PERSONAL DATA PROCESSING POLICY

OSCAR ALBERTO ALZATE VALENCIA

NIT. 10024547-7

With over two decades of experience in engineering, participating in construction, hospitality, hotel, commercial, industrial, and infrastructure projects, he began consulting in Project Management and Corporate Strategic Direction in 2012.

International speaker and university professor in project management under PMI® standards, project formulation, evaluation, planning, and control.

Civil Engineer, MBA, certified as a Project Management Professional (PMP®) by the Project Management Institute (PMI®).

With a team of trained and highly experienced professionals, we provide consulting services by supporting teams, companies, and entities in strengthening their capabilities to plan, structure, and execute projects with a strategic focus and world-class tools. We also design and deliver workshops and training programs to strengthen key project management competencies, with a practical, applicable approach aligned with international standards.

CAPÍTULOS

I. DEFINITIONS

II. PRINCIPLES FOR THE PROCESSING OF PERSONAL DATA

III. PURPOSES OF PERSONAL DATA PROCESSING

IV. CHANNELS THROUGH WHICH THE INFORMATION IS COLLECTED

V. DATA COLLECTED

VI. RIGHTS OF SUBJECTS

VII. PROCEDURE FOR EXERCISING SUBJECT RIGHTS

VIII. SECURITY PROCEDURES

IX. MODIFICATIONS

X. VALIDITY

I. DEFINITIONS

• Authorization: Refers to the prior, express, and informed consent of the data subject to process personal data.

• Database: An organized set of data about individuals, companies, or institutions that are the subject of processing.

• Personal data: Any information linked to or that can be associated with one or more specific natural persons.

• Private data: Intimate or confidential information relevant only to the data subject.

• Public data: Information recognized as such by law or the Constitution, and not considered semi-private, private, or sensitive.

• Sensitive data: Information that affects the privacy of the data subject.

• Data Processor: A natural or legal person, public or private, who, either alone or in association with others, processes personal data on behalf of the data controller.

• Data Controller: A natural or legal person, public or private, who, either alone or in association with others, decides on the database and/or the processing of the data.

• Superintendency of Industry and Commerce: National Authority for Personal Data Protection.

• Data Subject: Natural person whose personal data is being processed. This may include: a supplier, employee, client, or others.

  Processing: Any operation or set of operations involving personal data. These include collection, storage, use, circulation, or deletion.

• Transfer: Data transfer occurs when the controller or processor of personal data, located in Colombia, sends the information or personal data to a recipient who, in turn, is the controller and is located within or outside the country.

• Transmission: Processing of personal data that involves communicating it within or outside the territory of the Republic of Colombia, when the purpose of processing it is to be carried out by the processor on behalf of the controller.

II. PRINCIPLES FOR THE PROCESSING OF PERSONAL DATA

• Principle of legality in data processing: The processing of personal data is governed by Law 1581 of 2012 and related provisions.

• Principle of purpose: The processing must have a legitimate purpose in accordance with the Constitution and the law, and this purpose will be communicated to the data subject.

• Principle of freedom: Processing will only be carried out with the prior, express, and informed consent of the data subject.

• Principle of truthfulness or quality: The information subject to processing must be truthful, complete, accurate, up-to-date, verifiable, and understandable.

• Principle of transparency: The data subject has the right to obtain information about the existence of data related to them at any time and without restrictions.

• Principle of restricted access and circulation: Processing complies with the limits established by the nature of the data, the law, and the Constitution. Only persons authorized by the data subject or by law may carry out processing.

• Security Principle: Information subject to Processing will be handled with technical, human, and administrative measures to guarantee security and prevent alteration, loss, consultation, unauthorized use, or fraudulent access.

• Confidentiality Principle: Persons involved in the Processing of personal data, other than public data, will guarantee confidentiality even after their relationship with the Processing activities ends.

• Principle of Necessity and Reasonableness: The personal data recorded must be strictly necessary for the fulfillment of the intended purposes, such that the recording and disclosure of data not closely related to the purpose of the database is prohibited.

• Principle of Demonstrated Responsibility: Those responsible for the processing of personal data must adopt appropriate and effective measures to comply with the obligations established in Law 1581 of 2012 and Decree 1377 of 2013.

III. PURPOSES OF PERSONAL DATA PROCESSING

The personal data collected will be used for the following purposes:

• Manage registration and participation in courses, workshops, seminars, and conferences.

• Send information related to academic activities, events, training offers, and news of interest in project management.

• Carry out administrative, accounting, and billing processes.

• Respond to inquiries, complaints, claims, or requests from data subjects.

• Comply with legal obligations and requests from authorities.

IV. CHANNELS THROUGH WHICH THE INFORMATION IS COLLECTED

We collect personal data through various channels, such as visits to our website, interactions via email, social media, telephone channels, and other customer service channels. We may also obtain information through online or physical engagement forms completed by data subjects belonging to our stakeholders, either during or after entering into a contract with us, or through participation in in-person or virtual events organized by Oscar Alzate.

V. DATA COLLECTED

In general, the following types of data may be collected:

• Identification data (name, ID, country of residence).

• Contact information (email, phone number, address).

• Academic or professional information related to the courses (level of training, occupation).

• Billing information (in case of payments).

Sensitive data will not be collected unless strictly necessary, and always with express authorization.

VI. RIGHTS OF SUBJECTS

Personal data subjects have the right to:

• Know, update, and rectify their personal data.

• Request proof of the authorization granted.

• Be informed about the use of their data.

• File complaints with the Superintendency of Industry and Commerce.

• Revoke authorization or request deletion of data, where appropriate.

• Access their personal data free of charge.

VII. PROCEDURE FOR EXERCISING SUBJECT RIGHTS

To exercise their rights, the data subject may send a request to oscar@oscar-alzate.site and osalzate75@gmail.com, indicating:

• Full name and identification.

• A clear description of the request.

• Contact information for a response.

We will respond within the terms established in Law 1581 of 2012.

VIII. SECURITY PROCEDURES

Reasonable technical, human, and administrative measures have been adopted to protect personal data against unauthorized access, alteration, loss, or misuse.

IX. MODIFICATIONS

This policy may be modified at any time. Changes will be communicated to the owners in a timely manner by email or posting on the website.

X. VALIDITY

This policy is effective as of [date] and personal data will be retained for as long as necessary to fulfill the aforementioned purposes.