INTERNACIONAL EJECUTIVA DE AVIACIÓN S.A.S (hereinafter “IEA”) located on the freight terminal, last left turn, Hangar No. 13. JMC Airport, Rionegro – Antioquia, telephone number 3158510, e-mail servicioalcliente@interejecutiva.com, colombian company identified whit NIT. 800.158.130-0 in compliance with the provisions of law 1581 of 2012 and its regulatory statute No. 1377 of 2013, which regulate the protection of personal data and establish the legal guarantees that must be met by all people in Colombia for the proper processing of such information, develops the following policies for the processing of personal data within the Company. The terms used in this Policy with initial capital letters shall have the meaning set out in Annex No.1 “Definitions”. IEA will be responsible for the processing of personal data. The Compliance Department shall oversee the processing of personal data. Any communication on the matter shall be made via e-mail: proteccióndedatos@interejecutiva.com.

I. PRINCIPLES APPLICABLE TO THE PROCESSING OF PERSONAL DATA:

The protection of personal data in IEA will be subject to the following rules, on the basis of which internal processes related to the processing of personal data will be determined and interpreted in a harmonious manner, comprehensive and systematic approach to resolving conflicts in this area, principles enshrined in international standards, in Colombian law and the jurisprudence of the Constitutional Court, which has developed fundamental rights linked to personal data.

Informed consent or freedom principle. The Processing of Personal Data within IEA, can only be done with consent, prior, express and informed of the holder. The data shall not be obtained, treated or disclosed without the authorization of the holder, except legal or judicial mandate to replace the express consent of the holder.

Legality. The Processing of Personal Data in Colombia is a regulated activity and therefore processes and recipients of this standard should be subject to the provisions of this standard.

Purpose of the Data. The processing of personal data must obey to a legitimate purpose, in accordance with the Constitution and the law, which must be informed in a concrete, precise and prior to the holder so he can express his informed consent.

Data Quality or Veracity. Personal data collected by IEA must be truthful, complete, accurate, verifiable, understandable and maintained updated. The processing of partial, fractioned, incomplete or mislead data is prohibited.

Transparency. In the processing of personal data will be guaranteed the right of the holder to obtain and know from the person in charge of the processing, information about the existence of data concerning him. In the collection of personal data by IEA the purpose of the processing and/or the database should be considered; therefore, the data should be appropriate, relevant and not excessive or disproportionate in relation to the purpose. The collection of disproportionate personal data in relation to the purpose for which they are obtained is prohibited.

Restricted Access and Circulation. Personal data collected or processed by IEA will be used by this company or its associates only within the scope of the purpose and authorization granted by the holder of the personal data, therefore, the Data shall only be transferred to third parties who require this data for the provision of any service to IEA, that is necessary and that has the same purpose given by IEA to such Personal Data. The holder with its authorization will empower IEA in the same way to the transfer and cession of his Personal Data for the purposes by him authorized to processors or their related. Personal Data in custody of IEA may not be available on the internet or any other means of dissemination unless the access is technically controllable and secure, and such access has the purpose to provide restricted knowledge only to holders or to authorized third parties in accordance with the standards of the law and the principles that rule the matter. It is excepted from the above the events in which by express legal provision there must be disclosure of such data in mass media such as the internet or the prior existence of authorization by the holder of the information.

Temporality of the Data. Once the purpose for which the Personal Data was collected has been exhausted, IEA must cease its use and therefore take appropriate measures to ensure its elimination. To this end, account shall be taken of the commercial law obligations relating to the preservation of the merchant´s books of commerce and correspondence. However, if deemed necessary, Data may remain in the Databases of IEA when required to fulfill a legal duty or court order, as well as when its processing its limited to its conservation for historical or statistical purposes.

Data Security. IEA, as controller or processor of Personal Data shall adopt the physical, technological and/or administrative security measures that are necessary to ensure the attributes of integrity, authenticity and reliability of Personal Data. IEA, in accordance with its classification of Personal Data within the organization, shall implement the high, medium or low level security measures, applicable as the case may be, in order to prevent adulteration, loss, leakage, consultation, unauthorized or fraudulent use or access.

