index
Enjoy free shipping on all your nationwide purchases. Shop now Do you need supplies for your company? Write to us now. CORPORATE SALES Enjoy free shipping on all your nationwide purchases. Shop now Do you need supplies for your company? Write to us now. CORPORATE SALES Enjoy free shipping on all your nationwide purchases. Shop now Do you need supplies for your company? Write to us now. CORPORATE SALES Enjoy free shipping on all your nationwide purchases. Shop now Do you need supplies for your company? Write to us now. CORPORATE SALES Enjoy free shipping on all your nationwide purchases. Shop now Do you need supplies for your company? Write to us now. CORPORATE SALES Enjoy free shipping on all your nationwide purchases. Shop now Do you need supplies for your company? Write to us now. CORPORATE SALES Enjoy free shipping on all your nationwide purchases. Shop now Do you need supplies for your company? Write to us now. CORPORATE SALES Enjoy free shipping on all your nationwide purchases. Shop now Do you need supplies for your company? Write to us now. CORPORATE SALES Enjoy free shipping on all your nationwide purchases. Shop now Do you need supplies for your company? Write to us now. CORPORATE SALES Enjoy free shipping on all your nationwide purchases. Shop now Do you need supplies for your company? Write to us now. CORPORATE SALES

Personal data policy

PART I. GENERAL PROVISIONS

ARTICLE 1. APPLICABLE LAW. This manual was prepared considering the provisions contained in Law 1581 of 2012 "By which general provisions for the protection of personal data are issued" and Decree 1377 of 2013 "By which Law 1581 of 2012 is partially regulated."

ARTICLE 2. SCOPE OF APPLICATION. This manual shall apply to the processing of personal data collected and managed by UNIROCA S.A.S.

ARTICLE 3. PURPOSE. To protect and guarantee, based on this manual, the fundamental right to habeas data regulated by Law 1581 of 2012, which regulates the procedures for collecting, handling, and processing personal data carried out by UNIROCA S.A.S.

ARTICLE 4. VALIDITY OF THE DATABASE. UNIROCA S.A.S. shall apply the policies and procedures contained in this manual to the databases over which it has decision-making power, for a term equal to that statutorily established for the duration of the company.

ARTICLE 5. PRINCIPLES FOR THE PROCESSING OF PERSONAL DATA. In the development, interpretation, and application of this law, the following principles shall apply, in a harmonious and integral manner:

Principle of Purpose: The Processing of personal data collected by UNIROCA S.A.S. must be informed to the Data Subject.

Principle of Freedom: Processing can only be carried out with the prior, express, and informed consent of the data subject. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal or judicial mandate that waives consent.

Principle of Veracity or Quality: Information subject to Processing must be true, complete, accurate, updated, verifiable, and understandable. The Processing of partial, incomplete, fragmented, or misleading data is prohibited.

Principle of Transparency: In Processing, the Data Subject's right to obtain from the data controller, at any time and without restrictions, information about the existence of data concerning them, must be guaranteed.

Principle of Restricted Access and Circulation: Personal data, except for public information, may not be available on the Internet or other means of mass dissemination or communication, unless access is technically controllable to provide restricted knowledge only to the data subjects or authorized third parties.

Principle of Security: Information subject to Processing by the data controller must be handled with the technical, human, and administrative measures necessary to ensure the security of the records, preventing their alteration, loss, consultation, unauthorized use, or fraudulent access.

Principle of Confidentiality: All persons involved in the processing of personal data that are not public in nature are obliged to guarantee the confidentiality of the information, even after their relationship with any of the tasks involved in the processing has ended.

PART II. RIGHTS AND DUTIES

ARTICLE 6. RIGHTS OF THE DATA SUBJECTS. In accordance with the provisions of Law 1581 of 2012, the data subject has the following rights:

To know, update, and correct their Personal Data. With the power to exercise this right, among others, in relation to partial, inaccurate, incomplete, divided, misleading information or whose processing is prohibited or unauthorized.

To request proof of the consent granted for the collection and processing of Personal Data.

