POLICIES
We value transparency, integrity and respect in all our interactions. Our policies are based on sound ethical principles. We promote an inclusive and diverse environment and protect the privacy of information.
Last updated: June 2024
FYCO, a company with initiative, focused on uniting borders, societies and cultures through comprehensive solutions for the telecommunications sector, contributing to the technological development of Latin America and the Caribbean, is committed to maintaining the highest quality standards and implementing risk-based management; providing safe and healthy working conditions for the prevention of work-related injuries and health deterioration and promoting environmental protection, preventing pollution and minimizing environmental damage caused by the execution of its activities.
To achieve the above, it seeks to ensure continuous improvement in each of the company's processes, as well as to comply with the legal, regulatory and contractual obligations that apply to it, for which it will allocate the human, physical and financial resources necessary for the management and execution of the Integrated Management System.
In this regard, the company assumes the following responsibilities:
• Promote the satisfaction of its customers and other interested parties.
• Eliminate hazards and reduce risks.
• Promote a culture oriented towards the prevention of accidents, incidents and occupational diseases.
• Protect and promote the physical, mental and social health of its employees, contractors, visitors, allies and other interested parties.
• Promote worker consultation and participation.
• Take care of natural resources in the development of its operations.
Objectives of the Quality Management System
• Ensure the supply and delivery of products and services.
• Ensure the identification and assessment of risks associated with the processes and the execution of their controls.
• Enhance the skills of employees through personal and technical skills development programs that allow growth within the organization.
• Effectively ensure customer and other interested party satisfaction.
Objectives of the Occupational Health and Safety Management System
• Develop plans and strategies for prevention, preparation and response to emergencies.
• Ensure the identification of hazards, evaluation, risk assessment and execution of controls.
Objectives of the Environmental Management System
• Identify and control the negative impacts caused by the activities carried out.
• Promote participation and a sense of belonging among company members through environmental education and culture programs.
• Implement strategies for saving and efficient use of natural resources.
• Monitor the amount of emissions generated in order to reduce the corporate carbon footprint.
Disclosure and review of the policy
This policy will be disclosed to the different interested parties of the organization and will be reviewed and/or updated once a year or when changes in the processes occur.
FYCO, a company with initiative, oriented to the union of borders, societies, and cultures through comprehensive solutions for the telecommunications sector, contributing to the technological development of Latin America and the Caribbean, is committed to maintaining an Information Security Management System that allows preserving the integrity, confidentiality
and availability of the company's information assets.
Scope
This document is applicable in all phases of the information life cycle: generation, distribution, storage, processing, transportation, consultation, among others, and the systems that process it.
It applies to the import, distribution and marketing of materials and equipment for the telecommunications and energy sectors of FYCO in all countries where it operates, that is, to all personnel, both internal and external; as well as to people who directly or indirectly provide their professional services within and outside of it and to all information that is accessed, retained, created, processed, stored or exchanged within and outside the organization.
Objectives of the Information Security Management System
Protect the information of suppliers, customers, employees and other interested parties, as well as the technology used for its processing, ensuring the confidentiality, integrity and availability of the information throughout its life cycle.
Identify in a timely manner the information security risks associated with the organization's assets, for their appropriate treatment.
Identify and address information security incidents, as well as vulnerabilities in the technologies implemented to protect business information.
Create a culture of Information Security in the company, to encourage our collaborators, suppliers, clients and other interested parties to adopt good practices and safe behaviors in the handling of information, in accordance with the policies and procedures documented for this purpose.
Continuously improve the implementation, maintenance and strengthening of established controls to protect information assets against new threats and changes that occur in the company, the environment or technologies.
Comply with the legal requirements associated with information security, as well as the good practices established for the sector.
Other documents and policies that support the Information Security Management System will be stored in document management software for free consultation.
Communication
This policy should be reviewed at least annually or when significant changes occur, to ensure its suitability, adequacy and continuous improvement.
Policy Review
This policy will be disclosed to collaborators, contractors, clients, suppliers and other interested parties and will be kept available on magnetic media in our information repository and published on the website for free consultation.
Information security policy updated in April 2024
This Policy was originally drafted in the Spanish language. In the event of any discrepancy between the original and a translated version, the Spanish language original shall prevail.
All natural persons who are holders of personal data shall be referred to in this document as the OWNER.
FYCO has prepared this PERSONAL DATA PROCESSING POLICY, which aims to provide the necessary and sufficient information to the different stakeholders, as well as to establish guidelines to ensure the protection of personal data that are subject to processing by FYCO, in order to comply with the law, policies and procedures for the attention of the rights of holders, criteria for collection, storage, use, circulation and deletion that will be given to personal data. The above taking into account the following:
1. Definitions
-
Data Subject: The natural or physical person whose personal data is the object of processing.
-
Personal data: Any information linked or that can be associated to one or several determined or determinable natural persons. Personal data" should then be understood as information related to a natural person (individual person) such as, for example, a name, an identification number, location data, an online identifier or one or more elements of the physical, physiological, genetic, psychological, economic, cultural or social identity of that person;
-
Data processing (or "processing"): Is any operation or set of operations on personal data, such as collection, storage, use, circulation or deletion.
-
Data Controller: The natural or legal person, and in this case, private, who by himself or in association with others, determines the purposes and means of data processing.
-
Data Processor: The natural or legal person who processes personal data on behalf of or under a mandate from the CONTROLLER OF THE PROCESSING.
-
Database: It is the organized set of personal data that are subject to processing.
-
ML/FT: Means "Laundering of assets and financing of terrorism".
-
PADM: Means "Proliferation of Weapons of Mass Destruction".
2. Principles
The following principles apply in particular to the processing of your personal data:
-
Principle of legality: In FYCO the data of the OWNERS are treated in accordance with the provisions of the laws governing the matter in the countries where we are located and we have active services. We do not process partial, incomplete, fractioned or misleading data.
-
Principle of purpose: The treatment of the data of the OWNERS obeys to a defined, legitimate, explicit and informed purpose, according to the laws in force in the countries where we are located and where we have active services. In this document, the OWNERS can learn about the purposes of the processing of their personal data.
-
Principle of freedom: We process data only with the prior, express and informed consent of the data subject. Personal data are not obtained or disclosed without prior authorization, or in the absence of legal or judicial mandate that relieves the consent.
-
Principle of transparency: We guarantee the right of the OWNER to obtain, at any time and without restriction, information about the existence of personal data concerning him/her.
-
Principle of security: The information subject to treatment is handled with the technical, human and administrative measures necessary to provide security to the records avoiding its adulteration, loss, consultation, use or unauthorized or fraudulent access.
-
Principle of confidentiality: All FYCO people involved in the processing of personal data are obliged to guarantee the confidentiality of the information, even after the end of their relationship with any of the tasks involved in the processing.
-
The principle of limitation of the retention period: The retention of data is limited to the purposes for which the processing is intended. Once these purposes have been achieved, the data are erased or, at least, stripped of any element allowing the data subjects to be identified.
3. To whom does this policy apply?
This Personal Data Processing Policy shall apply to all databases, both physical and digital, containing personal data and which are subject to processing by FYCO, considered as responsible. Likewise, in those cases in which it operates as a person in charge of the processing of personal data.
The policy is aimed at ensuring that employees, shareholders, contractors, suppliers and citizens in general have at their disposal the necessary and sufficient information on the different treatments and purposes for which their data will be used, as well as the rights that they, as holders of personal data, may exercise against FYCO.
4. Who is the data controller?
The data controller of the databases covered by this policy is:
-
FYCO C.S.C. S.A.S, company identified with Nit.900374554-8, whose contact details are as follows:
-
Address: Carrera 43 A 5 A 113 OFI 401 ONE PLAZA.
-
E-mail: laura.bedoya@fycotelecom.com
5. Holder's authorization for data processing
FYCO requires the free, prior, express and informed consent of the OWNER of the personal data for the processing thereof, except in cases expressly authorized by law. Such authorization must be granted by: the OWNER, who must sufficiently prove his/her identity.
The personal information we process is limited to identification data: name and surname, location, telephone and e-mail.
6. Ways of acquiring authorization for the processing of your personal information
We collect the OWNER's personal information through different means, such as our contracts, website, social networks, forms and trade fairs, but the OWNER will always be informed at the time about the person responsible for the processing, the purposes and the period of conservation of their information, as well as the way in which they can exercise the rights they have in terms of data protection.
-
Social networks: FYCO uses social networks and this is another way of communicating with the OWNER. These social networks have their own privacy policies explaining how they use and share your information, so FYCO recommends the OWNER to consult these policies before using these social networks, to confirm that you agree with the way in which your information is collected, treated and shared.
-
Website: Through our website we collect personal information related to your browsing through the use of cookies. Likewise, to send you the latest news and/or events we request the person's email address.
-
Trade fairs: FYCO may ask the OWNER for authorization for the processing of personal data in the course of the various trade fairs it attends or develops.
The authorization of the OWNER is not required in cases expressly excluded and/or indicated by the applicable law on personal data protection.
7. What are the purposes and uses of personal data?
FYCO will perform operations that include personal data collection, storage, use, circulation and/or deletion.
