GENERAL

This policy is defined in accordance with the entry into force of the Statutory Law 1581 of 2012, which aims to dictate the general provisions for the protection of personal data and develop the constitutional right of all persons to know, update and rectify the information that has been collected about them in databases or files as well as the right to information; therefore, BELIEVE IT GROUP, as Owner of BAXNETWORK.COM taking into account its status as responsible for the processing of personal data that assists it, is allowed to formulate this text to comply with such regulations effectively and especially for the attention of inquiries and complaints about the processing of personal data collected and handled by BELIEVE IT GROUP through its digital product BAX.

The right to HABEAS DATA is the right of every person to know, update and rectify the information collected about them in files and data banks of public or private nature and guarantees all citizens the power of decision and control over their data. Therefore, BAX accepts such provisions considering that it is continuously collecting and carrying out various treatments to databases of customers, shareholders, suppliers, business partners, and employees for the development of its corporate purpose.

Under the preceding, within the legal and corporate duty of BAX to protect the right to privacy of individuals, as well as the power to know, update or request information about them that is stored in databases, BAX has designed this policy for handling personal data and databases in which the treatment of Personal Information to which you have access through our website is described and explained, e-mail, physical information (strips), text messages, voice message, App, phone calls, face to face, physical or electronic media, current or in the future to be developed as other communications sent as well as through third parties involved in our business or legal relationship with all our customers, employees, suppliers, shareholders, strategic allies and related parties.

The present document will be adjusted to regulate the regulations applicable to the matter, and new provisions come into force.

GENERAL OBJECTIVE

OBJECTIVE: To establish the criteria for the collection, storage, use, circulation, and suppression of personal data processed by BAX.

DEFINITIONS

Authorization: It is the consent given by any person so that the companies or persons responsible for processing information can use their data.

– Data Subject: The natural person whose personal data is the object of processing.

– Database: Organized set of personal data that are subject to processing.

– Personal data: This is any information linked, or that can be associated with a specific person, such as name or identification number, or that can make it determinable, such as physical traits.

– Processing: Any operation or set of operations on personal data, such as collection, storage, use, circulation, or deletion.

– Data processor: The natural or legal person who carries out the processing of personal data, based on a delegation made by the data controller, receiving instructions on how the data should be managed.

– Data Controller: The natural or legal person, public or private, who decides on the purpose of the databases and/or their processing.

– Public data: It is one of the existing types of personal data. Public data includes, among others, data relating to the marital status of individuals, their profession or trade, and their status as merchants or public servants. Due to their nature, public data may be contained, among others, in public records, public documents, official gazettes and bulletins, and duly executed court rulings that are not subject to confidentiality.

– Semi-private data: Data that are not of an intimate, reserved, or public nature and whose knowledge or disclosure may be of interest not only to the owner but also to a specific sector or society in general. Financial and credit data from commercial or service activities are some examples.

Private data: Data that is only relevant to the owner due to its intimate or reserved nature. The tastes or preferences of individuals, for example, correspond to private data.

– Sensitive data: Data that affect the holder’s privacy or may lead to discrimination, i.e., data that reveal racial or ethnic origin, political orientation, religious or philosophical beliefs, membership in trade unions, social organizations, human rights organizations, as well as data related to health, sex life, and biometric data, among others.

– Privacy notice: It is one of the verbal or written communication options provided by law to inform the owners of the information, the existence and ways to access the policies of treatment of information, and the purpose of its collection and use.

– Transfer: This is the operation carried out by the controller or processor of personal data when they send the information to another recipient, who, in turn, becomes the controller of the processing of such data.

SCOPE: This policy applies to all personal information registered in the databases of BELIEVE IT GROUP and/or BAX, which acts as the party responsible for the processing of personal data.

RIGHTS THAT ALL HOLDERS OF PERSONAL DATA HAVE AGAINST THE COMPANY

Any process involving the processing by any area of the company of personal data of customers, suppliers, employees, and in general any third party with whom BAX has commercial and labor relations must take into account and inform them expressly and in advance, by any means that can keep a record of compliance, the rights of the owner of the data, which are set forth below:

1. The right to know, update, rectify, consult your data at any time before BAX concerning the data that you consider partial, inaccurate, incomplete, fractioned, and those that are misleading.
2. Right to request at any time proof of the authorization granted to BAX 3. The right to be informed by BAX upon request of the data owner regarding the use that has been made of them.
3. Right to revoke the authorization and/or request the deletion of any data when it considers that BAX has not respected its constitutional rights and guarantees.

