These privacy policy apply to all Services, and are an integral part of the Agreement.
1. Definitions
The terms defined here and used in this Policy will have the meaning assigned here
both in their singular and plural sense, the rest of the defined terms will have the
meaning detailed in the rest of the documents that make up the Contract.
"Supplier" means the Seven Minds SAS legal entity that owns the Sevenminds
application, who signs the Format and provides the Services.
“Client” means the natural or legal person that signs the Format and contracts the
Services.
"Customer Data" means all data, including all text, sound or image files and software or
any other type of file or link that the Customer, its Subsidiaries or Customers provides or
provided on its behalf to the Supplier through the Use of the Services.
"Username" means the person or individuals who access and use the Services; and
which are employees, contractors, subcontractors or third parties authorized by the
Client to access and use the Services and always having the Client contracted the
Services that the Provider provides.
"Sensitive User Data" are all the personal data of the users such as Location Data,
gallery images, device contacts, phone calls, text files, sound and software or any other
type of file or link that the User provide on your behalf to the Provider by using the
Sevenminds app.
2. Privacy
2.1 Privacy practices The Supplier declares that it complies with all the regulatory requirements on data
protection and privacy applicable to the provision of services such as the Services
contained herein, and that the laws of both the United States territory and the Republic
of Colombia require. In turn, the Services are provided through third parties which
declare that they comply with the previous laws in relation to the regulations applicable
within the United States of America. Consequently, the Supplier will not be responsible
for complying with any privacy law applicable to special categories of data or to the
Client or its economic sector or data protection that is not generally applicable to
information technology service providers.
2.2 Sensitive User Data: The Provider will process Sensitive User Data stating that: (i)
It will not acquire any type of right over Sensitive User Data (ii) It will not use or disclose
Sensitive User Data for any purpose other than those that are indicated in this Policy (iii)
Will not reveal Sensitive User Data to be used for commercial or advertiser purposes.
2.3 Customer Data The Supplier will process Customer Data in accordance with the
provisions of this document, (except for the exceptions contained in this Contract) and
declares that: (i) it will not acquire any type of right over the Customer Data; and (ii) you
will not use or disclose Customer Data for any purpose other than those indicated in this
Policy.
2.4 Uses and destination of Customer Data by the Supplier The Supplier will use
and allocate the Customer Data according to the following terms: 2.4.1 The Client Data
will be used only to provide the Client with the Services, including actions aimed at
improving the service or preventing-solving problems that may occur in the provision of
the Services. 2.4.2 The Supplier will only reveal Customer Data when legal or regulatory
provisions, as well as competent public entities expressly demand it. In any case, the
Supplier will make its best efforts to communicate this fact to the Client within the
shortest possible time and even redirect the public entity directly to the
Client. 2.4.3 Upon expiration of this Contract or with the termination of the obligation to
provide the Services, the Supplier will make available to the Customer and for a period
of fifteen (15) calendar days the necessary means for the Customer to withdraw
Customer Data . Once the period indicated here has expired, the Supplier will proceed
to delete and destroy the Client Data, after which they will not be accessible to the
Client or any third party. 2.4.4 The Provider will not process or respond to requests of
any nature from Users with respect to Customer Data without the prior, express and
written consent of the Customer, except for those cases expressly included in the
applicable laws. In any case, the Supplier will make its best efforts to communicate this
fact to the Client within the shortest possible time. 2.4.5 The Supplier will have the
capacity of Data Processor and therefore, will process the Client Data on behalf of the
Client. The Supplier may transfer, store and process Customer Data in the United
States of America, the Republic of Colombia and in the territory where the Client
accesses the Services, as well as in any other country in which the Supplier, its
Subsidiaries or subcontractors They maintain facilities. 2.4.6 Supplier personnel will not
have direct access and will not process Customer Data without prior express and
written authorization issued by the Customer. In any case, the Supplier's staff is obliged
to maintain the confidentiality of the Customer Data for the duration of their employment
contract and for two (2) more years after its termination. 2.4.7 The Supplier may
subcontract other companies to provide certain services necessary for the adequate
provision of the Services and as support to the Client. Therefore, the Client authorizes
the Supplier to transfer Client Data to the subcontractors and that said Supplier
subcontractors to access Client Data only in order to provide services necessary for the
provision of the Services, and in any case the subcontractors have the prohibition of
using the Customer Data for different purposes than those of the provision of the
Services. Moreover, subcontractors have and will have the same and the same level of
obligations as the Supplier with respect to Customer Data in accordance with the terms
and conditions set out in this Policy. The foregoing will be legally enforceable to
subcontractors in accordance with the agreements signed or signed between the
subcontractors and the Supplier in that regard. The Supplier will be responsible for the
use that subcontractors give to Customer Data. The Supplier in no case, with the
exceptions set out above or whenever there is express consent of the Client, will
transfer personal data of the Client to any third parties.
