The personal data collected hereafter or stored in our databases will be processed for the following purposes:
Some of these activities are carried out in compliance with legal and contractual obligations; therefore, personal data processing is considered included within them.
In the case of personal data processing for advertising, marketing, or commercial prospecting purposes, the Superintendence of Industry and Commerce issued External Circular No. 006 of 2022, which establishes the protection of consumer information obtained through commercial mechanisms, advertising, and marketing campaigns. First, the organization must comply with personal data protection regulations. Second, it must verify that personal data was lawfully obtained and may be used for advertising, marketing, commercial prospecting, or any other intended purpose. Third, individuals who do not wish to receive further advertising must not be contacted, and their data must be deleted upon request. Fourth, effective mechanisms must be implemented for the exercise of data subjects’ rights. Fifth, inquiries and claims from data subjects must be answered in a timely and appropriate manner. Sixth, individuals must not be contacted at times or days that may affect their peace and privacy.
Gamma CyberAcademy Platform: Used to provide cybersecurity training services within the platform, track progress, generate management reports, and share service-related information for both clients and internal employees.
Physical Résumés: Used to record and archive job applications of personnel.
Active Personnel Résumés: Used to maintain updated records of currently active employees.
Inactive Personnel Résumés: Used to track former employees and generate statistical records.
Marketing Clients: Data collection used to register client or employee attendance at in-person, hybrid, or virtual events, identify business opportunities for future contact, and distribute information about company services, cybersecurity content, advertising campaigns, and event information.
Employees – Internal Marketing: Data collection used for internal communications, invitations to in-person, hybrid, or virtual events, corporate announcements, consultation tools, and training information.
Visitor Registry: Used to record the entry and exit of external personnel to the organization through logs managed by the Human Resources department.
CCTV System: Surveillance system used to control activities, monitor areas and personnel, and maintain continuous security oversight of facilities.
Supplier Agenda: Used to establish contact with entities or individuals from whom services or products will be requested.
Technology Suppliers Agenda: Companies that provide technological services used by the organization.
Contractors: Enables contact with providers of specific services.
Pre-sales Area Suppliers: Used for activities such as event sponsorships, direct contact with suppliers, and requesting quotations for products and services provided by partners and vendors.
Data Subjects whose personal data is registered in the databases of GAMMA INGENIEROS S.A.S. have the following rights:
GAMMA INGENIEROS S.A.S. guarantees the right of inquiry by providing individuals exercising this right with all information contained in their individual record or that is linked to the identification of the Data Subject.
From the Service Transformation Directorate, together with the Customer Experience area, the inquiry process is carried out, specifically addressing nonconformities, complaints, and claims, ensuring that the services and solutions provided by Gamma Ingenieros meet the expectations of internal and external clients through Action Plans that strengthen and enhance processes. This is done through Form PGI005 Improvement (process improvement) focused on both external and internal clients, with follow-up recorded in Form FGI050 Improvement.
This department is responsible for receiving, processing, and channeling the different requests received and forwarding them to the corresponding data processing unit.
Once these units receive such communications, they will perform personal data protection functions and must process data subject requests within the terms, deadlines, and conditions established by applicable regulations for the exercise of rights of access, inquiry, rectification, updating, deletion, and revocation.
For handling personal data inquiries, GAMMA INGENIEROS S.A.S. provides electronic and telephone communication channels.
Contact details for exercising rights:
Correspondence address: Calle 166 #20-45, Bogotá
Phone: (601) 4076000
Email: protecciondatos@gammaingenieros.com
In any case, inquiries will be answered within a maximum term of ten (10) business days from the date of receipt. If it is not possible to respond within this term, the interested party will be informed before its expiration, stating the reasons for the delay and indicating the date on which the inquiry will be answered, which shall in no case exceed five (5) additional business days.
Likewise, we guarantee the right to file complaints regarding databases for correction, updating, or deletion, or when a possible breach of Law 1581 of 2012 and other applicable regulations is identified. Complaints will be processed under the following rules:
Special rules for exercising data subject rights:
Requests for rectification, updating, or deletion must be submitted through the channels enabled by GAMMA INGENIEROS S.A.S., indicated in the privacy notice and this document, and must include at least:
GAMMA INGENIEROS S.A.S. is obliged to rectify and update, upon request, any information that is incomplete or inaccurate, in accordance with the procedure and terms stated above.
Regarding data deletion, the Data Subject has the right at any time to request deletion of their personal data when:
This deletion implies the total or partial removal of personal data from records, files, databases, or processing activities carried out by GAMMA. However, the right to deletion is not absolute, and it may be denied when:
If deletion is appropriate, GAMMA INGENIEROS S.A.S. will carry it out in a way that prevents recovery of the information. Some data may remain in historical records due to legal obligations, and deletion will apply only to active processing in accordance with the Data Subject’s request.
When data is sent or transferred to another country, the authorization of the Data Subject whose information is being transferred must always be obtained. Unless otherwise required by law, such authorization is a necessary requirement for the international transfer of data.
In this regard, before sending personal data to another country, those responsible for complying with this policy must verify that prior, express, and unequivocal authorization has been obtained from the Data Subject, allowing the transfer of their personal data.
Such transfer of personal data is carried out only to third parties with whom GAMMA INGENIEROS S.A.S. has a contractual, commercial, and/or legal relationship.
The databases processed by GAMMA INGENIEROS S.A.S. are those established in the security document and shall remain in effect for the entire duration of the company’s corporate purpose.
The Privacy Notice is available in any physical or electronic format that is made known to the Data Subject before or at the time of the collection of their personal data. It serves as the means through which the Data Subject is informed of all matters related to the applicable Personal Data Processing Policy, how to access it, the purposes for which their personal data has been collected, and the processing that the company will carry out on such data.
In accordance with the security principle established in Law 1581 of 2012, GAMMA INGENIEROS S.A.S. adopts the technical, human, and administrative measures necessary to ensure the security of personal data under processing, thereby preventing its alteration, loss, unauthorized consultation, use, or fraudulent access.
These policies are effective as of September 30, 2015.
As a general rule, the term of authorization for the use of personal data granted by clients and/or users shall be understood to last for the duration of the commercial relationship or service engagement, and throughout the performance of the company’s corporate purpose.
Authorizations regarding the data of clients and/or users may be terminated at any time at their own will. If the individual is an active client of Gamma, their data may not be used for any purpose other than the provision of the product or service and for offering renewals when applicable.
When the terms of the privacy policies of any contracted services or products are substantially changed, renewal-based services shall obtain new authorization during the renewal process. For other cases, authorization will be obtained in the manner established in each policy or privacy notice, or through the usual communication channels between the company and the Data Subjects.
Any substantial change in data processing policies will be communicated in a timely manner to Data Subjects through regular communication channels and/or via:
For Data Subjects without access to electronic means, or those who cannot be contacted, communication will be provided through public notices on the website or at the company’s headquarters.
Notifications will be sent at least ten (10) days prior to the implementation of the new policies and/or substantial updates.
This Personal Data Processing Policy was published on March 14, 2023, and its validity applies from its publication through the authorized channels described above, for the knowledge of all Data Subjects.