About the company
It is a long established fact that a reader will be distracted by the readable content of a page when looking at its layout. The point of
Database Management Action Plan
1. Authorized Access:
Only authorized personnel should have access to the database. To this end, the only person with access to the database is the Coordinator of B.A. Studios SAS.
Implement multi-factor authentication for enhanced security. This is done through two-step verification, which is supported by both Google Cloud and the Google Authenticator platform.
2. Data Collection:
Asegurar de que la recopilación de datos se realice con el consentimiento explícito de los usuarios. Desde todos los canales de atención garantizamos que los datos suministrados serán tratados según la política de tratamiento de Datos de B.A Studios SAS.
Informar a los usuarios sobre el propósito de la recopilación de datos. La política de tratamiento de datos es de consulta pública y puede ser encontrada en nuestras paginas https://bombilloamarillo.com/.
3. Secure Storage:
Use encryption to protect sensitive data both in transit and at rest. Data is protected end-to-end, in accordance with the data encryption policies provided by IT vendors.
Store data on secure servers that comply with data protection regulations.
We currently have an internal server hosted and managed by TopEye SAS, and we maintain backups of the data on Google Cloud servers.
4. Database Maintenance:
Perform regular data backups to prevent data loss. The contracted technology company, TopEye SAS, performs ongoing maintenance on both software and hardware, as well as their respective updates, to ensure continuous data backup.
Implement a monitoring system to detect unauthorized access or anomalies. The servers are equipped with the necessary software licenses to protect the information stored on the company’s servers.
5. Data Update:
Establish a procedure for updating and correcting inaccurate data. Customer data is constantly being updated through various channels: by phone or email, in person at the time of service delivery, and others.
Allow users to access and modify their own data when necessary. Currently, our information systems do not allow users to directly modify or delete information, but all customer service channels are available to make the modifications or deletions requested by the customer:
This procedure can be carried out through:
Customer service line: 318-370-25-86
Email: [email protected]
6. Use of Data:
Use data solely for the purposes specified and consented to by users.
All companies affiliated with B.A Studios SAS are required to strictly comply with the data protection policy.
Contact with customers is made only in the following cases: B.A Studios SAS and its affiliates will request and collect from their customers the data that is necessary, relevant, and not excessive for the following purposes, without prejudice to others that may be expressly indicated in the Authorization granted by the
Data Controller.
A. To manage and carry out the sale of vehicles and the provision of services related to the economic and/or corporate activities of B.A Studios SAS.
B. To handle billing, payment management, and collections related to the sale of goods and services;
C. To carry out the necessary procedures for granting credit and financing related to the sale of goods and services;
D. To provide follow-up and customer service regarding the sale of goods and services.
E. To comply with the legal and tax obligations arising from the business activities of B.A Studios SAS.
F. Conduct market research and analysis, as well as sales statistics, for commercial purposes and to improve the quality of the services offered.
G. Manage after-sales service and services sold by the company through its business units;
H. Manage warranties, repairs, and replacements for goods and services sold by the company through its business units;
I. To send commercial, advertising, and promotional information regarding the goods and services offered by the Company, provided that prior consent has been obtained from the data subject;
J. To communicate and/or transmit;
Similarly, the Company will collect from its customers the personal data that is necessary, relevant, and not excessive, which, for security reasons, must be analyzed and evaluated for the proper execution of the contractual relationship and/or to identify the contractual counterparty, within the framework of the processes for implementing and applying the Policy on the Administration and Management of Risks Derived from Money Laundering and Terrorist Financing – SAGRILAFT adopted by the Company.
Prohibit the sale or transfer of data to third parties without proper consent.As indicated in the Data Processing Policy, published on our website: https://bombilloamarillo.com/.
“The transfer of personal data refers to the disclosure of such data within or outside Colombian territory for the purpose of allowing a third party to access it in its capacity as a data processor.
The transfer of personal data to third parties within Colombia will only take place in cases where the data subject has given express authorization or where there is a legal obligation permitting it. In all cases, the confidentiality, security, and protection of the transferred data will be guaranteed, and third-party recipients of the information will be required to comply with the same security and privacy standards established in our policy.
Regarding the transfer of personal data to third parties abroad, this will only occur in cases where the legal requirements established in applicable regulations are met and an adequate level of data protection is guaranteed in the receiving country. All necessary measures will be taken to ensure the confidentiality, security, and protection of the data transmitted, and third-party recipients of the information will be required to comply with the same security and privacy standards established in our policy and in the applicable regulations of the receiving country.”
Therefore, the sale or transfer of this information to companies other than B.A. STUDIOS SAS or its affiliates is prohibited.
7. Data Deletion and Service Cancellation:
Implement a process for the secure deletion of data that is no longer needed. Data provided by users is retained in our information systems, but will be properly flagged to ensure it is not used in a way that violates the user’s requests.
Additionally, in all communications sent to customers, there will be a link to unsubscribe from communications received from B.A Studios SAS and its affiliates.
8. Audit and Compliance:
Conduct regular audits to ensure compliance with the data protection policy. The platform through which we communicate with our users holds certifications for security, quality, and compliance with domestic and international standards. We also verify and record the date on which the customer canceled their subscription.
9. Incident Reports:
Establish a protocol for reporting and managing any data security incidents. Notify affected users in the event of a data breach.
The platform contracted with the provider TopEye SAS has the necessary certifications as indicated in the previous point; additionally, the platform is designed to comply with the provisions established in Article 15 of the Constitution and Statutory Laws 1581 of 2012 and 1377 of 2013, and to ensure the proper protection of customer data.
However, technical failures may occur; in such cases, the technology platform provider is capable of detecting and reporting them with the appropriate justifications. Likewise, B.A Studios SAS and its subsidiaries will be able to report this information to their customers.
10. Policy Review:
Periodically review and update data protection policies to adapt to legal and technological changes.
B.A. Studios SAS and its subsidiaries, technology providers, and other partners are constantly keeping abreast of national regulations and laws regarding data protection in order to ensure ongoing compliance with these requirements.
