For each of the Databases where ASSOCIATED ENGINEERING ARCHITECTS AIA is responsible for the treatment, the following policies are defined:

POLICIES FOR THE PROCESSING OF PERSONAL DATA OF CUSTOMERS

AIA will collect from its Clients the personal data necessary for the provision of the services requested by them by virtue of its portfolio of products and services. AIA will not request, store or process data from Clients that are not necessary for the provision of services typical of the nature of its activities.

AIA will only store and process SENSITIVE DATA of its Clients in the cases strictly necessary and in accordance with articles 5, 6 and 7 of Law 1581 of 2012.

AIA will not go to sources to obtain personal data from current or potential Clients when it is not certain that the supplier of the same, has the due authorization of treatment by the Holder of the information or the same are exempted from the authorization under the terms of Law 1581 of 2012.

AIA will not collect, store and treat SENSITIVE DATA of Customers without their express authorization, except in the cases provided for in Law 1581 of 2012 on the Protection of Personal Data and Decree 1377 of 2013.

In the case of personal data obtained and stored in the Customer Databases prior to the entry into force of Law 1581 of 2012, AIA will make the necessary efforts to obtain the proper authorization from the Holders of the information.

The authorization for the processing of personal data will be taken as valid where the Holder manifests and is reproducible, the consent to process their data. Among others, the physical formats with signature, the recordings of telephone calls, the emails with response to the consent and the others that the regulations allow.

AIA regardless of the location and physical custody of the Client's Personal Databases, will always be responsible for the treatment that is executed on them. For the above and when for the custody and management of Customer Databases, the service of External Suppliers is contracted, clauses that allow not to lose control over said information will be included in the contracts.
AIA will refrain from transferring by any means and under any modality (sale, loan, transfer, among others) the personal data of Clients without being certain of having the authorization of the Holder thereof. For this purpose or in cases where by legal order you must assign your custody to the authorities that by their nature require them by legal means.

When, due to the contracting of services of Third Parties that access the personal data of Clients for the fulfillment of the activity, AIA will stipulate in the contracting the scope of access, use and other operations that can be done with this information, as well as the mechanisms of recovery, destruction and final disposition once the contracted activity is finished.
Regardless of the means of storing the personal data of the Clients, AIA will guarantee its access, use and treatment only by authorized personnel and with the own purposes defined in the authorization given by the Holders.

When, under the activities of AIA, activities are carried out inside or outside the Company, where there is image and video capture as a record of events or as part of advertising campaigns that contain the image of Company Clients, the authorization to The use of the image will be included at the time of linking as a Client or in the absence of any differences between the date of entry and the entry into force of Law 1581 of 2012, in a signed authorization when making the shots.

POLICIES FOR THE PROCESSING OF PERSONAL DATA OF SUPPLIERS

AIA will collect from its Suppliers the personal data necessary for linking and maintaining contractual relationships, which allow obtaining goods and services for the development of its activities. AIA will not request, store or process data from Suppliers that are not necessary for the conclusion and maintenance of contractual relationships.

AIA will only store and process SENSITIVE DATA of its Suppliers in strictly necessary cases and in accordance with articles 5, 6 and 7 of Law 1581 of 2012.

AIA will not go to sources to obtain data from current or potential Suppliers when it is not certain that the person providing them, has the proper authorization of treatment by the Holder of the information or they are exempted from the authorization in the terms of Law 1581 of 2012.

AIA will not collect, store and treat SENSITIVE DATA of Suppliers without their express authorization, except in the cases provided for in Law 1581 of 2012 on Personal Data Protection and Decree 1377 of 2013.

In the case of data obtained and stored in the Supplier Databases prior to the entry into force of Law 1581 of 2012, AIA will make the necessary efforts to obtain the proper authorization from the Holders of the information.

The authorization for the processing of personal data will be taken as valid where the Holder manifests and is reproducible, the consent to process their data. Among others, the physical formats with signature, the recordings of telephone calls, the emails with response to the consent and the others that the regulations allow.

AIA regardless of the location and physical custody of the Provider Databases, will always be responsible for the treatment that is executed on them. For the above and when for the custody and management of the Supplier Databases, the Third Party service is contracted, clauses that allow not to lose control over said information will be included in the contracts.