Confidentiality. IEA and all persons involved in the processing of Personal Data have a professional obligation to keep and maintain the confidentiality of such data, subject to legal exceptions. This obligation remains even after the end of the relation that gave rise to the collection and processing of the data. IEA will implement in its contractual relations data protection clauses in that regard.

Duty to Inform. IEA will inform Personal Data Holders of the data protection regime adopted by the organization, as well as with respect to the purpose and other principles governing the processing of such data. It will also report the existence of the personal Databases that it maintains, the rights and the exercise of the Habeas Data by the Holders and will carry out the registration required by law.

Special Protection of Sensitive Data. IEA shall not collect, or process Personal Data exclusively linked to political ideologies, union affiliation, religious beliefs, sexual life, ethnic origin and/or health data, unless expressly authorized by the holder or by express legal provision. No IEA activity shall be conditional on the data controller providing sensitive Personal Data, except where it is imperative for the benefit of the data subject or because the specific situation so requires.

II. RIGHTS OF THE DATA HOLDER

Holders of personal data contained in databases that rest in IEA information systems, have rights described in this section in compliance with fundamental guarantees enshrined in the Constitution and the law. The exercise of these rights may be performed by the holder of the personal data, in accordance with legal provisions governing the exercise of those rights. For the exercise of these rights the holder of the information may contact the entity through written communication addressed to the following e-mail address protecciondedatos@interejecutiva.com or written document addressed to the following address: Via Terminal Cargo, last turn to the left, Hangar No.13, Airport JMC, Rionegro – Antioquia.
The exercise of the Habeas Data expressed in the following rights, constitutes a power and shall be exercised exclusively by the holder of the data, except when a legal text provides otherwise.

Right of Access. This right includes the faculty of the Holder of the data to obtain all information concerning his own personal data, whether partial or complete, the processing applied to them, the purpose of the processing, the location of databases containing their personal data, and of communications and/or cessions made in respect thereof.
Access to personal data that have been the subject of processing is guaranteed free of charge once a month or whenever there are substantial changes to these information processing policies that give rise to further consultation. For queries more frequently than once per calendar month, the entity may charge the holder for the costs of sending, reproducing and, when appropriate, certifying documents.

Right to Update. This right includes the faculty of the data holder to update his personal data when these have had some variation.

Right of Rectification. This right includes the faculty of the data holder to request the modification of data that turns out to be inaccurate, incomplete or non-existent.

Right of Cancellation. This right includes the faculty of the data holder to cancel or delete his personal data when they are excessive, irrelevant or the processing is contrary to the rules, except when a legal text provides otherwise , or when they are maintained by reason of existence of a contractual or commercial relationship.

Right to Revoke Consent. The data holder has the right to revoke the consent or authorization that enabled IEA for the processing with a certain purpose, except in those cases when a legal text provides otherwise and or when necessary in a specific contractual framework.

Right of objection. This right includes the faculty of the data holder to object to the processing of his personal data, except in cases where such right does not proceed by legal provision or because it infringes general interests beyond the particular interest. IEA based on the legitimate rights argued by the data holder, will make a proportionally or a weighting judgment in order to determine the pre-eminence or otherwise of the data´s holder particular right in relation to other rights.

Right to submit complaints and claims or to take legal actions. The Holder of Personal Data has the right to submit to IEA consultations and complaints in accordance with the laws regulating them and complaints to the Superintendence of Industry and Commerce, or the competent entity. IEA shall respond to requests from competent authorities concerning the rights of the Holders of the personal data.

Right to Grant authorization for Data Processing. In accordance with the principle of informed consent, the data Holder has the right to grant his authorization, by any means that may be subject to subsequent consultation, to process his personal data in IEA.

