases, they will be removed from the databases of MDE BNB SAS in safe terms .

15. Ads

The Holders accept that MDE BNB SAS may use their contact information in order to inform them about Offers or Promotions and with their prior authorization send you advertisements and other marketing material, transmitted to the email address provided by the Holder. The Holder can unsubscribe from the service of sending marketing material at any time by sending a notification to the means provided in this document or by replying to the mail from which the advertisement was sent. It is clarified that MDE BNB SAS is not responsible for the content of said advertisements and the products delivered or services provided by third parties.

16. Cookies and storage of local information

By accessing the platform, MDE BNB SAS can use technologies such as "cookies" (or similar technologies), which store certain information on the computer ("Local Storage") and which allows the automatic activation of certain features and the best use of the service. The cookies does not include any information about the Owner, except the session password, which is deleted at the end of the session in the application (usually after 24 hours). Most browsers allow you to erase cookies from your hard drive, accept cookies blocking, or receive a warning before a cookie is stored. To erase or deactivate the Local Storage option, the Owner must use the configuration option according to the specific instructions provided by the technology provider. However, if the Holder blocks or deletes cookies, the Online Holder's experience may be limited. MDE BNB SAS uses certain third-party cookies each time the Owner visits any of the MDE BNB SAS websites or any of the advertisers where we do the management, when visiting other websites that use similar cookies without altering the service of the Platform. Third-party cookies are stored only as non-personal information, such as the history of the web pages visited, the duration of your browsing, etc.

17. Security

MDE BNB SAS foresees, takes care of and adopts the technical, human and administrative measures that are necessary to maintain the security of the Holders' information and tries to avoid their loss, adulteration, access or consultation of third parties not authorized to the Application through standard technologies of industry and internal procedures, including through the use of symbols and encryption mechanisms. However, MDE BNB SAS does not guarantee that unauthorized access will never occur. Likewise, we guarantee that: MDE BNB SAS has security protocols and access to information, storage and processing systems, including physical security risk control measures. Monitoring of the system is carried out through vulnerability analysis. The MDE BNB SAS staff that performs the processing of personal data executes these protocols in order to guarantee the security of the information. MDE BNB SAS has the duty to notify if there is a security breach in the information to the Holders within 72 hours to it. Access to the different databases is restricted even for employees and collaborators. All employees and third parties have signed confidentiality clauses in their contracts and are committed to the proper manipulation of databases in accordance with the guidelines on the treatment of information established in the Law. It is the responsibility of the Owner to have all security controls on their equipment or private networks for navigation to our portals.

18. Changes to the Privacy Policy

Any information of the Holder is regulated by the Terms and Conditions and Privacy Policies of the Platform, MDE BNB SAS reserves the right to modify them at any time, for which the Holder is recommended to visit this page frequently. In case of any material change, MDE BNB SAS will do everything possible to publish a notice of such modification in the Application. Any change in the Privacy Policy will take effect from the "last update" and the continued use of the service by the Holder on the date of the last review will constitute acceptance thereof.

19. Attention to inquiries, requests, complaints and claims

Any holder or successor of Personal Data has the right to ask questions and requests to the MDEBNB to know, access, update, rectify, delete information, request the portability of the data and revoke the authorization or to make requests, complaints and claims regarding the Treatment that MDE BNB SAS gives to the information. The Holders can contact the Administrative Area responsible for the attention of requests, complaints and claims through the following channels: Email: sales@mdebnb.com The consultation must have the full name of the Holder, the description of the query, request, petition, complaint or claim, the residence address, the contact telephone number and the electronic mail. The owner of the information must submit and / or attach the following documents: If it is the Holder: Valid identity document. If it concerns the successor in title: Valid identity document, Civil Registry of Death of the Holder, Document that proves the quality in which it acts and the identity document number of the Holder. If it is a legal representative and / or proxy: Valid identity document, Document proving the quality of legal representative and / or agent of the holder and the identity document number of the Holder In the event that the query is incomplete, MDE BNB SAS will request the interested party to correct the faults within five (5) days following receipt of the claim. After two months from the date of the request, without the applicant submitting the required information, it will be understood that he has withdrawn the claim or request. The consultation will be attended within a maximum term of ten (10) business days counted from the date of filing. When it is not possible to attend the consultation within said term, the reasons for the delay will be informed, and the date on which the consultation will be attended, which in no case may exceed five (5) business days following the expiration of the first term. . Once the respective legal term has expired, NOMBRE EMPRESA does not remove the personal data of the Holder who requested it from the databases, the Holder will have the right to request the Superintendence of Industry and Commerce to order the revocation of the authorization and / or the suppression of Personal information.

20. Revocation of the authorization and / or deletion of the data

Any holder or successor of Personal Data has the right to request from MDE BNB SAS the total or partial elimination of their Personal Data. For this, the procedure established in the previous point of this document will be followed. The deletion of Data will operate and be final provided that: (a) they are not being treated in accordance with the provisions of current legislation, (b) they are no longer necessary for the purpose for which they were collected or, (c) ) the period of time required to fulfill the purpose for which they were collected has been exceeded. MDEBNB may deny the elimination when: (a) The Holder has the legal and / or contractual duty to remain in the database; (b) The suppression of the data hinders judicial or administrative proceedings in progress.

21. Information privacy

MDE BNB SAS is committed to protecting the information of the Owners. Therefore, it respects and protects personal data in accordance with the laws in force in Colombia and regulations governing the handling and privacy of information and data protection, Law 1266 of 2008, which are in accordance with public order.

22. Validity

These Information Processing Policies are effective as of August 13, 2018 and the Databases containing the information of the Holders will have a validity of 10 years, extendable for equal periods.

23. General

In case of any dispute between the Owner and MDEBNB regarding the Privacy Policies, the parties agree to take the differences before the Arbitration Court of Colombia and accept that these courts are the competent ones when resolving the disputes of said lawsuits under Colombian law.

24. Concerns or doubts of the Owners

If you have any questions (or comments) about the Privacy Policy, the Owner can send an email to the following address: sales@mdebnb.com, MDE BNB SAS will respond in the shortest possible time.

25. Notification and Contact Information of MDE BNB SAS

MDE BNB SAS is located at the following address and the contact information is as follows, the foregoing for the purpose of being notified of any judicial act or of any type. ADDRESS MEDELLÍN - COLOMBÍA - CARRETERA 34 11 B 51 IN 402 Phone: 3014459875 MDEBNB Last Update September 18, 2018