Dear, user: In accordance with the provisions of article 10 of decree 1377 of 2013, signing in this authorization you agree that AQUATERRA S.A.S. is expressly and unequivocally authorized to collect, maintain and manage your information. This process is informed clearly and transparently; therefore, you have the right to know, confirm or update your personal data, and you can request information about the usage of it. Likewise, you can file complaints, suspend the authorization to use your data or access without any cost to the provided data.

For queries or claims related to the processing of your personal data, you can contact the AQUATERRA S.A.S. staff in charge using one of the following alternatives: call to 018000510990, go to Carrera 50 FF # 10B Sur – 61 / Aguacatala Sector, Medellín – Colombia, or writing to the following email address marketing@aquaterra.com.co.

The policy for processing personal data can be found at: www.aquaterra.com.co.

AQUATERRA S.A.S. PERSONAL DATA PROTECTION POLICY

In compliance with Law 1581, 2012. Which made provisions for the personal data protection and decree No. 1377 of 2013 which partially regulates the mentioned Law, which establishes the requirements to be observed by the responsible in charge of processing personal data, AQUATERRA S.A.S. discloses this Personal Data Protection Policy.
The main goal of AQUATERRA S.A.S. Personal Data Protection Policy is to compliance with current regulations related to the personal data protection, to establish the rights and duties of the parties involved, to establish procedures to authorize the use of the information given, queries and claims from personal data owners used or collected by the Company.

DEFINITIONS:

The next definitions apply according to Law 1581 of 2012:
Authorization: Prior, express and informed consent from the holder to carry out the processing of personal data.
Database: Organized set of personal data that is subject to treatment.
Personal data: Any information linked to or associated with one or more specific or determinable natural person.
Person in charge for the data processing: Natural or legal person, public or private, that by itself or in association with others, perform the processing of personal data on behalf of the treatment responsible.
Responsible for the data processing: Natural or juridical person, public or private, that by itself or in association with others, decides on the data base and / or the treatment of the data.
Holder: Natural person whose personal data are subject to Treatment.
Data processing: Any operation or set of operations on personal data, such as collection, storage, use, circulation or deletion.

APLICAION:

This Policy is applicable to the information or data coming from all natural or legal people who are their legal holders that for any reason and voluntarily provide to Aquaterra SAS data related to natural people, it also applies to natural people or entities that provide personal data to our database by any means and therefore must be protected under legal terms.
This policy applies also to all employees in all our headquarters and dependencies, especially for those in charge of personal data processing or people or entities delegated for it by the company.

PERSONAL DATA USAGE IN AQUATERRA S.A.S.

Aquaterra in order to develop its commercial activities and its corporate purpose, solicits, collects, analyzes, processes, archives and transmits personal data. Those processes must be done in a responsible, safe and confidential way, ensuring the protection of information under legal parameters. The company will use this information and personal data, only for the required purposes, such as:
• Employees recruitment processes, selection, training and promotion.
• To fulfill the obligations contracted with goods and services suppliers.
• Evaluate client’s economic capacity and payment behavior.
• Conduct studies on consumption habits and / or market trends and send commercial information about the company’s products and / or services.
FIRST PARAGRAPH: In case that sensitive personal data is collected, the Holder may refuse to authorize its data processing.

THE PERSONAL DATA HOLDERS RIGHTS:

AQUATERRA S.A.S. guarantees to the personal data holders the following fundamental rights:
To access, to know, to update, to complete and to rectify the personal data information contained in the Company’s databases.
Request authorization evidence granted to the Company for the treatment of their personal data.
Receive information from the Company, previous request, on the use it has been given to their personal data.
Modify and revoke the authorization and / or request the removal of their personal data.
Knowledge and access to your personal data that have been processed.

COMPANY OBLIGATIONS RESPECTING TO THE PERSONAL DATA USAGE:

All those obliged to comply with this policy must know that Aquaterra SAS must comply with the impositions by law in this matter. Consequently, the following obligations must be fulfilled:

A. Duties when acting as responsible: (i) Request and keep, under the conditions set in this policy, an authorization copy granted by the holder or the other party to the contract that includes the authorization clause. (ii) Inform clearly and sufficient to the information owner about the purpose of the information collection and the rights that assist him by virtue of the authorization granted. (iii) Report to the information holder on the use given to their personal data when request. (iv) To process the consultations and claims formulated in the terms indicated in the present policy. (v) Ensure the principles of truthfulness, quality, safety and confidentiality are fulfilled in the terms established in the following policy. (vi) Keep the information under security conditions to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access. (vii) Update information when necessary. (viii) Update of personal data when appropriate.
B. Duties when working as in charge of the personal data processing: If perform data processing on behalf of another entity or organization (Responsible for data processing) must fulfill the following duties: (i) Establish that the controller is authorized to provide the personal data that he will handle as a manager. (ii) Guarantee to the holder, at all times, the full and effective exercise the habeas data right. (iii) Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, use, unauthorized or fraudulent access. (iv) Update opportunely the information, rectification or data suppression. (v) Update the information reported by the responsible of the treatment within five (5) working days from the date of receipt. (vi) To process the consultations and the claims formulated by the holders in the indicated terms in the present policy. (vii) Register in the database “complaint in process” as is established in this policy. (viii) Insert in the database the legend “information under judicial discussion” once notified by the competent authority of judicial processes related to the quality of the personal data. (ix) Refrain from circulating information that is being disputed by the owner and whose blockade has been ordered by the Superintendence of Industry and Commerce. (x) Allow access to information only to persons authorized by the holder or empowered by law to do so. (xi) Inform the Superintendence of Industry and Commerce when there are violations of security codes and when there is information administration risk of the holder’s information. (xii) Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce.

C. Duties when performing the data processing through a person/company in charge: (i) Provide the data controller with only personal data whose processing is previously authorized. For the purposes of national or international transmission of the data, a contract for the transmission of personal data must be signed or a contractual agreement must be signed in accordance with article 25 of Decree 1377 of 2013. (ii) Ensure that the information provided to the controller is truthful, complete, accurate, up-to-date, verifiable and understandable. (iii) Communicate in a timely manner to the Data Processing Officer all the new information regarding the data previously provided to him and to take the other necessary measures so that the information provided to him is kept up to date. (iv) Report in a timely manner to the person in charge of the processing the corrections on the personal data, for him to proceed to make relevant adjustments. (v) Require the person in charge of the treatment, at any time, to respect the conditions of security and privacy of the information of the holder. (vi) Informing the controller when certain information is being discussed by the owner, once the complaint has been filed and the respective process has not been completed.

D. Duties regarding to Superintendence of Industry and Commerce: (i) Inform of possible security codes violations and the existence of information administration risks from the holders. (ii) Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce.

USAGE AUTHORIZATION AND COLLECTION OF PERSONAL DATA INFORMATION:

Aquaterra SAS collects personal data during the commercial activities, contractual processes, and in general during the development of its corporate purpose. All of these under the principles of freedom, confidentiality, purpose, legality, security, transparency and truthfulness. Aquaterra has implemented mechanisms through technical means that facilitate the holder of the data its automated manifestation; the authorization can be collected in a physical document, electronic, data message, telephone, Internet, websites, or in any other format to ensure its subsequent consultation. Those obliged to comply with this policy must obtain from the data holder their prior, express and informed consent to collect and process their personal data. This obligation is not necessary in the case of information required by a public or administrative entity in the exercise of its legal functions or by court order, public nature data, medical or health emergency, treatment of Information authorized by law for historical purposes, statistical or scientific data and the Civil Registration data.
The “Register” form of our Site asks users for Personal Information such as name, e-mail address, address and telephone number. When completed the form or request from our website the transfer of information from other sites or social networks such as Facebook, Twiter, Google+, etc., gives its express consent for Aquaterra SAS to carry out operations of treatment of its personal data such as collection, storage, use, circulation, or suppression, in the terms of this Policy.
Aquaterra SAS must keep proof of compliance with the provisions set forth herein, and provide a copy, at the request of the information owner. The owner of the data, with the acceptance of this policy of processing personal data, declares that he knows that Aquaterra SAS can supply this information to related or allied entities and judicial or administrative entities and other State entities that, in the exercise of their functions, request this information.
Likewise, it accepts that they can be object of internal audit or external audit processes by companies in charge of this type of controls. The above information subject to the proper confidentiality.
Aquaterra SAS may use the personal data to: a) Execute the existing contractual relationship with its customers, suppliers and workers; b) Provide the services and / or products required by its customers, contractors, contractors and suppliers; c) Report on new products or services and / or changes in them; d) Evaluate the quality of the service; e) Make internal studies on consumer habits; f) Send to physical, electronic, cellular or mobile devices, via text messages (SMS and / or MMS) or through any other analogous or digital communication devices, commercial, advertising or promotional information on products and / or services, events and / or commercial promotions or not, to promote, invite, direct, execute, inform and in general carry out commercial campaigns or contest or advertising, forwarded by Aquaterra SAS or its related companies and / or by third parties; g) Develop the selection, evaluation, and hiring processes; h) Support processes of internal or external audit; i) Register the information of employees and / or retired employees (active and inactive) in the databases; j) Those indicated in the authorization granted by the holder of the data or described in the respective privacy notice, as the case may be; k) Provide, share, send or deliver your personal data to affiliated, subordinate or subordinate companies of Aquaterra SAS located in Colombia or any other country in the event that such companies require the information for the purposes indicated herein and share the information thereof. Regarding to the data (i) collected directly at the authorize and safe places, (ii) taken from documents provided by people to the personnel and (iii) obtained from video recordings performed inside or outside Aquaterra’s facilities, these shall be used for the safety of the people, property and facilities of Aquaterra and may be used as evidence in any type of process.
If a personal data is provided, such information will be used only for the purposes indicated herein, and, therefore, Aquaterra SAS or its affiliates will proceed to sell, license, transmit, or disclose it, unless: (i) there is express authorization to do so; (ii) is necessary to enable contractors or agents to provide the services ordered; (iii) it is necessary in order to provide our services and / or products; (iv) it is necessary to disclose it to entities that provide marketing services on behalf of Aquaterra SAS or to other entities with which they have joint market agreements or are required to disclose the services and projects executed by it; (v) the information relates to a merger, consolidation, acquisition, divestiture, or other restructuring process of the company; (vi) as required or permitted by law.
Aquaterra SAS may subcontract to third parties for the processing of certain functions or information. When third parties actually outsource the processing of personal information or provide personal information to third party service providers, Aquaterra SAS advises third parties on the need to protect such personal information with appropriate security measures, prohibiting the use of the information to own purposes and requests not to disclose personal information to others.

EXCEPTIONS FOR AUTHORIZATION:

CLAIMS AND CONSULTATIONS

Aquaterra as a legal entity, will act under the terms of the Law as RESPONSIBLE FOR THE DATA TREATMENT, and has determined that organizationally the managers of the different databases will be:

EMPLOYEE DATABASES: Human Resources.
CUSTOMER AND PROSPECTS DATABASE: Credit and Portfolio.
SUPPLIERS AND OTHER THIRD PARTIES DATABASE: Accounting.

To submit queries or claims related to the Processing of Personal Data, address it to ttodatos@aquaterra.com.co Aquaterra SAS must submit a written answer to the claimant within a maximum period of fifteen (15) working days.

Medellín, January 29, 2016.

CARLOS ALBERTO MEJÍA MAYA
Executive manager
AQUATERRA S.A.S
Nit: 811.027.317-9

AUTHORIZATION FORM FOR THE PROCESSING OF PERSONAL DATA

By signing this document, I declare that I have been informed by AQUATERRA S.A.S:

1. AQUATERRA will act as Responsible for the processing of personal data of which I am the owner and may collect, use and process my personal data in accordance with the Company’s Personal Data Treatment Policy.
2. It is not mandatory to answer questions about Sensitive Data (*) or about minors.
3. My rights as the holder of the data are those provided in the Constitution and the law, especially the right to know, update, rectify and delete my personal information, as well as the right to revoke the consent granted for the processing of personal data.
4. The rights must be executed by the channels provided by AQUATERRA SAS and according to the Policy of Treatment of Personal Data from the Company.
5. For any queries or additional information related to the processing of personal data, I can contact with gerencia@aquaterra.com.co
6. AQUATERRA guarantees the confidentiality, liberty, security, truthfulness, transparency, access and restricted circulation of my data and reserve the right to modify its Policy of Treatment of Personal Data at any time.