Exceptionally, this authorization won´t be required in the following cases:
• When the information is required or must be delivered to a public or administrative entity in compliance of its legal functions, or by court order.
• In case of data of a public nature.
• In cases of medical or health emergencies.
• When processing information authorized by law for historical, statistical or scientific purposes.
• Incase of personal data relating to the Civil Registration of persons.
In these cases, although the Holder´s Authorization is not required, the other legal principles and provisions on the protection of personal data will apply.
These rights may be exercised by:
• The Holder of the data, who must provide sufficient proof of his identity by the various means provided by IEA.
• The successors in title of the holder, who must proof such quality.
• The representative and/or the attorney of the holder, after accreditation of the representation or the empowerment.
• Another in favor or for which the holder has stipulated.

III. GENERAL POLICY

For the protection of personal data and the processing thereof as a general objective of IEA is to ensure the confidentiality, integrity, freedom veracity, transparency and availability of information and databases of its shareholders, suppliers, applicants, employees and former employees, ensuring availability of the technological infrastructure for the processing of personal data collected for legal, contractual and commercial purposes, (Security studies, to inform the various authorities required for the provision of the service, such as the aeronautical, customs and immigration authorities in Colombia and abroad; to carry out security; comply with accounting standards, and as provided by governmental and regulatory entities; exercise control of payments for rendered services, and conduct consultations, audits, simulations and reviews arising from the business relationship)

To this end, IEA undertakes to comply with current legislation, seeking always effective mechanisms for the protection of the rights of the holders of personal data to which it gives processing and, manage and develop measures containing adequate security conditions to prevent fraudulent adulteration, loss, consultation, use or access to information.

The Data Processing Authorization requested in each case shall indicate that the data may be transferred to entities that will fulfil the function of controllers under the terms established by Law 1581 of 2012 or those related to the organization. All IEA Database Managers shall be bound by this Data Protection Policy.

IV. GENERAL PURPOSES FOR DATA PROCESSING

The processing of the personal data of the person with whom IEA has established or establishes a permanent or occasional relationship shall be carried out within the legal framework governing the matter. In any case, personal data may be collected and processed in order to:
a. To develop the corporate object of IEA according to its bylaws.
b. Comply with applicable labor, tax and commercial standards.
c. Comply with the provisions of the Colombian labor and social security legislation, including those applicable to former employees, current employees and candidates for future employment.
d. Conduct surveys related to IEA services or goods.
e. Forward IEA business information.
f. Develop programs in accordance with its bylaws.
g. Comply with all its contractual commitments.
h. Provide the non-regular commercial passenger transport service and the ground handling assistance service.
i. Perform safety analysis and safety studies.
j. Conduct advertising and marketing campaigns.
k. Data verification via query to public or central risk databases.
l. Share with third parties that collaborate with IEA and that for the fulfillment of their functions, must access to some extent of the information, such as concessionaires, providers of messaging services, advertising agencies, collection houses, product suppliers and service centers for warranty purposes.
m. To strengthen commercial relations; to comply the obligations assumed in the event of the conclusion of any contract. Inform about new requirements; to conclude agreements with third parties; to assess the levels of service received; to carry out processes of control and accounting of the obligations assumed; to carry out the compliance of fiscal, accounting, tax and procedural norms with governmental and regulatory entities; to exercise control of payments for services received, and to carry out consultations, audits, simulations and revisions derived form some commercial relationship; to support the auditing processes of the Company.
n. Any other purpose that will result in the development of the relationship between IEA and the Holder.
o. Comply with the Aeronautics, Immigration, Customs and security regulations for the development of IEA activities.

V. SPECIFIC POLICIES FOR THE PROCESING OF PERSONAL DATA

The operations that constitute the processing of personal data by IEA, in its capacity as responsible or in charge of it, shall be governed by the following parameters.

1. Personal Data related to human resource management.

There shall be separate databases for the processing of personal data before, during and after the employment relationship.

1.1. Data processing before the contractual relationship.

IEA shall inform in advance the persons interested in participating in a selection process of the rules applicable to the processing of personal data supplied by the data Holder, as well as those obtained during the selection process.

When IEA hires third parties to advance or support selection processes, in the respective contracts shall provide that the personal data collected shall be processed in compliance whit its Data Protection Policy.

