top of page

Privacy Policy

OBJECTIVE

Lexa Wealth's Privacy Policy follows the guidelines established by the "Alliance for Online Privacy Protection" and the requirements provided for in local and international legislation on Personal Data protection, including the European Union's General Data Protection Regulation 679 of 27 April 2016 (GDPR), as well as Colombian regulations such as the Political Constitution of Colombia - Article 15, Law 1266 of 2008, Statutory Law 1581 of 2012, Regulatory Decree 1727 of 2009, Regulatory Decree 2952 of 2010, Partial Regulatory Decree 1377 of 2013 and Decree 1759 of 2016. This policy sets out the guidelines for the treatment of third party information on our website.

DEFINITIONS

For the purposes of the execution of this policy and in accordance with legal regulations, the following definitions shall apply: a) Authorisation: Prior, express and informed consent of the Data Subject to carry out the Processing of personal data; b) Privacy Notice: Physical, electronic or any other format generated by the controller that is made available to the Data Subject for the processing of his/her personal data. The Privacy Notice informs the Data Subject of the existence of the information processing policies that will be applicable to him/her, the way to access them and the purpose of the processing that is intended to be given to the personal data; c) Database: Organised set of personal data that is subject to processing; d) Personal data: Any information linked or that may be associated to one or more specific or determinable natural persons; e) Public data: Data qualified as such according to the provisions of the law or the Political Constitution and that which is not semi-private, private or sensitive. Public data includes, among others, data relating to the civil status of persons, their profession or trade, their status as traders or public servants, and data that may be obtained without any reservation whatsoever. Due to their nature, public data may be contained, inter alia, in public registers, public documents, gazettes and official bulletins; f) Private data: Data which, due to its intimate or reserved nature, is only relevant to the data subject; g) Sensitive data: Sensitive data is understood to be that which affects the privacy of the Data Subject or whose improper use may generate discrimination, such as that which reveals racial or ethnic origin, political orientation, religious or philosophical convictions, membership of trade unions, social organisations, human rights organisations or that promotes the interests of any political party or that guarantees the rights and guarantees of opposition political parties, as well as data relating to health, sexual orientation and biometric data; h) Data Processor: Natural or legal person, public or private, who by himself or in association with others, carries out the Processing of personal data on behalf of the Controller; i) Data Controller: Natural or legal person, public or private, who by himself or in association with others, decides on the database and/or the Processing of the data; j) Data Subject: Natural person whose personal data are subject to Processing; k) Processing: Any operation or set of operations on personal data, such as the collection, storage, use, circulation or deletion thereof. 

PURPOSE FOR WHICH THE COLLECTION OF PERSONAL DATA AND THEIR PROCESSING IS CARRIED OUT

 

 

Lexa Wealth may use personal data to: 

  • Perform the development of its corporate purpose.

  • Advertising material related to the services provided by the company.To comply with the obligations acquired with our customers, suppliers and employees.

  • Administrative management, collections and payments, billing, suppliers, customers, economic and accounting.

  • Reporting information to public entities mandated by law.

PRINCIPLES APPLICABLE TO THE PROCESSING OF PERSONAL DATA

The processing of personal data at Lexa Wealth shall be governed by the following principles: a) Principle of purpose: The processing of personal data collected must obey a legitimate purpose, which must be informed to the Data Subject; b) Principle of freedom: The processing may only be carried out with the prior, express and informed consent of the Data Subject. Personal data may not be obtained or disclosed without prior authorisation, or in the absence of a legal or judicial mandate that relieves the consent; c) Principle of truthfulness or quality: The information subject to Processing must be truthful, complete, accurate, updated, verifiable and understandable. No partial, incomplete, fractioned or misleading data shall be processed; d) Principle of transparency: The right of the Data Subject to obtain from Lexa Wealth, at any time and without restrictions, information about the existence of data concerning him/her, must be guaranteed in the Processing; e) Principle of access and restricted circulation: The Processing is subject to the limits derived from the nature of the personal data, from the provisions of this law and the Constitution. Personal data, except for public information, and as provided in the authorisation granted by the data owner, may not be made available on the Internet or other means of dissemination or mass communication, unless access is technically controllable in order to provide restricted knowledge only to data owners or authorised third parties; f) Principle of security: The information subject to Processing by the company  Lexa Wealth shall be protected through the use of technical, human and administrative measures that are necessary to provide security to the records avoiding their adulteration, loss, consultation, use or unauthorized or fraudulent access; g) Principle of confidentiality: All persons involved in the Processing of personal data are obliged to ensure the confidentiality of the information, including after the end of their relationship with any of the tasks that comprise the Processing. 

 

 

 

Paragraph: In the event that sensitive personal data is collected, the Data Subject may refuse to authorise its processing.

