top of page

Privacy policy

CONTENT


I. Objective

II. Main definitions of the Personal Data Processing Policy

III. Principles for the Processing of Personal Data

IV. Authorization for the Processing of Personal Data

V. Purposes of the Processing of Personal Data

VI. Types of Personal Data Included in the Firm's Databases

VII. Procedures for the Processing of Personal Data

VIII. Information and Mechanisms Provided by UH ABOGADOS S.A.S. as the Data Controller

IX. Person Responsible for handling requests, queries and complaints

X. Rights of the Personal Data Subject

XI. Transfer of Personal Data

XII. Duties of the Data Controller

XIII. Modifications

XIV. Other Provisions

I. Objective

 

UH ABOGADOS S.A.S. (hereinafter, the “Firm”), in strict compliance with current regulations on personal data protection—particularly Law 1581 of 2012, Decree 1377 of 2013, and any other regulations that amend, add to, or complement them—and committed to the security of the personal information of its clients, suppliers, contractors, users, employees, and the general public, hereby presents its Data Processing Policy (hereinafter, the “Policy”) regarding the collection, use, and transfer of such data, based on the authorization granted by the Data Subjects.

This Policy outlines the general corporate guidelines followed by the Firm to protect personal data, the purposes for which information is collected, the rights of the Data Subjects, the department responsible for addressing inquiries, requests, and complaints, and the procedures for accessing, updating, rectifying, and deleting information.

 

In accordance with the constitutional right to Habeas Data, the Firm only collects personal data when prior authorization has been granted by the Data Subject, and it implements clear measures to ensure confidentiality and privacy.

II. Main definitions of the Personal Data Processing Policy

For the purposes of this Policy, the definitions established by Law 1581 of 2012 shall apply, as outlined below:
 

  • Data Subject: The natural or legal person whose personal data are subject to Processing.

  • Data Controller: The natural or legal person, whether public or private, who, alone or in association with others, decides on the database and/or the Processing of data. In this case, the Firm is considered the Data Controller.

  • Data Processor: The natural or legal person, whether public or private, who, alone or in association with others, carries out the Processing of personal data on behalf of the Data Controller.

  • Personal Data: Any information linked or that may be associated with one or more identified or identifiable natural persons.

  • Processing: Any operation or set of operations on personal data, such as collection, storage, use, circulation, or deletion.

  • Personal Data Processing Policy: Refers to this document.

  • Sensitive Data: Data that affect the privacy of the Data Subject or whose misuse may lead to discrimination.

III. Principles for the Processing of Personal Data
 

In accordance with Article 4 of Law 1581 of 2012, the following principles govern the Processing of personal data:

  1. Legality: Data Processing is a regulated activity that must comply with applicable laws and regulations.

  2. Purpose: Processing must have a legitimate purpose in accordance with the Constitution and the law, which must be communicated to the Data Subject.

  3. Freedom: Processing may only be carried out with the prior, express, and informed consent of the Data Subject.

  4. Truthfulness or Quality: Data must be accurate, complete, up-to-date, verifiable, and understandable. Incomplete or misleading data must not be processed.

  5. Transparency: Data Subjects have the right to request and obtain information about the existence of data concerning them at any time and without restrictions.

  6. Restricted Access and Circulation: Processing is limited to the scope of the data and may only be carried out by authorized persons.

  7. Security: Data must be protected using technical, human, and administrative measures to prevent tampering, loss, or unauthorized access.

  8. Confidentiality: All persons involved in data processing must maintain confidentiality, even after their relationship with the data ends, unless disclosure is legally permitted.

IV. Authorization for the Processing of Personal Data
 

At the time of data collection, the Firm will request authorization from the Data Subject, clearly informing them of the specific purposes of the Processing.
 

In line with the principle of freedom under Law 1581 of 2012, the Data Subject’s consent may be expressed in writing. The Firm will store such authorizations securely, respecting confidentiality and privacy.

