O2 RESERVE SAS, a commercial company identified with Nit: 901.292.541-3 established by means of a private document of May 27, 2019, registered in the book in the chamber of commerce on June 10, 2019, under number 17559 of book IX of the commercial register , as the legal person responsible for the processing of personal information, it serves to inform all clients, volunteers, collaborators, contractors and / or suppliers, and others, who have provided or come to deliver their personal data to the company, that they will be incorporated in our databases, and treated in accordance with the law and the provisions of this document.

Article 15 of the Colombian Political Constitution establishes that “All people have the right to their personal and family privacy and to their good name, and the State must respect them and ensure that they are respected. In the same way, they have the right to know, update and rectify the information that has been collected about them in data banks and in files of public and private entities (…) ”. The aforementioned norm establishes fundamental rights such as: the right to privacy, good name, inviolability of private communications and habeas data.

The "habeas data”, Is that right through which everything concerning the knowledge, updating, rectification and opposition of personal information contained in databases and files is guaranteed and protected, and which has been developed and protected by Statutory Law 1581 of 2012 and regulated by Decree 1377 of 2013. In accordance with the norm, it is important to remember that by “Databases”Means the entire organized set of personal data that is the object of treatment, of clients, beneficiaries, collaborators, contractors and / or suppliers, and in general any person with respect to whom personal data is held.

With this document, O2 RESERVE SAS, seeks to inform all the people who have provided or who in the future provide us with their personal data, about the power they have to exercise their right to habeas data, illustrating the steps or procedure that they must follow, if they seek to know, update, rectify and oppose the data found in our databases and / or files.


  1. The personal data of children and adolescents: The processing of personal data of these people will be carried out respecting the following requirements:
    • That responds and respects the best interests of children and adolescents.
    • That respect for their fundamental rights is ensured.
    • That said treatment is given with the authorization of those responsible for their parental authority and / or care of them.
  2. Sensitive personal data established in Law 1581 of 2012. Our company identifies those sensitive data that it eventually collects or stores and in that sense, we are committed to:
    • Implement special attention and reinforce your responsibility for the treatment of this type of data.
    • Establish the levels of technical, legal and administrative security to treat this information appropriately.
    • Increase access and use restrictions by our staff.

GUIDING PRINCIPLES OF DATA PROTECTION.  Our policy complies with and recognizes without limitation each of the guiding principles contemplated in Law 1581 of 2012 related to the processing of personal data, which we proceed to state:

  • Principle of legality. The treatment of the data, from its capture must be in strict knowledge of the law, respecting the constitutional rights of the owner.
  • Principle of purpose. The treatment must obey a legitimate purpose in accordance with the Constitution and the law, which must be informed to the owner
  • Principle of freedom. The prior, express and informed consent of the owner is always required. It may not be obtained or disclosed without prior authorization or legal or judicial mandate that replaces consent.
  • Principle of truthfulness or quality. The information to be protected must be truthful, complete, accurate, up-to-date, verifiable and understandable.
  • Principle of transparency. The owner may obtain information about the existence of data concerning him at any time.
  • Principle of access and restricted circulation. Personal data, except public information, may not be available on the internet or other means of dissemination or mass communication.
  • Safety principle. The information subject to treatment by the person in charge of the treatment or person in charge of the treatment must be handled with the technical, human and administrative measures necessary to grant security to the records, avoiding their adulteration, loss, consultation, use or unauthorized or fraudulent access.
  • Principle of confidentiality. The persons who intervene in the processing of personal data must guarantee the reservation of the information, an obligation that extends even after any link or relationship with the data processing is terminated, being able to only supply or communicate personal data when this corresponds to the development of authorized activities.


The owner of the data, may by himself or through an attorney or legal representative exercise the following rights:

  1. Know and access your personal data
  2. Update your personal data
  3. Rectify your personal data
  4. Refuse authorization for the processing of your personal data, when you consider that the guiding principles referred to in this policy were not guaranteed.
  5. Require a copy or evidence of the authorization granted for the processing of your personal data.
  6. Know the origin of your data and whether or not they have been transferred to third parties and, therefore, the identification of the assignees
  7. Check the accuracy and veracity and request the rectification of your personal data whenever, in your opinion, these are or are inaccurate, incomplete, generate or contain errors.
  8. Submit complaints to the Superintendency of Industry and Commerce for violations of the provisions of the law and other regulations that modify, add or complement everything related to HABEAS DATA.
  9. Request the total or partial deletion of your personal data.

In the event that the cancellation or deletion occurs at the request of the owner, the company will only keep the data, for those events in which they are required by administrative or judicial authorities, and within the prescription times provided by special rules on filing. of information.


