GO.CO

Privacy Notice


Legal Framework

Resolution 1652 / 2008 issued by the now called Ministry of Information and Communication Technologies of Colombia (“MINTIC”) lays out the policy framework for the (a) promotion, administration and operation of the Colombian Internet Top-Level Domain (ccTLD “.CO”) and (b) the delegation of domain names under the “.CO” domain.

After having been awarded MINTIC’s Public Bid “LP 02-2009”, .CO INTERNET S.A.S. became the concessionaire responsible for the Administration of the Colombian Internet Top-Level Domain (ccTLD “.CO”). Said Ministry’s IT Industry Promotion Directorate is in charge of supervising the concession contract and conducting the contractual follow up to the delegation process.

.CO INTERNET S.A.S. is a private company identified with TIN 900.308.815-4, whose domicile is “Calle 100 # 8A-49, Torre B, Oficina 507” in the city of Bogotá D.C., Colombia, zip code 110221069.

In compliance with Law 1581 / 2012, regulated by Decree 1377 / 2013 and all other laws and regulations on the subject, .CO INTERNET S.A.S. is the Controller of the Personal Data of its clients, in particular, the Registrants of “restricted” domain names, i.e. the domains “EDU.CO”, “GOV.CO”, “MIL.CO” and “ORG.CO”.

Purpose of data processing

In order to provide proper care and information vis-à-vis its commercial services and activities and facilitate general access to information, .CO INTERNET S.A.S., as the Personal Data Processor and Controller, carries out the compilation, storage, use, circulation, elimination, transmission and/or the reception of its clients’ (the Registrants) data with the following purpose: administrate the .CO Internet domain names with a view to complying with the MINTIC’s guidelines, policies and supervision relating to the registration operations of said domain names, such as invoicing, customer care, operation reports, follow up to client requirements, domain name operations (registrations, renewals, eliminations, queries and registration data modification, transmission to the parties responsible) and customer care management, handling judicial or administrative requirements and complying with court orders or legal mandates.

NOTE: As of September third (3rd) of 2009, and based on subparagraph “9.2.3.4.”of Article 9 of Resolution 1652 / 2008, the concessionaire .CO INTERNET S.A.S. has compiled the Personal Data of Registrants, some of which is essential to the proper performance of its duties as the delegate/concessionaire of the MINTIC for the administration of the ccTLD .CO. This is why Registrants must be aware that in order to conduct our business and provide the domain name registration services under the “.CO”, .CO INTERNET S.A.S. requires some of their Personal Data. Therefore any request to delete Personal Data and the Revocation of the Authorization to Process Personal Data will be inapplicable whenever the Data Subject is legally or contractually bound to remain in .CO INTERNET S.A.S.’s Database and/or files, or if the relation between the Data Subject and .CO INTERNET S.A.S. by virtue of which the data was compiled is still in force.

Data Subject Rights

Based on the provisions of Law 1581 / 2012, individuals whose Personal Data is processed by .CO INTERNET S.A.S. have the following rights, which may be exercised any time:

(a) Know, update and rectify their Personal Data whenever they are partial, inaccurate, incomplete, fractioned, misleading or their processing is expressly forbidden or has not been authorized.

(b) Request Proof of the Authorization given to .CO INTERNET S.A.S., except in the cases in which it has been expressly exempted or waived as a Processing requirement in pursuance of the contents of Article 10 of Law 1581 / 2012. This proof may be formally requested by following the procedure set in subparagraph 9.1. of CO INTERNET S.A.S.’s “Personal Data Protection Policy” available here.

(c) Be informed by .CO INTERNET S.A.S., prior request, regarding the use given to their Personal Data.

(d) File with the Superintendence of Industry and Trade (SIC, for its initials in Spanish) complaints for violations to the terms of Law 1581 / 2012 and all others complementary to, or amending, said law.

(e) Request that .CO INTERNET S.A.S. delete their Personal Data and/or revoke the authorization given for their Processing, by filing a formal claim in accordance with the procedure laid out in Subparagraph 9.2. of .CO INTERNET S.A.S.’s “Personal Data Protection Policy” available here.

Notwithstanding the foregoing, and in compliance with Article 9 of Decree 1377 / 2013, the request to delete the information and the authorization revocation will be inapplicable whenever the Data Subject is legally or contractually bound to remain in .CO INTERNET S.A.S.’s Database and/or files, or if the business relation between the Data Subject and .CO INTERNET S.A.S. by virtue of which the data was compiled is still in force.

(f) Access the Processed Personal data free of charge.

