General Considerations
ASTEROID is an international travel assistance organization whose purpose is to provide, among others, medical, legal and personal assistance services in emergency situations during the course of a trip.
In order to guarantee the best travel assistance service, ASTEROID may obtain, collect and/or store information and personal data of its clients (hereinafter, "Personal Information") provided that they are essential and necessary for the provision of said services. As the party responsible for the correct use and administration of such personal information, ASTEROID has sufficient technical and administrative security measures in place to maintain the required level of protection and safeguards and thus be able to guarantee its clients the proper reliability and security in the handling of said information.
ASTEROID guarantees the privacy and confidentiality of the Personal Information provided by its clients through any of the ASTEROID Web pages, email, sales channels or any other means of communication, in accordance with the provisions of the applicable regulations on the matter. In order to respect the interests and expectations of its Clients as much as possible, ASTEROID has a serious commitment to respect and observe this Privacy, Confidentiality and Personal Data Protection Policy (hereinafter, the "Privacy Policy" or "Policy"), in relation to the collection, use, storage, protection and disclosure of data.
What personal information is collected?
ASTEROID collects and stores the personal information provided by its clients in order to contact them and/or identify them, through the various channels enabled for this purpose.
In turn, ASTEROID obtains and stores the Personal Information that Clients provide when performing the following actions: (i) contracting travel assistance services, (ii) browsing the ASTEROID Website and/or registering as a user in MY POLICY, (iii) using the various online services, (iv) participating in promotions, contests, raffles and/or promotional and/or marketing campaigns, (v) contact via email, (vi) use the application for mobile phones and tablets, (vii) request –by telephone at our call center and/or through any of the channels enabled to do so- any of the assistance services provided by ASTEROID. The personal information collected may include –among others- name and surname, postal address, nationality, telephone number, tax identification number, email address, emergency contact, travel date and/or destination.
ASTEROID only collects personal information provided freely and voluntarily by the Client, not storing any other information that is not provided in this way.
The Client may choose not to provide certain personal information when it deems appropriate, as long as the lack of provision of such personal information does not prevent the provision of the services that interest the Client. ASTEROID may also store the recordings of telephone calls in order to carry out quality and operational audits and to ensure the correct provision of the assistance service required by the Client. The recordings of the calls will be retained for as long as reasonably necessary and will subsequently be deleted. With the reservations specified in this Policy and with confidentiality, protection and security in the treatment being the guiding principle in terms of personal information, the Client expressly accepts that said Information may be transferred to external service providers of ASTEROID (such as, for example, medical providers, hospitals, clinics, legal advisors, airlines, etc.) that are necessary for the provision of the contracted assistance services. In all cases in which ASTEROID exceptionally provides personal information to providers for the provision of the required service; it will be required that they be treated confidentially, in accordance with the regulations governing the protection of personal data and that they be used for the sole and exclusive purpose of performing the required assistance services.
What do we do with the Personal Information collected?
ASTEROID will store any Personal Information provided by the Client, for a satisfactory provision of the assistance that may be required and the Client, by providing it, expressly gives his consent for:
a) ASTEROID to store all Personal Information that may have been obtained for, during and/or as a consequence of the assistance required, in the Records duly declared before the Control Authority.
b) ASTEROID may assign and/or transfer and/or provide the Personal Information that is necessary to: (i) external providers linked to ASTEROID, who contribute to the fulfillment of the object of the required service; (ii) third parties with whom ASTEROID has signed confidentiality agreements, provided that said third parties are linked, related and/or connected with the fulfillment of the assistance required and require such Personal Information for the provision of the service; (iii) companies belonging to the ASTEROID Group, its controlling and subsidiaries, provided that this is necessary to fulfill the purpose for which they were obtained. ASTEROID may offer you better services or provide information related to products already purchased.
ASTEROID may contact you for the purposes of: (i) Improving commercial and promotional initiatives, personalizing the contents, their presentation and services; (ii) sending information or messages by e-mail about new services, advertisements or promotions, banners of interest, news about ASTEROID; (iii) sending you notices about contests and/or raffles that ASTEROID organizes.
d) ASTEROID may share Personal Information with business partners, with whom they may jointly offer products or services. These suppliers and business partners will be subject to confidentiality agreements that prohibit unauthorized use or disclosure of the Personal Information to which they have access. Access to Personal Information by third parties will be governed by the opt-out policy described below. How to access, update or correct your personal information.
Personal information will be stored and customers - as owners of the personal information stored - have the right to exercise the right of access, rectification, cancellation / deletion. For any queries and/or additional information that the Client may require in relation to this Policy, he/she may contact ASTEROID at the telephone service centers and/or by sending an email to hola@asteroid.international
Personal Information will be treated with the legally required degree of protection to guarantee its security and prevent its alteration, loss, treatment or unauthorized access.
Opt out policy
When the client makes transactions or registers as a user in MY ASTEROID or acquires any of the ASTEROID travel assistance products, he/she will be given the option of whether he/she wishes to receive promotional circulars, messages or email alerts about offers. The Client may modify his/her choices at any time, through the email settings, where he/she will be given the opportunity to unsubscribe from receiving messages.
External links.
The ASTEROID website has links to other pages. ASTEROID is not responsible for the confidentiality or content of such web pages. If you visit these other web pages, ASTEROID advises you to review their confidentiality and privacy policies. The Client may choose not to give us information, assuming all the consequences that may arise and/or originate from such a decision.
By reading this Privacy Policy, you accept and authorize ASTEROID to process the data that it may have obtained, in accordance with the terms of this Policy and within the framework of specific regulations. Failure to formally communicate disagreement with these terms and conditions will imply the express consent of the Client to the scope, modality and guidelines set forth therein.
ASTEROID PERSONAL DATA PROCESSING POLICY IN COLOMBIA
In accordance with the provisions of Law 1581 of 2012, Decree 1377 of 2013 and any other regulation that modifies, adds, complements or develops them, ASTEROID LLC (hereinafter "ASTEROID"), a company with NIT XXXXXXXXXXX, presents its Data Processing Policy, which explains the purpose and management that will be given to your personal data. The procedures and mechanisms through which ASTEROID will guarantee your rights as the owner of personal data are also described.
Definitions:
a. Right to Habeas Data: It is a set of rights that allows you, as the owner of the information, to ensure that your data is collected and processed in accordance with legal regulations and in line with the purpose informed by us. These rights allow you, among other things, to consult, update and request the deletion of your information from our database, provided that there is no contractual or legal obligation that prevents us from doing so.
b. Authorization: Represents your clear and explicit consent for ASTEROID to process your data in accordance with the principles and objectives detailed in this policy.
c. Data subject: Refers to you when you give us permission to process your personal data. This always involves the information of individuals.
d. Processing: Refers to any activity that involves your data. This may include collection, storage, use, circulation or deletion of personal information.
e. Database: It is the structured set of personal data that is processed.
f. Personal Data: It is any information that can identify or make an individual identifiable. These data are categorized as public, private, semi-private and sensitive.
g. Public Personal Data: This is data that is of general interest. It is usually found in public records, official documents, bulletins, and court rulings that are not confidential. Examples of this data include your name, identification and profession.
h. Private Personal Data: This is information that is relevant only to you as the owner and is considered intimate and reserved.
i. Semi-private Personal Data: This is private data that could be relevant to certain groups under certain circumstances. An example is information related to credit and financial history.
j. Sensitive Personal Data: Information that affects privacy and whose misuse could lead to discrimination, such as information that reveals racial or ethnic origin, political orientation, religious or philosophical beliefs, membership in unions, social organizations, human rights organizations, or that promotes the interests of any political party or that guarantees the rights and guarantees of opposition political parties, as well as data related to health, sexual life, and biometric data (fingerprints, photographs, DNA, among others).
k. Special Data: Refers to the processing of information on children and adolescents, and the processing of sensitive data.
l. Data Controller: Person who decides on, among others, the collection and purposes of the processing.
m. Data Processor: Person who processes the data on behalf of the Data Controller.
n. Transmission: Processing of personal data that involves the communication of the same within (national transmission) or outside Colombia (international transmission), and which has as its object its treatment by the person in charge, on behalf of or in the name of the person in charge.
