Privacy Policy
Personal Data Processing Policy
Rollup Consulting
Data Controller
Rollup Consulting S.A., a company specialized in data analytics consulting services, is responsible for the processing of personal data collected through its website and communication channels.
Data subjects may contact the following channel to exercise their rights related to data protection:
Email: informacion@rollupconsulting.com
Address: Bogotá, Cra. 55 #152b-68 Of 607
Legal Framework
Law 1581 of 2012, “By which general provisions for the protection of personal data are established.”
Decree 1377 of 2013, “By which Law 1581 of 2012 is partially regulated.”
Decree 886 of 2014, “By which Article 25 of Law 1581 of 2012 regarding the National Database Registry is regulated.”
External Circular 002 of 2015, “Which added Chapter Two to Title V of the Unified Circular issued by the Superintendence of Industry and Commerce.”
Personal Data Collected
Rollup Consulting may collect personal data through its website, contact forms, content subscriptions, commercial communications, or contractual relationships.
Collected data may include, among others:
• Full name
• Company or organization
• Job title
• Email address
• Phone number
• Information related to service requests or professional inquiries
Purpose of Data Processing
Personal data collected by Rollup Consulting may be used for the following purposes:
• Responding to information or contact requests submitted through the website.
• Presenting commercial proposals or information regarding consulting services.
• Sending informational, technical, or commercial communications related to data analytics, technology, or services offered by the company.
• Managing contractual relationships with clients, suppliers, or partners.
• Conducting internal analysis aimed at improving provided services.
• Complying with legal or regulatory obligations.
Rollup Consulting does not sell or commercialize personal data to third parties.
General Principles for Data Processing
This policy includes the following guiding principles governing the collection, use, and processing of personal data:
Principle of Legality. The collection, use, and processing of personal data shall be carried out in accordance with the law and applicable regulations.
Principle of Purpose. The collection, use, and processing of personal data shall pursue a legitimate purpose in accordance with the Constitution and the law, which shall be informed to the data subject.
Principle of Freedom. The collection, use, and processing of personal data may only be carried out with the prior, express, and informed consent of the data subject. Personal data may not be obtained or disclosed without prior authorization, unless otherwise required by law or judicial order.
Principle of Accuracy or Quality. The information subject to processing must be truthful, complete, accurate, updated, verifiable, and understandable. The processing of partial, incomplete, fragmented, or misleading data is prohibited.
Principle of Transparency. During the collection, use, and processing of personal data, the data subject’s right to obtain information regarding the existence of data concerning them from the data controller or processor at any time and without restrictions must be guaranteed.
Principle of Restricted Access and Circulation. The collection, use, and processing of data may only be carried out by persons authorized by the data subject or by those permitted under the law. Personal data, except for public information, may not be made available on the internet or other mass communication channels unless access is technically controllable to provide restricted access solely to authorized individuals in accordance with the law.
Principle of Security. Information subject to processing by the data controller or processor, as referred to in Law 1581 of 2012, must be handled with the necessary technical, human, and administrative measures to ensure the security of records and prevent unauthorized or fraudulent alteration, loss, consultation, use, or access.
Principle of Confidentiality. All persons involved in the collection, use, and processing of non-public personal data are obligated to maintain the confidentiality of such information, even after their relationship with any activities related to the processing has ended.
In accordance with its corporate purpose and business activities, Rollup Consulting S.A. may collect and use personal data for the purposes described herein.
Rights and Duties
In accordance with Law 1581 of 2012, data subjects have the following rights:
• To know, update, and rectify their personal data before data controllers or processors.
• To request proof of the authorization granted to the data controller, except when expressly exempted by law.
• To be informed by the data controller or processor, upon request, regarding the use given to their personal data.
• To file complaints before the Superintendence of Industry and Commerce regarding violations of Law 1581 of 2012 and related regulations.
• To revoke authorization and/or request the deletion of data when the processing does not respect constitutional and legal principles, rights, and guarantees.
• To access, free of charge, their personal data that has been subject to processing.
In accordance with Law 1581 of 2012, data controllers and processors must fulfill the following duties:
When Rollup Consulting S.A. acts as the data controller, it shall:
• Guarantee the full and effective exercise of the right to habeas data.
• Request and retain a copy of the authorization granted by the data subject.
• Properly inform the data subject about the purpose of data collection and their rights.
• Preserve information under the necessary security conditions to prevent unauthorized access, alteration, loss, or misuse.
• Ensure that information supplied to processors is truthful, complete, accurate, updated, verifiable, and understandable.
• Update information in a timely manner and communicate any changes to the processor.
• Correct inaccurate information and communicate the corresponding updates to the processor.
• Supply only data whose processing has been previously authorized in accordance with the law.
• Require processors to respect the security and privacy conditions of the data subject’s information at all times.
• Process inquiries and complaints in accordance with legal requirements.
• Adopt an internal policy and procedures manual to ensure compliance with the law.
• Inform the processor when certain information is under dispute by the data subject.
• Inform the data subject, upon request, about the use given to their data.
• Notify the data protection authority of security breaches involving risks to the administration of data subjects’ information.
• Comply with instructions and requirements issued by the Superintendence of Industry and Commerce.
Procedure for Inquiries and Complaints
Data subjects may submit inquiries or complaints related to their personal data by sending a request to the email address indicated in this policy.
Inquiries will be answered within a maximum term of ten (10) business days,nd complaints within a maximum term of fifteen (15) business days,in accordance with Colombian legislation.
Information Security
Rollup Consulting adopts reasonable technical, administrative, and organizational measures to protect personal data against loss, unauthorized access, misuse, or alteration.
Data Retention
Personal data will be retained for as long as necessary to fulfill the purposes for which it was collected or for the period required by applicable regulations.
Policy Validity
This policy becomes effective upon publication and may be updated by Rollup Consulting at any time to reflect regulatory changes or modifications in data processing practices.
