Privacy and Data Protection Policy Notice
Privacy and Data Protection Policy Notice
METROBANK S.A., and its subsidiaries hereinafter referred to as THE ENTITY, make available to customers, employees, candidates in selection process, suppliers, users of customer service channels, referrals and prospective customers, hereinafter referred to as STAKEHOLDERS, its Privacy and Personal Data Protection Policy notice, which contains the guidelines that have been defined for the proper handling of personal data, the mechanisms that data owners have to exercise their rights (ARCO RIGHTS), purposes of the treatments, as well as regulating other aspects in the field of personal data protection.
RESPONSIBLE FOR THE PROCESSING OF PERSONAL INFORMATION:
These are the following companies of the METROBANK financial group, hereinafter THE ENTITY: METROBANK, S.A., METRO ASSET MANAGEMENT S.A., METROFACTORING, S.A., METRO LEASING, S.A., METROTRUST, S.A., FINANCIERA GOVIMAR, S.A., CORPORACIÖN GOVIMAR.
DATA PROCESSING AND ITS PURPOSE:
THE ENTITY, will collect, request, consult, verify, store, share, send, report, modify, transfer, transmit, update, use and keep the personal data of its stakeholders, for the fulfillment of their functions as companies in the financial sector, fiduciary, securities, employer, services recipient, and for legal and contractual purposes necessary to comply with legal obligations, the development of the corporate purpose of each one and those inherent to pre-contractual, contractual and post-contractual relationships, in accordance with the rules governing the processing of personal data. THE ENTITY will carry out the following processing:
The data provided by THE STAKEHOLDERS will be used only by THE ENTITY for the following purposes: Due Diligence, prevention of money laundering, money laundering, financing of terrorism and financing of the proliferation of weapons of mass destruction, for knowledge of legal situations, for application of scientific procedures necessary to the data described above, in order to provide any type of score, rating or index in relation to the customer’s risk profile or product segmentations, application of scientific and/or statistical methods for the determination of consumption habits, either for the offering of products or services or for the elaboration of statistical data, offering financial recommendations and/or for the elaboration of market research; to provide our services and improve your experience as a user of our website. To obtain information about credit history, behavioral information or predictions, information about obligations to the State, application of necessary scientific procedures to credit references, in order to provide any type of score, rating or index in relation to credit references and/or data and for recruitment and employment opportunities.
Types of data requested: Basic personal data to identify you unequivocally: full name, date of birth, nationality, passport number, age, marital status, occupation, public positions. Contact data to be able to contact you and send you the required information, namely: physical address, e-mail address, telephone numbers and in case you are a legal entity, address and tax identification number. Employment data. Financial data. Equity data. Personal, commercial and/or banking references. In case of being a legal entity, the personal information requested will be based on the role of the natural person within the organization.
In addition to the aforementioned data, documentation will be requested to support the information you provide. Likewise, THE ENTITY declares that, within its facilities and its surroundings, it maintains video surveillance cameras for the safety of its employees, suppliers and customers. It is further specified that THE ENTITY will carry out processing by means of tools that allow obtaining an automated result, including but not limited to profiling.
RIGHTS OF THE HOLDERS AND CHANNELS TO EXERCISE THEM:
THE ENTITY will ensure that all data holders of the STAKEHOLDERS are allowed to exercise their rights, which are: Right of access, rectification, cancellation, opposition and portability and which will be attended within the term determined by law.a
- Right of access: Allows the holder to obtain his/her personal data that are stored or subject to processing in databases, in addition to knowing the origin and purpose for which they were collected.
- Right of rectification: Allows the holder to request the rectification of incorrect, irrelevant, false, impertinent, inaccurate or incomplete personal data held in THE ENTITY’s databases concerning him/her.
- Right of cancellation: Allows the holder to request the deletion of incorrect, irrelevant, incomplete, outdated, inaccurate, false or irrelevant personal data.
- Right of opposition or revocation: Allows the holder, for well-founded and legitimate reasons related to a special situation, to refuse to provide his/her personal data or to have them processed, as well as to revoke his/her consent.
- Right of portability: The right of the data holder to obtain or receive personal data concerning him/her, in a structured, generic, commonly used and machine-readable format, either to reuse it for himself/herself, or to transmit it to another person responsible for the processing, without the responsible being able to prevent it. The above, where technically possible, by secure and interoperable means.
You may exercise your rights of access, rectification, cancellation, opposition and portability through the following channels:
Mailbox: | consultasley81@metrobank.com |
The Entity’s complaint handling system. | THE ENTITY. It can be requested through THE ENTITY’s claims attention system at any of its branches. |
THE ENTITY. It can be requested through THE ENTITY’s claims attention system at any of its branches. | Attention officers of THE ENTITY. |
SECURITY MEASURES:
To ensure the security of personal information contained in the databases, THE ENTITY establishes, implements, maintains and continuously improves information security measures, and adopts good practices on cybersecurity, information security and protection of personal data and comply with Law 81 of 2019, its Executive Decree, Agreement 001 of 2022 and other related regulations.
TRANSFER OF PERSONAL DATA:
THE ENTITY has adopted the necessary measures to ensure that third parties to whom information is transferred, in compliance with special laws or in attention to contractual relationships, undertake to comply with the requirements of Law 81 of 2019, such measures are set out in THE ENTITY’s Personal Data Protection manual.
MODIFICATIONS TO THE PRIVACY AND DATA PROTECTION POLICY NOTICE:
This notice may be modified, changed or updated due to new legal requirements, THE ENTITY’s own needs, the services it offers, privacy practices or other causes, so THE ENTITY reserves the right to make any necessary modifications or updates at any time.
THE ENTITY will make available to its STAKEHOLDERS, the updated version of the privacy notice, in the internet pages indicated below:
CONSERVATION OF PERSONAL DATA:
THE ENTITY will keep the personal data for the time provided by the banking stipulation or any other applicable legislation. Once the legal period of conservation of personal data has expired, and in accordance with the provisions of Law 81 of 2019 and the regulations that develop it, THE ENTITY will not transfer or communicate the aforementioned data within the established legal period, unless othenuise requested by the holder of the data.
CONSENT OF THE HOLDERS:
The data holders of the STAKEHOLDERS , declare that by providing data to THE ENTITY, through its websites, forms, documents and in the different authorized service channels, they accept the terms and conditions of this Privacy and Personal Data Protection Policy and therefore grant their express consent to the processing of their data, as described in this Policy and in Law 81 of March 26, 2019, on the protection of personal data and other special laws applicable to the matter.
RESPONSIBLE FOR COMPLIANCE WITH LAW 81 OF 2019 AND PERSONAL DATA PROTECTION POLICIES:
THE ENTITY has a Manager of passive legal affairs and personal data protection, who is the figure in charge of ensuring compliance with THE ENTITY’s data protection strategy.
Contact e-mail: consultasley81@metrobank.com
Date of last update of this notice: November 2022