Terms of use, and Privacy Policy

Presentation

For MULTISOFTWARE DEFENSE, the preservation, protection, integrity, and confidentiality of the personal data of its clients, suppliers, and employees is very important.

For this purpose, the company has designed a policy for the storage and processing of the information provided through its various communication channels, such as websites, switchboards, email, and visits to its facilities. MULTISOFTWARE DEFENSE is committed to protecting and properly managing such information, as established by data protection regulations.

Purpose

To establish the criteria that must be taken into account when collecting, storing, using, circulating, and deleting personal data belonging to natural persons, in order to protect such data through mechanisms and tools that guarantee the authenticity, confidentiality, and integrity of the information.

Scope

This Personal Data Protection Policy shall apply to all databases and/or files containing personal data that are subject to processing by MULTISOFTWARE DEFENSE.

It covers all administrative, organizational, and control aspects, and must be complied with by directors, employees, contractors, and third parties who work for or have a direct relationship with the company.

Regulatory framework of the policy

MULTISOFTWARE DEFENSE complies with Regulation (EU) 2016/679 of the European Parliament and of the Council, dated April 27, 2016, on the protection of natural persons with regard to the processing of personal data and the free movement of such data, hereinafter referred to as the “GDPR”.

It also complies with Organic Law 3/2018, dated December 5, on the Protection of Personal Data and Guarantee of Digital Rights, hereinafter referred to as the “LOPDGDD”.

Privacy policy

MULTISOFTWARE DEFENSE respects the privacy of its users, without prejudice to the provisions established in each form on the website.

Any request for information is always made so that the visitor may provide it voluntarily, expressly authorizing MULTISOFTWARE DEFENSE to process their personal data for the purposes indicated in each case.

MULTISOFTWARE DEFENSE shall not assign or disclose to third parties the data collected on the website unless the visitor authorizes it.

The user may exercise their right of rectification and cancellation by sending a letter with acknowledgment of receipt to the legal address of the entity.

On our website, https://www.multisoftwaredefense.com, MULTISOFTWARE DEFENSE collects cookies to provide a better user experience and a better service. We also use behavior measurement tools such as Google Analytics in order to improve our services for website visitors and users.

Obligations

This policy is mandatory and must be strictly complied with by employees, directors, collaborators, contractors, suppliers, and third parties who work for or have a direct relationship with MULTISOFTWARE DEFENSE.

It is also subject to the legal and regulatory provisions that govern the processes, procedures, and instructions that develop the policy for the protection and processing of personal data of MULTISOFTWARE DEFENSE, collected within the “Information Security Management System”.

Data controller

MULTISOFTWARE DEFENSE is located at Calle José Echegaray, 8, Building 3 – Ground Floor, 28232 Las Rozas, Madrid, Spain.

PBX: +34 618724099

The company has designated the CISO as the person responsible for handling requests, inquiries, and complaints, as well as requests for rectification, updating, and deletion of information. The CISO shall process requests from data subjects for the exercise of the rights referred to in Regulation (EU) 2016/679 of the European Parliament and of the Council.

Responsible party: Chief Information Security Officer (CISO)

Process: Information Security Management System (ISMS)

Email: ciso@multisoft.com.co

Phone: +57 601 3299799, extension 3004

Address: Av. 15 No. 100 – 69, 7th floor

Processing, data, and purpose

MULTISOFTWARE DEFENSE, acting as the data controller, collects, stores, uses, circulates, and deletes personal data corresponding to natural persons, clients, suppliers, employees, and visitors for the proper development of its commercial activities, as well as to strengthen its relationships with third parties.

The information collected is used to process, confirm, fulfill, and provide the services and/or products acquired, directly and/or with the participation of third-party providers of products or services, as well as to promote and advertise our activities, products, and services.

By accepting this Privacy and Processing Policy, our clients, suppliers, employees, and visitors, in their capacity as data subjects of the collected data, authorize MULTISOFTWARE DEFENSE to process such data, partially or fully, including collection, storage, recording, use, circulation, processing, and deletion, for the execution of activities related to the services and products acquired.

Additionally, our clients, suppliers, employees, and visitors, in their capacity as data subjects of the collected data, authorize us to:

Respond to inquiries, requests, complaints, and claims made by data subjects and supervisory bodies, and transmit personal data to other authorities that, by virtue of applicable law, must receive the personal data.

Allow access to information and personal data to auditors or third parties hired to carry out internal or external audit processes related to the commercial activity we develop.

Consult and update personal data at any time in order to keep such information up to date.

Register personal data in MULTISOFTWARE DEFENSE information systems and in its commercial and operational databases.

Carry out any other activity of a similar nature to those described above that is necessary for the development of the corporate purpose of MULTISOFTWARE DEFENSE.

Rights of data subjects

MULTISOFTWARE DEFENSE has made available to data subjects and third parties the Manual of Personal Data Protection Policies and Procedures, where they may learn about the principles, duties, policies, prerogatives, and rights of data subjects, as well as the channels and procedure that a data subject must use to file a complaint, inquiry, or claim in the exercise of their habeas data rights, and the response times of the entity.