PERSONAL DATA PROTECTION POLICY

Data Subjects may consult .CO INTERNET S.A.S.’s “Personal Data Protection Policy” available here. The guidelines regarding the Processing of the collected data and the procedures enabling them to exercise their rights vis-à-vis data access, query, rectification, update and elimination are listed there.

PERSONAL DATA PROTECTION POLICY



LEGAL FRAMEWORK

Article 15 of the Political Constitution of Colombia enshrines the right of any citizen to access, update and rectify their Personal Data compiled in any Database and/or files of public or private entities. It also orders those who possess Personal Data of third parties to respect the rights and guarantees laid out in the Constitution whenever collecting, processing and circulating this type of information.


Statutory Law 1581 / 2012 (“Law 1581 / 2012”) establishes the minimum conditions conducive to the legitimate processing of Personal Data belonging to clients, employees and any other individual. Item (f) of Article 18 of Law 1581 / 2012 obligates Personal Data Processors to “adopt policies and procedures to ensure due compliance therewith, in particular, vis-à-vis queries and claims from any Data Subject”. Article 25 of Law 1581 / 2012 also provides that compliance with the data processing policy is mandatory and that failure to do so will entail sanctions. This policy must ensure the processing level defined in Law 1581 / 2012 as a minimum.


Chapter 3 of Decree 1377 / 2013 governs aspects relating to the contents and requirements of Information Processing Policies and Privacy Notices.


Resolution 1652 / 2008 issued by the Ministry of Information and Communication Technologies of Colombia (“MINTIC”) establishes the policy framework for the (a) promotion, administration and operation of the Colombian Internet Top-Level Domain (ccTLD “.CO”) and (b) the delegation of domain names under the “.CO” domain.


.CO INTERNET S.A.S., as the concessionaire responsible for the Administration of the ccTLD “.CO”, with delegation from and supervision over the Administrative, Technical and Promotion duties by the MINTIC, undertakes to respect the data privacy rights of its clients, employees and third parties in general, Therefore, .CO INTERNET S.A.S. adopts this Protection Policy, whose application is mandatory in all activities involving Personal Data Processing.


MANDATORY ENFORCEMENT

This Policy must be strictly complied with by all employees, contractors and third parties acting on behalf of .CO INTERNET S.A.S.


All employees must abide by and follow this Policy in the performance of all their duties, in pursuance of Paragraph 1 of Article 58 of the Substantive Labor Code, whereby the worker must “abide by the provisions laid out in the rules, follow and comply with the orders and instructions that may be given by the supervisor or his/her representatives”.


In the absence of a labor relation, a clause must be included in the contract so that those acting on behalf of .CO INTERNET S.A.S. are forced to follow this Policy.


Failure to comply with this Policy may entail labor or contractual liability sanctions, as may be the case. The foregoing does not preclude those who fail to comply with this Policy from being financially liable for the damages caused to the Data Subjects and/or to .CO INTERNET S.A.S., for violating this Policy or for unduly processing the Personal Data.


DEFINITIONS


3.1 Authorization


Prior, express and informed consent of the Data Subject to Process their Personal Data.


3.2 Query


Request made by the Data Subject or persons authorized by the Data Subject or by law to gain access to the information of said Data Subject available in the Databases or information files.


3.3 Databases


Organized set of Personal Data to be Processed.


3.4 Personal Data


Any information related or which may be linked to one or several determined or determinable individuals, including Data Subjects. Data such as name, identity card number, mailing address, email, phone number, marital status and health information are a few examples of Personal Data. Personal Data are classified as sensitive, public, private and semi-private.


3.4.1 Sensitive Personal Data


Data affecting Data Subjects' intimacy, or the use of which may lead to the person’s discrimination, e.g. those revealing the person’s racial or ethnic origin, political orientation, religious or philosophical beliefs, membership to unions, social organizations, human rights organizations or promoting the interests of any political party or guaranteeing the rights and guarantees of opposition political parties, as well as data relating to health, sex life and biometric data (fingerprints, among others).


3.4.2 Public Personal Data


Classified as such by the law or the Political Constitution, and all others not classified as semi-private or private. The data contained in public documents, records, gazettes and government newsletters and duly enforced judicial sentences not subject to secrecy, those relating to the marital status of the people, their profession or occupation and their status as trader or public official, are all public personal data. The Personal Data included in the Mercantile Registry of Chambers of Commerce are public personal data (Colombian Commercial Code, Article 26). This data may be obtained and offered without any reserve whatsoever and regardless whether they allude to general, private or personal information.


