NON-OFFICIAL TRANSLATION

DATABASE TREATMENT POLICIES

This privacy and data protection policy regulates the collection, storage, treatment, administration, transfer, transmission, and protection of that information of natural and legal persons that are received from third parties, clients, suppliers, and workers through the different channels. Collection Information Center Medellín Global, Email: administracion@medellinglobal.org, cell: 3012622489.

The Medellín Global Foundation has arranged for the general public, in accordance with the provisions contained in articles 15 and 20 of the Political Constitution, Statutory Law 1581 of 2012, Decree 1377 of 2013, and other concordant norms, to dictate these provisions terms for the protection of personal data, the purpose of which is to disclose the treatment and the purpose to which the personal data contained in their Databases will be submitted, the rights of the owners, the person in charge and the procedure to attend to the queries or claims regarding the processing of personal data.

PRELIMINARY ASPECTS

For the purposes of executing this policy and in accordance with legal regulations, the following definitions will apply: a) Personal database administrator: Official or Manager who is in charge of and processes one or more databases that you have personal information; b) Authorization: Prior, express and informed consent of the Owner to carry out the Processing of personal data; c) Privacy notice: Physical document, electronic or in any other format generated by the Responsible that is made available to the Owner for the treatment of their personal data. In the Privacy Notice, the Owner is informed of the information regarding the existence of the information processing policies that will be applicable, the way of accessing them and the purpose of the treatment that is intended to be given to personal data; d) Database: Organized set of personal data that is subject to Processing; e) Personal data: Any information linked or that may be associated with one or more determined or determinable natural persons; f) Public data: It is the data classified as such according to the mandates of the law or the Political Constitution and that which is not semi-private, private or sensitive. The data relating to the civil status of people, their profession or trade, their qualification as a merchant or public servant and those that can be obtained without reservation are public, among others. By their nature, public data may be contained, among others, in public records, public documents, gazettes and official bulletins; g) Private data: It is the data that due to its intimate or reserved nature is only relevant to the owner; h) Semi-private data: Data that is not of an intimate, reserved or public nature and whose knowledge is of interest to the owner and to a certain sector or group of people or to society in general; i) Sensitive data: Sensitive data is understood to be those that affect the privacy of the Holder or whose improper use may generate its discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership in unions, social organizations, human rights organizations or those that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data related to health, sexual life and biometric data; j) Responsible for the Treatment: Natural or legal person, public or private, who by himself or in association with others, carries out the Treatment of personal data on behalf of the Responsible for the Treatment; k) Guarantor: The Office of Consumer Services and Business Support (OSCAE) will coordinate and process the attention and response to requests, complaints and claims related to the personal data protection law that the holders make to the Superintendence; l) Manager: The Planning Advisory Office will control the registry of the databases with personal information that is in the SIC and will support the entry of the information in the National Database Registry; m) Responsible for the Treatment: Natural or legal person, public or private, that by itself or in association with others, decides on the database and / or the Treatment of the data; n) Owner: Natural person whose personal data is subject to Treatment; ñ) Transfer: The data transfer takes place when the Person Responsible and / or in Charge of the Processing of personal data, located in Colombia, sends the information or personal data to a recipient, who in turn is Responsible for the Treatment and is within or outside the country; o) Transmission: Processing of personal data that involves the communication thereof within or outside the territory of the Republic of Colombia when it is intended to carry out a Treatment by the Manager on behalf of the Responsible; p) Treatment: Any operation or set of operations on personal data, such as the collection, storage, use, circulation or deletion thereof.