Likewise, it develops the rights of data subjects, as set forth below:

Access, free of charge, the data provided that has been subject to processing.

Know, update, and rectify their information in cases of partial, inaccurate, incomplete, fragmented data, data that may lead to error, or data whose processing is prohibited or has not been authorized.

File a complaint with the Spanish Data Protection Agency (AEPD) in the event of possible violations of Regulation (EU) 2016/679.

Revoke authorization and/or request the deletion of the data, provided that there is no legal or contractual duty preventing its deletion.

Refrain from answering questions about sensitive data. Responses concerning sensitive data or data of children and adolescents shall be optional.

Duties of MULTISOFTWARE DEFENSE as data controller

MULTISOFTWARE DEFENSE shall always bear in mind that personal data belongs to the persons to whom it refers, and that these persons have control and the exclusive right to decide how such data is collected, used, stored, and shared.

In this regard, MULTISOFTWARE DEFENSE shall use such data only for the purposes for which it is duly authorized, and always in compliance with EU Regulation 2016/679 of April 27, 2016.

In accordance with Regulation (EU) 2016/679 of April 27, 2016, MULTISOFTWARE DEFENSE undertakes to permanently comply with the following duties:

Guarantee lawfulness, fairness, and transparency in the processing of personal data, ensuring that it is collected and used fairly and clearly for data subjects.

Collect and process only the personal data that is necessary and relevant for the specific purposes for which it was obtained.

Adopt appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, loss, or accidental destruction.

Respect and facilitate the exercise of data subjects’ rights, including access, rectification, erasure, restriction of processing, portability, and objection.

Notify the supervisory authority and affected data subjects of any security breach that may pose a risk to the rights and freedoms of individuals.

Ensure that personnel authorized to process data are duly trained and committed to respecting confidentiality and current regulations.

Maintain an updated record of processing activities as required by the Regulation.

Cooperate with data protection authorities in investigations and audits carried out to verify compliance with the Regulation, when notified by the competent authority regarding legal proceedings related to the quality or details of personal data.

Principles

In accordance with Regulation (EU) 2016/679 of April 27, 2016, MULTISOFTWARE DEFENSE undertakes to permanently comply with the following fundamental principles in the processing of personal data:

Lawfulness, fairness, and transparency

The processing of personal data shall always be carried out in a lawful, fair, and transparent manner for data subjects.

Purpose limitation

Personal data shall be collected for specific, explicit, and legitimate purposes and shall not be further processed in a manner incompatible with those purposes.

Data minimization

Only personal data that is adequate, relevant, and limited to what is necessary in relation to the purposes for which it is processed shall be collected and processed.

Accuracy

All reasonable measures shall be taken to ensure that personal data is accurate and up to date, proceeding with its rectification or deletion when necessary.

Storage limitation

Personal data shall be kept only for the time necessary to fulfill the purposes for which it was collected.

Integrity and confidentiality

The security of personal data shall be guaranteed through the application of appropriate technical and organizational measures to protect it against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

Accountability

MULTISOFTWARE DEFENSE shall assume responsibility for compliance with these principles and shall be able to demonstrate such compliance at all times.

Validity of databases

MULTISOFTWARE DEFENSE undertakes to maintain the validity and updating of personal databases only for the time necessary to fulfill the purposes for which they were collected, in accordance with Regulation (EU) 2016/679.

Once such purposes have been fulfilled, the data shall be securely deleted or anonymized, guaranteeing respect for the rights of data subjects and the protection of their personal information.

Definitions

Personal data

Any information relating to an identified or identifiable natural person, also known as the “data subject”; for example, name, address, identification number, location data, online identifiers, and others.

Processing

Any operation or set of operations performed on personal data, whether by automated means or not, such as collection, recording, organization, structuring, storage, adaptation, consultation, use, disclosure, dissemination, blocking, deletion, or destruction.

Data controller

The natural or legal person, public authority, service, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.

Data processor

The natural or legal person, public authority, service, or other body that processes personal data on behalf of the data controller.

Data subject

The natural person to whom the personal data refers.

Consent

A free, specific, informed, and unambiguous indication by which the data subject accepts, through a statement or clear affirmative action, the processing of personal data concerning them.

Personal data security breach

A security breach that causes the destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored, or otherwise processed.

Anonymization

A process through which personal data loses its identifying nature so that it can no longer be attributed to an identified or identifiable natural person.

Habeas data

The right of every person to access, update, rectify, and request the deletion of their personal data in databases or files, in accordance with applicable law.

Accountability principle

The obligation of the data controller to adopt appropriate technical and organizational measures to ensure and demonstrate that data processing is carried out in accordance with the GDPR.

Authorization

Prior, express, and informed consent of the data subject to carry out the processing of personal data.

Privacy notice

A verbal or written communication generated by the controller and addressed to the data subject for the processing of their personal data, through which they are informed of the existence of the information processing policies that will apply to them, the way to access them, and the purposes for which the personal data is intended to be processed.

Database

An organized set of personal data that is subject to processing.

Terms and conditions

The general framework in which the conditions for participants in promotional or related activities are established.