3.4.3 Private Personal Data


Intimate or confidential information that is only relevant to the Data Subject. Examples: traders’ books, private documents, information extracted from domicile inspections.


3.4.4 Semi-private Personal Data


Information that is not intimate, confidential or public and whose knowledge or dissemination may be of interest not only to the data subject but to a certain sector or group of persons or society in general, such as, among others, data regarding compliance or failure to comply with financial obligations or concerning relations with social security entities.


3.5 Data Processor


Private or public company or individual that Processes the Personal Data on behalf of the Controller, on its own or jointly with others.


3.6 Data Controller


Private or public company or individual that makes decisions pertaining to the Database and/or Data Processing, on its own or jointly with others.


3.7 Data Subject


Individual whose Personal Data is Processed.


3.8 Processing


Any operation or set of operations involving Personal Data, such as their compilation, storage, use, circulation or elimination.


3.9 Data Transfer


Occurs when the Personal Data Processor and/or Controller, located in Colombia, forwards the information or the Personal Data to a recipient, who is also a Data Controller and is located inside or outside the country.


3.10 Data Transmission


Personal Data Processing entailing the communication of said data inside or outside the territory of the Republic of Colombia, when the purpose of said transmission is to allow the Processor to Process the Data on behalf of the Controller.


3.11 Claim


Request made by the Data Subject or those authorized by the latter or by law to correct, update or eliminate the Personal Data.


3.12 Privacy Notice


Verbal or written communication issued by the Controller and addressed to the Data Subject regarding their Personal Data Processing, whereby the Data Subject is informed of the existence of the Information Processing Policy that will apply thereto, how to access said policy and the purpose of Processing said Personal Data.


PRINCIPLES FOR PERSONAL DATA PROCESSING



The Protection and Processing of Personal Data must be carried out in observance of the general and special laws on the subject and for the activities that are legally authorized.


The following principles will be applied, harmoniously and completely, in the furtherance, interpretation and application of this Policy:


4.1 Principles relating to the Collection of Personal Data



Principle of Freedom


Unless there is a law stating otherwise, data collection can only be carried out with the prior, express and informed consent of the Data Subject. Personal Data cannot be obtained or disseminated with the prior authorization of the Data Subject or in the absence of a court order or legal mandate in lieu of said consent. Deceiving or fraudulent means cannot be used to collect and Process Personal Data. The implied authorization of the Data Subject is not allowed. Said authorization can only be waived with an express court order or legal mandate. Failure of the Data Subject to respond can never be construed as the authorization to compile or use their information. The Data Subject must be given clear, sufficient and previous information concerning the purpose of the information provided and therefore the subject’s data cannot be collected without clearly indicating the purpose thereof.


Principle of Collection Restriction


Only the Personal Data that is strictly necessary to achieve the processing purpose may be collected. Therefore, recording and disseminating data that is unrelated to the Processing purpose is prohibited. As a consequence, all reasonable steps must be taken to limit Personal Data Processing to the minimum. This means that the data must be: (i) adequate, (ii) relevant, and (iii) suitable to the purposes for which they were provided.


4.2 Principles relating to the Use of Personal Data



Principle of Purpose or Use


Personal Data must be processed with a specific purpose and explicitly authorized by the Data Subject or as allowed by law. The data must only be processed in the manner in which the Data Subject can reasonably expect based on the authorized uses. If the use of the Personal Data changes over time in ways that the Data Subject cannot have reasonably expected, then the prior consent of the Data Subject must be obtained once again.


Principle of Temporality


Personal Data will only be kept for the time necessary to achieve the processing purpose and to comply with the legal requirements or instruction of the supervision and control authorized or other competent authorities. In order to establish the processing term, the laws applicable to each purpose and the administrative, accounting, fiscal, judicial and historical aspects of the information, must be taken into account. Once the purpose or purposes have been achieved, the data will be eliminated.


Principle of Non-Discrimination


Any discrimination actions stemming from the information compiled in the databases or files is forbidden.


Principle of Reparation


Damages caused by potential Personal Data Processing failures must be compensated.


4.3 Principles relating to Information Quality


Principle of Accuracy or Quality


The information subject to processing must be truthful, complete, accurate, up-to-date, provable and understandable. The processing of partial, incomplete, fractioned or misleading data is forbidden. Reasonable measures must be taken to ensure that the data is accurate and sufficient and whenever the Data Subject or the Controller may require it, said data must be updated, rectified or eliminated whenever applicable.


4.4 Principles relating to the Protection, Access and Circulation of Personal Data



Principle of Safety and Security


All employees, contractors or third parties acting on behalf of .CO INTERNET S.A.S. must comply with the technical, human and administrative guidelines, controls and procedures defined by the organization to make sure the Personal Data is safe and secure, by avoiding their forging, loss, consultation or unauthorized or fraudulent use or access.


Principle of Transparency


Data Processing must guarantee that the Data Subject can obtain information on the existence of data pertaining to him/her at any time and free of restrictions.


Principle of Restricted Access


Access to Personal Data will only be granted to the following:


  • The Data Subject
  • The persons authorized by the Data Subject
  • The persons who have been authorized, by court order or legal mandate, to access the information of the Data Subject. Personal Data, except for public information, cannot be available on the Internet or any other mass dissemination or communication media, unless access is technically controllable to provide restricted knowledge only to the Data Subject or legally authorized third parties.

Principle of Restricted Circulation


Personal Data can only be sent to the following:


  • The Data Subject
  • The persons authorized by the Data Subject
  • Public or administrative entities in the performance of their legal duties or in compliance with a court order. In the latter case, according to the Constitutional Court, the following will be the procedure applicable: first, the public or administrative entity must justify the request by stating the link between the need to obtain the information and compliance with the entity’s constitutional or legal duties. Second, upon the delivery of the information, the public or administrative entity will be informed that it must comply with the duties and obligations set in Law 1581 / 2012 as the Data Controller. The recipient administrative entity must fulfill the protection and guarantee obligations enshrined in the said Law, in particular, compliance with the principle of use, legitimate use, restricted circulation, confidentiality and safety and security.

Principle of Confidentiality


All those involved in the Processing of Personal Data that is not classified as public, must guarantee the confidentiality of the information, even after the termination of their involvement with any of the duties part of the processing. However, they may provide or report the Personal Data only when this is required by law.


PURPOSE OF PERSONAL DATA PROCESSING



5.1 Client Database


In order to provide proper care and information vis-à-vis its business services and activities and facilitate general access to information, .CO INTERNET S.A.S., as the Personal Data Processor and Controller, carries out the compilation, storage, use, circulation, elimination, transmission and/or the reception of its clients’ data with the following purpose: administrate the .CO Internet domain names with a view to complying with the MINTIC’s guidelines, policies and supervision relating to the registration operations of said domain names, such as invoicing, customer care, operation reports, follow up to client requirements, domain name operations (registrations, renewals, eliminations, queries and registration data modification, transmission to the processors) and customer care management, handling judicial or administrative requirements and complying with court orders or legal mandates.


5.2 Human Resources Database


.CO INTERNET S.A.S. carries out the compilation, storage, use, circulation, elimination, transmission and the reception of the Personal Data of its Human Resources Database with the following purpose vis-à-vis the management of former, current and future employees: compensation, wellbeing, training, knowledge transfer, recruitment (selection, election and internal promotions), compliance with all the laws relating to safety, health and wellbeing management at the workplace.


5.3 Supplier and Vendor Database


.CO INTERNET S.A.S. carries out the compilation, storage, use, circulation, elimination, transmission and the reception of the Personal Data of its Supplier and Vendor Database with purpose of achieving efficient communication to provide the services, manage pre-contractual, contractual and post-contractual processes, payments, acquisitions, services engaged services and to be engaged, as well as to comply with the all the Colombian accounting and fiscal laws.


DATA SUBJECT RIGHTS



Based on the provisions of Law 1581 / 2012, individuals whose Personal Data is processed by .CO INTERNET S.A.S. have the following rights, which may be exercised any time:


(a) Access, update and rectify their Personal Data whenever there is partial, inaccurate, incomplete, fractioned, misleading data or their processing is expressly forbidden or has not been authorized.


(b) Request Proof of the Authorization given to .CO INTERNET S.A.S., except in the cases in which it has been expressly exempted or waived as a Processing requirement in pursuance of the contents of Article 10 of Law 1581 / 2012.


(c) Be informed by .CO INTERNET S.A.S., prior request, regarding the use given to their Personal Data.


(d) File with the Superintendence of Industry and Trade (SIC, for its initials in Spanish) claims for violations to the terms of Law 1581 / 2012 and all others complementary to, or amending, said law.