The following principles will be applied harmonically and comprehensively: a) Principle of legality in the matter of Data Processing: Processing is a regulated activity that must be subject to the provisions of Law 1581 of 2012, and the other provisions that develop it; b) Principle of purpose: The Treatment must obey a legitimate purpose in accordance with the Constitution and the Law, which must be informed to the Owner; c) Principle of freedom: Treatment can only be exercised with the prior, express and informed consent of the Owner. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal or judicial mandate releasing consent; d) Principle of truthfulness or quality: The information subject to Treatment must be truthful, complete, exact, updated, verifiable and understandable. Treatment of partial, incomplete, fractional or misleading data is prohibited; e) Principle of transparency: In the Treatment, the Holder’s right to obtain from the Data Controller or the Treatment Manager, at any time and without restrictions, information about the existence of data concerning him must be guaranteed; f) Principle of access and restricted circulation: Treatment is subject to the limits derived from the nature of personal data, the Constitution, Law 1581 of 2012, and the other provisions that develop it. In this sense, the Treatment can only be done by people authorized by the Owner and / or by the people provided by law; Personal data, except for public information, may not be available on the Internet or other means of dissemination or mass communication, unless access is technically controllable to provide restricted knowledge only to the Holders or third parties authorized under the law; g) Principle of security: The information subject to treatment by the person in charge of the treatment or person in charge of the treatment, must be handled with the technical, human and administrative measures that are necessary to grant security to the records, avoiding their adulteration, loss, consultation, use or unauthorized or fraudulent access; h) Principle of confidentiality: All persons involved in the Processing of personal data that are not public in nature are obliged to guarantee the confidentiality of the information, even after the end of their relationship with any of the tasks that comprise the Processing, being able to supply or communicate personal data only when it corresponds to the development of activities authorized by law; i) In the event that sensitive personal data is collected, the Owner may refuse to authorize its Treatment.

TREATMENT AND PURPOSE TO WHICH PERSONAL DATA WILL BE SUBJECTED

PERSONAL INFORMATION

Personal data will be processed for the purposes in accordance with the corporate purpose of the Medellín Global Foundation, especially all activities inherent in carrying out its main activity, social, administrative, operational, labor, and commercial management, as follows:

Databases

Requested information

Aims

Founders, Board of Directors and Executive Team

• Individualization data

• Location data.

• Schooling data.

• Data where information from third parties is requested.

• Identify the owner of the database.

• Maintain direct contact with the owner.

• Make notifications.

• Comply with contractual obligations.

• Comply with legal requirements.

• Sharing, including the transfer of personal data to third parties in the national territory, for the purposes of complying with the entity’s relationship.

• Perform internal control of personal knowledge and skills.

• Contact family members, financial dependents and / or beneficiaries in case of emergency.

• Make social security affiliations.

• Provide the services and / or products required by its users.

• Request products and services required by the Medellín Global Foundation.

• Inform about new products or services and / or changes in them.

• Send to physical, electronic, cellular or mobile device mail, via text messages (SMS and / or MMS) or through any other analog and / or digital means of communication created or to be created, commercial, social, educational, or advertising information. or promotional on products and / or services, events and / or promotions of a commercial nature or not, with the purpose of promoting, inviting, directing, executing, informing and in general, carrying out campaigns, promotions or contests of a social, commercial or advertising nature, carried out by the Medellín Global Foundation – and / or by third parties.

• Support internal or external audit processes.

• Those indicated in the authorization granted by the data owner or described in the respective privacy notice.

• Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.

• Guarantee that the information provided to the person in charge of the treatment is truthful, complete, exact, updated, verifiable and understandable.

• Update the information, communicating in a timely manner to the person in charge of the treatment, all the news regarding the data that has previously been provided and adopt the other necessary measures so that the information provided to it is kept updated.

• Rectify the information when it is incorrect and communicate the pertinent to the person in charge of the treatment.

• Provide the data processor only data whose treatment is previously authorized in accordance with the provisions of the Law.

• Always require the person in charge of the treatment, respect for the security and privacy conditions of the information of the owner.

• Process inquiries and claims formulated in the terms indicated in the Law.

• Adopt an internal procedure to guarantee proper compliance with the Law and this POLICY and, especially, for dealing with queries and complaints. Said procedure will account for the processes used for the collection, storage, use, circulation, and suppression of the information.

• Inform the person in charge of the treatment when certain information is under discussion by the owner once the claim has been presented and the respective procedure has not been completed.

• Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce.

• Allow data processing to those officials who have permission to do so or who oversee carrying out such activities.

• Define a database administrator and give him the authorization to carry out the necessary treatment and that requested by the owner of the information.

• Treat non-public personal data as confidential, even when the contractual relationship or the link between the holder of the personal data and the Medellín Global Foundation has ended.

