1. Purpose
This document sets internal policies of HAYAI S.A.S. to protect personal data and to comply with Colombia’s data protection framework.
2. Scope
It applies to all internal processes, areas, employees, contractors, and processors that collect, store, use, share, transfer, or delete personal data managed by HAYAI.
3. Core principles
HAYAI applies lawfulness, purpose limitation, free and informed consent (where required), data quality, limited access, security, and accountability in every processing activity.
4. Responsible areas
Each area that handles personal data must keep inventories, follow this manual, and cooperate with the person appointed for data protection matters within the organization.
5. Questions and complaints
Requests from data subjects are logged, verified, and answered within legal deadlines. Denials or partial responses are documented with reasons.
6. Security measures
Technical, physical, and administrative controls are implemented according to risk (access control, backups, training, secure development, and incident response).
7. International transfer
If personal data is transferred outside Colombia, HAYAI ensures that the destination offers adequate levels of protection or uses mechanisms permitted by Law 1581 and the SIC.
8. Retention and deletion
Data is kept per retention schedules tied to the purpose and legal minima, then deleted or anonymized when no longer required.
9. Security incidents
Incidents are assessed, contained, and reported to the SIC and to data subjects when the law so requires, with records kept for follow-up and improvement.
10. National Database Register (RNBD)
Databases that must be registered with the SIC are registered, updated, and renewed as required by regulation.
11. Policy updates
This manual is reviewed periodically and when legal or business changes require it, with version control and staff communication.
12. Effectiveness
This version is effective as of the date shown in the document header. Contact: privacidad@hayai.com.co