Personal data processing policy

Personal data processing policy

The developed policy for the processing of personal data (hereinafter the “Policy”) was prepared in accordance with Articles 15 and 20 of the Political Constitution of Colombia, Law 1266 of 2008, 1581 of 2012 and Decree 1377 of 2013. Its primary purpose is to inform about the processing that Páez Martín Abogados S.A.S., a Colombian company with NIT 900529437 – 1, domiciled in Bogotá (hereinafter Páez Martín Abogados S.A.S.), gives to the personal data and information it holds in its databases, the rights that the owners of this personal data and information have and the mechanisms they have to exercise them.

DEFINITIONS

The words listed below will have the following results:

  • Authorization: Prior, express and informed consent of the data subject to carry out the processing of personal data.
  • Base de Datos: Conjunto organizado de datos personales que sea objeto de tratamiento.
  • Personal Data: Any information linked to or that can be associated with one or more specific or identifiable natural persons; notwithstanding the foregoing, Páez Martín Abogados S.A.S. will process the data of legal entities under the same guidelines and security policies with which it processes Personal Data.
  • Public Data: This refers to data that is not semi-private, private, or sensitive. Public Data includes, among other things, data relating to a person’s marital status, profession or occupation, and their status as a merchant or public servant. By their nature, Public Data may be contained in, among other sources, public registries, public documents, official gazettes and bulletins, and duly executed court judgments that are not subject to confidentiality.
  • Sensitive Data: Sensitive Data is understood to be data that affects the privacy of the data subject or whose misuse may generate discrimination, such as data that reveals racial or ethnic origin, political orientation, religious or philosophical beliefs, membership in trade unions, social or human rights organizations or organizations that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data relating to health, sex life, and biometric data.
  • Data Processor: Natural or legal person, public or private, who, alone or in association with others, carries out the processing of Personal Data on behalf of the data controller.
  • Data Controller: Natural or legal person, public or private, who alone or jointly with others, decides on the Database and/or the processing of Personal Data.
  • Data Source: A person, entity, or organization that receives or becomes aware of Personal Data from data subjects, by virtue of a commercial or service relationship, or any other type of relationship, and that, due to legal authorization or authorization from the data subject, provides that data to an information operator, who in turn delivers it to the end user. The data source is responsible for the quality of the data provided to the operator, which, insofar as it has access to and provides personal information of third parties, is subject to compliance with the duties and responsibilities established to guarantee the protection of the data subject’s rights.
  • Information Operator: A person, entity, or organization that receives personal data from the Source concerning various data subjects, manages this data, and makes it available to users. Therefore, the operator, insofar as it has access to third-party personal information, is subject to compliance with the duties and responsibilities established to guarantee the protection of the data subject’s rights. Unless the operator is the same as the Source of the information, it has no commercial or service relationship with the data subject and, therefore, is not responsible for the quality of the data provided by the Source.
  • User: This refers to any natural or legal person who, under the terms and circumstances established in this law, may access personal information of one or more data subjects provided by the operator or the source, or directly by the data subject. When a user has access to personal information of third parties, they are subject to the duties and responsibilities established to guarantee the protection of the data subject’s rights.
  • Data Subject: Natural person whose Personal Data is being processed.
  • Transfer: Data transfer occurs when the controller and/or processor of personal data, located in Colombia, sends the information or personal data to a recipient, who is also a controller and is located within or outside the country.
  • Transmission: This refers to the processing of Personal Data that involves the communication of said data within or outside the territory of the Republic of Colombia when its purpose is the processing by the Processor on behalf of the controller.
  • Processing: Any operation or set of operations performed on Personal Data, such as collection, storage, use, circulation or deletion.
  • Privacy Notice: Verbal or written communication generated by the Data Controller, addressed to the Data Subject for the Processing of their Personal Data, informing them about the existence of the applicable data processing policies, how to access them, and the purposes of the intended processing of their Personal Data.