o. Transfer: Sending of personal data that the person in charge or the person in charge makes from Colombia to a person in charge who is within (national transfer) or outside the country (international transfer).
p. Website: Means the page
q. Application (APP): Means the application
2. Principles of Information Processing. When ASTEROID processes your data, it always does so observing the following principles:
a. Principle of legality in data processing: The processing of personal data is a regulated activity that must be subject to the provisions of Law 1581 of 2012 and other provisions that implement it.
b. Principle of purpose: The processing must obey a legitimate purpose in accordance with the Constitution and the law, which must be informed to the owner.
c. Principle of freedom: The processing can only be carried out with the prior, express and informed consent of the owner. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal or judicial mandate that waives consent.
d. Principle of truthfulness or quality: The information subject to processing must be truthful, complete, accurate, up-to-date, verifiable and understandable. The processing of partial, incomplete, fractioned or misleading data is prohibited.
e. Principle of transparency: The processing must guarantee the right of the owner to obtain from ASTEROID or the data processor, at any time and without restrictions, information about the existence of data that concerns him.
f. Principle of restricted access and circulation: The processing is subject to the limits that arise from the nature of personal data, the provisions of the law and the Constitution. In this sense, the processing may only be carried out by persons authorized by the owner and/or by the persons provided for in the law.
g. Principle of security: The information subject to processing by ASTEROID or the data processor must be handled with the technical, human and administrative measures that are necessary to ensure the security of the records, avoiding their adulteration, loss, consultation, unauthorized or fraudulent use or access;
h. Confidentiality principle: All persons involved in the processing of personal data that are not public in nature are obliged to ensure the confidentiality of the information, even after their relationship with any of the tasks that comprise the processing has ended, and may only provide or communicate personal data when this corresponds to the development of the activities authorized by law.
Data collected and purpose of processing
The personal data that you voluntarily provide to ASTEROID may fall into the following categories:
a. Identification data such as: Name, address, telephone number, email address, citizenship card, place and date of birth, age, nationality, photograph, country of residence, signature, sex, marital status, among others.
b. Third-party data such as: Names and surnames of family members and/or emergency contacts, age, telephone number, email address, cell phone number, and relationship, among others.
c. Employment data such as: salary, type of salary, affiliations to the social security system, position, work address, telephone, fax, work history, work certificates, among others.
d. Education data such as: School history, professional degree, study certificates and graduation dates, among others.
e. Banking data such as: bank account number, billing data, financial statements, tax identification number (NIT), unique tax registry (RUT), credit card data, among others.
f. Health data such as: health status, test results, laboratories, studies, medical diagnoses, medications, treatments, among others.
h. If you are a partner or shareholder, we may use your data for: (i) the development of the corporate purpose of the company; (ii) maintaining constant communication regarding activities, decisions and changes in the organization; (iii) the execution of the contractual and fiduciary relationship; (iv) the preparation of financial and accounting records; (v) reports to control and surveillance authorities; (vi) invitations and coordination of general assemblies and/or shareholder meetings; (vii) other administrative, historical and statistical purposes.
i. If you are a researcher or external collaborator, we may use your data for: (i) the development of joint projects; (ii) the coordination of activities and events; (iii) the execution of the contractual and collaborative relationship; (iv) the management of payments and fees; (v) the generation of reports and documentation related to research or collaborations; (vi) other administrative, historical and statistical purposes.
j. If you are a participant in events or training organized by us, we may use your data for: (i) the coordination and logistics of the event or training; (ii) the management of registrations and confirmations; (iii) the sending of related informative or educational material; (iv) the generation of certificates or records; (v) to conduct satisfaction surveys; (vi) the preparation of attendance and evaluation reports; (vii) other administrative, historical and contact purposes.
k. If you are a user of our forums or social networks, we may use your data to: (i) manage your participation and moderate comments; (ii) respond to your queries, comments or concerns on the platforms; (iii) the development of community activities and the promotion of interaction; (iv) perform analysis and statistics on user trends and behavior; (v) other administrative and contact purposes.
l. If you are a media collaborator or influencer, we may use your data to: (i) the development of joint communication or marketing strategies; (ii) the coordination of interviews, events or special participations; (iii) the sending of press material, press releases or relevant information; (iv) manage payments or agreed compensations; (v) other administrative, historical and contact purposes. You acknowledge and agree that you are not required to grant authorization for the processing of sensitive personal data.