AIA will refrain from transferring by any means and under any modality (sale, loan, transfer, among others) the personal data of Suppliers, without being certain of having the authorization of the Holder of the same as for this purpose or in the cases that by legal order, you must transfer your custody to the authorities that by their nature require them by legal means.

When, due to the contracting of third-party services that access personal data of Suppliers for the fulfillment of the activity, AIA will stipulate in the contracting the scope of access, use and other operations that can be done with this information, as well as the mechanisms of recovery, destruction and final disposition once the contracted activity is finished.

Regardless of the means of storing the personal data of the Suppliers, AIA will guarantee its access, use and treatment only by authorized personnel and with the own purposes defined in the authorization given by the Holders.

AIA has procedures for the administration of personal data of Suppliers.

When, under the activities of AIA, activities are carried out inside or outside the Company where images and video are captured as a record of events or as part of advertising campaigns that contain the image of Company Suppliers, the authorization for Use of the image will be included at the time of linking as a Provider or if there are no differences between the date of entry and the entry into force of Law 1581 of 2012, in an authorization signed when making the shots.

POLICIES FOR THE TREATMENT OF PERSONAL DATA OF COLLABORATORS AND EXCOLABORATORS

AIA will collect and treat from its collaborators, the personal data necessary for linking and other Human Talent Management processes and administrative processes of personnel as part of its business activity. AIA will not request, store or process data from employees and former collaborators that are not necessary for the processes of the current or past employment relationship.
AIA will only store and process SENSITIVE DATA of its collaborators and former collaborators in the strictly necessary cases and in accordance with articles 5, 6 and 7 of Law 1581 of 2012.
AIA will not go to sources to obtain personal data of current and potential collaborators and former collaborators, when it is not certain that the person providing them, has the proper authorization of treatment by the Holder of the information or they are exempted from the authorization under the terms of Law 1581 of 2012.

AIA will not collect, store and treat SENSITIVE DATA of employees and former collaborators without their express authorization, except in the cases provided for in Law 1581 of 2012 on Personal Data Protection and Decree 1377 of 2013.

In the case of data obtained and stored in the Databases of collaborators and former collaborators prior to the entry into force of Law 1581 of 2012, AIA will make the necessary efforts to obtain the proper authorization from the Holders of the information.

The authorization for the processing of personal data will be taken as valid, the one where the collaborators and ex-collaborators express and be reproducible, the consent to process their data. Among others, the physical formats with signature, the recordings of telephone calls, the emails with response to the consent and the others that the regulations allow.
AIA regardless of the location and physical custody of the Databases of collaborators and former collaborators, will always be responsible for the treatment that is executed on them. For the above and when for the custody and management of the Databases of collaborators and former collaborators, the Third Party service is contracted, clauses that allow not to lose control over said information will be included in the contracts.

AIA will refrain from transferring by any means and under any modality (sale, loan, assignment, among others) the personal data of Employees and former employees without being certain of having the authorization of the Holder of the same for this purpose or in the cases that by legal order, you must transfer your custody to the authorities that by their nature require them by legal means.

When, due to the contracting of third-party services that access personal data of collaborators and ex-collaborators for the fulfillment of the activity, AIA will stipulate in the contracting the scope of access, use and other operations that can be done with this information, as well as the mechanisms of recovery, destruction and final disposition once the contracted activity is finished.

Regardless of the means of storing the personal data of collaborators and ex-collaborators, AIA will guarantee its access, use and treatment only by authorized personnel and with the own purposes defined in the authorization given by the Owners.

AIA has procedures for the administration of personal data of collaborators and former collaborators.
When, under the activities of Human Talent management, welfare activities are carried out inside or outside the Company where images and video are captured as a record of events or as part of advertising campaigns that contain the image of AIA employees, authorization for the use of the image will be included at the time of linking or if there are no differences between the date of entry and the entry into force of Law 1581 of 2012, in an authorization when making the shots.

POLICIES FOR THE PROCESSING OF PERSONAL DATA OF PARTNERS

AIA will collect and treat from its Partners, the personal data necessary for the shareholder registration and other processes related to the administration of property and legal and tax responsibility before the internal and external Control Entities and the competent authorities. AIA will not request, store or process data from Partners that are not necessary for the processes of the property relationship described above.