Based on the above written, I authorize in a voluntary, prior, explicit, informed and unequivocal manner AQUATERRA S.A.S. to use my personal data in accordance with the Policy of Treatment of Personal Data from the Company and for purposes related to its corporate purpose and especially for legal, contractual, commercial purposes described in the Policy of Treatment of Personal Data. The information obtained for the processing of my personal data I have provided voluntarily and is true.

Signed in ________________________, the _______________ 20__.

Signature: _________________________________

Name: _________________________________

Identification number: _________________________________

(*) Sensitive data is the one that affect the privacy of the Holder or whose abuse may lead to discrimination, such as political orientation, religious or philosophical beliefs, human rights, as well as data on health, life sexual and biometric data.

GLOBAL LATICES S.A.S. PERSONAL DATA PROTECTION POLICY

En cumplimiento de la Ley 1581 de 2012, por la cual se dictan disposiciones para la protección de datos personales y del Decreto No. 1377 de 2013 el cual reglamenta parcialmente la citada Ley, en la que se establecen los requerimientos que deben observar los responsables y encargados del tratamiento de datos personales, GLOBAL LATICES S.A.S. da a conocer la presente Política de Tratamiento de Datos Personales.

EL objetivo de la POLITICA DE TRATAMIENTO DE DATOS PERSONALES DE GLOBAL LATICES S.A.S, es procurar el correcto cumplimiento de la normatividad vigente relacionada con la protección de los datos personales, establecer los derechos y deberes de las partes involucradas, establecer los procedimiento para autorizar el uso de la información, y las consultas y reclamos de los titulares de los datos personales utilizados o recogidos por la Compañía.

DEFINITIONS:

The next definitions apply according to Law 1581 of 2012:
Authorization: Prior, express and informed consent from the holder to carry out the processing of personal data.
Database: Organized set of personal data that is subject to treatment.
Personal data: Any information linked to or associated with one or more specific or determinable natural person.
Person in charge for the data processing: Natural or legal person, public or private, that by itself or in association with others, perform the processing of personal data on behalf of the treatment responsible.
Responsible for the data processing: Natural or juridical person, public or private, that by itself or in association with others, decides on the data base and / or the treatment of the data.
Holder: Natural person whose personal data are subject to Treatment.
Data processing: Any operation or set of operations on personal data, such as collection, storage, use, circulation or deletion.

APPLICATION:

La presente Política es aplicable a la información o datos provenientes de todas las personas This Policy is applicable to the information or data coming from all natural or legal people who are their legal holders that for any reason and voluntarily provide to GLOBAL LATICES S.A.S. data related to natural people, it also applies to natural people or entities that provide personal data to our database by any means and therefore must be protected under legal terms.
This policy applies also to all employees in all our headquarters and dependencies, especially for those in charge of personal data processing or people or entities delegated for it by the company.

PERSONAL DATA USAGE IN GLOBAL LATICES S.A.S:

GLOBAL LATICES S.A.S. in order to develop its commercial activities and its corporate purpose, solicits, collects, analyzes, processes, archives and transmits personal data. Those processes must be done in a responsible, safe and confidential way, ensuring the protection of information under legal parameters. The company will use this information and personal data, only for the required purposes, such as:
• Employees recruitment processes, selection, training and promotion.
• To fulfill the obligations contracted with goods and services suppliers.
• Evaluate client’s economic capacity and payment behavior.
• Conduct studies on consumption habits and / or market trends and send commercial information about the company’s products and / or services.

FIRST PARAGRAPH: In case that sensitive personal data is collected, the Holder may refuse to authorize its data processing.

THE PERSONAL DATA HOLDERS RIGHTS:

GLOBAL LATICES S.A.S. guarantees to the personal data holders the following fundamental rights:
• To access, to know, to update, to complete and to rectify the personal data information contained in the Company’s databases.
• Request authorization evidence granted to the Company for the treatment of their personal data.
• Receive information from the Company, previous request, on the use it has been given to their personal data.
• Modify and revoke the authorization and / or request the removal of their personal data.
• Knowledge and access to your personal data that have been processed.

