Privacy Policy
Our objective is to inform you in the simplest way about our Data Treatment Policy. If you have any questions, our communication channels are available at all times.
​
1. Who are we?
​
Anteia, is a specialized company that, through its platform, provides users with a person identity verification system through digital tools that are responsible for identifying and verifying the authenticity of the End User based on their fingerprint (biometrics, voice, face), for the celebration of intelligent contracts by means of electronic signatures.
This policy describes our privacy practices, establishes the purposes, scope, measures and procedures of the systems that are directly related to the personal data that the End User comes to know beforehand, in order to carry out the purpose and data processing. that the Client has contracted, as well as the mechanisms that the owners have to know, update, rectify or delete the data provided, or revoke the authorization that is granted with the acceptance of this Policy.
Anteia adopts and makes public this policy to all interested parties, which contains the guidelines and essential elements for compliance with the territorial laws on data protection from which the authorization for said treatment is signed.
​
2.Definitions
For the purposes and interpretation of this Policy, of the anteia obligations as well as the obligations and rights of the Holders, the terms indicated below will have the following meanings:
-
Authorization: Prior, express and informed consent of the Holder for the Treatment of personal data, in accordance with the purposes and in the terms of this Privacy Policy and Protection of Personal Data.
-
Privacy Notice: Verbal or written communication through which the Data Controller informs the Holder about the existence of the Privacy Policy that applies to him, the way to access it and the purposes of the Treatment that is intended. give personal data. The privacy notice is used only if it is not possible to make the Privacy Policy available to you.
-
Database: Organized set of personal data that is subject to Treatment.
-
Channels to exercise rights: Means of reception and attention to requests, queries and claims that the Responsible and/or the Treatment Manager make available to the Data Holders so that they can exercise their rights.
-
Biometric data: These are the biological or physical traits that allow a person to be identified as unique compared to the rest of the population; They are biometric data, among others, the fingerprint, the facial features, the pattern of the iris of the eye, the tone or timbre of voice.
-
Personal data: These are those that allow a person to be identified, for example, name, telephone number, ID, etc.
-
Semi-private Data: Data that is not of an intimate, reserved, or public nature and whose knowledge or disclosure may be of interest to its owner and to a certain sector or group of people or to society in general.
-
Public data: These are data that are not classified in the other categories, which is why they are considered residual, that is, they are not semi-private, private or sensitive. These concern a general interest, such as public documents, judicial sentence, those related to the civil status of people, among others.
-
Sensitive data: Data that is only relevant to its Owner, of a reserved nature and therefore primarily protected from potential marginal or discriminatory treatment, and that disturb the dignity of the affected or owner.
-
Public information: It is all information that an obligated subject generates, obtains, acquires, or controls in its capacity as such.
-
Classified public information: It is that information that, being in the possession or custody of an obligated subject in its capacity as such, belongs to the personal, private and semi-private sphere of a natural or legal person, for which reason its access may be denied or excepted, as long as it concerns legitimate and necessary circumstances and individual or private rights.
-
Responsible for the Treatment: Natural or legal person, public or private, that by itself or in association with others, decides on the database and/or the Treatment of the data.
-
Data Processor: Natural or legal person, public or private, that by itself or in association with others, performs the Processing of personal data on behalf of the Data Controller and following his instructions.
-
Owner: Natural person whose personal data is subject to Treatment.
-
Treatment: Any operation or set of operations on personal data, such as collection, storage, use, circulation or deletion.
-
Client: Natural or legal person, public or private, that has its own privacy policy and uses anteia services to be able to verify its own clients, who will be responsible for data processing, storage and security of the same and that They will refer to this policy and prior conditions as the end user.
-
End user: That person who, by order of the Client, uses the services contracted by him in advance.
-
Operator: The information operator is the person, entity or organization that receives personal data from the source about various owners of the information, manages them and makes them known to users under the parameters of the law.
-
Source of data: The source of information is the person, entity or organization that receives or knows personal data of the holders of the information, by virtue of a commercial or service relationship or of any other nature and that, by reason of legal authorization or of the owner, provides these data to an information operator, who in turn will deliver them to the end user.
-
Transfer: The transfer of data takes place when the person in charge and/or in charge of the processing of personal data sends the information or personal data to a recipient, who in turn is the person in charge of the treatment and is located in the same country or in another country. geographic location.​
-
Transmission: Treatment of personal data that implies the communication of the same inside or outside a territory, in order for the Manager to carry out the Treatment on behalf of the Responsible.