AIA will only store and process SENSITIVE DATA of its Partners in the strictly necessary cases and according to articles 5, 6 and 7 of Law 1581 of 2012.
AIA will not go to sources to obtain personal data of its Partners when it is not certain that the person who provides them has the proper authorization of treatment by the Holder of the information, or they are exempted from the authorization in the terms of Law 1581 of 2012.

AIA will not collect, store and treat SENSITIVE DATA of the Partners without their express authorization, except in the cases provided for in Law 1581 of 2012 on the Protection of Personal Data and Decree 1377 of 2013.

In the case of data obtained and stored in the Databases of Partners prior to the entry into force of Law 1581 of 2012, AIA will make the necessary efforts to obtain the proper authorization from the Holders of the information.

The authorization for the processing of personal data will be taken as valid where the Holder manifests and is reproducible, the consent to process their data. Among others, the physical formats with signature, the recordings of telephone calls, the emails with response to the consent and the others that the regulations allow.

AIA regardless of the location and physical custody of the Partner Databases, will always be responsible for the treatment that is executed on them. For the above and when for the custody and management of the Partner Databases, the Third Party service is contracted, clauses that allow not to lose control over said information will be included in the contracts.

AIA will refrain from transferring by any means and under any modality (sale, loan, transfer, among others) the personal data of the Partners, without being certain of having the authorization of the Holder of the same for this purpose, or in cases that by legal order you must assign your custody to the authorities that by their nature require them by legal means.

When, due to the contracting of third-party services that access the personal data of the Partners for the fulfillment of the activity, AIA will stipulate in the contracting the scope of access, use and other operations that can be done with this information, as well as the recovery, destruction and final disposal mechanisms once the contracted activity is finished.

Regardless of the means of storing the personal data of the Partners, AIA will guarantee its access, use and treatment only by authorized personnel and with the own purposes defined in the authorization given by the Owners.

AIA has procedures for managing the personal data of the Partners.

When, by virtue of the activities of administrative, heritage, cultural or social management where the Partners participate inside or outside the Company and they capture images or video, as a record of events or as part of advertising campaigns that contain the image of AIA Partners, the authorization for the use of the image will be included at the time of registration or share registration or in case of not existing due to differences between the date of entry and the entry into force of Law 1581 of 2012, in an authorization when making the shots.

RIGHTS OF THE HOLDERS

The Data Holders, in accordance with current legislation, have the following rights regarding the information that AIA has about them:

Know, update and rectify your personal data against AIA. This right may be exercised, inter alia, against partial, inaccurate, incomplete, fractional data that is misleading, or those whose treatment is expressly prohibited or has not been authorized.

Request proof of authorization granted to AIA, except when expressly excepted as a requirement for Treatment, in accordance with the provisions of article 10 of Law 1581 of 2012.
Be informed by AIA of the Treatment, upon request, regarding the use you have given to your personal data.

File complaints with the Superintendence of Industry and Commerce for violations of the provisions of Law 1581 of 2012 and the other regulations that modify, add or complement it.

Revoke the authorization and / or request the deletion of the data when the constitutional and legal principles, rights and guarantees are not respected in the treatment, or when there is no legal or contractual duty that imposes on the Holder the duty to remain in said base of data. The revocation and / or deletion will proceed when the Superintendence of Industry and Commerce has determined that in the AIA Treatment it has engaged in conduct contrary to the law and the Constitution.

Make free consultations with AIA about your personal data that have been subject to Treatment.

PROCEDURES FOR THE CONSULTATION, UPDATE, RECTIFICATION AND SUPPRESSION OF PERSONAL DATA

For the consultation, updating, rectification and deletion of your personal data, as well as for the revocation of the authorization, the Holders or their Cause holders have at their disposal the following procedures established by AIA: CONSULTATION. The Holders or their successors may consult the personal information that rests in the AIA Database, after validating their identity. The consultation will be answered within a maximum term of ten (10) business days from the date of receipt of the same by any of the established means. When it is not possible to attend the query within said term, the user will be informed, the reasons for the delay will be expressed and the date on which his query will be answered will be indicated, which may not exceed five (5) business days following the expiration of the first term.