This processing of personal data will be carried out exclusively for the purposes authorized and provided for in this Policy and in the specific authorizations granted by the holder. Personal data will be processed in accordance with the group of interest and in proportion to the purposes of each processing, as described below:
Customers:
Administrative, commercial, promotional, informative, marketing and sales purposes. b) To offer all types of commercial services; as well as to carry out promotional, marketing, advertising campaigns.c) To carry out all internal procedures and compliance with accounting, tax and legal obligations. d) To manage the accounting and billing process of the company. e) To maintain a digital file that allows us to have the information corresponding to each contract that we have with the client. f) so that they can participate in our Fyco Learning courses.
Potential clients:
Advertising or promotional purposes, informative of our services, marketing and sales. b) To offer all kinds of commercial services; as well as to carry out promotional, marketing, advertising campaigns.
Suppliers:
For all purposes related to the object of the selection, contractual or related processes. b) Perform all internal procedures and compliance with accounting, tax and legal obligations. c) Manage the company's budget chain: company payments, issuance of certificate, income and withholdings (individuals and legal entities) and payment relations. d) Manage the company's accounting process. e) Perform all activities necessary for compliance with the different contractual stages in relations with suppliers and contractors. f) Issue the contractual certifications requested by the company's contractors or requests from the control entities g) Maintain a digital file that allows having the information corresponding to each contract.
Candidates interested in job vacancies or employees:
The purpose of the delivery of the data provided by those interested in FYCO vacancies and personal information obtained from the selection process, is limited to the participation in the same or future selection processes where there are vacancies that apply to the profile of the person; therefore, its use for different purposes is prohibited.
These data are treated under the following purposes: a) manage the labor relationship between FYCO and the employee b) report data to the social security system c) Perform all internal procedures and compliance with accounting, tax and legal obligations. d) Issue labor certifications requested by employees of the company or requests from the control entities. e) Manage the company's budget chain: payments, issuance of certificates of income and withholdings and payment relations.
Handling of personal data for search in lists:
The Data Subject authorizes FYCO to: a) Carry out the necessary consultations and controls for the prevention of money laundering and financing of terrorism, being able to verify the sources it deems necessary, as well as the information provided in the OFAC (Office of Foreign Assets Control) or United Nations lists. b) Make the reports to the competent authorities on money laundering and/or financing of terrorism that it deems necessary to make, in accordance with its corporate policies, as well as its manuals for the prevention and/or administration of ML/FT - AML/CFT and Corruption. c) Make use of the personal data of those linked to the company and in general of the information obtained under the business relationship established for the compliance of its respective programs for the prevention of ML/FT - AML/CFT and Business Ethics.
8. How long do we keep personal data?
At FYCO we only keep the personal data of the OWNERS for the period of time necessary to fulfill the purposes for which they were collected, comply with our legal obligations and meet the possible liabilities that may arise from the fulfillment of the purpose for which the data were collected. In the event that the HOLDER wants to join our team and opt for one of our jobs, the data provided will become part of our employment exchange and will be retained for the duration of the selection process and for a maximum of 2 years or until you exercise your right of deletion, whichever comes first.
If at any time we have collected the personal data of a OWNER to address this as a potential customer of our products or to respond to a request for information made on your part, such data will be retained for a maximum of 5 years from its collection, passing to be deleted after that period if no contractual relationship has been formalized or at the time you so request.
In any case, and as a general rule, we will keep the personal data of the OWNER, while there is a contractual relationship that binds us both or until you exercise your right of deletion and / or limitation of treatment, in which case, the information will be blocked without giving use beyond its conservation, while it may be necessary for the exercise or defense of claims or may arise some kind of liability that had to be addressed.
9. What are your rights in relation to data processing and how can you exercise them?
The regulations on data protection allow the OWNERS to exercise their rights of access, rectification, deletion or revocation and portability of data and opposition and limitation to their treatment.
The OWNERS can make a request exercising their rights, which must contain at least the following:
-
Name of the Data Subject, and their representatives, if applicable.
-
Specific and precise request for information, access, updating, rectification, cancellation, opposition or revocation or suppression of consent for the processing of personal data.
-
Physical and/or electronic address for notifications.
-
Documents supporting the request.
-
Signature of the request by the owner.
To exercise your rights FYCO makes available the following means:
-
By written and signed request addressed to our email: soportefyco@fycotelecom.com.
The OWNER interested in exercising the rights, will prove his condition by means of a copy of the identity document.
In the event that the OWNER is represented by a third party, the respective power of attorney must be provided, in this case, the attorney-in-fact must also prove his identity in the terms indicated, all of the above in order to verify that we only answer to the interested party or his legal representative.
10. What is the response time to requests and claims?
OWNERS located in Chile: We must respond to your request within two (2) business days of receiving it.
OWNERS located in Costa Rica: We must respond to your request within five (5) business days of receipt.