TREATMENT OF SENSITIVE DATA

Given the relevance of some information to establish contact with our customers, suppliers and employees, such as information related to the health of the person, results of medical diagnoses, treatments and medications, preference data, identity and sexual orientation, among others that may be considered sensitive data, the company Lexa Wealth, will ensure that the treatment of this information will be carried out seeking to establish mechanisms to improve their care processes, also ensuring the privacy of the same and in compliance with the provisions contained in Law 1581 of 2012 and Chapter 25 of Decree 1074 of 2015.

PROCESSING OF PERSONAL DATA OF MINORS

The processing of data of minors must comply with and respect their rights. In the event of processing the Personal Data of minors, Lexa Wealth shall observe the applicable regulations and the pronouncements of the Constitutional Court on this matter.

RIGHTS OF THE HOLDERS OF PERSONAL DATA PROCESSED BY LEXA WEALTH

The holders of personal data by themselves or through their representative and/or proxy or their successor in title may exercise the following rights with respect to the personal data processed by Lexa Wealth: a) Right of access: By virtue of which you may access the personal data under the control of the company  Lexa Wealth, for the purpose of consulting them free of charge at least once every calendar month, and every time there are substantial modifications to the Information Processing Policies that motivate new consultations; b) Right to update, rectification and deletion: By virtue of which you may request the updating, rectification and/or deletion of the personal data subject to processing, in such a way that the purposes of the processing are satisfied; c) Right to request proof of authorisation: except in those events in which, according to the legal regulations in force, authorisation is not required to carry out the processing; d) Right to be informed regarding the use of the personal data; e) Right to file complaints before the Superintendence of Industry and Commerce: for infringements of the provisions of the regulations in force on the processing of personal data; f) Right to require compliance with the orders issued by the Superintendence of Industry and Commerce. 

 

FIRST PARAGRAPH: For the purposes of exercising the rights described above, both the holder and the person representing him/her must prove their identity and, if applicable, the capacity in which they represent the holder.


SECOND PARAGRAPH: The rights of minors shall be exercised through persons authorised to represent them;

 

DUTIES OF LEXA WEALTH

All those obliged to comply with this policy must be aware that Lexa Wealth is obliged to comply with the duties imposed by law in this respect. Accordingly, the following obligations must be complied with: A. Duties when acting as a data controller: (i) Request and keep, under the conditions set out in this policy, a copy of the respective authorisation granted by the data subject. (ii) Inform the data subject clearly and sufficiently about the purpose of the collection and the rights he/she has by virtue of the authorisation granted. (iii) Inform at the request of the holder on the use given to their personal data (iv) Process queries and claims made under the terms set out in this policy (v) Ensure that the principles of accuracy, quality, security and confidentiality in the terms set out in the following policy (vi) Keep the information under the security conditions necessary to prevent tampering, loss, consultation, use or unauthorized or fraudulent access. (vii) Update the information when necessary. (viii) Rectify personal data when appropriate. B. Duties when acting as Processor of personal data, If the data processing is carried out on behalf of another entity or organisation (Data Controller), the following duties must be complied with: (i) Establish that the Data Controller is authorised to provide the personal data that it will process as Processor (ii) Guarantee the data subject, at all times, the full and effective exercise of the right of habeas data. (iii) Keep the information under the security conditions necessary to prevent its adulteration, loss, consultation, unauthorised or fraudulent use or access. (iv) Update, rectify or delete the data in a timely manner. (v) Update the information reported by the data controllers within five (5) working days of its receipt. (vi) Process the queries and claims made by the data subjects under the terms set out in this policy. (vii) Register in the database the legend "complaint in process" in the manner established in this policy. (viii) Insert in the database the legend "information under judicial discussion" once notified by the competent authority on judicial proceedings related to the quality of the personal data. (ix) Refrain from circulating information that is being disputed by the holder and whose blocking has been ordered by the Superintendence of Industry and Commerce. (x) Allow access to the information only to persons authorised by the owner or empowered by law to that effect. (xi) Inform the Superintendency of Industry and Commerce when there are violations to the security codes and there are risks in the administration of the information of the owners. (xii) Comply with the instructions and requirements issued by the Superintendency of Industry and Commerce. C. Duties when processing is carried out through a Data Processor (i) Provide the Data Processor only with the personal data whose processing is previously authorised. For the purposes of the national or international transmission of data, a contract for the transmission of personal data must be signed or contractual clauses must be agreed in accordance with the provisions of article 25 of Decree 1377 of 2013. (ii) Ensure that the information provided to the Data Processor is truthful, complete, accurate, updated, verifiable and understandable. (iii) Communicate in a timely manner to the Data Processor all developments with respect to the data previously provided and take other necessary measures to ensure that the information provided to the Data Processor is kept up to date. (iv) Inform the Data Processor in a timely manner of any corrections made to the personal data so that it may proceed to make the relevant adjustments. (v) Require the Data Processor, at all times, to respect the conditions of security and privacy of the data subject's information. (vi) Inform the Data Processor when certain information is under discussion by the data subject, once the complaint has been filed and the respective process has not been completed. D. Duties with respect to the Superintendence of Industry and Commerce (i) Inform it of possible violations of the security codes and the existence of risks in the administration of the data subjects' information. (ii) Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce;