OBJECT

Inform the data subjects of the guidelines under which Páez Martin Abogados S.A.S. is committed to protecting and guaranteeing the rights contemplated by Law 1581 of 2012, which is responsible for regulating the procedures of capture, collection, processing, handling of personal data, among others carried out by Páez Martin Abogados S.A.S.

PRINCIPLES FOR THE PROCESSING OF PERSONAL DATA

In the development, interpretation and application of Law 1581 of 2012, the following principles will be applied in a harmonious and comprehensive manner:

  1. Principle of purpose: The Processing must be for a legitimate purpose in accordance with the Constitution and the Law, which must be communicated to the Data Subject by Páez Martin Abogados S.A.S.
  2. Principle of freedom: Processing may only be carried out with the prior, express, and informed consent of the Data Subject. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal or judicial mandate that waives the requirement for consent.
  3. Principio de veracidad o calidad: La información sujeta a Tratamiento debe ser veraz, completa, exacta, actualizada, comprobable y comprensible. Se prohíbe el Tratamiento de datos parciales, incompletos, fraccionados o que induzcan a error.
  4. Principle of veracity or quality: The information subject to processing must be truthful, complete, accurate, up-to-date, verifiable, and understandable. The processing of partial, incomplete, fragmented, or misleading data is prohibited.
  5. Principle of restricted access and circulation: The processing of personal data is subject to the limitations arising from the nature of the data, the provisions of this law, and the Constitution. In this regard, processing may only be carried out by persons authorized by the data subject and/or by the persons stipulated in Law 1581 of 2012.

Personal data, except for public information, may not be available on the Internet or other means of mass dissemination or communication, unless access is technically controllable to provide restricted knowledge only to the Holders or authorized third parties in accordance with Law 1581 of 2012.

  1. Security Principle: Information subject to processing by the data controller or data processor referred to in Law 1581 of 2012 must be handled with the necessary technical, human and administrative measures to ensure the security of the records, preventing their alteration, loss, consultation, use or unauthorized or fraudulent access.
  2. Principle of confidentiality: All persons involved in the processing of personal data that is not of a public nature are obliged to guarantee the confidentiality of the information, even after their relationship with any of the tasks that comprise the processing has ended, and may only supply or communicate personal data when it corresponds to the development of the activities authorized in this law and in accordance with its terms.

PROCESSING OF PERSONAL DATA

Páez Martin Abogados S.A.S. collects, stores, uses, processes, deletes and circulates Personal Data, including but not limited to names, surnames, telephone numbers, addresses, contact addresses, emails, identity documents, employment data, financial information, among others, in connection with the development of its corporate purpose, which is limited to legal advice, judicial representation, support in business structuring, training, conciliations, transactions, and in general the offering of seminars, courses, diplomas directly or through its brands or commercial partners, in development of administration, brokerage, advisory, representation contracts and/or due to an employment, commercial or civil relationship with the different Holders of the Personal Data.

PURPOSES

In light of the foregoing, Personal Data is used by Páez Martin Abogados S.A.S., in general, for the following purposes:

  • Receive, verify, evaluate and filter requests for legal advice or representation.
  • Celebrar contratos.
  • To provide training and/or education services.
  • To act as beneficiary of any security by virtue of the services rendered.
  • To represent the interests and needs of the clients who contract their services.
  • To carry out judicial and extrajudicial debt collection, as well as to conduct investigations of assets and personal location, in order to obtain payment of obligations in your favor.
  • Contacting the Holders by virtue of the existing commercial, civil or employment relationship.
  • Identify and maintain a record and control of your suppliers, investors, customers, users, shareholders and employees.
  • To pay fees, remuneration, dividends or salaries arising from commercial, civil or labor relations existing with the Holders.
  • Comply with current regulations regarding labor and social security, civil, commercial, administrative, criminal and other existing regulations, especially those related to the filing and custody of information.
  • Manage all the information necessary for compliance with your tax obligations and commercial, corporate and accounting records.
  • Comply with the obligations of prevention of money laundering and terrorist financing.
  • Sending messages for commercial, advertising, educational, and/or customer service purposes. For this purpose, various means of communication will be used, such as mail, email, landline telephone, social media, and mobile phone (including text and voice messages).
  • Register, store and update information and Personal Data in its Databases.
  • To provide the services offered on your website.
  • Answer requests, petitions, claims and complaints.
  • Perform internal administrative procedures such as accounting reports, audits, and invoicing.
  • Conduct statistical analyses and commercial, risk, and market research
  • Transmit or transfer information and Personal Data to third parties involved or required for the provision of the service offered.
  • To respond to requests from control and oversight bodies.
  • For the other purposes set out in the document called “Terms and Conditions” on the website.
  • Para cualquier otra finalidad que resulte en el desarrollo del contrato celebrado con el Titular.
  • Send any legal document and/or notification and/or legal requirement via electronic means.

Additionally, the Personal Data of the employees of Páez Martín Abogados S.A.S. is processed for the following purposes:

  • To comply with and demand compliance with the employment contract, internal work regulations, as well as the other policies implemented by Páez Martín Abogados S.A.S. towards its employees, and the obligations arising from them.
  • To verify compliance with obligations, violations of prohibitions, serious misconduct, and/or just cause for dismissal, through the labor procedures established by Páez Martín Abogados S.A.S., especially through disciplinary and audit procedures; for this purpose, Páez Martín Abogados S.A.S. may audit the electronic equipment (computers, tablets, company cell phones, among others) and software (emails, chats, programs, corporate files, among others) provided by the firm for the provision of services by its employees. Páez Martín Abogados S.A.S. may also install video surveillance and sound recording systems, and may collect, use, and store biometric data (including, but not limited to, data collected through fingerprint and facial recognition readers).
  • To register and pay contributions, and to generally comply with obligations and duties, as well as to demand the rights that Páez Martín Abogados S.A.S. or the worker holds, in relation to the Social Protection System.
  • To comply with, implement and evaluate the Occupational Health and Safety Management System.
  • To expedite the procedures for transcription, filing and collection of temporary disability subsidies before the entities of the Social Security System.
  • Analyze whether licenses or permits are granted.
  • Performing, or requesting a third party to perform, tests that demonstrate the presence of alcohol or psychoactive or psychotropic substances in the worker’s body.
  • To expedite procedures initiated by public administrative or judicial entities.
  • Initiate procedures before public administrative or judicial entities.
  • Process loans, garnishments, withholdings and/or compensation of salaries, social benefits and other labor rights generated by virtue of the employment relationship.
  • To train, entertain and promote attendance at cultural, sporting or academic events, directed directly by Páez Martín Abogados S.A.S. or by any third party.
  • To comply with current labor regulations applicable to Páez Martín Abogados S.A.S. and its employees, including constitutional, legal, regulatory, contractual provisions, as well as internal policies and guidelines of Páez Martín Abogados S.A.S.

Furthermore, in addition to the purposes stated at the beginning, the personal data of the Data Subjects who wish to become linked under any modality permitted by Colombian regulations with Páez Martín Abogados S.A.S. are processed for:

  • To advance selection processes, which may include interviews, knowledge tests and psychometric tests, home visits, as well as access to resumes and communication with the candidate by any means.
  • Hiring personnel under any modality permitted by Colombian regulations.
  • Check personal or family references, as well as the candidate’s work and employment history, including verifying their suitability and accuracy.
  • Conduct background checks on criminal, judicial, disciplinary, commercial and financial records in public or private lists.
  • Conduct pre-employment medical examinations.
  • Check references and academic history, as well as verify the suitability and veracity of the academic documents submitted by the candidate.
  • Store the aforementioned data in the database of Páez Martín Abogados S.A.S.
  • Access, consultation and storage of other documents, certificates and information of the Holder referred to in the internal regulations and policies of Páez Martín Abogados S.A.S. for the purpose of carrying out the personnel selection process.