REVOCATION OF THE AUTHORIZATION AND / OR SUPPRESSION OF DATA

The Holders may at any time request the AIA to delete their Personal Data and / or revoke the Authorization granted for the Treatment thereof, by submitting a claim, in accordance with the provisions of article 15 of Law 1581 of 2012

The request for deletion of the information and the revocation of the authorization will not proceed when the Holder has a legal or contractual duty to remain in the Database.

COMPLAINTS TO THE SUPERINTENDENCY OF INDUSTRY AND COMMERCE

The Holder or his successors may only file a complaint with the Superintendence of Industry and Commerce, once they have duly exhausted the process of consultation or claim directly before AIA.

MEANS OF CONTACT

For the exercise of the rights conferred by Law 1581 of 2012 and other regulations that regulate the issue by the Data Holders or their successors, as well as for the presentation of inquiries and complaints, AIA has provided the email aia @ aia .com.co, the Single Customer Service Line (574) 266 44 00, and in person at the main office Carrera 35A No. 15B - 35, 96 floors / Las Palmas Avenue in Medellín (Antioquia), and in the Bogotá headquarters on the North Highway No. 114-44, office 604.

Article 10 of Law 1581 of 2012.

Article 10 of Law 1581 of 2012.

Article 10 of Law 1581 of 2012.

Article 10 of Law 1581 of 2012.

In this space we want you to know the mechanisms defined by AIA for the management of the personal data of the Holders that rest in the Databases, where the Company is Responsible for their treatment.

ARCHITECTS INGENIEROS ASOCIADOS AIA, will treat the information provided by the Clients, Suppliers, collaborators and other relationship groups of which, in the course of their business and contractual relationships, provide their personal data and be stored and stored in databases of the organization, under strict compliance with Law 1581 of 2012 on the Protection of Personal Data and Decree 1377 of 2013.

In order for all AIA audiences to have clear and precise criteria, the following glossary is adopted adopting the definitions given in the Law.

AUTHORIZATION: prior, express and informed consent of the Holder to carry out the processing of personal data.

DATABASE: organized set of personal data that is subject to processing.

PERSONAL DATA: any information linked or that may be associated with one or more specific or determinable natural persons.

MANAGER OF THE TREATMENT: Natural or legal person, public or private, that by itself or in association with others, performs the Processing of personal data on behalf of the Responsible for the Treatment.

RESPONSIBLE FOR THE TREATMENT: Natural or legal person, public or private, that by itself or in association with others, decides on the basis of the data and / or the Treatment of the data.

HOLDER: natural person whose personal data is subject to processing.

TREATMENT: any operation or set of operations on personal data, such as the collection, storage, use, circulation or deletion.

PRIVACY NOTICE: verbal or written communication generated by the person in charge, addressed to the Holder for the processing of their personal data, by means of which they are informed about the existence of the Information Processing policies that will be applicable to them, how to access to them and the purposes of the Treatment that is intended to give personal data.

PUBLIC DATA: is the data that is not semi-private, private or sensitive. They are considered public data, among others, the data related to the marital status of people to their profession or trade and their status as merchant or public servant. By their nature, public data may be contained among others, in public records, gazettes and official gazettes and duly enforced judicial sentences that are not subject to reservation.

SENSITIVE DATA: sensitive data means those that affect the privacy of the Holder or whose improper use may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership in trade unions, social, human rights organizations or those that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data related to health, sexual life, and biometric data.

TRANSFER: the transfer of data takes place when the person in charge and / or in charge of the Processing of personal data, located in Colombia, sends the information or personal data to a recipient, who in turn is Responsible for the Treatment and is inside or outside from the country.

TRANSMISSION: Treatment of personal data that implies the communication of the same within or outside the territory of the Republic of Colombia when it is intended to carry out a Treatment by the Manager on behalf of the Responsible.

ARCHITECTS INGENIEROS ASOCIADOS AIA EN RESESTRUCTURACION, in the course of its business and contractual relations is responsible for the information that rests in the following databases: Clients, Suppliers, Employees, Former employees and Partners.

In the following link you can download the AIA Personal Data Processing Policy: