The Kaos Faktor LogoThe Kaos Faktor Home

Privacy Policy

Document No: TKF-LEG-001-V3

Date of elaboration: 17/05/2020

Date of modification: 29/01/2026

Version No: 003

PURPOSE

To disclose the Information Treatment Policies and procedures of the Personal Data Protection System implemented by TKF CONSULTING GROUP (TKF CONSULTING GROUP S.A.S.), in order to ensure proper compliance with Law 1581 of 2012 and Decree 1377 of 2013, which aim to develop the constitutional right of all people to know, update, and rectify the information collected about them in databases or archives, and other constitutional rights, freedoms, and guarantees referred to in Article 15 of the Political Constitution; as well as the right to information enshrined in Article 20 thereof.

SCOPE OF APPLICATION

The policies and procedures contained in this document will be applicable to personal data registered in any database that makes them susceptible to processing by TKF CONSULTING GROUP S.A.S. These policies are mandatory for TKF CONSULTING GROUP S.A.S. as the data controller, as well as for the processors who carry out the processing of personal data on behalf of TKF CONSULTING GROUP S.A.S. Both the controller and the processors must safeguard the security of the databases containing personal data and maintain confidentiality regarding the treatment.

DATA CONTROLLER

Name: TKF CONSULTING GROUP hereafter “TKF CONSULTING GROUP S.A.S.”.

Domicile: Bogotá D.C.

Address: Carrera 52A No. 123-50, Barrio El Batán.

Email: operaciones@thekaosfaktor.com

Phone: 315 0072404

Website: https://thekaosfaktor.com/

ECONOMIC ACTIVITY

7421 01 Companies dedicated to management consulting activities, including strategic, organizational, financial, innovation, communications, public relations, administrative process design, and support for private and public entities, among other activities inherent to the company's corporate purpose.

Article 1. Policy on the processing of personal data.

TKF CONSULTING GROUP wants to ensure that interested parties know how we safeguard the integrity, privacy, and protection of their personal data, in compliance with Law 1581 of 2012 and related regulations.

Indeed, it is a necessity for TKF CONSULTING GROUP S.A.S. to collect certain personal data to carry out the activities intrinsic to the normal course of its corporate purpose and in correspondence with this need, we assume the legal and social obligation to comply with the sufficient security requirements and mechanisms to protect those personal data that have been collected for the purposes described in this personal data treatment policy.

Article 2. Definitions.

  • Authorization: Prior, express, and informed consent of the Owner to carry out the processing of personal data.
  • Database: Organized set of personal data that is subject to treatment.
  • Personal data: Any information linked or that can be associated with one or several specific or determinable natural persons.
  • Processor: Natural or legal person, public or private, who by themselves or in association with others, performs the processing of personal data on behalf of the data controller.
  • Controller: Natural or legal person, public or private, who by themselves or in association with others, decides on the database and/or the processing of the data.
  • Owner: Natural person whose personal data are the object of treatment.
  • Treatment: Any operation or set of operations on personal data, such as collection, storage, use, circulation, or deletion.
  • Queries: Request for the owner's personal information that is stored in any database used by TKF CONSULTING GROUP S.A.S., on which it has the obligation to provide the owner or their successors with all the information contained in the individual record or that is linked to the identification of the Owner.
  • Claims: Request for correction, updating, or deletion of the information contained in a database used by TKF CONSULTING GROUP S.A.S., or request for alleged breach of any of the duties contained in Law 1581 of 2012, made by the owner or their successors.
  • Public data: Data that is not semi-private, private, or sensitive. Public data includes, among others, data relating to the civil status of persons, their profession or trade, and their quality as a merchant or public servant. By their nature, public data may be contained, among others, in public records, public documents, gazettes and official bulletins, and duly executed judicial sentences that are not subject to reservation.
  • Semi-private data: Data that is not of an intimate, reserved, or public nature and whose knowledge or disclosure may be of interest not only to its owner but also to a certain sector or group of people or to society in general, such as financial and credit data from commercial or service activities referred to in Title IV of Law 1581 of 2012.
  • Private data: Data that due to its intimate or reserved nature is only relevant to the owner.

Article 3. Authorization.

TKF CONSULTING GROUP S.A.S., as the processor and controller of the treatment, will collect the corresponding authorization from the owner for the treatment of their personal data, in accordance with the terms of this document. This work may be carried out: (i) directly; (ii) through its employees; (iii) through electronic means (web pages, emails, among others) and, in general, by any means permitted by Law 1581 of 2012, its regulatory decrees, or by the rules that modify, supplement, and replace them.

Paragraph: The owner may revoke their consent and/or request the deletion of their personal data processed by TKF CONSULTING GROUP S.A.S., unless they have a contractual or legal duty to remain in the database.