Furthermore, in addition to the purposes stated above, the personal data of suppliers, contractors, clients and shareholders of Páez Martín Abogados S.A.S. will be used for the following purposes:

  • To collect or pay for products or services.
  • Realizar compra y venta de productos o servicios.
  • Make and send quotes, offers or market studies.
  • Realizar la búsqueda de socios o clientes potenciales.
  • For statistical purposes or as management indicators.

Taking into account that Páez Martín Abogados S.A.S. has allies and suppliers for the granting of credits, for the provision of its services and for the execution of labor, commercial or civil contracts entered into with the Owners, Páez Martín Abogados S.A.S. will be responsible for the Treatment and its allies and suppliers will be the Treatment Managers.
in cases where it is appropriate; to this extent Páez Martín Abogados S.A.S. ensures that the Data Processors will strictly comply with the provisions of this Policy.

In the event that the provision of its services and/or the execution of other labor, commercial or civil contracts entered into with the Owners involves the Transfer or Transmission of Personal Data to foreign allies or suppliers, Páez Martín Abogados S.A.S. undertakes that they adhere to the provisions of Law 1581 of 2012, Decree 1377 of 2013 and other regulations that modify, add and/or complement them, and specifically comply strictly with the provisions of this Policy.

Finally, at the end of the service offered by Páez Martín Abogados S.A.S. or finished the
contract between Páez Martín Abogados S.A.S. and the Owners, the Personal Data will only be used for the purposes of keeping them in the registry of the Páez Martín Abogados Database.
S.A.S. and to send messages for commercial, academic and/or advertising purposes if authorized by the Owner, otherwise, they will be eliminated from the Databases of Páez Martín Abogados S.A.S. or archived in safe conditions when required by Colombian regulations.

PROCESSING OF SENSITIVE DATA AND MINORS

Páez Martín Abogados S.A.S. will strictly restrict the processing of Sensitive Personal Data to that which is essential to carry out its corporate purpose or to comply with regulatory or contractual requirements, and will inform the Owners explicitly and in advance what the Sensitive Data are and the purpose of their Processing. Páez Martín Abogados S.A.S. will only process Sensitive Data without the prior consent of the Owner, when it is an emergency case that requires immediate action to avoid serious or irreversible damage.

On the other hand, in accordance with article 6 of Law 1581 of 2012, Páez Martín Abogados S.A.S. may Process Sensitive Data for “a historical, statistical or scientific purpose”, as long as it adopts “measures leading to the deletion of the identity of the Owners”.

Regarding biometric data, Páez Martín Abogados S.A.S. informs you that these will be captured with respect to any person through video recording, video surveillance, from the capture of the fingerprint, capture of images in private environments on the occasion of the development of its corporate purpose, which is limited to advice on legal issues, judicial representation, support in business structuring, training, conciliations, transactions, and in general the offering of seminars, courses, diplomas directly or through its brands or commercial allies, in the development of administration contracts, brokerage, advice, representations and/or due to an employment, commercial or civil relationship with the different Holders of the Personal Data.

Likewise, these will be captured with respect to any person (including minors) who enters the facilities or commercial establishments of Páez Martín Abogados S.A.S.

It is presumed that simple entry constitutes authorization through unequivocal conduct of the processing of biometric data.