-
anteia INTELLIGENT ASSISTANT: - Intelligent System that through video (cognitive computing) makes the purchasing, contracting, and connection process more reliable, simple, and secure.
3. Principles of Personal Data Processing
During the processing of your personal data, anteia will observe the following principles at all times:
1. Principle of access and restricted circulation: The Treatment is subject to the limits that derive from the nature of the personal data and the authorizations given by the owner, as well as the provisions of this Policy, of the Territorial Law where the data is carried out. data treatment. Treatment may only be done by persons authorized by the Owner and/or by persons provided by law.
2. Principle of confidentiality: All persons involved in the Processing of personal data, when these data are not of a public nature, are obliged to guarantee the confidentiality of the information, even after the end of their relationship with any of the tasks included in the Treatment, being able to only provide or communicate personal data when it corresponds to the development of the activities authorized in the Territorial Law where the data processing is carried out.
3. Principle of Purpose: the Treatment will obey a legitimate purpose, and the declared, determined and explicit purpose made by the owner of the data in the express authorization for its treatment.
4. Principle of Freedom: Treatment may only be exercised with the prior, express and informed consent of the Holder. Personal Data will not be obtained or disclosed without prior authorization, or in the absence of a legal or judicial mandate that relieves the Owner's consent.
5. Principle of proportionality: anteia undertakes to only process personal data that is adequate, pertinent and limited to the minimum necessary in relation to the purposes that justify its treatment in accordance with the authorization duly granted.
6. Security principle: anteia, as Responsible and/or in charge of the Processing of personal and sensitive data, will provide the necessary technical, human and administrative measures to provide security to the personal data records, avoiding their adulteration, loss, consultation, use or unauthorized or fraudulent access.
7. Principle of Veracity or Quality: The information subject to Treatment will be true, complete, exact, updated, verifiable and understandable, the owner will be able to know, update and rectify the information collected in databases and the other rights, freedoms and guarantees to which refer to the territorial laws on data protection where the authorization to said treatment is signed.
8. Principle of maximum publicity for universal owner: All information in the possession, control or custody of an obligated subject is public and may not be reserved or limited except by legal provision.
​
4. Sensitive data
Anteia recognizes the optional nature of the response to questions regarding sensitive data, therefore, in cases in which data is processed temporarily, it is committed to protecting your personal and sensitive data, your privacy and your security.
For the above, we have a highly qualified technical privacy team, which is committed to protecting all personal and sensitive data collected in each of the services we provide and guaranteeing that they are handled in accordance with the territorial laws of where it is carried out. the processing of data, and this policy, especially guaranteeing the right to the protection of personal data.
5. Biometric Data
​
Anteia may collect biometric personal information (such as fingerprints, selfie facial photographs, iris, cadences, voice, signature, facial recognition, morphological features, among others), hereinafter "Biometric Data" in order to allow the identification of Users and/or o Holders, in accordance with the security parameters established in the regulation where the data is processed, good practices and those indicated by the authorities.
6. Rights of the Holders
a. Know, update and rectify your personal data before the Treatment Managers or Treatment Managers. This right may be exercised, among others, against partial, inaccurate, incomplete, fractioned, misleading data, or those whose Treatment is expressly prohibited or has not been authorized;
​
b. Request proof of the authorization granted to the Treatment Manager except when expressly excepted as a requirement for Treatment.
​
c. Submit complaints to the respective competent authority for violations of the laws that regulate the protection and treatment of data and other regulations that modify, add or complement it;
​
d. Revoke the authorization and/or request the deletion of the data when the Treatment does not respect the principles, rights and constitutional or legal guarantees or at the will of the data owner who does not want their data to continue to be processed by the company, unless Your data must continue to be processed by virtue of the Law or judicial order, in which case the owner will be informed respectively. The revocation and/or deletion will proceed when the respective competent authority has determined that in the Treatment the Responsible or Person in Charge has engaged in conduct contrary to the Data Protection Law of the territory where the treatment is carried out.
and. Free access to your personal data that have been processed;
7. Prior obligations
to. Inform the Client that because it is sensitive data, it must notify the end user that the latter is not obliged to authorize its Treatment, if the case arises, that the end user does not grant authorization for the treatment of their data, anteia will not be able to authenticate its identity.
​
b. In the event that the Client acts as data controller, anteia will request the Client to inform the owner explicitly and in advance, that data will be processed directly or through third parties permanently or temporarily and therefore, if the End User agrees, he will give his express consent. In the same way, anteia may request it from the End User, with the express instruction of the Client.
​
c. In the event that the Client acts as data controller, before ensuring that the data is processed temporarily and as a manager in accordance with the highest regulatory standards worldwide.
​
d. In the event that anteia acts as data controller, it will directly request the End User for authorization to process the data and will ensure that it is processed in accordance with the highest regulatory standards worldwide.
​
8. Purposes of the Processing of Personal Information and Sensitive Personal Information
The Processing of personal data that anteia carries out obeys a legitimate purpose and its corporate purpose, a specific, explicit and legitimate purpose that will be expressly authorized by the data owner, for which, anteia has three (3) systems of which which, each one has the authorization and the purpose of said treatment is clearly expressed.
​
1. In the case in which anteia acts as temporary data manager: The information of the owner of the data collected and processed temporarily by anteia, will be limited to the development of the corporate purpose of anteia and the service used by the End User and as informed the client. The foregoing, in accordance with the purpose contained in the authorization signed by the owner.
2. In the case in which anteia acts as data manager: The information of the owner of the data collected and processed temporarily by anteia, will be limited to the development of the corporate purpose of anteia and the service used by the End User, in accordance with the informed by the Client, according to the purpose contained in the authorization signed by the owner.
3. In the case in which anteia acts as data controller: The information of the owner of the data collected and processed by anteia will be limited to the development of the corporate purpose of anteia and the service used by the End User, according to the purpose contained in the signed authorization. by the owner.
The sensitive, semi-private and private data that is collected during the use of the anteia and/or third-party platforms may be used for statistical, scientific purposes, to generate analysis, projections, improve the user experience or other valuable information; However, these will be treated as data unrelated to the owner of the data and it will not be understood that Anteia keeps the client's database, since it has proceeded to anonymize it in its capacity as manager.
9. Special Purposes of Personal Information and Personal Information
​
The Processing of personal data carried out by anteia obeys a legitimate purpose and its corporate purpose, therefore, the personal and sensitive data provided to anteia will have the following special purposes:
​
1. For the correct execution of the contract signed between the Client and/or Owner and anteia.
2. Creation of the account to access the services provided by anteia.
3. Complete the profile information to access the platform or back Office of anteia.
4. Identity verification of the Holder, with the use of the current identity document that serves to prove the identity of the Holder.
5.Creation of the digital identity of the Owner.
6. Obtain information from the Owner from other sources to compare it with that collected by anteia.
7. Verification of the data contained in the identity document and the facial biometrics of the Holder before the competent entity, in order to corroborate that the identity document presented for the procedures and/or services is authentic and corresponds to the one registered in the database. of data from the competent entity.
8. Review of the Holder's police, criminal and judicial record.
9. Consultation of international and national restrictive lists to prevent and manage risks of money laundering, financing of terrorism, LAFT within the framework of compliance with SIPLAFT, SARLAFT, SARO and SAGRILAFT, for detection and prevention of fraud and security issues.
10. Collection and storage of the results of the consultation of criminal records, judicial records or fraud warnings for the verification of identity for the purposes of anteia commitment to the prevention of fraudulent practices and risk assessment.
11. Reception of information about the Owner, their activities inside and outside the anteia Platform through its allies or information about the experiences and interactions that the Owner has had through allied advertisers.
12. Billing and other tax effects, in which case it will be shared with the competent authority of each country, in charge of developing said work.
13. Payment processing for services purchased by the Holder.
14. Compilation of the services used by the Holders and the way in which they use them.
15. Improvement of anteia's commercial and promotional initiatives, as well as the analysis of the pages visited and the searches carried out by the Owners, to improve the offer of content and articles, personalization of this content, its presentation and anteia services.
16. Sending information through text messages and/or emails provided by the Holder, about the services, changes to these or their rates, payment reminders, promotions, events and information of interest to Holders in general.
17. Analysis of personal information by anteia, its shareholders, affiliates and/or related parties, and third parties contracted for the development and promotion of the sale of services provided by anteia.
18. Consult the credit, financial and commercial behavior of the Holder to the financial information centers and/or whoever represents their rights and to any other database or any other authorized entity, the personal, sensitive, confidential information resulting from all direct or indirectly from the contract, as well as the breach of obligations.
​
10. Processing of Personal Data
1. Data treatment. anteia will treat the public data of the holders in accordance with the purpose for which said information is captured, taking the necessary measures to guarantee compliance with the respective legal principles and obligations.
2. Treatment of sensitive data. anteia will only process sensitive personal data in those cases that are strictly necessary, for which it will request prior and express authorization from the data owner and inform them of the specific purpose of the Treatment.
Paragraph: anteia will only store the personal data of the End User when it is expressly stated in the authorization for data processing.
​
11. Classification of Databases
Anteia has classified its Databases as follows:
1. Customer Databases. Corresponds to manual and/or automated databases, which contain data of a public and private nature of legal or natural persons, with which a contractual and/or commercial link is maintained in the development of anteia's corporate purpose. This database may contain personal data authorized by the owner and whose purpose is compliance, execution and development of contractual relationships and the sending of advertising material, event information or services offered by the company. The Treatment of this data for purposes other than the development and execution of the contractual relationship or the fulfillment of duties of a legal nature, will require prior authorization from the owner.
2. Supplier Databases. They are manual and/or automated databases that contain personal data of owners with whom there is a contractual and/or commercial relationship between anteia and the owner of the data and whose purpose is Treatment to comply with contractual and legal obligations.
3.Labor databases. They are the manual and/or automated databases that contain data of holders who present themselves as candidates, or are labor related to anteia, or are former employees of anteia, and whose purpose is to identify the holder to comply with legal provisions. and regulatory. This database incorporates private and public information, sensitive data, and minor data. The Processing of personal data for purposes other than compliance with the obligations derived from the employment relationship will require prior authorization from the owner or his Legal Representative, as the case may be. In no case will anteia treat sensitive or minor data without prior authorization.
anteia, will carry out the Processing of the Personal Data of the Candidates for the purpose of determining if they qualify for the profile of a position to be filled, after carrying out a selection process, to verify the quality of the information provided by the candidate and the authenticity of it and to store the data in order to be used in future selection processes.
12. What information does anteia request?
anteia for the fulfillment of its purpose and in accordance with what is stated in this policy requests the following information:
-
Name of the full owner.
-
Identification number (citizenship card, foreigner card or any other ID)
-
Biometric data and personal image.
-
Physical address.
-
Email.
-
Cell phone.
-
Background check (judicial, criminal, police, prosecutors, attorney, comptroller and restrictive lists)
-
Consultation of judicial and criminal processes.
anteia reserves the right to request data other than those mentioned and in this case, it will clearly inform the Client and/or End User the purpose of the requested data processing.
13. Security and integrity of information
During the time that anteia requires the personal and sensitive information of the End Users and as established in its privacy and information security policy management manual, it provides all the security mechanisms when processing data. anteia uses tools such as firewalls and data encryption. Likewise, in the aforementioned cases, in the corresponding cases, store personal and sensitive data, as established in its privacy policy management manual, and information security.
We also require the use of different identity authentication mechanisms each time you access your online account.
14. anteia as responsible for the Processing of Personal and Sensitive Data
​
Anteia is committed to complying with the duties imposed by law, therefore, it must act in such a way that it complies with the following obligations:
​
-
Guarantee the End User, at all times, the full and effective exercise of the right to know, update or rectify their Personal Data.
-
Request and keep, under the conditions provided in this Policy, a copy of the respective authorization granted by the End User.
-
Clearly and sufficiently inform the End User about the fidelity of the collection and the rights that assist him by virtue of the authorization granted.
-
Inform at the request of the End User about the use given to their Personal Data.
-
Process the queries and claims formulated in the terms indicated in this Policy.
​
15. anteia as person in charge of the Processing of Personal and Sensitive Data
anteia carries out the Data Processing on behalf of another entity or organization (Responsible for the Treatment) as manager or representative or equivalent figure, for which it must comply with the following duties:
​
-
Guarantee the Owner, at all times, the full and effective exercise of the right of habeas data.
-
Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.
-
Timely update, rectify or delete the data.
-
Update the information reported by the Treatment Managers within the following five (5) business days from its receipt; in accordance with the territorial laws where the data processing is carried out.
-
Refrain from circulating information that is being disputed by the Owner and whose Blocking has been ordered by the judicial authorities or control entities.
-
Allow access to the information only to persons authorized by the Holder or empowered by the territorial law of where the data processing is carried out for said purpose.
-
Inform the control entities and/or judicial authorities when there are violations of the Security Codes and there are risks in the administration of the information of the Holders.
In this case, anteia will treat the End User's data in accordance with the highest regulatory standards worldwide and will provide all security mechanisms for data storage.
​
16. anteia as temporary manager of the Processing of Personal and Sensitive Data
​
Anteia carries out the Data Processing on behalf of another entity or organization (Responsible for the Treatment) as manager or temporary representative or equivalent figure, for which it will not store the data and must comply with the following duties:
​
-
Guarantee the Owner, at all times, the full and effective exercise of the right of habeas data.
-
Keep the information under the parameters of anonymization.