Article 4. PRINCIPLES.

The following principles will be taken into account by TKF CONSULTING GROUP S.A.S. in the process of personal data administration.

  • Legality in data processing. The treatment referred to in Law 1581 of 2012 is a regulated activity that must be subject to what is established in it and in the other provisions that develop it.
  • Treatment and Purpose. The treatment must obey a legitimate purpose in accordance with the Constitution and the Law, which must be informed to the owner. TKF CONSULTING GROUP S.A.S. carries out the processing of information from its databases for purposes related to the provision of its corporate purpose.
  • Freedom. The treatment can only be exercised with the prior, unequivocal, and informed consent of the owner. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal or judicial mandate that relieves consent.
  • Truthfulness or quality. The information subject to treatment must be truthful, complete, accurate, updated, verifiable, and understandable. The treatment of partial, incomplete, fractional, or misleading data is prohibited.
  • Transparency. In the treatment, the right of the owner to obtain from TKF CONSULTING GROUP S.A.S. or the data processor, at any time and without restrictions, information about the existence of data concerning them must be guaranteed.
  • Restricted access and circulation. The treatment is subject to the limits that derive from the nature of the personal data, the provisions of Law 1581 of 2012, and the Constitution. In this sense, the treatment can only be done by persons authorized by the owner and/or by the persons provided for in the Law. Personal data, except for public information, may not be available on the internet or other means of mass disclosure or communication, unless access is technically controllable to provide restricted knowledge only to the owners or authorized third parties in accordance with the Law.
  • Security. The information subject to treatment by the data controller or processor must be handled by taking the technical, human, and administrative measures that are reasonable to provide security to the records, trying to avoid their adulteration, loss, consultation, use, or unauthorized or fraudulent access.
  • Confidentiality. All persons who intervene in the processing of personal data that are not of a public nature are obliged to guarantee the reservation of the information, even after their relationship with any of the tasks that the treatment comprises has ended, and may only carry out the supply or communication of personal data when this corresponds to the development of the activities authorized in the Law and in the terms of the same.

Article 5. SENSITIVE DATA.

5.1. Definition: These are data that affect the privacy of the Owner or whose improper use can generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership in unions, social organizations, human rights organizations or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data relating to health, sex life, and biometric data.

5.2. Treatment: The treatment of sensitive data is prohibited, except when:

  • The owner has given their explicit authorization to said treatment, except in cases where by law the granting of said authorization is not required.
  • The treatment is necessary to safeguard the vital interest of the owner and they are physically or legally incapacitated. In these events, the legal representatives must grant their authorization.
  • The treatment is carried out in the course of legitimate activities and with the due guarantees by a foundation, NGO, association, or any other non-profit organization, whose purpose is political, philosophical, religious, or union, provided that they refer exclusively to their members or to people who maintain regular contacts by reason of their purpose. In these events, the data cannot be supplied to third parties without the owner's authorization.
  • The treatment refers to data that are necessary for the recognition, exercise, or defense of a right in a judicial process.
  • The treatment has a historical, statistical, or scientific purpose. In this event, the measures leading to the suppression of the identity of the Owners must be adopted.

In the treatment of sensitive personal data, when said treatment is possible in accordance with the exceptions cited above contained in article 6 of Law 1581 of 2012, the following obligations must be met:

  • Inform the Owner that because it is sensitive data, they are not obliged to authorize its treatment.
  • Inform the Owner explicitly and previously, in addition to the general requirements of the authorization for the collection of any type of personal data, which of the data that will be object of treatment are sensitive and the purpose of the treatment, as well as obtain their express consent.

Rights of children and adolescents. In the treatment, respect for the prevailing rights of children and adolescents will be ensured. The treatment of personal data of children and adolescents is proscribed, except for those data that are of a public nature.

Article 6. RIGHTS OF THE HOLDERS.

The owner of the personal data will have the following rights:

  • Know, update, and rectify their personal data before TKF CONSULTING GROUP S.A.S. or before the designated data processor. This right may be exercised, among others, against partial, inaccurate, incomplete, fractional data, that induce to error, or those whose treatment is expressly prohibited or has not been authorized.
  • Request proof of the authorization granted to TKF CONSULTING GROUP S.A.S., except when expressly exempted as a requirement for the treatment, in accordance with what is provided in article 10 of Law 1581 of 2012.
  • Be informed by TKF CONSULTING GROUP S.A.S. or by the designated data processor, upon request, regarding the use that has been given to their personal data.
  • File complaints with the Superintendence of Industry and Commerce for violations of the provisions of Law 1581 of 2012, and other rules that modify, add, or complement it.
  • Revoke the authorization and/or request the deletion of the data, when the Superintendence of Industry and Commerce has determined that in the treatment TKF CONSULTING GROUP S.A.S. or the designated processor have incurred in conduct contrary to Law 1581 of 2012 and the Constitution; or when there is no legal or contractual duty that imposes the duty to remain in the referred database.
  • Access for free in the conditions defined in this document, to their personal data that have been object of Treatment.

Article 7. CONDITIONS FOR DATA PROCESSING.

The authorization of the Owner is required for TKF CONSULTING GROUP S.A.S. to perform any action of personal data treatment. This must be prior and informed in accordance with the law and must be obtained by any means that can be subsequently consulted.

These mechanisms may be predetermined through technical means that facilitate the owner their automated manifestation or may be in writing or orally.

TKF CONSULTING GROUP S.A.S. will adopt the necessary procedures to request, at the latest at the time of data collection, the authorization of the owner for the treatment of the same and will inform the personal data that will be collected as well as all the specific purposes of the treatment for which the consent is obtained.

Personal data found in sources of public access, regardless of the means by which access is had, meaning those data or databases that are at the disposal of the public, may be treated by TKF CONSULTING GROUP S.A.S. as long as, by their nature, they are public data.

In case of making substantial changes in the content of the Treatment Policies, referring to the identification of the controller and the purpose of the processing of personal data, which may affect the content of the authorization, TKF CONSULTING GROUP S.A.S. will communicate these changes to the owners, before or at the latest at the time of implementing the new policies, and will also obtain from the owner a new authorization when the change refers to the purpose of the treatment. For the communication of the changes and the authorization, technical means that facilitate this activity may be used.

The cases in which, according to the law, authorization is not necessary, are:

  • Information required by a public or administrative entity in the exercise of its legal functions or by court order.
  • Data of a public nature.
  • Cases of medical or health emergency.
  • Treatment of information authorized by law for historical, statistical, or scientific purposes.
  • Data related to the Civil Registry of Persons.

Article 8. SUPPLY OF INFORMATION TO THE HOLDER.

The information requested by the owner will be supplied by TKF CONSULTING GROUP S.A.S. by the same means by which it was formulated. The information must be easy to read, without technical barriers that prevent access and must correspond in its entirety to that which is in the database.

Article 9. REVOCATION OF AUTHORIZATION AND/OR DELETION OF DATA.

Owners may at any time request TKF CONSULTING GROUP S.A.S. to delete their personal data and/or revoke the authorization granted for their treatment, by submitting a claim, in accordance with what is established in article 15 of Law 1581 of 2012.

The request for deletion of information and the revocation of the authorization WILL NOT PROCEED WHEN THE HOLDER HAS A LEGAL OR CONTRACTUAL DUTY TO REMAIN IN THE TKF CONSULTING GROUP S.A.S. DATABASE.

The procedure will be that established in this document for submitting claims.

Article 10. PERSONS TO WHOM INFORMATION MAY BE PROVIDED.

The information about personal data that has been subject to treatment by TKF CONSULTING GROUP S.A.S. may be provided to the following persons:

  • To the Owners, their successors, or their legal representatives.
  • To public or administrative entities in the exercise of their legal functions or by court order.
  • To third parties authorized by the Owner or by law.

Article 11. PROCEDURES.

The owner or their successors have the right to submit to TKF CONSULTING GROUP S.A.S., queries and/or claims, after validating their identity, through any of the following user service mechanisms arranged by TKF CONSULTING GROUP S.A.S.

  • Written means, via physical and/or electronic mail, as indicated above.
  • Oral means, via telephone, as informed above.

TKF CONSULTING GROUP S.A.S., will respond to the query and/or claim by the same means it was formulated through the database managers in the company.

Article 12. QUERIES.

Owners may consult the personal information of the owner that is in the controller's database. TKF CONSULTING GROUP S.A.S. will provide the applicant with all the information contained in the individual record or that is linked to the identification of the owner.

For the purpose of responding to queries, TKF CONSULTING GROUP S.A.S. has a term of ten (10) business days from the date of receipt of the same. When it is not possible to attend to the query within said term, the interested party will be informed, stating the reasons for the delay and indicating the date on which their query will be attended to, which in no case may exceed five (5) business days following the expiration of the first term.

Article 13. CLAIMS.

The owner who considers that the information contained in a database must be corrected, updated, or deleted, or when they notice the alleged breach of any of the duties contained in Law 1581 of 2012, may file a claim with TKF CONSULTING GROUP S.A.S., which will be processed under the following rules:

The claim will be formulated by means of a request addressed to TKF CONSULTING GROUP S.A.S., with at least the following information:

  • Name of the controller or processor (according to the type of database, whether client or supplier).
  • Name of the petitioner.
  • Identification number of the petitioner.
  • Facts on which the request is based.
  • Object of the petition.
  • Correspondence address.
  • Documents that you intend to assert.