• Delete personal data when the owner requires it, provided that such data should not remain in the database by legal or contractual provision that requires it. In the event of a partial revocation of the authorization for the processing of personal data for some of the purposes, the Medellín Global Foundation may continue to use the data for other purposes for which such revocation does not proceed.

• Warn its servers, employees, donors, contractors or data processors that, at the end of their link or contractual relationship with the Medellín Global Foundation, they are still obliged to keep the information confidential in accordance with current regulations on the matter – and / or by third parties.

• Register the databases in the National Registry of Databases – RNBD – administered by the Superintendence of Industry and Commerce, or by whoever substitutes for it.

• Implement all the procedures and administrative structure necessary for the actual adoption of this POLICY.

• Warn its servers that they must take advantage of the disabilities, impediments, incompatibilities, and conflicts of interest contemplated in Law 734 of 2002 (Unique Disciplinary Code, fourth chapter) for the treatment of personal data.

Employees

• Individualization data

• Location data.

• Schooling data.

• Data where information from third parties is requested.

• Identify the owner of the database.

• Maintain direct contact with the owner.

• Make notifications.

• Comply with contractual obligations.

• Comply with legal requirements.

• Sharing, including the transfer of personal data to third parties in the national territory for the purposes of complying with the contractual relationship.

• Perform internal control of personal knowledge and skills.

• Contact family members, financial dependents and / or beneficiaries in case of emergency.

• Make social security affiliations.

• Provide the services and / or products required by its users.

• Request products and services required by the Medellín Global Foundation.

• Inform about new products or services and / or changes in them.

Send to the physical, electronic, cellular or mobile device mail, via text messages (SMS and / or MMS) or through any other analog and / or digital means of communication created or to be created, commercial, social, educational, advertising or promotional on products and / or services, events and / or promotions of a commercial nature or not of these, in order to promote, invite, direct, execute, inform and in general, carry out campaigns, promotions or contests of a character commercial or advertising, advanced by the Medellín Global Foundation – and / or by third parties.

• Support internal or external audit processes.

• Those indicated in the authorization granted by the data owner or described in the respective privacy notice, as the case may be.

• Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.

• Guarantee that the information provided to the person in charge of the treatment is truthful, complete, exact, updated, verifiable and understandable.

• Update the information, communicating in a timely manner to the person in charge of the treatment, all the news regarding the data that has previously been provided and adopt the other necessary measures so that the information provided to it is kept updated.

• Rectify the information when it is incorrect and communicate the pertinent to the person in charge of the treatment.

• Provide the data processor only data whose treatment is previously authorized in accordance with the provisions of the Law.

• Always require the person in charge of the treatment, respect for the security and privacy conditions of the information of the owner.

• Process inquiries and claims formulated in the terms indicated in the Law.

• Adopt an internal procedure to guarantee proper compliance with the Law and this POLICY and, especially, for dealing with queries and complaints. Said procedure will account for the processes used for the collection, storage, use, circulation, and suppression of the information.

• Inform the person in charge of the treatment when certain information is under discussion by the owner once the claim has been presented and the respective procedure has not been completed.

• Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce.

• Allow data processing to those officials who have permission to do so or who oversee carrying out such activities.

• Define a database administrator and give him the authorization to carry out the necessary treatment and that requested by the owner of the information.

• Treat non-public personal data as confidential, even when the contractual relationship or the link between the holder of the personal data and the Medellín Global Foundation has ended.

• Delete personal data when the owner requires it, provided that such data should not remain in the database by legal or contractual provision that requires it. In the event of a partial revocation of the authorization for the processing of personal data for some of the purposes, the Medellín Global Foundation may continue to use the data for other purposes for which such revocation does not proceed.

• Warn its servers, donors, contractors or data processors that, at the end of their link or contractual relationship with the Medellín Global Foundation, they are still obliged to keep the information confidential in accordance with current regulations on the matter – and / or by third parties.

• Register the databases in the National Registry of Databases – RNBD – administered by the Superintendence of Industry and Commerce, or by whoever substitutes for it.

• Implement all the procedures and administrative structure necessary for the actual adoption of this POLICY.

• Warn its servers that they must take advantage of the disabilities, impediments, incompatibilities, and conflicts of interest contemplated in Law 734 of 2002 (Unique Disciplinary Code, fourth chapter) for the treatment of personal data.