For personal data collected before the entry into force of this Policy, the Firm will take the following actions:

  1. Request authorization from Data Subjects to continue Processing their personal data using effective communication channels (e.g., email), and inform them of their rights and how to exercise them.

  2. Publish a “Privacy Policy” section on the Firm’s website www.uhabogados.com, where users can access the Policy and information about how to exercise their rights.

V. Purposes of the Processing of Personal Data

The Firm collects personal data in the course of its corporate purpose, including:

  1. Fulfillment of commercial, labor, corporate, and accounting obligations.

  2. Provision of services tailored to client needs, including contract fulfillment, sharing commercial information, and sending legal newsletters.

  3. Internal management of suppliers and contractors.

  4. Data archiving, system updates, and database protection.

  5. Registration of employees, suppliers, and clients in the Firm’s database.

  6. Data transfer to third parties with contractual relationships for commercial, contractual, marketing, or operational purposes.

  7. Security and fraud prevention.

  8. Any other purpose arising from the contractual or commercial relationship with the Data Subject.

Personal data will only be used for the purposes stated above. Once no longer needed, data may be deleted or securely archived and disclosed only when legally required.

VI. Types of personal data included in the firm’s databases
 

In order to carry out the purposes described above, the Firm may collect personal data from Data Subjects such as: name, address, phone number, ID number, email, employment details, occupation, among others.


This is necessary given the Firm’s main corporate purpose: to provide legal advice and representation in matters related to commerce, litigation, regulation, and real estate.

VII. Procedures for personal data processing

The personal data included in the Firm’s databases are collected in the course of business, contractual, labor, or other relationships with users, clients, suppliers, contractors, employees, and the general public.

Data collection is carried out through contracts, written documents, and other means, based on the prior, express, and informed consent of the Data Subject.

1. Procedure to Access, Update, Rectify, or Delete Personal Data

To protect the confidentiality of personal data, the Firm has established the following procedure for Data Subjects wishing to access, update, correct, or delete their data: I) Requests may be sent via email to: administracion@uhabogados.com, including a copy of the Data Subject’s ID. II) Alternatively, written requests may be sent to the Firm’s offices at: Carrera 29 C No. 10 C 125, Ed. Select, Office 401, accompanied by a copy of the Data Subject’s ID.

The Firm’s Administrative Coordination department is responsible for data management and will respond to inquiries, requests, and complaints in compliance with applicable laws via administracion@uhabogados.com.

2. Procedure to Delete Data and Revoke Authorization
 

Data Subjects may request at any time that their data be deleted or that authorization for Processing be revoked, by submitting a request as per Article 15 of Law 1581 of 2012.

The Firm provides the email address administracion@uhabogados.com and the website www.uhabogados.com to facilitate such requests.

VIII. Information and Mechanisms Provided by UH ABOGADOS S.A.S. as the Data Controller

 

Business Name: UH Abogados S.A.S
Tax ID (NIT): 900.668.911 – 7
Location: Medellín, Antioquia, Colombia
Address: Carrera 29 C No. 10 C 125, Edificio Select, Office 401
Phone: (57 4) 322 4365
Email: administracion@uhabogados.com
Website: www.uhabogados.com

IX. Person responsible for the processing of personal data

The person responsible within the Firm is the Administrative Coordinator, who will be in charge of receiving requests, inquiries, or complaints from Data Subjects. This person will carry out the necessary internal procedure to ensure a clear, efficient, understandable, and timely response to the Data Subject.

X. Rights of the personal data subject

In accordance with Article 8 of Law 1581 of 2012, the Data Subject has the following rights:

  1. To know, update, and rectify their personal data with the Data Controllers or Data Processors. This right may be exercised with respect to partial, inaccurate, incomplete, misleading data, or those whose processing is expressly prohibited or not authorized.

  2. To request proof of the authorization granted to the Data Controller, except when such authorization is not required as per Article 10 of Law 1581 of 2012.