(e) Request that .CO INTERNET S.A.S. delete their Personal Data and/or revoke the authorization given for their Processing, by filing a formal claim in accordance with the procedure laid out in Subparagraph 9.2. herein. Notwithstanding the foregoing, and in compliance with Article 9 of Decree 1377 / 2013, the request to delete the information and the authorization revocation will be inapplicable whenever the Data Subject is legally or contractually bound to remain in .CO INTERNET S.A.S.’s Database and/or files, or if the business relation between the Data Subject and .CO INTERNET S.A.S. by virtue of which the data was compiled is still in force.


(f) Have free access to the Processed Personal Data.


DEPARTMENTS RESPONSIBLE FOR THE POLICY’S IMPLEMENTATION AND FOLLOW-UP



The departments of Information Security, Risk and Compliance and the Legal Department (or the third party acting in its name) of .CO INTERNET S.A.S. are responsible for developing, implementing, training in, complying with and following up this policy. To this end, all the officers involved in Personal Data Processing in the different departments throughout .CO INTERNET S.A.S. must report their Databases to these departments, as well as immediately transfer to them any petition, complaint or claim made by any Personal Data Subject.


The previously mentioned departments have also been appointed by .CO INTERNET S.A.S. as being accountable for providing customer care and managing petitions, queries, complaints and claims vis-à-vis the Data Subjects, who may formally exercise their right to access, update, rectify and eliminate their data and revoke their authorization.


PERSONAL DATA PROTECTION POLICY



8.1 OVERVIEW


1. .CO INTERNET S.A.S. must make sure that the Data Subject’s information subject to processing is truthful, complete, accurate, up-to-date, provable and understandable. The processing of partial, incomplete, fractioned or misleading data is forbidden.

2. .CO INTERNET S.A.S. must guarantee the confidentiality of the information, even after their involvement in any of the activities part of the Processing of the Data Subject’s Personal Data has ended.

3. Whenever .CO INTERNET S.A.S. must transfer or transmit a Database to another entity, it must make sure that it has been authorized by the Data Subjects to do so. Likewise, the Compliance department of .CO INTERNET S.A.S., regarding the Data Protection Policy, must keep records of the data provided and the name of the entity that received it. Any entity that receives these Databases can only use the information for the purposes established in the authorization granted by the Data Subject to .CO INTERNET S.A.S.

4. Under no circumstance may .CO INTERNET S.A.S. circulate information that has been disputed by a Data Subject and/or which has been blocked by order of the Superintendence of Industry and Trade (SIC, for its initials in Spanish).

5. .CO INTERNET S.A.S. is responsible for ensuring and guaranteeing that the Personal Data of the Data Subjects included in their Databases, except for public information (names and surnames, identity card number or trade registry data), are not available on the Internet or other similar communication media, in accordance with the Principle of Restricted Access and Circulation defined in Law 1581 / 2012.

6. .CO INTERNET S.A.S. must guarantee that the information contained in its Databases is kept under the minimum security conditions required to prevent their forging, loss, consultation or unauthorized or fraudulent use or access.

7. .CO INTERNET S.A.S. does not capture or process sensitive Personal Data belonging to their Data Subjects and contained in the Databases, in pursuance of the provisions of Article 5 of Law 1581 / 2012.

8. .CO INTERNET S.A.S. has forbidden the Transfer of Personal Data to countries that do not provide proper data protection; this operation can only take place if the Data Subject has authorized it.

9. If there are security breaches that endanger the administration of the information provided by the Data Subjects, .CO INTERNET S.A.S. will deliver a formal and timely notice of these situations or incidents to the Superintendence of Industry and Trade (SIC, for its initials in Spanish).


8.2 AUTHORIZATION TO USE PERSONAL DATA



(1) .CO INTERNET S.A.S. must formally request the authorization of the Data Subjects to capture and Process their Personal Data and inform them regarding:


  • The purpose of the Processing to which their Personal Data will be subject (how and to what ends they will be collected and used).
  • Their rights, in accordance with Paragraph 6 herein
  • Identification, mailing address, email and corporate phone number of .CO INTERNET S.A.S. as the Data Processor and Controller.

(2) The departments and officers responsible for Processing Personal Data cannot capture the personal information of those who are not registered in the .CO INTERNET S.A.S. Databases, or have not granted their authorization to Process their Personal Data.


(3) Whenever a Data Subject registered in a Database managed by .CO INTERNET S.A.S. wishes to revoke the authorization or not authorize the Processing of their Personal Data, the procedure described in Subparagraph 9.2 hereunder must be followed.


(4) Pursuant to Article 15.3 of Law 1581 / 2012, .CO INTERNET S.A.S. will have a maximum of fifteen (15) business days to respond to a formal request to eliminate Personal Data.