DUTIES OF THE DATA CONTROLLER

The duties of those responsible for the Treatment. Those responsible for the Treatment must comply with the following duties:

  1. a) Guarantee to the Holder, at all times, the full and effective exercise of the right of habeas data;
  2. b) Request and keep, under the conditions provided in this law, a copy of the respective authorization granted by the Owner;
  3. c) Duly inform the Owner about the purpose of the collection and the rights granted to him by virtue of the authorization granted;
  4. d) Keep the information under the security conditions necessary to prevent its adulteration, loss, consultation, unauthorized or fraudulent use or access;
  5. e) Guarantee that the information provided to the Data Processor is true, complete, exact, updated, verifiable and understandable;
  6. f) Update the information, communicating in a timely manner to the Data Processor, all the news regarding the data that you have previously provided and adopt the other necessary measures so that the information provided to it remains updated;
  7. g) Rectify the information when it is incorrect and communicate the pertinent information to the Data Processor;
  8. h) Provide the Data Processor, as the case may be, only data whose Processing is previously authorized in accordance with the provisions of this law;
  9. i) Demand that the Data Processor at all times respect the security and privacy conditions of the Owner’s information;
  10. j) Process queries and claims formulated in the terms indicated in this law;
  11. k) Adopt an internal manual of policies and procedures to guarantee adequate compliance with this law and, especially, to respond to queries and complaints;
  12. l) Inform the Data Processor when certain information is under discussion by the Owner, once the claim has been submitted and the respective process has not been completed;
  13. m) Inform at the request of the Owner about the use given to their data;
  14. n) Inform the data protection authority when violations of security codes occur and there are risks in the administration of the Owners’ information.
  15. o) Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce.

RIGHTS OF THE OWNERS

The Owner of the Personal Data will have the following rights:

  • Know, update and rectify your Personal Data in front of the person responsible for the Treatment or Data Processor. This right may be exercised, among others, against partial, inaccurate, incomplete, fragmented, misleading data, or those whose
    Treatment is expressly prohibited or has not been authorized;
  • Request proof of the Authorization granted to the person responsible for the Treatment or Source of the Information, except when expressly excepted as a requirement for the Treatment, in accordance with the provisions of article 10 of Law 1581 of 2012;
  • Be informed by the person responsible for the Treatment or the Processor, upon request, regarding the use that has been given to your Personal Data;
  • Submit complaints to the Superintendency of Industry and Commerce for violations of the provisions of Law 1581 of 2012 and other regulations that modify, add or complement it;
  • Revoke the Authorization and/or request the deletion of Personal Data when the Processing does not respect constitutional and legal principles, rights and guarantees. The revocation and/or suppression will proceed when the Superintendency of Industry and
    Commerce has determined that in the Treatment the person responsible or Processor has engaged in conduct contrary to the law and the Constitution;
  • Free access to your Personal Data that has been processed.
  • Exercise your fundamental rights to habeas data and petition.
  • Go before the surveillance authority to file complaints against Páez Martín Abogados S.A.S., Information Operators or Users, for violation of the regulations on the administration of financial and credit information.
  • Go before the surveillance authority to request that an Information Operator or Páez Martín Abogados S.A.S be ordered. the correction or updating of your Personal Data, when this is appropriate in accordance with the current regulations that govern the

INFORMATION SECURITY

Páez Martín Abogados S.A.S. uses strict security procedures to guarantee the integrity, confidentiality and security of the information and Personal Data provided by the Owner, such as the transmission and storage of sensitive information through secure mechanisms, use of secure protocols, assurance of technological components, restriction of access to information only to authorized personnel, information backup, secure software development practices, among others, which prevent its alteration and unauthorized treatment or access.

In cases where, in accordance with this Policy, Páez Martín Abogados S.A.S. transfers the information and/or Personal Data to a third party, the latter will be obliged to adopt similar procedures and measures that guarantee the security of the information to the same or greater extent than Páez Martín Abogados S.A.S.

ACCESS, CONSULTATION AND CLAIM PROCEDURES ABOUT PERSONAL DATA

Páez Martín Abogados S.A.S., guarantees that the Holders of the Personal Data to which Treatment is given, will have access to them, and will be informed about all modifications, updates or deletions that are made to them. Páez Martín Abogados S.A.S. makes available the following email: administrative@paezmartin.co, to which the Owner or those authorized according to Law 1266 of 2008 and Law 1581 of 2012 may write, to have access to their personal information, to accredit the Treatment that is being given to their Personal Data, to request the update, rectification or deletion of the same, to present claims, to request proof of the Authorization given by it in due course. and/or to exercise other rights
mentioned above.