Clients, Sponsors, Donors and Suppliers

Individualization data

• Biometric data.

• Location data.

• Chamber of Commerce and RUT

• Data where information from third parties is requested.

• Identify the owner of the database.

• Maintain direct contact with the owner, to provide a better service.

• Verify the veracity of the information provided by the owner

• Make notifications.

• Provide products and services required by the owner.

• Evaluate the quality of our products and / or services.

• Monitor and report quality service complaints.

• Know the legal origin of economic resources.

• Know the economic capacity to guarantee contractual obligations.

• Comply with contractual obligations.

• Comply with tax and legal requirements.

• Sharing, including the transfer of personal data to third parties in the national territory for the purposes of complying with the contractual relationship.

• Contact family members, financial dependents and / or beneficiaries in case of emergency.

• Inform about new products or services and / or changes in them.

• Send to physical, electronic, cellular or mobile device mail, via text messages (SMS and / or MMS) or through any other analog and / or digital means of communication created or to be created, commercial, social, educational, or advertising information. or promotional on products and / or services, events and / or promotions of a commercial nature or not of these, in order to promote, invite, direct, execute, inform and in general, carry out campaigns, promotions or contests of commercial, social, educational and / or advertising nature, advanced by the Medellín Global Foundation – and / or by third parties.

• Support internal or external audit processes.

• Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.

• Guarantee that the information provided to the person in charge of the treatment is truthful, complete, exact, updated, verifiable and understandable.

• Update the information, communicating in a timely manner to the person in charge of the treatment, all the news regarding the data that has previously been provided and adopt the other necessary measures so that the information provided to it is kept updated.

• Rectify the information when it is incorrect and communicate the pertinent to the person in charge of the treatment.

• Provide the data processor only data whose treatment is previously authorized in accordance with the provisions of the Law.

• Always require the person in charge of the treatment, respect for the security and privacy conditions of the information of the owner.

• Process inquiries and claims formulated in the terms indicated in the Law.

• Inform the person in charge of the treatment when certain information is under discussion by the owner once the claim has been presented and the respective procedure has not been completed.

• Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce.

• Allow data processing to those officials who have permission to do so or who oversee carrying out such activities.

• Treat non-public personal data as confidential, even when the contractual relationship or the link between the holder of the personal data and the Medellín Global Foundation has ended.

• Delete personal data when the owner requires it, provided that such data should not remain in the database by legal or contractual provision that requires it. In the event of a partial revocation of the authorization for the processing of personal data for some of the purposes, the Medellín Global Foundation may continue to use the data for other purposes for which such revocation does not proceed.

• Warn their servers, contractors or data processors that, at the end of their link or contractual relationship with the Medellín Global Foundation, they are still obliged to maintain the confidentiality of the information in accordance with current regulations on the matter – and / or by third parties. persons.

• Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.

• Guarantee that the information provided to the person in charge of the treatment is truthful, complete, exact, updated, verifiable and understandable.

• Update the information, communicating in a timely manner to the person in charge of the treatment, all the news regarding the data that has previously been provided and adopt the other necessary measures so that the information provided to it is kept updated.

Provide the person in charge of the treatment, according to the case, only data whose treatment is previously authorized in accordance with the provisions of the Law.

• Always require the person in charge of the treatment, respect for the security and privacy conditions of the information of the owner.

• Process inquiries and claims formulated in the terms indicated in the Law.

• Adopt an internal procedure to guarantee proper compliance with the Law and this POLICY and, especially, for dealing with queries and complaints. Said procedure will account for the processes used for the collection, storage, use, circulation, and suppression of the information.

• Register the databases in the National Registry of Databases – RNBD – administered by the Superintendence of Industry and Commerce, or by whoever substitutes for it.

• Implement all the procedures and administrative structure necessary for the actual adoption of this POLICY.

• The Medellín Global Foundation will refrain from treating sensitive data, except: when the owner has given her explicit authorization to said treatment, except in cases where the granting of said authorization is not required by law; the treatment is necessary to safeguard the vital interest of the owner and she is physically or legally incapacitated, event in which the legal representatives must grant their authorization; the treatment is carried out in the course of legitimate activities and with the due guarantees of a foundation, NGO, association.