To be informed by UNIROCA S.A.S S, of the use that has been given to the Personal Data.

To file complaints with the Superintendency of Industry and Commerce in the event of a violation by UNIROCA S.A.S of the provisions of Law 1581 of 2012, Decree 1377 of 2013, and other rules that modify, add, or complement them, in accordance with the provisions on the requirement of enforceability established in article 16 of Law 1581 of 2012.

To revoke the authorization granted for the processing of Personal Data.

To request to be removed from its database. This suppression or elimination implies the total or partial elimination of personal information according to what is requested by the data subject in the databases of UNIROCA S.A.S. It is important to note that the right of suppression is not absolute and the data controller may deny the exercise of it when: The data subject has a legal and/or contractual duty to remain in the database, the suppression of the data hinders judicial or administrative actions or the investigation and prosecution of crimes, the data that are necessary to comply with a legally acquired obligation by the data subject.

To have access to the Personal Data that UNIROCA S.A.S has collected and processed.

ARTICLE 7. DUTIES OF THE DATA CONTROLLER: As the data controller of personal data, and in accordance with the provisions of Law 1581 of 2012, UNIROCA S.A.S commits to comply with the following duties, in relation to the processing of personal data:

a. Guarantee the data subject, at all times, the full and effective exercise of the right to habeas data.

b. Keep a copy of the respective authorization granted by the data subject.

c. Properly inform the data subject about the purpose of the collection and the rights that correspond to them by virtue of the authorization granted.

d. Keep the information under the necessary security conditions to prevent its alteration, loss, consultation, unauthorized use, or fraudulent access.

e. Process inquiries and claims submitted by data subjects within the terms indicated by articles 14 and 15 of Law 1581 of 2012.

f. Inform, at the request of the Data Subject, about the use given to their data.

g. Inform the Superintendency of Industry and Commerce when security codes are violated and there are risks in the administration of data subjects' information.

h. Comply with the instructions and requirements issued by the Superintendency of Industry and Commerce.

i. Insert the legend "information under judicial discussion" in the database once notified by the competent authority, about judicial processes related to the quality or details of the personal data.

j. Refrain from circulating information that is being disputed by the data subject and whose blocking has been ordered by the Superintendency of Industry and Commerce.

k. Allow access to the information only to authorized persons.

l. Inform through the means it deems pertinent the new mechanisms it implements for data subjects to exercise their rights effectively.

PART III. AUTHORIZATION AND PURPOSE

ARTICLE 8. UNIROCA S.A.S, in its capacity as data controller of personal data, has provided the necessary mechanisms to obtain the authorization of the data subjects, guaranteeing in any case that the granting of said authorization can be verified.

ARTICLE 9. PURPOSE OF THE AUTHORIZATION. The processing of data subjects' personal data will be carried out by UNIROCA S.A.S with the following purpose: Measure satisfaction levels, Inform about Service Campaigns, Communicate promotional campaigns, Conduct surveys, Send payment reminders, Execute Loyalty Campaigns, Send invitations to events, raffles, Update data, Offer products and services.

ARTICLE 10. FORMS AND MECHANISMS FOR GRANTING AUTHORIZATION. Annex 1 of this document presents the authorization format that has been defined for the collection and processing of personal data. Authorization will be obtained through one of the following means:

  1. Quotations
  2. Sales Invoices
  3. Marketing Activities
  4. Events
  5. Onboarding process as an employee, supplier, contractor, subcontractor, or client.

ARTICLE 11. PRIVACY NOTICE. Annex 2 of this document presents the privacy notice format defined by UNIROCA S.A.S.

PART IV. PROCEDURE FOR EXERCISING THE RIGHTS OF THE DATA SUBJECT

ARTICLE 12. PROCEDURE TO GUARANTEE THE RIGHT TO FILE CLAIMS AND EXERCISE THEIR RIGHTS.

The company UNIROCA S.A.S. will receive requests from personal data subjects through the communication channels provided for this purpose: The specific communication channels that the company UNIROCA S.A.S. will provide so that data subjects can exercise their data protection rights are:

Email servicioalcliente@uniroca.com Through these channels, data subjects can submit requests, inquiries, complaints, and petitions related to the processing of their personal data by the company, as well as exercise their rights as data subjects.