If the claim is incomplete, the interested party will be required within five (5) days following receipt of the claim to correct the faults. After two (2) months from the date of the requirement, without the applicant presenting the required information, it will be understood that they have withdrawn the claim.

In case the person who receives the claim is not competent to resolve it, they will transfer it to whom it may concern within a maximum term of two (2) business days and will inform the interested party of the situation.

Once the complete claim is received, a legend will be included in the database that says “claim in process” and the reason for it, in a term not exceeding two (2) business days. Said legend must be maintained until the claim is decided.

The maximum term to attend to the claim will be fifteen (15) business days from the day following the date of its receipt. When it is not possible to attend to the claim within said term, the interested party will be informed of the reasons for the delay and the date on which their claim will be attended to, which in no case may exceed eight (8) business days following the expiration of the first term.

Paragraph: The information subject to claim will not be used until it is resolved.

Article 14. DUTIES OF TKF CONSULTING GROUP S.A.S. IN DATA PROCESSING.

TKF CONSULTING GROUP S.A.S. will comply with the following duties:

  • Guarantee the owner, at all times, the full and effective exercise of the right of habeas data.
  • Request and keep, under the conditions provided by law, the respective authorization granted by the owner, in the terms of the Law.
  • Duly inform the owner about the purpose of the collection and the rights that assist them by virtue of the authorization granted.
  • Take measures to preserve the information under security conditions to prevent its adulteration, loss, consultation, use, or unauthorized or fraudulent access.
  • Take measures so that the information supplied to the data processor is truthful, complete, accurate, updated, verifiable, and understandable.
  • Update the information, communicating in a timely manner to the data processor, all the news regarding the data that has been previously supplied and adopt the other necessary measures so that the information supplied to it is kept updated.
  • Rectify the information when it is incorrect and communicate the pertinent to the data processor.
  • Supply the data processor, as the case may be, only data whose treatment is previously authorized in accordance with the provisions of the law.
  • Require the data processor at all times, respect for the security and privacy conditions of the owner's information.
  • Process queries and claims formulated in the terms indicated in the law.
  • Inform the owner upon request about the use given to their data.
  • Inform the data protection authority when there are violations of the security codes and there are risks in the administration of the owners' information.
  • Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce.

Article 15. DUTIES OF THE DATA PROCESSOR.

Data processors must comply with the following duties, without prejudice to the other provisions provided for in the Law and in others that govern their activity:

  • Guarantee the owner, at all times, the full and effective exercise of the right of habeas data.
  • Take measures to preserve the information under the necessary security conditions to prevent its adulteration, loss, consultation, use, or unauthorized or fraudulent access.
  • Timely perform the update, rectification, or deletion of data in the terms of this law.
  • Update the information reported by the data controllers within five (5) business days from its receipt.
  • Process the queries and the claims formulated by the owners in the terms of the Law.
  • Abstain from circulating information that is being disputed by the owner and whose blocking has been ordered by the Superintendence of Industry and Commerce.
  • Allow access to information only to people who can have access to it.
  • Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce.
  • Safeguard the security of the databases in which personal data are contained.
  • Maintain confidentiality regarding the processing of personal data.

Article 16. SECURITY MEASURES.

TKF CONSULTING GROUP S.A.S. takes all reasonable precautions and technical, administrative, and organizational measures to ensure the security of the personal data of the owners, mainly those aimed at preventing their alteration, loss, and unauthorized treatment or access. The application of security measures aims to ensure the conservation, confidentiality, integrity, and availability of the data.

Article 17. INFORMATION SECURITY POLICIES OF TKF CONSULTING GROUP S.A.S.

The security guidelines of TKF CONSULTING GROUP S.A.S. are supported by the information security policies of TKF CONSULTING GROUP S.A.S. built on the best practices and existing security standards and in compliance with current regulations. Said policies are of strict compliance by direct or indirect officials who perform any work or activity within TKF CONSULTING GROUP S.A.S.

Article 18. MODIFICATIONS.

TKF CONSULTING GROUP S.A.S. reserves the right to modify these Information Treatment Policies, in whole or in part. In case of substantial changes in the Information Treatment Policies and the purpose of the processing of personal data, which may affect the content the authorization, TKF CONSULTING GROUP S.A.S. will communicate these changes to the owner at the latest at the time of implementing the new policies.

Publish on the website and inform all controllers and other interested parties.

LEGAL REPRESENTATIVE

TKF CONSULTING GROUP S.A.S.