(5) .CO INTERNET S.A.S. must keep the authorization granted by the Data Subject and ensure the delivery of a copy thereof if the Data Subject or his/her assigns so request it.


(6) .CO INTERNET S.A.S. must guarantee the protection and preservation of the (a) authorization granted by the Data Subject to Process the Personal Data, and (b) the elimination requests filed by Data Subjects in accordance with the internal procedures defined by .CO INTERNET S.A.S.


8.3 INFORMATION PROCESSING


.CO INTERNET S.A.S. must guarantee the right of the Data Subject or his/her assigns to obtain information on the existence of the Subject’s data, at any time and without restrictions.


In no case the departments in which officers responsible for Personal Data Processing work can do so without the authorization of the Data Subject.


Under no circumstance may departments in which officers responsible for Personal Data Processing work, Process the Personal Data of children and adolescents, except for the data that is classified as public (name and civil registry data), with the corresponding authorization of a representative or guardian.


The Processing of sensitive Personal Data contained in the Databases managed by .CO INTERNET S.A.S. is not allowed in any circumstance, in pursuance of Article 5 of Law 1581 / 2012.


PERSONAL DATA MANAGEMENT PROCEDURES



9.1 PETITIONS AND QUERIES BY DATA SUBJECTS



The Data Subject or his/her assigns may request the following from .CO INTERNET S.A.S.:


  • Information concerning the Data Subject’s Personal Data subject to Processing
  • Proof of Authorization granted for Processing the Personal Data
  • Information relating to the use given to the Personal Data

Data Subjects may use any of the following mechanisms, which allow keeping proof of the petition and/or query:


Written communication addressed to:

Privacy – Customer Service

.CO INTERNET S.A.S.

Calle 100 # 8A-49 Torre B Oficina 507

WORLD TRADE CENTER

Bogotá, COLOMBIA


By email to:

help@go.co


Once received, .CO INTERNET S.A.S. will process it within ten (10) business days as of the date and time of reception. If it were not possible to process it within this term, .CO INTERNET S.A.S. will inform the petitioner of this circumstance, stating the cause and the date on which it will be responded, which cannot exceed in any case five (5) business days after the expiration of the initial term.


NOTE: whenever the assign of the Data Subject makes a query, a document accrediting the assign’s relation with the Data Subject must be provided; otherwise, the query cannot be processed.


9.2 COMPLAINTS AND CLAIMS MADE BY DATA SUBJECTS



The Data Subject or his/her assigns can request the following to .CO INTERNET S.A.S.:


  • Correct or Update their data
  • Eliminate their Personal Data or revoke the Authorization granted for their Processing
  • Correct an alleged violation to any of the duties defined in Law 1581 / 2012

Data Subjects may use any of the following mechanisms, which allow keeping proof of the petition and/or query:


Written communication addressed to:

Privacy – Customer Service

.CO INTERNET S.A.S.

Calle 100 # 8A-49 Torre B Oficina 507

WORLD TRADE CENTER

Bogotá, COLOMBIA


By email to:

help@go.co


The text of the request must include: (a) date of filing, (b) reference to an issue, (c) full names and surnames of the Data Subject, (d) type of identity document (identity card or passport) and number, (e) mailing or email address, (f) a list of Personal Data provided to .CO INTERNET S.A.S. constituting the purpose of the complaint or claim, (g) a succinct description of the facts that led to the complaint and/or claim, (h) the type of operation (update, correction or elimination) to be conducted regarding the Personal Data, (i) the attached supporting documents deemed relevant.


If the complaint or claim is incomplete (for instance, the written communication is not signed), .CO INTERNET S.A.S. must respond (in writing or via email) to the interested party within five (5) business days of the reception of the complaint or claim requesting the correction. If two (2) calendar months have elapsed from the date of the requirement without having received the additional requested information, then it will be understood that the petitioner has abandoned his/her complaint or claim.


Whenever the request contains incomplete information, the Customer Care Department of .CO INTERNET S.A.S. must forward the complaint and/or claim to the departments responsible for following up this Policy (Item 7) no later than two (2) business days after and will report this situation to the petitioner.


Once the complete complaint or claim has been received, it will be included in the corresponding Database with the following information (a) the legend “Claim under Process” and (b) the reason for it, no later than two (2) business days after. Said legend must not be removed until the complaint or claim has been decided. The maximum term to resolve the complaint or claim is fifteen (15) business days as of the first business day after the day and time of its reception. If it were not possible to resolve it within this period, the petitioner will be informed of this circumstance, stating the cause and the date on which it will be responded, which cannot exceed in any case eight (8) business days after the expiration of the initial term.