In accordance with the purposes described, the scope of the processing to which Asteroid is subject is as follows:
i. To know, store and process all the information provided by the owners in one or more databases, in the format it deems most convenient.
ii. To verify, corroborate, check, validate, investigate or compare the information provided by the owners, with any information it legitimately has.
iii. Access, consult, compare and evaluate all the information of the holders that is stored in the databases of any legitimately constituted credit, financial, judicial or security risk center, of a state or private nature, national or foreign.
Sensitive Data
In the development of our activities we may require sensitive data, such as your health data, which will be treated in accordance with the principles indicated in the law, maintaining the confidentiality that the right to privacy imposes on us and, especially, avoiding causing discrimination with this data. You, as the owner of the information, are not obliged to provide us with data of this nature. However, it is important to inform you that there are procedures and processes for which the treatment of this data will be necessary.Processing of personal data of minors Asteroid does not process personal data of minors without prior consent from their parents or legal representatives. The processing of personal data of minors will be carried out in accordance with Colombian data protection regulations, always observing their fundamental rights. Exchange, Transfer and Transmission of Information Asteroid may provide the information and personal data collected to subsidiaries, affiliates, or affiliates of Asteroid, or to companies or natural persons in Colombia or abroad that Asteroid trusts to carry out the processing of the information. International transmissions and transfers may be made to any country, regardless of the schemes and levels of protection adopted in each country.
Information Security The data collected is stored on its own servers that are mainly located in Colombia and Argentina. Currently, your personal data is protected by reasonable computer security measures that comply with industry standards and protect the system against third-party attacks. Rights of Data Subjects You, as the data subject, have the right to know, update, rectify and delete personal data, through the procedures established in Law 1581 of 2012.
In case of doubts, queries or complaints regarding the processing of information, we thank you, as the data subject, for sending a request to the telephone service centers and/or through an email to: hola@asteroid.international
Procedures for exercising your rightsa. Queries: You may consult your personal data free of charge once every calendar month and every time there are substantial changes to the Personal Data Processing Policy. To do so, you must send a request to the channels mentioned above, which must contain the following information: (i) name and address of the owner (or of the person authorized to do so) or any other means to receive a response to the request; (ii) documents proving the identity of the owner, or of the person authorized to do so; and (iii) the description and purpose of the query. Asteroid must respond to the request within ten (10) business days following receipt of the request. Likewise, it must inform if the request has any cost. If it is not possible to respond to the request within the aforementioned period, Asteroid must inform the applicant of the reasons for the delay and must indicate a new period for responding, which may not exceed five (5) additional business days after the expiration of the first term.
b. Complaints: You may submit, through a complaint, complaints for noncompliance with the General Policy for the Processing of Personal Data and/or the applicable law, or you may request the correction, update or deletion of your personal data. To do so, you must send a complaint to the service channels mentioned above, which must contain the following information: (i) name and address of the owner (or of the person authorized to do so) or any other means to receive a response to your request; (ii) documents proving the identity of the owner or of the person authorized to do so; (iii) the description and purpose of the query; (iv) if applicable, other documents or elements that are intended to be asserted. If the complaint is incomplete, Asteroid will require you to correct the information within five (5) business days following receipt of the same. If after two (2) months from the date of the request you do not comply with the indicated correction, it will be understood that you have withdrawn the complaint. If the claim is complete, Asteroid must respond within fifteen (15) business days of receiving it. If it is not possible to respond to the claim within the period previously mentioned, Asteroid must inform about the reasons for the delay and must indicate a new period for responding, which may not exceed eight (8) additional business days after the expiration of the first period. In the event that Asteroid is not competent to address your claim, it will be forwarded to the appropriate party within a maximum period of two (2) business days and you will be informed about this situation.
ES
PT