3. Obligations of the Client
3.1 The Client as well as its Subsidiaries and Users must comply with each and every one of the applicable legal requirements on privacy, data protection and confidentiality of communications related to the use of the Services.
3.2 In the event that the Client provides personal data so that its Subsidiaries or Users access the Services, both they and the Client give their express permission to the Supplier so that he or she can contact any of them for the purpose of improving the provision of the Services or any other matter related to the Services. In any case, the Supplier will make available to the Client, its Subsidiaries and Users the necessary means to not continue receiving communications from the Supplier for the purposes set forth herein.
4. Responsibility of the Parties
Regarding the Services the Client will have the status of data controller and the Data Processor Provider, and therefore the Client will be ultimately responsible for the Client Data. The Supplier in its role of data processor, will act at all times on behalf of the Client and therefore following the instructions of the latter. This Policy, together with the rest of the documents that make up the Contract, are the complete and definitive instructions given by the Customer to the Supplier for the processing of Customer Data.
5. Duration and destination of data processing.
The duration of the processing of Client Data will be the Term of the Contract as determined in the General Terms and Conditions, being the object and the unique destination of the processing of the Client Data, including personal information, for the appropriate Provision of services.
6. Access to Customer Data.
The Provider will allow the Customer access, modification, correction, deletion or blocking of their Customer Data or that such actions are performed by the Provider at the express request and on behalf of the Customer, all during the Term.
7. Ownership of the Client Data
The Client will retain all rights, ownership and interest in the Client Data and therefore the Supplier does not acquire any rights over the Client Data, beyond the rights that the Client grants to the Client Provider for the Services.
8. Personal
data Personal data (understood as those that serve to identify a specific person according to applicable laws) collected through the Services may be transferred, stored and processed in the United States of America or in the Republic from Colombia or in any other country where the Supplier or its contractors have facilities. By using the Services, the Client, its Subsidiaries and Users authorize the transmission of personal data outside their country and agree to obtain the necessary authorization from the people who provide personal data to: (i) transfer that data to the Supplier and contractors; and (ii) allow the transfer, storage and processing of that data.
9. Supplier security infrastructure
The Supplier has and maintains an adequate technical and organizational infrastructure for the protection of Customer Data. This infrastructure consists of but not limited to internal controls and the practice of security protocols designed to protect data against accidental loss, destruction or alteration; unauthorized disclosure or access; or destruction; as well as measures for the encryption of Customer Data. This infrastructure and the measures that it entails are the sole responsibility of the Supplier with respect to the security and handling of Customer Data, as well as with respect to any obligation of confidentiality agreed between the Parties; This statement is expressly accepted by the Client.
10. Security incidents
10.1 In the event that the Supplier has current knowledge and material of illegal access to the Client Data stored in the Supplier's equipment or infrastructure or any of its subcontractors; or unauthorized access to said equipment or infrastructure; resulting in both cases the loss, disclosure or alteration of Customer Data ("Security Incident"), then the Supplier: (i) will notify the Customer of the Security Incident; (ii) proceed to conduct an investigation regarding the Security Incident, providing the Client with information about the Security Incident; and (iii) take reasonable steps to mitigate the effects and minimize the damage caused by the Security Incident.
10.2The Client expressly accepts that: (i) a Security Incident that does not have the effects detailed in the following paragraph shall not be subject to what is stipulated herein; (ii) Security Incident means that incident which results in
unauthorized access to the Customer Data or to any of the equipment or infrastructure of the Supplier where the Customer Data is stored, including but not limited to , cyber attacks on firewalls or perimeter servers, port scanning, failed login attempts, denial of service attacks, packet sniffing (or other unauthorized access to traffic data that does not imply access beyond IP addresses or headings) or similar incidents;
10.3 Any notification of Security Incidents made by the Supplier to the Client will be made via email and within a reasonable period of time. On the other hand, it will be the Client's responsibility to ensure that his network administrators or information technology personnel maintain accurate contact information of the Supplier, as well as constant communications with the Supplier. In any case, the Client is solely responsible for reviewing the Contract and therefore making a decision regarding the contracting of the Services.