Requests from OWNERS located in other Latin American countries where we have presence will be answered within a maximum of ten (10) business days from the date of receipt. In case of impossibility to attend the consultation within such term, the interested party will be informed before the expiration of the ten (10) days, expressing the reasons for the delay and indicating the date on which the consultation will be attended, which in no case may exceed five (5) business days following the expiration of the first term unless the Personal Data Protection Law indicates a special or shorter term.
Claims will be answered within a maximum term of fifteen (15) business days, counted from the day following the date of receipt of the filing, unless the Personal Data Protection Law of the country where the OWNER is located, indicates a special term. In case it is not possible to address the Claim within the term indicated, FYCO shall inform the applicant, indicating the reasons for the delay and the date on which the Claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the first term, unless the Personal Data Protection Law indicates a special or shorter term.
11. What does FYCO do for the security of my personal data?
FYCO takes care and adopts the technical, human and administrative measures necessary to maintain the security of the information of the OWNERS and strives to prevent its loss, adulteration, access or consultation by unauthorized third parties through industry standard technologies and internal procedures. Likewise, FYCO has the following protection measures:
-
With security protocols and access to information systems, storage and processing, including physical measures to control security risks.
-
FYCO has the duty to notify if there is a security breach in the information to the holders within 72 hours to the same.
-
Access to the different databases is restricted even for some of the collaborators.
-
All employees and third parties have signed confidentiality clauses in their contracts and are committed to the proper handling of the databases in accordance with the guidelines on the treatment of information established by law.
-
Documents or electronic media (cd, pen drives, hard disks, etc.) containing personal data will not be discarded without guaranteeing their effective destruction.
-
Have profiles with administration rights for the installation and configuration of the system and users without privileges or administration rights for access to personal data.
-
Devices and computers used for storage and processing of personal data are kept up to date to the extent possible.
-
To prevent improper remote access to personal data, an activated and correctly configured firewall shall be ensured on those computers and devices where personal data storage and/or processing is performed.
-
When it is necessary to extract personal data outside the premises where it is processed, whether by physical or electronic means, the possibility of using an encryption method to guarantee the confidentiality of personal data in the event of improper access to the information should be assessed.
-
Backup copies: Periodically a backup copy will be made in the cloud in order to allow the recovery of personal data in case of loss of information.
-
We use Transport Layer Security (TLS) to encrypt information as it travels over the Internet.
All of these security measures are reviewed periodically to ensure their adequacy and effectiveness. However, absolute security cannot be guaranteed and no security system is impenetrable. Therefore, in the event that any information under our control and subject to processing is compromised as a result of a security breach, we will take appropriate steps to investigate the incident, notify the respective country's Supervisory Authority and, if applicable, those data subjects who may have been affected to take appropriate action.
12. To whom do we disclose the data?
FYCO may transfer and transmit personal data to third parties with whom it has commercial or operational relationship, in accordance with applicable regulations.
In such cases, the necessary measures will be taken to ensure that the persons who have access to your personal data comply with this Policy and with the principles of personal data protection and obligations established in the Law. In any case, when FYCO transmits the data to one or more data processors, it shall establish contractual clauses or enter into a contract for the transmission of personal data in which it shall indicate:
-
Scope of the processing.
-
The activities that the processor will perform on behalf of FYCO and;
-
The obligations of the person in charge towards the owner and FYCO.
By means of such contract, the person in charge shall undertake to implement FYCO obligations under this data processing policy and to process data in accordance with the purpose authorized by the data owners and with the applicable laws in force. In addition to the obligations imposed by applicable regulations within the aforementioned contract, the following obligations shall be included for the respective data processor:
-
To treat, on behalf of FYCO, the personal data in accordance with the principles that protect them.
-
Safeguard the security of the databases containing personal data.
-
To keep confidentiality regarding the treatment of personal data.
Delivery of personal data to the authorities: When FYCO is requested by a public or administrative entity in the exercise of its legal functions or by court order to access and/or deliver Personal data contained in any of its databases, the legality of the request shall be verified, the relevance of the data requested in relation to the purpose expressed by the authority, and a record of the delivery of the personal information requested shall be signed, specifying the obligation to guarantee the rights of the OWNER, both to the official who makes the request, to the one who receives it, as well as to the requesting entity.
FYCO Companies: To parent companies and/or affiliates and/or subsidiaries and/or related companies or companies belonging to the same FYCO business group for the purposes set forth in this policy.
13. Changes to the privacy policy
FYCO reserves the right to modify these data processing policies at any time. Any changes to the Privacy Policy shall be effective as of the "last update" and the Registrant's continued use of the service as of the date of last revision shall constitute acceptance thereof.
For any clarification regarding this policy, you can send an email or request to the following email: soportefyco@fycotelecom.com
Personal data protection policy updated in December 2023
-