  3. To be informed by the Data Controller or Processor, upon request, about the use given to their personal data.

  4. To file complaints with the Superintendence of Industry and Commerce for violations of Law 1581 of 2012 and related regulations.

  5. To revoke the authorization and/or request the deletion of their data when the principles, rights, and constitutional and legal guarantees are not respected. Revocation and/or deletion will proceed when the Superintendence of Industry and Commerce has determined that the Data Controller or Processor has engaged in conduct contrary to the law and Constitution.

  6. To access their personal data that has been subject to processing, free of charge.

In accordance with Article 20 of Decree 1377 of 2013, the exercise of the above rights may be carried out:

  1. By the Data Subject, who must prove their identity using the means made available by the Data Controller.

  2. By their successors, who must prove such capacity.

  3. By the Data Subject’s representative and/or attorney, after proving representation or power of attorney.

  4. By stipulation in favor of or for another.

 

The rights of children and adolescents will be exercised by those authorized to represent them.

XI. Transfer of personal data

The Firm may transfer the personal data of the Data Subjects among its internal entities and to other companies or entities that belong or may belong to the same control group and/or financial group, domiciled in Colombia and/or abroad, in strict compliance with this Policy and the applicable regulations.

XII. Duties of the data controller

 

In accordance with Article 17 of Law 1581 of 2012, the Data Controller shall have the following duties:

  1. Ensure the Data Subject, at all times, the full and effective exercise of the right to habeas data.

  2. Request and keep, under the conditions provided by law, a copy of the respective authorization granted by the Data Subject.

  3. Inform the Data Subject properly about the purpose of the data collection and their rights arising from the authorization granted.

  4. Keep the information under the necessary security conditions to prevent its alteration, loss, consultation, unauthorized or fraudulent use or access.

  5. Ensure that the information provided to the Data Processor is truthful, complete, accurate, up-to-date, verifiable, and understandable.

  6. Update the information, notifying the Data Processor in a timely manner of all changes regarding the data previously provided and take other necessary measures to ensure the information remains up to date.

  7. Rectify incorrect information and inform the Data Processor accordingly.

  8. Provide the Data Processor, as appropriate, only data that is previously authorized for processing under the terms of the law.

  9. Require the Data Processor at all times to respect the security and privacy conditions of the Data Subject's information.

  10. Handle inquiries, requests, and complaints within the timeframes established by law.

  11. Adopt an internal manual of policies and procedures to ensure proper legal compliance, especially in relation to handling inquiries and complaints.

  12. Inform the Data Processor when certain information is under dispute by the Data Subject, once a complaint has been filed and until the matter is resolved.

  13. Inform the Data Subject, upon request, about how their data is being used.

  14. Notify the data protection authority when security breaches occur and there are risks to the administration of Data Subjects' information.

  15. Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce.

XIII. Policy validity

This Privacy Policy  is effective from the date of its publication. The Firm may modify this Policy at any time to adapt to legislative or jurisprudential developments, as well as to adopt best practices on the subject. In such a case, the Data Subjects will be duly informed.

Any changes or updates to this Policy will be published on the website www.uhabogados.com, where the latest version will be available, including the effective date of the corresponding modification or update.

The continued use or acquisition of the Firm’s products or services by the Data Subject, or failure to withdraw from them after the updated Policy has been made available, constitutes acceptance of said Policy.

 

The personal data or databases subject to Processing will remain valid for the duration of the contractual relationship with the product or service, plus any period required by law.

XIV. Other provisions

1. For the processing of personal data of children and adolescents, the Firm shall prioritize and respect their best interests and ensure the protection of their fundamental rights. Additionally, the Firm will obtain authorization from the child’s legal representative prior to processing their personal data.

2. The Firm will collect, store, use, or circulate personal data for which it has obtained proper authorization, for a reasonable and necessary period, which in any case shall not be shorter than the duration of the Firm's existence.

Date: March 20,  2021
UH ABOGADOS S.A.S

bottom of page