The purpose of the provision of the data provided by the IEA vacancies and personal information obtained from the selection process is limited to information related to their participation in it; therefore, its use for different purposes is prohibited.

1.2. Data processing during the contractual relationship.

IEA will store the personal data obtained during the selection process of the employees in a folder identified whit the name of each of them. This digital physical folder will only be accessed and processed by the Human and Administrative Management Area and for the purpose of managing the contractual relationship between IEA and the employee.

The use of employee information for purposes other than those set out in the employment contract and authorizations signed for the purpose is prohibited in IEA. The different use of employee´s personal data and information shall only proceed by order of the competent authority, provided that such authority is vested in it. It shall be for IEA to assess the competence and effectiveness of the competent authority´s order, in order to prevent an unauthorized transfer of personal data.

For the purposes of the Processing of sensitive personal data that are collected during the employment relationship, Express Authorization of the Data Owner will be required to inform you which Sensitive Data will be processed and the purpose of it.

By external services that IEA may require, in the processing of data during the contractual relationship, the transfer of such data to a third party may be necessary in order for the third party to be responsible for the administration of the processing. In this case, the authorization for data transfer shall be included in the employee´s express authorization for the processing.

1.3. Processing of data after termination of the contractual relationship.

Upon termination of the employment relationship, whatever the cause, IEA will proceed to store the personal data obtained from the selection process and documentation generated in the development of the employment relationship, in a central file, by subjecting such information to high security measures and levels, by virtue of the potential that the occupational information may contain Sensitive Data.

The personal data of the former employees are kept exclusively for the fulfillment of the following objectives:
i. Comply whit Colombian or foreign law and the orders of judicial or administrative authorities or private entities in the exercise of public services;
ii. Issue certifications regarding the relationship of the data holder whit the company.
iii. Statistical or historical purposes.

2. Processing of personal data of shareholders.

Personal data and information of natural persons who have become shareholders of IEA shall be considered as classified information, because it is registered in the commercial books and has the character of a legal reservation. However, the information shall be disclosed in the cases laid down by the rules governing the stock market.

Accordingly, access to such personal information shall be in accordance with the provisions of the Commercial Code and other relevant regulations.

The purposes for which the personal data of the shareholders will be used are as follows:
i. To allow the exercise of the duties and rights deriving from the status of shareholder;
ii. Sending invitations to events scheduled by the Company;
iii. Issuance of certifications regarding the relationship of the data holder with the Company;
iv. Other authorizations issued by the shareholders themselves.

3. Processing of personal data of suppliers.

IEA will only collect from its supplier’s data that is necessary, relevant and not excessive for the purposes of selection, evaluation and performance of the contract to which it relates. Where IEA is required by law to disclose data on the supplier as a natural person, as a result of procurement proceedings, it shall be made with provisions which comply with this rule and which warn third parties of the purpose of the information being disclosed.

The purposes for which the personal data of suppliers will be used are:
i. Sending invitations to contract and deciding for the pre-contractual and post-contractual stages;
ii. Sending invitations to events scheduled by the Company or its affiliates;
iii. Other specific provisions of the authorizations granted by the suppliers themselves, where required in accordance with legislation in force or in accordance with Law 1581 of 2012.
IEA may collect personal data from the employees of its suppliers when, for security reasons, it must analyze and assess the suitability of certain persons, considering the characteristics of the services contracted with the supplier.
The purpose of the collection of the personal data of the employees of the suppliers by IEA, will be to verify the suitability and competence of the employees; therefore, once verified this requirement, IEA will return such information to the supplier, except where expressly authorizes its use.
When IEA delivers personal data of any holder to its suppliers, these shall protect the personal data provided, in accordance with existing rules. For this purpose, the provision of the respective audit will be included in the contract or document that legitimizes the delivery of the personal data. IEA shall verify that the data requested are necessary, relevant and not excessive in relation to the purpose for which the request for access is based.