COMPANY OBLIGATIONS RESPECTING TO THE PERSONAL DATA USAGE:

• Request and keep, under the conditions set in this policy, an authorization copy granted by the holder or the other party to the contract that includes the authorization clause.
• Inform clearly and sufficient to the information owner about the purpose of the information collection and the rights that assist him by virtue of the authorization granted.
• Treat and use the personal data, fulfill the purpose that its treatment requires as authorized by its holder over the time.
• To respond to the queries, complaints and claims of the holders under the terms and conditions of this policy.
• Inform the address and email or other contact information of the person in charge of attending the consultations related to the present policy.

USAGE AUTHORIZATION AND COLLECTION OF PERSONAL DATA INFORMATION:

During its commercial, contractual, processes, and in general during the development of its corporate purposes, Global Latices collects Personal Data, under the principles of freedom, confidentiality, purpose, legality, security, transparency and veracity, through the attached “authorization for the use of personal data” format, the company is authorized for the processing of personal data.

EXCEPTIONS FOR AUTHORIZATION:

The authorization of the holder is not necessary when it is:
• Information required by a public or administrative entity in the exercise of its legal functions or by court order.
• Data of public nature.
• Cases of medical or health emergency
• Treatment of information by law for historical, statistical or scientific purposes.
• Data related to the peoples Civil Registry

CLAIMS AND CONSULTATIONS:

Global Latices S.A.S. as a legal entity, will act under the terms of the Law as RESPONSIBLE FOR THE DATA TREATMENT, and has determined that organizationally the managers of the different databases will be:

EMPLOYEE DATABASES: Human Resources.
CUSTOMER AND PROSPECTS DATABASE: Credit and Portfolio.
SUPPLIERS AND OTHER THIRD PARTIES DATABASE: Accounting.

To submit queries or claims related to the Processing of Personal Data, address it to ttodatos@aquaterra.com.co Global Latices S.A.S must submit a written answer to the claimant within a maximum period of fifteen (15) working days.

La Tebaida, October 7th 2016.

CARLOS ALBERTO MEJÍA MAYA
Legal representative
Global Latices S.A.S
Nit: 900.361.775-2

VIRTUAL MEDIA AUTHORIZATION FOR THE TREATMENT OF PERSONAL DATA
(Global Latices S.A.S.)

By signing this document, I declare that I have been informed by GLOBAL LATICES S.A.S.:

1. GLOBAL LATICES S.A.S will act as Responsible for the processing of personal data of which I am the owner and may collect, use and process my personal data in accordance with the Company’s Personal Data Treatment Policy.
2. It is not mandatory to answer questions about Sensitive Data (*) or about minors.
3. My rights as the holder of the data are those provided in the Constitution and the law, especially the right to know, update, rectify and delete my personal information, as well as the right to revoke the consent granted for the processing of personal data.
4. The rights must be executed by the channels provided by GLOBAL LATICES S.A.S and according to the Policy of Treatment of Personal Data from the Company.
5. For any queries or additional information related to the processing of personal data, I can contact with gerencia@aquaterra.com.co
6. GLOBAL LATICES S.A.S guarantees the confidentiality, liberty, security, truthfulness, transparency, access and restricted circulation of my data and reserve the right to modify its Policy of Treatment of Personal Data at any time.

Based on the above written, I authorize in a voluntary, prior, explicit, informed and unequivocal manner GLOBAL LATICES S.A.S to use my personal data in accordance with the Policy of Treatment of Personal Data from the Company and for purposes related to its corporate purpose and especially for legal, contractual, commercial purposes described in the Policy of Treatment of Personal Data. The information obtained for the processing of my personal data I have provided voluntarily and is true.

Signed in ________________________, the _______________ 201_.

Signature: _________________________________

Name: _________________________________

Identification number: _________________________________

Nit: _________________________________

(*) Sensitive data is the one that affect the privacy of the Holder or whose abuse may lead to discrimination, such as political orientation, religious or philosophical beliefs, human rights, as well as data on health, life sexual and biometric data.