CASES IN WHICH BAX DOES NOT REQUIRE AUTHORIZATION FOR THE PROCESSING OF DATA IN ITS POSSESSION

1. When the information is requested from the company by a public or administrative entity acting in the exercise of its legal functions or by court order.
2. When dealing with data of a public nature because they are not protected by the scope of application of the standard.
3. Events of medical or sanitary urgency duly verified.
4. In those events, the information is authorized by law for historical, statistical, and scientific purposes.
5. When dealing with data related to the civil registry of persons, this information is not considered as data of a private nature.

TO WHOM INFORMATION MAY BE PROVIDED BY BAX WITHOUT THE NEED FOR AUTHORIZATION FROM THE DATA SUBJECTS.

1. To the owners of the data, their heirs, or representatives at any time and by any means when requested by BAX.
2. To the judicial or administrative entities in the exercise of their functions that make any requirement to the company to deliver the information.
3. To third parties that are authorized by any law of the United States of America.
4. To third parties to whom the Data Subject expressly authorizes to deliver the information and whose authorization is delivered to BAX.

BAX’s Duties Towards Data Subjects

BAX recognizes that personal data are the property of the owners of such data and that only such persons may decide on such data.

In this sense, it will be used exclusively for those purposes for which it is empowered under the terms of the law, and to do so, it is allowed to inform the duties it assumes in its capacity as data controller:

1. The company shall seek the means to obtain the express authorization of the data owner to carry out any processing.
2. The company shall clearly and expressly inform its customers, employees, suppliers, and third parties in general from whom it obtains databases, the treatment to which they will be subjected, and the purpose of such treatment. To this end, the company shall design the strategy through which it shall inform them of the respective treatment in question for each event, mechanics, or data request that is made. Some of these means may be sending text messages, filling out physical forms, and using BAX websites.
3. The company must inform the owners of the data for each case, the optional nature of responding, and providing the respective information requested.
4. In all cases in which data is collected, all data subjects should be informed of their rights concerning their data.
5. The company must inform the identification, physical or electronic address, and telephone number of the person or area responsible for the treatment, including the BAX website, e-mail, or customer service telephone line.
6. The company shall guarantee at all times to the owner of the information the whole. The practical exercise of the right to habeas data and petition, i.e., the possibility of knowing the data about them that exists or is stored in the database, request the updating or correction of data and process queries, all of which shall be done through the mechanisms of consultations or claims provided for in this policy.
7. The company shall keep the stored personal data records with the appropriate security measures to prevent deterioration, loss, alteration, or unauthorized or fraudulent use. It shall periodically and timely update and rectify the data. Each time the owners of the same report new information or requests.

PERSON IN CHARGE OF THE TREATMENT

BELIEVE IT GROUP is responsible for the treatment; through this policy, it is allowed to inform your identification data:

Company name: BELIEVE IT GROUP

TAX IDENTIFICATION NUMBER: xxxxx

Principal place of business: xxxxxxxxx

Person or unit responsible for attending to requests, queries, and complaints: the area in charge of receiving and channeling all requests and concerns is CUSTOMER SERVICE through the e-mail [email protected], web page: https://baxnetwork.com and telephone: xxxxxxxx.

PERSON IN CHARGE OF THE TREATMENT

Eventually, BELIEVE IT GROUP. May have the status of PROCESSOR, in which case the identification data are as follows:

Company name: BELIEVE IT GROUP

TAX IDENTIFICATION NUMBER: xxxxxxxx

Principal place of business: xxxxxxx

Person or unit responsible for attending to requests, queries, and complaints: the area in charge of receiving and channeling all requests and concerns is CUSTOMER SERVICE through the e-mail [email protected], web page: https://BAX.co and telephone: xxxxxx

TREATMENT AND PURPOSE

The treatment that BELIEVE IT GROUP will carry out with the personal information will be the following: The collection, storage, use, and circulation of data for:

1. To carry out the appropriate steps for developing the company’s corporate purpose concerning the fulfillment of the intention of the contract entered into with the Data Subject.

2. Invite people to events and offer new products and services. Manage procedures (requests, complaints, claims).

3. Conduct satisfaction surveys regarding the goods and services offered by BAX.

4. Provide contact information to the sales force and/or distribution network, telemarketing, market research, and any third party with which BAX has a contractual relationship to develop such activities (market research and telemarketing, etc.) for the execution of the same.

5. Contacting the Data Subject by telephone to conduct surveys, studies, and/or confirmation of personal data necessary to execute a contractual relationship.

6. Contacting the Holder through electronic means – SMS or chat to send news related to loyalty campaigns or service improvement.

7. Contact the Holder via e-mail to send statements, account statements, or invoices in connection with the obligations arising from the contract entered into between the parties.

8. To comply with the obligations undertaken by BAX with the owner of the information concerning the payment of salaries, social benefits, and other remunerations outlined in the employment contract or as provided by law (in the case of employees of the organization).

10. Transfer personal data outside the country to the parent company of B DIGITAL SAS to comply with anti-money laundering regulations that apply to it.

11. Transmit personal data outside the country to third parties BAX has entered into a data processing contract. It is necessary to deliver it to them to fulfill the contractual purpose.

12. To render the services offered by BAX and accepted in the signed contract.

13. To provide information to third parties with whom BAX has a contractual relationship and that it is necessary to deliver it to them to fulfill the contracted object.

TREATMENT OF SENSITIVE DATA: (this only if the organization collects and processes sensitive data).

RIGHTS OF THE OWNERS: As the Owner of your data, you have the right to (i) Access free of charge to the data provided that have been subject to processing. (ii) Know, update, and rectify your information against partial, incomplete, incomplete, fractioned, misleading, or those whose treatment is prohibited or has not been authorized. (iii) Request proof of the authorization granted. (iv) File complaints before the Superintendence of Industry and Commerce (SIC) for violations of the provisions of the regulations in force. (v) To revoke the authorization and/or request the deletion of the data, provided that no legal or contractual obligation prevents their deletion. (vi) Refrain from answering questions about sensitive data.

PROTECTION OF PERSONAL DATA OF MINORS AND ADOLESCENTS

Under the provisions of Statutory Law 1581 of 2012 and Regulatory Decree 1377 of 2013, BAX ensures that the processing of personal data of children and adolescents will be carried out respecting their rights, which is why, in the commercial and marketing activities carried out by BAX, it must have the prior, express and informed authorization of the parent or legal representative of the child or adolescent.

ATTENTION TO REQUESTS, INQUIRIES, AND COMPLAINTS

The CUSTOMER SERVICE area is the unit in charge of processing the requests of the holders to enforce their rights.

PROCEDURE FOR THE EXERCISE OF THE RIGHT TO HABEAS DATA

In compliance with the rules on personal data protection, BAX presents the procedure and minimum requirements for the exercise of your rights: For the filing and attention of your request, we ask you to provide the following information: Full name and surname, Contact details (physical and/or electronic address and contact telephone numbers), Means to receive a response to your request, Reason(s)/fact(s) that give rise to the claim with a brief description of the right you wish to exercise (know, update, rectify, request proof of authorization granted, revoke it, delete, access to information) Signature (if applicable) and identification number. The maximum term provided by law to resolve your claim is fifteen (15) business days, counted from the day following the date of receipt.

When it is not possible to address the claim within such term, BAX will inform the interested party of the reasons for the delay and the date on which the claim will be handled, which in no case may exceed eight (8) business days following the expiration of the first term. Once the terms outlined in Law 1581 of 2012 and other rules that regulate or complement it has been complied with, the holder who is denied, in whole or in part, the exercise of the rights of access, updating, rectification, deletion, and revocation, may bring the case to the attention of the Superintendence of Industry and Commerce -Delegation for the Protection of Personal Data-.

VALIDITY

This Policy for the Treatment of Personal Data is effective as of September 30, 2019. The databases in which the personal data will be recorded will be valid for as long as the information is kept and used for the purposes described in this policy. One such purpose(s) are fulfilled, and provided that there is no legal or contractual duty to keep your information, your data will be deleted from our databases. Other examples of the period of permanence of the data in the database are: Personal data provided will be retained as long as the contractual relationship with the Data Subject is maintained. The personal data provided will be kept as long as the data subject does not request their deletion, and there is no legal duty to support them. The personal data provided will be saved for 15 YEARS from the last confirmation of interest from the Data Subject.