4. Processing of Passenger and Crew personal data.

IEA shall collect only from passengers and crew benefiting from the services provided by IEA, data that is necessary, relevant and not excessive for the purpose of providing the service to be performed, carry out formalities with authorities such as DIAN and Migration, draw up the documents required to carry out the service, carry out security studies, comply with airport and hangar security policies, identify service users and comply with the regulation regarding the operation that IEA provides.

RECORDING, FILMING AND COMMUNICATIONS

As part of its communication strategy, the entity has at its shareholders, customers and user’s disposal, the website of the entity and various ways of making contact, such as written communications, telephone contact, presentation of newsletters and communiqués.
Images, references, articles or communications from employees of the institution, its clients or attending events organized or sponsored by IEA.
Such information and data shall in no way be used or shared with third parties for commercial purposes or activities other than the purpose of publicizing the activities and services of IEA or its affiliates. The entity undertakes to carefully review the information that will be published in any form, in such a way that it doesn’t violate the dignity, intimacy or good name of any of the people who may appear in their communications.
The delivery of information by the owners in any form, does not pass on to the entity the intellectual property or the moral rights in the same. The intellectual property rights remain with the owner.
Likewise, the transfer of rights of images, photographs or videos captured and/or filmed in the field of the employment and/or professional relationship with IEA, and in general other personal data shared, through any medium of dissemination and communication doesn´t bring with it rights to receive compensation or recognition of any type, since the authorization and transfer of rights are carried out free of charge.

VI. DATA ON MINORS

The entity does not process the personal data of minors in any of its activities. However, if any processing of information is required for any reason whatsoever, account shall be taken of its overriding interest and shall in no way be taken of it without the prior authorization of their legal representatives.
In the events in which the minors enjoy the services of INTEREJECUTIVA as passengers of the Aircraft to which they are provided the different services, authorization for the processing of personal data shall be sought from the person legally responsible.

VII. PROCEDURE FOR DEALING WITH QUERIES, COMPLAINTS, REQUESTS FOR RECTIFICATION, UPDATING ANS DELETION OF DATA

The holders or their successors in title may consult the personal information of the holder that rests on IEA, who shall supply all the information contained in the individual register or that is linked to the identification of the holder.
Likewise, the IEA provides the mechanism through which the holder can file claims for the purpose of updating, rectifying, deleting the data or permanently revoking the authorization.
In any case, regardless of the mechanism implemented for attention of requests for consultation, they will be answered within a maximum of ten (10) working days from the data of their receipt. Where the consultation cannot be completed within a period, the person concerned before the expiry of the (10) days, stating the reasons for the delay and indicating the date on which the consultation shall be carried out, which in no case may exceed five (5) working days after the expiry of the first period. Consultations may be made by e-mail protecciondedatos@interejecutiva.com.

VIII. INFORMATION SECURITY MEASURES

In compliance with the principle of safety laid down on the legislation in force, IEA shall adopt such technical, human and administrative measures as may be necessary to ensure the security of the registers by preventing their adulteration, loss, consultation, unauthorized or fraudulent use or access.

IX. POLICY CHANGES

The Company reserves the right to modify the Personal Data Protection Policy at any time. Any modification shall be communicated in a timely manner to the Data Owners through the usual means of contact and/or through their website ten (10) working days before its entry into force.
In case of disagreement for valid reasons that become a just cause with the new personal information management policies, the Holders of the information or their representatives may request the entity to withdraw its information through the channels indicated above, however, it may not request the removal of data while maintaining a link of any order with the entity.

X. LAW, JURISDICTION AND VALIDITY

Any interpretation, judicial or administrative action arising from the personal data that make up the database of the entity and this policy shall be subject to the rules of personal protection established in the Republic of Colombia and the competent administrative or jurisdictional authorities for the resolution of any concerns, complaints or claims about them will be those of the Republic of Colombia. On the other hand, in general, the information of our databases will remain processed while a legal or contractual relationship is maintained with the owner of the information.

In any case, generally speaking, the information will not be processed for a period longer than one (1) year from its collection according to the legal or contractual circumstances that make it necessary to handle the information, without prejudice to the fact that, in any case, it is maintained if necessary to comply with statistical, historical or any legal obligations.