It is important to highlight that the company UNIROCA S.A.S guarantees that these channels will be available and accessible to data subjects at all times, and that a timely and adequate response will be provided to all requests, inquiries, complaints, and petitions submitted.

PART V. SECURITY AND CONFIDENTIALITY OF INFORMATION

ARTICLE 13. SECURITY AND CONFIDENTIALITY MEASURES FOR INFORMATION. For data storage, the Company uses a personal data encryption technique, and data transmission to those responsible is done with password-protected files. For the processing and handling of my personal data, which consists of collecting, storing, cleaning, using, analyzing, circulating, updating, and cross-referencing my own information, in order to facilitate the sale of goods and provision of services, carry out collection management, and report to credit bureaus when appropriate.

PART VI. FINAL PROVISIONS

ARTICLE 14. APPOINTMENT. UNIROCA S.A.S. Appoints the Customer Service Area, or whoever acts in its place, to fulfill the function of personal data protection, as well as to process requests from data subjects, for the exercise of their rights as data subjects.

ARTICLE 15. VALIDITY OF THE MANUAL. This manual is effective as of June 20, 2024.

ANNEX 1

AUTHORIZATION FOR PERSONAL DATA PROCESSING

In accordance with the provisions of Law 1581 of 2012 and Decree 1377 of 2013, I declare that I freely and voluntarily provide the following personal data: Names and surnames, identification document, gender, address, city, department, telephone numbers, cell phone, date of birth, email (hereinafter "Personal Data") to UNIROCA S.A.S. In terms of the definitions of Law 1581 of 2012, UNIROCA S.A.S. acts as the data controller of my Personal Data.

I give my express authorization for UNIROCA S.A.S. to collect and otherwise process my Personal Data for purposes related to its corporate purpose and especially for legal, contractual, commercial, and labor purposes described in UNIROCA S.A.S.'s personal data processing policy, which I declare to have previously known.

By signing this document, I authorize my Personal Data to be collected and processed in accordance with the privacy policy or information processing policy of UNIROCA S.A.S. In relation to the Personal Data collected and processed and in accordance with Law 1581 of 2012 and Decree 1377 of 2013, I have been informed that I have the following rights:

To know, update, and correct my personal data. I can exercise this right, among others, in relation to partial, inaccurate, incomplete, divided, misleading information or whose processing is prohibited or unauthorized.

To require proof of the consent granted for the collection and processing of my Personal Data.

To be informed by UNIROCA S.A.S of the use that has been given to my Personal Data.

To file complaints with the Superintendency of Industry and Commerce in the event of a violation by UNIROCA S.A.S., of the provisions of Law 1581 of 2012, Decree 1377 of 2013, and other rules that modify, add, or complement them, in accordance with the provisions on the requirement of enforceability established in article 16 of Law 1581 of 2012.

To revoke the authorization granted for the processing of my Personal Data.

To request to be removed from its database.

Signature of the Data Subject: ___________Name: ID/NIT.:

Profile: Client: Provider: Employee: Nature: Natural Person Legal Entity

ANNEX 2

PRIVACY NOTICE

Data Controller: UNIROCA S.A.S

In accordance with the provisions of Law 1581 of 2012, we inform you that the personal data you have provided to us, as an employee, client, or provider of goods and services, will be part of our database to be used for the following purpose: for the processing and handling of my personal data which consists of collecting, storing, cleaning, using, analyzing, circulating, updating, and cross-referencing my own information, in order to facilitate the sale of goods and provision of services, carry out collection management, and report to credit bureaus when appropriate.

The handling of said data will be carried out in accordance with the provisions of the "Manual of Policies and Procedures for the Processing of Personal Data," which contains the policies established by our Company for data processing, the mechanisms for the effectiveness of the data subject's rights to know, update, rectify, delete the data held in our database, as well as to claim the data controller and revoke authorization for its use.