REQUEST FOR AUTHORISATION TO THE HOLDER OF THE PERSONAL DATA

Prior to and/or at the time of collecting the personal data, Lexa Wealth shall request the data owner's authorisation to collect and process the data, indicating the purpose for which the data is requested, using automated, written or oral technical means for this purpose, which allow proof of the authorisation and/or unequivocal conduct described in article 7 of Decree 1377 of 2013 to be preserved. Such authorisation shall be requested for the time that is reasonable and necessary to meet the needs that gave rise to the request for the data and, in any case, in compliance with the legal provisions governing the matter;

PRIVACY NOTICE

In the event that Lexa Wealth is unable to make this information processing policy available to the owner of the personal data, it shall publish the privacy notice attached to this document, the text of which shall be kept for subsequent consultation by the owner of the data and/or the Superintendence of Industry and Commerce;

TIME LIMITS ON THE PROCESSING OF PERSONAL DATA

Lexa Wealth may only collect, store, use or circulate personal data for the time that is reasonable and necessary, in accordance with the purposes that justified the processing, taking into account the provisions applicable to the matter in question and the administrative, accounting, fiscal, legal and historical aspects of the information. Once the purpose or purposes of the processing have been fulfilled, and without prejudice to legal provisions to the contrary, the personal data in its possession shall be deleted. However, personal data must be retained when required for compliance with a legal or contractual obligation.

ÁREA RESPONSABLE Y PROCEDIMIENTO PARA EL EJERCICIO DE LOS DERECHOS DE LOS TITULARES DEL DATO PERSONAL

La administración será la responsable de atender las peticiones, quejas y reclamos que formule el titular del dato en ejercicio de los derechos contemplados en el numeral 7 de la presente política, a excepción del descrito en su literal e). Para tales efectos, el titular del dato personal o quien ejerza su representación podrá enviar su petición, queja o reclamo al correo electrónico info@lexawealth.com. La petición, queja o reclamo deberá contener la identificación del Titular, la descripción de los hechos que dan lugar al reclamo, la dirección, y acompañando los documentos que se quiera hacer valer. Si el reclamo resulta incompleto, se requerirá al interesado dentro de los cinco (5) días siguientes a la recepción del reclamo para que subsane las fallas. Transcurridos dos (2) meses desde la fecha del requerimiento, sin que el solicitante presente la información requerida, se entenderá que ha desistido del reclamo. En caso de que quien reciba el reclamo no sea competente para resolverlo, dará traslado a quien corresponda en un término máximo de dos (2) días hábiles e informará de la situación al interesado. Una vez recibido el reclamo completo, se incluirá en la base de datos una leyenda que diga “reclamo en trámite” y el motivo de este, en un término no mayor a dos (2) días hábiles. Dicha leyenda deberá mantenerse hasta que el reclamo sea decidido. El término máximo para atender el reclamo será de quince (15) días hábiles contados a partir del día siguiente a la fecha de su recibo. Cuando no fuere posible atender el reclamo dentro de dicho término, se informará al interesado los motivos de la demora y la fecha en que se atenderá su reclamo, la cual en ningún caso podrá superar los ocho (8) días hábiles siguientes al vencimiento del primer término. 

Si se trata de una consulta, esta será atendida en un término máximo de diez (10) días hábiles contados a partir de la fecha de recibo de esta. Cuando no fuere posible atender la consulta dentro de dicho término, se informará al interesado, expresando los motivos de la demora y señalando la fecha en que se atenderá su consulta, la cual en ningún caso podrá superar los cinco (5) días hábiles siguientes al vencimiento del primer término.

SECURITY MEASURES

In development of the security principle established in Law 1581 of 2012, Lexa Wealth will adopt the technical, human and administrative measures necessary to provide security to the records avoiding their adulteration, loss, consultation, use or unauthorised or fraudulent access. The personnel who process personal data shall execute the protocols established in order to guarantee the security of the information.

DATE OF ENTRY INTO FORCE

This Personal Data Policy was created in the month of November, and will enter into force as of the same month. Any changes to this policy will be reported in the means available for this purpose.

bottom of page