NOTE: whenever the Data Subject’s assign has filed a claim, a document accrediting the assign’s relation with the Data Subject must be provided; otherwise, the claim cannot be processed.


If .CO INTERNET S.A.S. does not have the competence to resolve the claim filed, it will inform the petitioner of this situation and will forward it to the competent entity, in the terms and within the deadline to do so in accordance with the law.


If .CO INTERNET S.A.S. is notified by a competent authority on judicial proceedings against a Data Subject relating to his/her Personal Data Processing, the corresponding record in the Database will include the legend “Information under Judicial Discussion”.


.CO INTERNET cannot use the Data Subject’s information that is subject to a claim, disputed by the Data Subject or has been blocked by order of the Superintendence of Industry and Trade (SIC, for its initials in Spanish).


If the Superintendence of Industry and Trade (SIC, for its initials in Spanish) identifies a risk that jeopardizes the fundamental rights of a Data Subject, it may request that .CO INTERNET S.A.S. temporarily block the data; .CO INTERNET S.A.S. must ensure that this is done as soon as possible.


.CO INTERNET S.A.S. must provide all the information the Superintendence of Industry and Trade (SIC, for its initials in Spanish) may require for the effective exercise of its duties.


PERSONAL DATA SAFETY AND SECURITY



(1) .CO INTERNET S.A.S., strictly applying the Principle of Safety and Security in Personal Data Processing (Subparagraph 4.4 herein) will provide the technical, human and administrative measures needed to make the records secure, thus avoiding their forging, loss, consultation or unauthorized or fraudulent use or access.


(2) .CO INTERNET S.A.S.’s obligation and responsibility is limited to providing the proper means to this end. .CO INTERNET S.A.S. does not guarantee the complete safety and security of its information nor will it be liable for any consequence stemming from technical failures or undue breach by third parties to the Database or files where the Personal Data Processed by .CO INTERNET S.A.S. and its Processors are kept.


(3) .CO INTERNET S.A.S. will demand that the services providers it engages adopt and comply with the proper technical, human and administrative measures for the protection of Personal Data by virtue of which said providers act as Processors.


TRANSMISSION AND DISCLOSURE OF PERSONAL DATA



(1) .CO INTERNET S.A.S. may share Processed Personal Data with its parent company to use and Process them in accordance with this Personal Data Protection Policy.


(2) .CO INTERNET S.A.S. may provide the Personal Data to third parties that are unrelated to .CO INTERNET S.A.S. whenever (a) dealing with contractors engaged for the performance of .CO INTERNET S.A.S.’s commercial and operational activities, (b) a transfer has been made, for any reason, of any business line to which the information pertains.


(3) Personal Data transmission contracts entered into by .CO INTERNET S.A.S. and Personal Data Processors will include clauses that will demand that the information be processed in pursuance of this Personal Data Protection Policy and will also include the following obligations for the Processor:


  • Process, on behalf of .CO INTERNET S.A.S. the Personal Data in accordance with the guiding principle.
  • Safeguard the safety and security of the Databases containing the Personal Data
  • Keep confidential the Personal Data Processing.

TERM OF ENFORCEMENT



This Personal Data Protection Policy will be in force as of October 20, 2016 and is linked to the Databases officially registered by .CO INTERNET S.A.S. on the technological platform of the Superintendence of Industry and Trade (SIC, for its initials in Spanish).



OUR USE OF COOKIES, WEB BEACONS, AND SIMILAR TECHNOLOGIES



First and foremost, we DO NOT sell your personal information. However, when you visit or interact with our sites, services, applications, tools or messaging, we or our authorized service providers may use cookies, web beacons, and other similar technologies to make your experience better, faster and safer, for advertising purposes and to allow us to continuously improve our sites, services, applications and tools. Any personal information or data collected by these technologies is used only by us or by our authorized service providers on our behalf.

What are cookies, web beacons and similar technologies

These technologies are essentially small data files placed on your computer, tablet, mobile phone or other device (“collectively, a “device”) that allows us to record information when you visit or interact with our websites, service, applications, messaging, and other tools. Though often these technologies are generically referred to as “Cookies,” each functions slightly differently, and is better explained below:

Cookies: Cookies are small (often encrypted) text files placed in the memory of your web browser or device when you visit a website or view a message. Cookies allow a website to recognize a particular device or browser. There are several types of cookies:

  • Session cookies expire at the end of your browser session and allow us to link your actions during that particular browser session.
  • Persistent cookies are stored on your device in between browser sessions, allowing us to remember your preferences or actions across multiple sites.
  • First-party cookies are those set by a website that is being visited by the user at the time in order to preserve your settings (e.g., while on our site).
  • Third-party cookies are placed in your browser by a website, or domain, that is not the website or domain that you are currently visiting. If a user visits a website and another entity sets a cookie through that website this would be a third-party cookie.