  1. Collaborator databases: Those manual or automated data that contain information on the natural persons with whom there is a contractual relationship with the company, and its purpose is to comply with the legal and regulatory provisions. This database may contain private, public, sensitive and minor information.
  2. Databases of Contractors and Suppliers: Those manual or automated data that contain information of the people who have a contractual and / or commercial link, whose treatment is conditioned to the execution of the conventional obligations that bind them. The processing of these data for purposes other than those indicated requires the prior and express authorization of the owner.
  3. Volunteer databases: Those manual or automated data that contain information on the people who have developed, or intend to develop, a voluntary action related to the company's corporate purpose, in addition to publicizing topics of interest, commercial, pedagogical activities, marketing material, and others. .
  4. Customer databases: Those manual or automated data that contain information of the people who have or intend to acquire a good or service related to the company's corporate purpose, in addition to publicizing topics of interest, commercial, educational activities, marketing material, and others.
  5. Databases with General Information: They are manual or automated databases that contain personal information that is not public, sensitive or of minors. They will be of an occasional nature for the fulfillment of specific purposes of the company. The treatment of these data will require prior authorization and information on the purposes of its treatment.


The owner of the information may make your request through email, stating your request and the reasons for it. In the event that the owner decides to act through an intermediary, this person must be duly accredited, attaching a copy of the special power of attorney conferred by the owner, with a clear indication of the powers granted, and a copy of the identity document of the owner and his attorney-in-fact. Non-observance of what is prescribed here will result in the request being taken as not presented, of which the applicant will be informed to proceed to fill the requirements as indicated in this policy.

In the case of children and adolescents, the application must be submitted by the person who legally represents them and is accredited in accordance with the law, be it through identity documents, certifications, sentences, among others.

In the event that the owner or his duly accredited representative requires to carry out consultations of the information that rests in the database managed by the company, you must send your request to the electronic address indicated here, for which the company will have a term of fifteen (15) business days to expressly attend to it; However, in the events in which it is not possible to comply with said term, the company must inform the applicant of the reasons before the expiration of said term, and will have five (5) additional business days.

For claims, the owner or whoever represents his rights duly accredited, when he considers that the information contained in one of the databases must be corrected, updated, deleted, or its treatment is given contrary to the law and this policy, you can make your request, which will be processed according to the following steps:

  1. File the request to the mail , with the identification of the owner, indication of the place where you will receive the notification of response, description of the facts on which you base your request and providing the evidence you consider.
  2. If the claim is incomplete, the interested party will be informed within ten (10) business days of the reasons, so that they can proceed to correct the requirements. If after the request, the interested party does not correct and more than 30 business days have elapsed, it will be understood that they have withdrawn their request.
  3. When the application is complete and has been valued by the company, it will proceed in accordance with the request, within a period not exceeding eight (08) business days, which must be informed to the owner in writing.

The owner of the information or whoever is duly empowered to do so, may only file the complaint to the Superintendency of Industry and Commerce provided that the procedure described here has been exhausted in the strict sense.

O2 RESERVE undertakes that all information provided to the owner of personal data will be timely, accurate and verifiable.


Among the security means employed by the company, the following stand out:

  1. It is expressly prohibited within the respective contracts signed with collaborators, employees, contractors, among others, to make use of company information, including databases, for purposes other than activities that are directly related to development. the corporate purpose of the company and the purpose for which they were hired or linked.
  2. Access to the databases is limited only to the manager, the leader of the commercial and marketing area, and the information can only be used for activities that are directly related to the development of the company's corporate purpose.
  3. It is prohibited to use electronic equipment, programs and electronic means to which employees, contractors or collaborators have access, to obtain copies of the information contained therein, without the express consent of the manager.
  4. Strictly comply with the confidentiality agreement signed by all employees, contractors and collaborators.
  5. Express prohibition of making use of information that is part of the databases that does not have the authorization of the owner of the data or that does not have its origin in public records. In the case of personal data from public records, the prior authorization of the owner is not required for its treatment, but all other provisions that the law and this document bring must be observed.

O2 RESERVE undertakes that when you carry out any type of event or activity (workday, contest, survey, artistic, cultural, environmental event, etc.) through which personal data is collected, you must obtain the respective prior and express authorization from the owner, making use of the digital or physical formats adopted.

In the event that the company, take or post images of minors In events, activities or conferences organized by the company, the express authorization of the person responsible for the minor, duly accredited in accordance with the law, must be obtained. When it is intended to make use of the images of minors, in publications, commercial videos, and others, it must be:

  1. Take into account the level of knowledge, maturity, motivations and interests of the population to whom the message is directed.
  2. Advertisements may not generate unrealistic expectations regarding the good or service being advertised.
  3. Inappropriate expressions may not be used
  4. Advertising may not be broadcast with scenes that violate the moral, mental or physical integrity of minors, or that incite violence or make an apology for criminal or misdemeanor acts.
  5. The performance of sexual acts may not be staged, or that violate the dignity and honor of the minor.
  6. Children should not act in advertisements that present situations that, objectively, in the real situation constitute risk or danger to life.

The publication or dissemination of images of minors in public places will be legitimate, as long as the minors appear by chance or as an accessory to the main information. The image of the minor at no time may be linked to places or people that could negatively damage the image of the minor.

Given in the city of Medellín, on July 06, 2021.