General

Papeles y Cartones SA, hereinafter the Company, identified with NIT 890.925.108-6, with headquarters in the Northeast Trunk No. 999 - 18, Barbosa Antioquia, is responsible for the processing of personal data that appear registered in its bases of data and files in accordance with the requirements of the Law on protection of personal data.

For the purposes of any request or complaint regarding this policy, the electronic mail datospersonales.papelsa@papelsa.com is available. Any area or collaborator of the Company may be in charge of data processing in the exercise of its functions.

The Company must strictly comply with the requirements of the law on Personal Data Protection, and what is established in its Personal Data Processing Policy, which can be found on the website www.papelsa.com.

Holders should be informed of the specific purpose of the processing of their personal data, which in all cases will have the main purpose of carrying out the accounting, tax, administrative, commercial, operational, and Human Resources management thereof, as well as the development of activities of well-being, health, education, culture, and to watch over the safety of people and goods related to the activity of the company.

Any area or collaborator of the company whose functions are responsible for the processing of databases with personal information must comply with the provisions of the Law, by the policy and procedure of this document.

The company must register in the National Database Registry databases containing personal data subject to treatment.

The treatment of the information will be exercised with the prior, express and informed consent of the owner.

Authorization is not necessary when dealing with:

  • Information that is required by a public or administrative entity in the exercise of its legal functions, or by judicial order.
  • Data that are public in nature.
  • Cases of medical or sanitary emergency.
  • Processing of information authorized by law for historical, statistical or scientific purposes.
  • Data related to the Civil Registry of the person.

The information provided by the owner must be true, complete, accurate, verifiable and updated. The owner guarantees the authenticity of all the data communicated to the company.

The Company has the necessary technical, human and administrative measures to guarantee the security of the personal data obtained and stored in its databases and files, avoiding adulteration, loss, consultation or unauthorized or fraudulent access. Some of these measures are:

  • Commitments and contracts signed with collaborators and third parties.
  • The Policy of Treatment of Personal Data of the Company and this document.
  • Information Systems Policies.
  • Acceptance of the Computer Commitment Policies document by each collaborator.
  • Agreement of confidentiality of third parties that access the company network.
  • Request for access to computer resources with the approval of the immediate supervisor and controller.
  • Creation of limited profiles and exclusive passwords for each user depending on the type of charge.
  • Restricted and controlled access to information by contractors or third parties.

The Company guarantees the reservation of the information, even after completing the tasks that comprise the treatment.

The Company may publish personal databases on the Intranet or Internet provided that it has prior authorization from the owner of the personal data, restrictions are established for its access and the publication is approved by the Human Resources Management.

The Human Resources Manager will review those necessary changes in the databases loaded in the National Databases Registry, before the update by the Human Resources Secretary.