• In development of the principles of purpose and freedom, the Medellín Global Foundation may only collect and process personal data that is pertinent and appropriate for the purpose for which it is collected or required in accordance with current regulations.

FIRST PARAGRAPH: The information provided by the owner must be truthful, complete, exact, verifiable, and updated. The owner guarantees the authenticity of all the data that you provide to the Fundación Medellín Global.

SECOND PARAGRAPH: The previous treatment and purpose will cover those data that have been collected prior to the publication of this data treatment policy and that are currently being processed.

THIRD PARAGRAPH: The owner who does not want their data to be subject to any of the treatments expressed in this document, may inform the Medellín Global Foundation at any time. to revoke the authorization for said treatment. In any case, the purposes will not apply to all contractual relationships.

SENSITIVE DATA

The Treatment of sensitive data will be prohibited, except when: a) The Owner has given his explicit authorization to said Treatment, except in cases where the granting of said authorization is not required by law; b) The Treatment is necessary to safeguard the vital interest of the Holder and the latter is physically or legally incapacitated. In these events, the legal representatives must grant their authorization; c) The Treatment is carried out in the course of legitimate activities and with due guarantees by a foundation, NGO, association or any other non-profit organization, whose purpose is political, philosophical, religious or union, provided that it is exclusively refer to its members or to persons who maintain regular contacts by reason of their purpose. In these events, the data may not be supplied to third parties without the authorization of the Owner; d) The Treatment refers to data that is necessary for the recognition, exercise or defense of a right in a judicial process; e) The Treatment has a historical, statistical or scientific purpose. In this event, the measures leading to the deletion of the identity of the Holders must be adopted.

LEGAL RIGHTS AND CONDITIONS FOR DATA PROCESSING

Pursuant to the provisions of Article 8 of Law 1581 of 2012, the Medellín Global Foundation informs the Owner of the personal data (by himself or through his representative and / or attorney or his successor in title), the following rights : a) Know, update and rectify your personal data in front of the Treatment Managers or Treatment Managers. This right may be exercised, among others, against partial, inaccurate, incomplete, fractional data that is misleading, or those whose Treatment is expressly prohibited or has not been authorized; b) Request proof of the authorization granted to the Data Controller except when expressly excepted as a requirement for Treatment, in accordance with the provisions of article 10 of Law 1581 of 2012; c) Be informed by the Data Controller or Treatment Manager, upon request, regarding the use that has been given to your personal data d) Present complaints to the Superintendence of Industry and Commerce for infractions of the provisions of Law 1581 of 2012, and the other regulations that modify, add to or complement it; e) Revoke the authorization and / or request the deletion of the data when the Treatment does not respect the principles, rights and constitutional and legal guarantees. The revocation and / or suppression will proceed when the Superintendence of Industry and Commerce has determined that in the Treatment the Person in Charge or Person in Charge has incurred in conduct contrary to the Constitution, Law 1581 of 2012 and other regulations that modify, add or complement it; f) Free access to your personal data that has been processed.

FIRST PARAGRAPH: Pursuant to the provisions of Article 9 of Regulatory Decree 1377 of 2013, the request to delete the information and revoke the authorization will not proceed when the Holder has a legal or contractual duty to remain in the database.

SECOND PARAGRAPH: The Medellín Global Foundation is always aware that personal data is the property of the people to whom it refers and that only they can decide on it. The Medellín Global Foundation will use them only for those purposes consented by the Owner and in any case respecting current regulations on the protection of personal data.

THIRD PARAGRAPH: In accordance with Article 21 of Regulatory Decree 1377 of 2013, the Medellín Global Foundation, will guarantee at all times the right of access that the Holder or his Cause holders have as long as the identity of the holder or in failing that, the legitimacy to exercise the rights of the Owner, to access and know what information is being processed by the Fundación Medellín Global, is demonstrated. The exercise of this right will guarantee the Holder or whoever represents him to consult free of charge his personal data that is object of Treatment by the Fundación Medellín Global, at least once every calendar month, likewise, whenever there are substantial modifications. to the Information Processing Policies that motivate new queries.

FOURTH PARAGRAPH: The rights of minors will be exercised through the people who are empowered to represent them.

RESPONSIBLE FOR ATTENDING REQUESTS, CONSULTATIONS AND / OR CLAIMS FOR THE PROCESSING OF PERSONAL DATA

The Medellín Global Foundation established the following to timely fulfill the requests, queries and / or claims made by the Holders or their authorized:

RESPONSIBLE FOR THE TREATMENT – The Medellín Global Foundation appointed to receive the requests and requests of the holders, the queries, rectifications, updates, suppressions and revocation referred to in Law 1581 of 2012, and thus, to make effective the rights that the holders, SERGIO ARTURO ESCOBAR SOLÓRZANO, identified with Citizenship Card 70,517,850,

RESPONSIBLE FOR THE PROCESSING – He will be in charge of the treatment of personal data, each of those responsible according to the case, of each of the areas and administrative dependencies from which the request for the processing of personal data or the database containing the personal data of which the exercise of the duty, right or action enshrined in this manual is proclaimed. Representing all areas is Mr. SERGIO ARTURO ESCOBAR SOLÓRZANO, who will oversee the processing of personal data and data protection officer.

FIRST PARAGRAPH: The communication channels for the data holders to contact the person in charge of the treatment will be the following:

• www.medellinglobal.org.

• Cel: 3012622489

• Email: administracion@medellinglobal.org

SECOND PARAGRAPH: The Processing of Personal Data must be done in the terms and scope of the authorization given by the owner or in application of special regulations when any legal exception to do so applies.

THIRD PARAGRAPH: Requests and requests will be received from Monday to Friday from 8:00 a.m. to 12:00 p.m. and from 2:00 p.m. to 6:00 p.m.

PROCEDURES FOR ACCESS TO INFORMATION

PROCEDURE FOR MAKING INQUIRIES OR CLAIMS ABOUT THE PROCESSING OF PERSONAL DATA

In order to attend in a timely manner and in accordance with the guidelines established in Articles 14 and 15 of Law 1581 of 2012, the Medellín Global Foundation has defined the means by which the Holder or who is authorized pursuant to Article 20 of the Regulatory Decree 1377 of 2013 may exercise your rights.

The Owner of the personal data or who is Authorized may access, consult or claim, by contacting the Fundación Medellín Global through the email administracion@medellinglobal.org, or by contacting the cell phone 3012622489. The interested or affected person who wishes to exercise any of The rights mentioned in this document may be done by written communication to the Medellín Global Foundation, duly signed, accompanied by a copy of the personal identification or similar analogous document.

In order to timely respond to the request of the Holder or who is Authorized, the request for consultation or claim, must contain at least the following information:

• Full Names or Business Name of the Holder.

• Identity number of the Holder.

• Holder’s location data.

• Description of the facts that motivate the consultation, claim or revocation of the authorization.

• Attached documents (copy of personal identification or similar document, and others that may be necessary).

• Means by which you want to receive the response.

When it is intended to revoke the authorization, the applicant must indicate whether to revoke the authorization in whole or in part, and the reasons that motivate her decision.

If you are a person other than the Owner, you must provide the documents that prove that you can act on your behalf.

The Medellín Global Foundation will have the terms established in Articles 14 and 15 of Statutory Law 1581 of 2012, in any case they will be addressed as follows:

• If the request is a CONSULTATION, it will be answered within a term of ten (10) business days from the date of receipt of the request. In the event that it is not possible to attend the query in said term, the Medellín Global Foundation will inform the petitioner of the reasons for the delay and will inform the date on which the response will be received. In any case, the final date may not exceed five (5) business days following the expiration of the first term.

• If the request is a CLAIM, it will be answered within a term of fifteen (15) business days from the day following the date of receipt. In the event that it is not possible to attend the query in said term, the Medellín Global Foundation will inform the petitioner of the reasons for the delay and will inform the date on which the response will be received. In any case, the final date may not exceed eight (8) business days following the expiration of the first term.

• If the claim is incomplete, the interested party will be required within five (5) days after receipt of the claim to correct the failures. If two (2) months have elapsed from the date of the request, without the applicant submitting the required information, it will be understood that the claim has been withdrawn. In the event that the person who receives the claim is not competent to resolve it, he will transfer it to the appropriate person within a maximum term of two (2) business days and will inform the interested party of the situation. Once the complete claim is received, a legend will be included in the database that says, “claim in process” and the reason for it, within a term not exceeding two (2) business days. Said legend must be kept until the claim is decided.

PARAGRAPH: In the event that the Owner requests the partial or total suppression of the information, the Medellín Global Foundation in its own right will keep all the documents and information of the owner, in an inactive file, during the time that the Medellín Global Foundation exercises the activities of its corporate purpose and ten (10) more years, being able to use for this purpose, at the option of the Medellín Global Foundation, its conservation on paper or in any technical, magnetic or electronic means that guarantees its exact reproduction. The Inactive File may only be consulted at the express request of a competent Judicial Authority or when for reasons of force majeure it must be consulted again by the Medellín Global Foundation.

IDENTITY VALIDATION OR AUTHORIZATION

For the validation of the quality of the petitioner, the Medellín Global Foundation has adopted the following security measures:

The holders of personal data must accredit the Fundación Medellín Global, their capacity as holders of the information or, failing that, the respective authorization, so that their request can be processed.

Now of receiving the petition from the owner, the Medellín Global Foundation will request that you show your identity document and you must attach a photocopy of the document displayed.

If the consultation is made by electronic means or by any other non-contact means, the owner of the information must accompany his request with a scanned photocopy of his identity document, together with the request that must be signed.

In all cases, the Medellín Global Foundation may contact the owner of the information by the means of notification that rest in its databases to verify the authenticity of the request.

COMPLAINT TO THE SUPERINTENDENCY OF INDUSTRY AND COMMERCE

The owner or successor in title may only file a complaint with the Superintendence of Industry and Commerce once they have exhausted the process of consultation or claim before the Medellín Global Foundation, evidencing a lack of knowledge of their rights.

VALIDITIES

VALIDITY OF THE AUTHORIZATION

The Data Holder accepts and acknowledges that this authorization will be in force from the time it is accepted, or its acceptance is presumed and during the time that the Medellín Global Foundation carries out the activities of its corporate purpose and fifteen (15) years. more, being able to use for this purpose, at the choice of the Medellín Global Foundation, its conservation on paper or in any technical, magnetic, or electronic means that guarantees its exact reproduction.

VALIDITY OF THE INFORMATION PROCESSING POLICY

The validity of this Information Processing Policy will take effect from January 30, 2018 and will have an indefinite validity.

Fundación Medellín Global reserves the right to modify this policy at any time and without prior notice. Any modification will come into effect and will have effects against related third parties from its publication in the corresponding channel. Consequently, it is recommended to frequently visit and consult the website of the Medellín Global Foundation in the corresponding module, to find out about these changes.

For more information related to the legal provisions on data protection, and those related to the complaint procedures regarding them, it is suggested to visit the website of the Superintendence of Industry and Commerce (www.sic.gov.co).

AUTHORIZATION FOR THE PROCESSING OF PERSONAL DATA

The Medellín Global Foundation

I declare freely, expressly, unequivocally and informed that I AUTHORIZE the Medellín Global Foundation to carry out the collection, storage, use, circulation, deletion, and in general, of the treatment of my personal data, including sensitive data and biometric data. , in order to achieve the purposes of the Research Center for International and Strategic Studies, in different fields of action, and thus contribute to the well-being of people and collaborate with other national and international non-profit organizations to satisfy common objectives.

I declare that I have been informed in a clear and understandable way that I have the right to know, update and rectify the personal data provided, to request proof of this authorization, to request information on the use that has been made of my personal data, to present complaints to the Superintendence of Industry and Commerce for the improper use of my personal data, to revoke this authorization or request the deletion of the personal data provided and to access them free of charge.

I declare that I know and accept the Personal Data Processing Manual of the Medellín Global Foundation and that the information provided by me is true, complete, accurate, updated and verifiable. By signing this document, I declare that I acknowledge and accept that any query or claim related to the Treatment of my personal data may be raised orally or in writing before the Medellín Global Foundation as Responsible for Treatment, whose website is: www.medellinglobal .org. Cell: 3012622489 and Email: administracion@medellinglobal.org