Cookies are used for a variety of purposes on our website. For example, they store information that allows us to present our site in your local language, or prices in local currency. They also communicate data to our servers when you visit our site, allowing you to stay logged in to your account during your visit or maintain the site preferences you set. Preventing your browser from accepting 1st party cookies will prevent the placement of some cookies that are classified as “Essential”.

Web beacons (pixels): A web beacon (also called “tracking pixels” or “image tags”) is a small file (most often a transparent, 1x1 GIF file) that loaded on our web pages. These pixels may work in concert with cookies to collect information about your visit, your web browser/device, browsing activity, or onsite behavior and provide that information to service providers. Pixels are most commonly used to collect anonymous traffic metrics (page visits, button clicks, order completion) used to analyze site performance.

Scripts: A script is a small piece of website code placed on our websites to power customer service tools like live chat, allow for the delivery of video tutorials in our help section, and allow us to provide interactive experiences to visitors. They are also used to collect data that we use for website analytics, or to provide data on the effectiveness of our advertising.

Similar technologies: Technologies that store information in your browser or device utilizing local shared objects or local storage, such as HTML 5 cookies, and other web application software methods. These technologies can operate across all of your browsers. In some instances, these technologies may not be fully managed by your browser and may require management directly through your installed applications or device. We do not use these technologies for storing information to target advertising to you on or off our sites.

What technologies do we use and why

Our cookies, web beacons and similar technologies serve various purposes, but generally they (1) are necessary or essential to the functioning of our sites, services, applications, tools or messaging, (2) help us improve the performance of or provide you extra functionality of the same, (3) help us to serve relevant and targeted advertisements, or (4) allow us to offer support tools that you utilize to interact with our care guides:

Strictly Necessary or Essential: "Strictly necessary" or “essential” cookies, web beacons and similar technologies let you move around the website and use essential features like secure areas and shopping baskets. Without these technologies, services you have asked for cannot be provided. Please note that these technologies do not gather any information about you that could be used for marketing or remembering where you've been on the internet. Accepting these technologies is a condition of using our sites, services, applications, tools or messaging, so if you utilize tools that might prevent these from loading, we can't guarantee your use or how the security therein will perform during your visit.

Performance: Performance technologies may include first or third-party cookies, web beacons/pixels, and scripts placed in order to gather information about how you use our website (pages you visit, if you experience any errors, load times). These cookies do not collect any information that could identify you and are only used to help us improve how our website works, understand the interests of our users, and measure how effective our content is by providing anonymous statistics and data regarding how our website is used.

Advertising: Advertising technology may include first or third-party cookies, web beacons/pixels, and scripts placed in order to gather information on the effectiveness of our marketing efforts, deliver personalized content, or to generate data that allows for the delivery of advertising relevant to your specific interests on our sites, as well as third-party websites. We also utilize 3rd party service providers to assist us in delivering on the same functions, which means that our authorized service providers may also place cookies, web beacons and similar technologies on your device via our services (first and third party cookies). They may also collect information that helps them identify your device, such as IP address, or other unique or device identifiers.

Support: Support technologies may include first or third-party cookies, web beacons / pixels, and scripts placed in order to provide tools for you to interact with our customer support teams. This technology allows us to provide chat services, gather customer feedback, and other tools used to support our visitors. Data collected for these purposes is never used for marketing or advertising purposes.

How to manage, control and delete these technologies

You may block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) it may limit your use of certain features or functions on our website or service. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies as soon as you visit our site. Please note, as further described in our Privacy Policy , we currently do not alter our practices when we receive a “Do Not Track” signal from a visitor’s browser.

Internet browsers allow you to change your cookie settings. These settings are usually found in the 'options' or 'preferences' menu of your internet browser. In order to understand these settings, the following links may be helpful. Otherwise you should use the 'Help' option in your internet browser for more details.

If you wish to withdraw your consent at any time, you will need to delete your cookies using your internet browser settings.

More information about cookies

Contact Us

We hope the information in this policy provides you with clear information about the technologies we use and the purposes for which we use them, but it you have any additional questions, or require any additional information, please review our Privacy Policy or contact us at help@go.co