Skip to content Skip to footer
Agendar cita
Close

DATA PROCESSING POLICY

 

FMA FMR S.A.S. FEDERICO MÁRQUEZ ABOGADOS, hereinafter FMA, a company identified with NIT 901.788.756 – 1, with domicile at carrera 43A #9 Sur 91, north tower, office 601, Centro de Negocios Las Villas in the municipality of Medellín – Antioquia, telephone 311 3 90 33 28 and contact email info@federicomarquezabogados.com; by virtue of the provisions established in the current regulations on personal data protection, especially as provided in Article 15 of the Political Constitution of Colombia, Law 1266 of 2008, Law 1581 of 2012, Decree 1074 of 2015 and other norms that develop, complement, modify, replace or add to them, and in its capacity as responsible for the information, publicly discloses its Policy on Treatment and Protection of Personal Data.

Generalities

First. The client, user, or any person who visits or accesses the website (), social networks, WhatsApp channel, and any other tool or medium of FMA, regardless of whether or not they acquire the services offered, accepts and authorizes the treatment of their data. Additionally, this policy will apply to all data subjects who provide and expressly authorize the treatment of their data.

Paragraph. The client, user, or any person who does not agree with the terms and conditions stipulated in this policy must refrain from using the website, social networks, WhatsApp channel, and any other tool or medium of FMA.

Second. FMA, in its capacity as responsible for the information, seeks to ensure that the personal data provided is handled in accordance with constitutional guidelines regarding the right to privacy and the principles of legality, freedom, veracity, transparency, security, and confidentiality.

Third. For the purposes of this policy, the treatment of personal data includes the collection, storage, processing, updating, use, circulation, transmission, transfer, and deletion of the information provided to FMA.

Definitions

Authorization. Prior, express, and informed consent granted by the data subject to the responsible party for carrying out the treatment of personal data.

Paragraph. This authorization is implicit for clients or users of the FMA website.

Privacy notice. Verbal or written communication generated by the responsible party, directed to the data subject for the treatment of their personal data, through which it is.

Informs about the existence of the information treatment policies that will be applicable to you.

Database. An organized set of personal data that is subject to treatment by FMA.

Cookies. Small data stored in text files or widely used devices that are stored on the computer or other device when web pages are loaded in a browser. These ensure a consistent and efficient experience and perform essential functions. They usually store information.

Personal data. Any information linked to or that can be associated with one or several determined or determinable natural persons.

Public data. It is the data that is not semi-private, private, or sensitive. Public data includes, among others, data related to the civil status of individuals, their profession or trade, and their status as a merchant or public servant. By its nature, public data may be contained, among others, in public records, public documents, gazettes, and official bulletins, and judicial rulings that are duly executed and not subject to reservation.

Sensitive data. Sensitive data refers to those that affect the privacy of the holder or whose improper use may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical beliefs, membership in unions, social organizations, human rights organizations, or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data related to health, sexual life, and biometric data.

Data processor. A natural or legal person, public or private, who alone or in association with others, carries out the treatment of personal data on behalf of the data controller, who in this case is FMA.

Habeas data. A fundamental right that grants the holder of personal data the authority to demand from personal data administrators access, inclusion, exclusion, correction, addition, updating, and certification of the data, as well as the limitation on the possibilities of disclosure, publication, or transfer of the same.

Data controller. A natural or legal person, public or private, who alone or in association with others, decides on the database and/or the treatment of the data. For the purposes of this policy, the data controller is FMA.

Holder. A natural person whose personal data is subject to treatment in the databases under the responsibility of FMA.

Treatment. Any operation or set of operations on personal data, such as collection, storage, use, circulation, or deletion, developed by FMA.

Transfer. The transfer of data takes place when the data controller and/or processor of personal data, in this case FMA, located in Colombia, sends the information or personal data to a recipient, who in turn is responsible for the processing and is located inside or outside the country.

Transmission: Processing of personal data that involves the communication of these, within FMA or with external third parties, inside or outside the territory of Colombia, when it aims to carry out processing by the processor on behalf of the controller.

Principles FMA must take into account the following principles when carrying out processing of personal data, as well as the persons it delegates and/or assigns and/or the third parties to whom it transfers information:

Legality. FMA will be subject to what is established in the law and in the provisions that regulate it, as well as those that subsequently develop, modify, or add to it.

Purpose. The processing of data carried out by FMA must obey one or several legitimate purposes in accordance with the Constitution, the Law, and jurisprudence, which must be informed to the data subject.

Freedom. The processing of personal data by FMA is carried out with the prior authorization of the data subject.

Truthfulness or quality of the data. The personal data subject to processing must be truthful, complete, accurate, updated, verifiable, and understandable. If necessary, FMA will request the data subject to correct and update it. If it cannot carry out the update of the information, it will refrain from processing this data.

Transparency. FMA must respond to the requests made by the data subjects regarding the information held in the database, as long as it belongs to them.

Access and restricted circulation. Personal data can only be processed by authorized FMA personnel, by those whose functions include carrying out such activities and/or by the persons provided for in the Law.

Security. FMA must carry out the processing of information by implementing the necessary technical, human, and administrative measures to maintain the confidentiality of the data and to prevent it from being altered, modified, consulted, used, accessed, deleted, or known by unauthorized persons.

Confidentiality.

All personal data that is not public must be treated as confidential, even when the contractual relationship or the link between the holder and FMA has ended.

Authorization and collection of personal data

For the collection of personal data, FMA will request prior, express, and free authorization from its respective holders, which will be collected by any electronic, digital, virtual, physical, or verbal means.

By means of the authorization for the conservation, administration, collection, and processing of the information and personal data, the holder declares that such data and information are truthful, complete, accurate, updated, verifiable, understandable, and correspond to the current reality at the time they are provided.