-
Update the information reported by the Treatment Managers within the following five (5) business days from its receipt; in accordance with the territorial laws where the data processing is carried out.
-
Refrain from circulating information that is being disputed by the Owner and whose Blocking has been ordered by the judicial authorities or control entities.
-
Allow access to the information only to persons authorized by the Holder or empowered by the territorial law of where the data processing is carried out for said purpose.
-
Inform the control entities and/or judicial authorities when there are violations of the Security Codes and there are risks in the administration of the information of the Holders.
In this case, anteia will temporarily process the data of the End User until the data collected is anonymized and the database is delivered to the Client, in accordance with the highest regulatory standards worldwide.
17. Cookies
Cookies are data files (not codes) created and sent by a website and stored in the user's browser. In this way, the website can consult the previous activity of the browser. A cookie cannot delete or read information from the data owner's computer, nor can it identify a person, but rather recognizes a computer-browser-user combination.
Cookies have different functions according to the purpose for which they are used, there are advertising, functionality or personalization cookies, those that are strictly technical, analysis cookies and behavioral advertising cookies.
Cookies are a fundamental part of the operation of the Intelligent System, their main objective is to improve the user experience, so that it is more comfortable and efficient, however, before not using cookies for commercial purposes, not to advertise or to transfer cookies to third parties.
​
18. Authorization for data processing
Anteia will request, prior to the processing of the data, the data owner's authorization for the processing of personal data by any means, physical or electronic, that allows it to be used as proof of authorization. The authorization will contain at least the following information:
1.The Treatment to which the personal data will be subjected and the specific purpose thereof.
2.The time for which your personal data will be processed.
3. The rights that assist you as Owner.
4.The website, email, physical address and other communication channels through which you can make queries and/or claims before anteia.
5. Anteia will keep the authorizations obtained in physical or electronic form, guaranteeing their subsequent consultation.
6. In the event that the processing of sensitive data or of children and adolescents is carried out, the sensitive nature of this type of information will be informed in advance and the owner will be given the option to respond.
19. Petitions, queries or claims.
​
For the purposes of exercising the rights of the owner to know, update, rectify, and delete the personal data that he has provided to The Client, he may contact The Client through the notification data provided by him in his Privacy Policy .
In order to file subsidiary requests, queries or claims to those presented directly to the Client or against authentication of the identity of the data owner, you can contact anteia through the email pqr@anteia.co .
In said communication, the owner must indicate the request or right being exercised, the name and surname of the owner and the contact information to receive notifications. This right may be exercised, among others, against partial, inaccurate, incomplete, fractioned, misleading data, or those whose treatment has not been authorized by the owner. By legal provision, anteia has ten (10) business days to respond to requests, which can be extended for a period of five (5) business days when it is not possible to respond to the query within the established term. In addition to the provisions of this Policy, the procedures to follow for the attention of queries and claims will be those established in the applicable regulations of the territory where the data processing is carried out.
20. International transfer and transmission of personal data.​
anteia carries out the international Transmission or Transfer of personal data, in this case anteia, in addition to having the express and unequivocal authorization by the End User, will ensure that the action provides adequate levels of data protection in accordance with security parameters. established in the regulation where the data is processed, good practices and those indicated by the authorities.
On the other hand, when anteia carries out International Data Transmission, it may do so without the authorization of the owners, as long as it guarantees the security of the information, confidentiality and the conditions that regulate the scope of data processing. since, the disclosure to Managers does not require consent (it is not considered transmission). The third party recipient will assume the same obligations as the person in charge who transferred the data. For this purpose, anteia will sign the corresponding contract for the transmission of personal data in the terms established by the applicable regulation.
For the transmission of data, consent is not required when:
-
It is necessary for the fulfillment of a contract in the interest of the owner.
-
Is necessary for the maintenance or fulfillment of a legal relationship between the person in charge and the owner.
-
It is allowed as established in article 16 of Law 1581 of 2012.
​
21. Applicable Law:
By using any anteia service, you accept that the applicable law depends on the Arbitration Center in Colombia, the substantive laws of the country where the dispute originates and under the principles of the General Data Protection Regulation (RGPD) [(UE) 2016 /679 of the European Parliament and of the Council of April 27, 2016.]
22. Changes to this privacy policy
​
The policy will be revised from time to time to take into account changes in our operations or practices, and further to ensure that it continues to be appropriate to any changes in law, technology and the business environment. All personal information held will be governed by our most current policy.
​​
23. Normative Reference
​
This Privacy Policy has been prepared in accordance with the following regulations: the laws applicable to the territory where the data processing will take place and Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016.
Last updated: March 2023