When it comes to queries, Páez Martín Abogados S.A.S. will have a period of fifteen (15) business days to respond to the Owner, counted from the date of receipt thereof. When it is not possible to attend to the query within said term, the interested party will be informed, expressing the reasons for the delay and indicating the date on which their query will be attended to, which in no case may exceed eight (08) business days following the expiration of the first term.

When it comes to claims, they will be formulated including the identification of the Owner, the description of the facts that give rise to the claim, the address and the documents that you want to assert. If the claim is incomplete, the interested party will be required within eight (08) days following receipt of the claim to correct the deficiencies. After two (02) months from the date of the request, without the applicant presenting the required information, it will be understood that the claim has been abandoned.

Once the complete claim is received, a legend that says “claim in process” and the reason for this will be included in the database within a period of no more than two (02) business days. Said legend must be maintained until the claim is decided. The maximum term to address the claim will be fifteen (15) business days, counting from the day following the date of receipt. When it is not possible to address the claim within said term, the interested party will be informed of the reasons for the delay and the date on which their claim will be addressed, which in no case may exceed eight (08) business days following the expiration of the first term.

To address the claim, request or query, it is necessary that the Owner or the legitimate parties, in compliance with the provisions of Law 1581 of 2012, include the following information in the email:

  • Full name
  • Identification number
  • Notification or response address
  • Contact phone

When the applicant is not the Owner, they must provide the information that, in accordance with Law 1581 of 2012, legitimizes them to make the request, query or claim on behalf of the Owner.

INFORMATION OF THE TREATMENT CONTROLLER

Páez Martín Abogados S.A.S. will be responsible for the Processing of Personal Data and its contact information is:
Address: Calle 93#17, office 602, Novantatre Building, Bogotá, Colombia
Email: administrative@paezmartin.co

VALIDITY

This Policy comes into effect on April 12, 2019, and it may be modified by Páez Martín Abogados S.A.S. at any time. Any modification of this Policy will be informed through the website www.paezmartin.com, where the latest version of this Policy will be made available to the Owners, indicating the date of entry into force of the corresponding modification.

Likewise, any modification made to this Policy in relation to the identification of the person responsible for the Processing of Personal Data and the purposes pursued with it, will be communicated to the Owners directly before its entry into force, without prejudice to the request for a new Authorization when the changes refer to the purposes mentioned at the time of obtaining the initial Authorization.

The databases will be processed for as long as is reasonable and necessary for the purpose for which the data was obtained. Once the purpose has been fulfilled, the Personal Data will only be used for the purposes of keeping them in the registry of the Páez Martín Abogados S.A.S. Database. and to send messages for commercial and/or advertising purposes if authorized by the Owner, otherwise, they will be eliminated from the Databases of Páez Martín Abogados S.A.S. or archived in safe conditions when required by Colombian regulations.

¿Necesitas ayuda?
Chatea con Alexia
Scroll to Top
CloseMenu

¡Important notice!

Judicial Vacancy 2025–2026

Paez Martin Abogados will be observing the nationwide judicial recess, which begins on December 22, 2025, and ends on January 9, 2026. During this period, there will be no public service, no processing of paperwork, and no progress in legal proceedings.

We will resume our normal activities on Tuesday, January 13, 2026, continuing all ongoing processes and requests.

We understand that some situations require advance notification or registration for later processing.
If you have an urgent matter or need to submit a request to be addressed in the order it is received when we resume operations, you can do so here:

I have an emergency — Submit a request

Thank you for your understanding and trust in our legal services.
We wish you happy holidays.

Paez Martin Abogados
Strategic Litigation · Business Law · Dispute Resolution