FMA must keep proof of the authorization and the information provided for its obtaining. Likewise, it must provide a copy of the authorization to the holder when requested.

In order to keep the information in its databases updated, FMA may consult, complement, and/or update personal data, including through databases managed by different operators, with due compliance with applicable regulations.

This information may be used only by FMA, as well as by its employees, consultants, advisors, subsidiaries of the business group, and commercial and strategic partners expressly authorized by FMA who require access to this information.

Purpose of the processing of information and personal data

This policy is applicable to the processing of personal data provided to FMA, according to the following purposes:

● To comply with internal processes.

● To manage the information collected in one or several databases or information systems, according to the form and organization deemed appropriate.

● To identify the preferences of the client, user, or provider, to build patterns of preference and manage commercial information.

● To verify, corroborate, check, validate, investigate, or compare the information provided by the holders with any information that is legitimately available.

● To issue the respective invoices or equivalent documents and carry out the collection of financial obligations.

● To consult and evaluate any information about the holders stored in the databases of any credit risk center.

Financial, Judicial Background or Legitimate Security, State or Private, National or Foreign.

● Manage all necessary information for the fulfillment of contractual obligations acquired with the information holders.

● Share the studies conducted based on the collected information with business allies and with those with whom a commercial and/or legal relationship is established for the fulfillment of contractual obligations and the levels of service offered.

First paragraph. Additionally, FMA is obliged to provide personal data of the information holders to judicial or administrative entities and to control entities, upon request by them. Likewise, the personal data of the holders may be known due to external audit processes and by the tax reviewers, who have the legal obligation to maintain confidentiality.

Second paragraph. If necessary, FMA may request personal data for purposes outside those described, provided that prior authorization is obtained from the clients, users, and/or collaborators.

Children, Girls, and Adolescents as Holders of Personal Data

As a general rule, FMA will not process data of children, girls, and adolescents. If required, their rights may only be exercised by those who, in accordance with the law, are authorized to represent them.

Processing of Sensitive Data

As a general rule, FMA will not process sensitive data. If required, FMA must request express and written authorization from the holder of the sensitive data for them to authorize its processing, and they are not obliged to provide such authorization. Additionally, FMA must inform the holder of the data which sensitive data will be processed and for what purpose, which will be protected under professional secrecy that must be maintained in accordance with the law.

Rights of Personal Data Holders

In accordance with Colombian legislation, the holder of personal data has the following rights:

● Know, update, and rectify their personal data in relation to FMA. This right may be exercised, among others, in relation to partial, inaccurate, incomplete, fragmented data, that induce error, or those whose processing is expressly prohibited or has not been authorized.

● Request proof of the authorization granted to FMA, unless expressly exempted as a requirement for processing in accordance with the law.

● Be informed by FMA, upon request, regarding the use that has been given to their personal data.

● Present complaints to the Superintendence of Industry and Commerce for the infringement of applicable regulations.

● Revoke the authorization and/or request the deletion of the data when the treatment does not respect the principles, rights, and constitutional and legal guarantees. The revocation and/or deletion will proceed when the Superintendence of Industry and Commerce has determined that the responsible party has engaged in conduct contrary to current regulations.

● Access their personal data that has been subject to treatment free of charge.

Paragraph. The rights of the data subjects and personal information may be exercised by the respective holder, by their successors, or by the representative and/or attorney of the holder, proving the corresponding quality.

Procedure for the exercise of these rights

Enabled channels. The enabled channels to present inquiries and complaints to FMA are:

● Digital channels: info@federicomarquezabogados.com

● By physical correspondence: carrera 43A #9 Sur 91, torre norte, oficina 601, Centro de Negocios Las Villas del municipio de Medellín – Antioquia.

Processing of inquiries. FMA will address inquiries within a maximum term of ten (10) business days counted from the day following the date of their submission. When it is not possible to address an inquiry within this term, the interested party will be informed, stating the reasons for the delay and indicating the date on which their inquiry will be addressed, which in no case may exceed five (5) business days following the expiration of the first term.

Processing of complaints. FMA will have a term of fifteen (15) business days counted from the day following their submission, to respond to all requests related to a complaint regarding the correction, updating, or deletion of personal data, or when they notice the alleged non-compliance with any of the duties contemplated in current regulations. In case it is not possible to address the complaint within the specified term, FMA will communicate the reasons why it is not possible to address it and, therefore, a response will be given within an additional period of eight (8) business days following the expiration of the first term. When the submitted complaint is incomplete, the interested party will be required within five (5) business days following the receipt of this to Complement your failures.

In case two (2) months pass from the date of the request, without the applicant presenting the required information, it will be understood that they have withdrawn the claim.

In case the person receiving the claim is not the competent authority to resolve it, they will transfer it to the appropriate party within a maximum term of two (2) business days and will inform the interested party of the situation.

Requirement of Procedurality.

The holder, beneficiary, or attorney must first exhaust the process of consultation or claim before addressing the Superintendence of Industry and Commerce.

Cookies

Users of the FMA website can disable cookies in the preferences section of their browser and modify the cookie settings on the computer.

Validity and Modifications

This policy is effective from its publication and indefinitely. FMA reserves the right to modify this policy at any time. Any changes will be communicated by sending the respective email to the information holders.

Sede Medellín:
Carrera 43A #9 Sur 91/Torre Norte/Oficina 601 Centro de Negocios Las Villas

Sede Bogotá:
Calle 33 A No. 21-09, La Soledad, Teusaquillo.

+57 311 3903328

info@federicomarquezabogados.com

Política de Tratamiento de Datos Personales

Síguenos en nuestras redes

Facebook Instagram Linkedin

Copyright ©2025 Federico Márquez Abogados / Todos los derechos reservados