Date of publication and entry into force: 1 October 2014.

ANNEX No. 1 “Definitions”

Human and Administrative Management Area: Area in charge of managing human, administrative and the Company´s processes.

Authorization: Prior, express and informed consent of the Owner to carry out the processing of personal data.

Notice of Privacy: Document generated by the responsible, which is made available to the owner for the processing of his personal data in case of not being able to make available the privacy policy.

In general IEA has at the disposal of all its employees, customers, shareholders, users and in general holders of personal data, its personal data policy easily accessible through its website www.interejecutiva.co. However, if the implementation of this notice is necessary for a particular channel of communication, it must contain at least the information relating to the existence of the information processing policies applicable to it and the characteristics of the processing to be given to the data.

Database: An organized set of personal data that is processed, regardless of whether they are structured or not.

Company: INTERNACIONAL EJECUTIVA DE AVIACIÓN S.A.S.

Personal Data: Any information linked to or likely to be associated with one or more specific or identifiable natural persons. Personal data may be public, semi-private or private.

Private Data: It is the data, due to its intimate or reserved nature, is only relevant to the holder, such as biometric data and clinical history, among others. This type of data is not processed by IEA, unless it is information necessary for the development of a project specific to its social object or it is the internal handling of the information of its officials, prior authorization given by them, if necessary.

Public Data: This is the data qualified as such according to the mandates of the law or the Political Constitution and all those that are not semi-private or private. Information contained in public documents, duly enforceable court rulings that are not subject to reservation and information relating to the civil status of individuals are made public.
According to the concepts established by the Superintendence od Industry and Commerce, the directory data or those that are found in searches on the internet cannot be considered public and its treatment must be based on the principles of handling of personal information.

Semi-private: It is the fact that it has no intimate, reserved or public nature and whose knowledge or disclosure may be of interest not only to the holder, but to a certain sector or group of persons, or to the society at large, such as compliance with obligations under credit risk centers.

Sensitive Data: Those who affect the privacy of the owner or whose misuse could cause discrimination, such as those revealing racial or ethnic origin, political orientation, religious or philosophical convictions, membership of trade unions, social organizations, of human rights or promoting the interests of any political party or guaranteeing the rights and guarantees of opposition political parties, as well as data on health and sexual life.
This type of data may be processed by IEA after authorization of its officials, customers or shareholders to do so.

Person in Charge of Treatment: Natural or legal person, public or private, who by himself or in association with others, performs the processing of personal data on behalf of the controller.

External Fraud: Acts, carried out by a person external to the entity, that seek to defraud, misappropriate assets or information of the entity for the benefit of itself or a third party, or violate rules or laws.

Internal Fraud: Acts which intentionally seek to defraud or misappropriate entity´s assets, confidential information, IEA’s own information or breaking rules or laws, involving at least an official of the entity for his own benefit or of a third party.

National Register of Databases: Public directory of databases subject processing in Colombian territory. Databases located outside Colombian territory, if any, shall be registered when Colombian law applies to IEA or to those responsible for the processing, under internal rules or international treaties.

Person Responsible for the Processing: A natural or legal person, public or private, who himself or in association with others decides on the database and/or the processing of data.

Superintendence of Industry and Commerce: National authority for the protection of the personal data, through the Delegation for the Protection of Personal Data.

Holder of the Information: Natural person whose personal data are processed.

Transfer: When the controller and/or processor of the personal data, located in Colombia, sends the information or personal data to a receiver, who is in turn Responsible for the processing, which is located in or outside the country.

Transmission: Processing of personal data involving the communication of such data within or outside the territory of the Republic of Colombia when the purpose of the processing is to be carried out by the person in charge on behalf of the controller.

Treatment: Any operation or set of operations on personal data, such as collection, storage, use, circulation or deletion.

Chat
🇪🇸 Hola, ¿en qué podemos ayudarte?
🇬🇧 Hello, how can we help you?