RESOLUTION OF THE GOVERNING BODY ICCF
MINUTES of MAY 21, 2019
DEFINING THE INSTITUTIONAL POLICIES FOR THE TREATMENT OF INFORMATION OF THE CHRISTIAN COMMUNITY OF FAITH CALI CHURCH.
The Governing Body of the Iglesia Comunidad Cristiana de Fe Cali, TEAM PES, in use of the powers conferred by the Statutes of the Institution, and
- That Law 1581 of 2012 issued the General Regime for the Protection of Personal Data with the purpose of guaranteeing and preserving the constitutional right that all persons have to know, update and rectify the information that has been collected about them in databases or files managed by public and/or private entities.
- That Article 13 of Decree 1377 of 2013 regulating Law 1581 of 2012, and in accordance with the provisions of subparagraphs K of Article 17 and f of Article 18 of the same Law, imposes the obligation on any natural or legal person, public or private, that processes personal data and/or decides on the information contained in databases, to develop an internal manual of policies and procedures to ensure the right to Habeas Data and for the attention of queries and claims.
- That in accordance with the provisions of the ICCF Statutes, it is the responsibility of the PES Team to formulate institutional policies.
- That the PES Team in its meeting of May 21, 2019, has analyzed the proposal presented by the Communications area, and has considered it appropriate.
ARTICLE 1: EXTENT:
The purpose of this document is to establish the institutional policies of a general nature through which the Church Comunidad Cristiana de Fe Cali will guide and define the treatment of data, with the purpose of fully guaranteeing the exercise of the Constitutional Rights to Habeas Data and Computer Self-Determination, understood as the right of every person to know, update, rectify and authorize the inclusion, use and exclusion of the information contained in databases. In this direction, such policies are aimed at promoting the free exercise of the Right to Informational Self-Determination, establishing criteria to internally regulate the right of the owner of the information regarding the issuance of prior consent with the authorizations for the collection, conservation, use and circulation of the information; and, to safeguard the security, privacy, treatment and access to the information that the Church collects and manages through its electronic databases and in the physical documents that are under the custody of the management files and in the Central Institutional Archive, Connection and Mobilization Office.
In this direction, the collection, management use and disclosure of third party information contained in electronic databases and in physical documents under custody in the management files and in the Institutional Central Archive, Connection and Mobilization Office, shall be governed by the General Principles established in Law 1581 of 2012 and Regulatory Decree No. 1377 of 2013, namely:
- Principle of legality in matters of data processing: The processing referred to in this law is a regulated activity that must be subject to the provisions set forth therein and in the other provisions that develop it;
- Principle of purpose: The processing must obey a legitimate purpose in accordance with the Constitution and the Law, which must be informed to the Data Subject;
- Principle of Freedom: Processing may only be carried out with the prior, express and informed consent of the Data Subject. Personal data may not be obtained or disclosed without prior authorization;
- Principle of truthfulness or quality: The information subject to processing must be truthful, complete, accurate, updated, verifiable and understandable;
- Principle of transparency: The right of the Data Subject to obtain from the Data Controller or the Data Processor, at any time and without restrictions, information about the existence of data concerning him/her, must be guaranteed in the Processing;
- Principle of restricted access and circulation: Processing is subject to the limits derived from the nature of the personal data, the provisions of this law and the Constitution. In this sense, the Processing may only be carried out by persons authorized by the Holder and/or by the persons provided for in this law. Personal data, except for public information, may not be available on the Internet or other means of dissemination or mass communication, unless access is technically controllable to provide restricted knowledge only to the Holders or third parties authorized in accordance with this law;
- Principle of security: The information subject to Processing by the Data Controller or Data Processor referred to in this law, shall be handled with the technical, human and administrative measures necessary to provide security to the records avoiding their adulteration, loss, consultation, use or unauthorized or fraudulent access;
- Principle of confidentiality: All persons involved in the processing of personal data that are not of a public nature are obliged to guarantee the confidentiality of the information, even after the end of their relationship with any of the tasks involved in the processing, and may only provide or communicate personal data when it corresponds to the development of the activities authorized in this law and under the terms of the same.
In development of such Principles, and with the purpose of safeguarding and guaranteeing the confidentiality, integrity and availability of the information contained in the electronic databases and in the physical documents that are under custody in the management files and in the Institutional Central File, Connection and Mobilization Office, and to minimize the risks to which the Institution is exposed, the Christian Community of Faith Cali Church, adopts the Policies for the Treatment of Information contained in this document.
ARTICLE 2: VALIDITY:
The policies contained in this document shall remain in force and shall be mandatory for the institutional bodies, employees and collaborators, from the date of its promulgation and until subsequent revisions or modifications. The Church may update these Policies at any time, publicly informing the updates made.
ARTICLE 3: DEFINITIONS:
- Habeas Data: It is the constitutional right of all persons to know, update and rectify the information that has been collected about them in databases or files.
- Computer Self-Determination: The constitutional right of all persons to authorize the collection, processing, storage, use and dissemination of their personal data through the issuance of their prior, express and informed consent.
- Personal Data: Any information linked or that may be associated to one or more natural or legal persons, determined or determinable.
- Holder: Natural and/or legal person whose personal data are subject to Processing in any database.
- Database: Organized set of personal data that is the object of Processing.
- Public Data: Data qualified as such according to the mandates of the Political Constitution or the Law, and all those that are not private or semi-private. Public data are, among others, the data contained in public documents, duly executed judicial sentences that are not subject to confidentiality and those related to the civil status of persons.
- Private Data: Data that, due to its intimate or reserved nature, is only relevant to the owner of the same.
- Semi-Private Data: Data that is not of an intimate, reserved or public nature and whose knowledge or disclosure may be of interest not only to the owner but also to a certain sector or group of persons.
- Sensitive Data: Data that affect the privacy of the holder or whose improper use may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership in trade unions, social organizations, human rights organizations or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data related to health, sexual life and biometric data.
- Processing: Any operation or set of operations on personal data, such as collection, storage, use, circulation or deletion.
- Authorization: Prior, express and informed consent of the Data Subject to carry out the Processing of his/her personal data.
- Privacy: Characteristics that must be guaranteed for personal information managed by an institution, whether it is in databases or files.
- Privacy notice: Verbal or written communication generated by the responsible party, addressed to the holder for the processing of his personal data, by means of which he is informed about the existence of the information processing policies that will be applicable to him, the way to access them and the purposes of the processing that is intended to be given to the personal data.
- Confidentiality: Property that determines that the information is not available or disclosed to unauthorized individuals, entities or processes.
- Availability: Property that determines that the information is accessible and usable by request of an authorized entity.
- Integrity: Property of safeguarding the accuracy and completeness of the information.
- Suspicious or Malicious Content: Data or information that by its nature and source, generates a particular sense of insecurity, which directs a different and special treatment.
- Data Controller: Natural or legal person, public or private, who by himself or in association with others, decides on the database and/or the processing of the data.
- Data Processor: Natural or legal person, public or private, which by itself or in association with others, performs the processing of personal data on behalf of the Data Controller.
ARTICLE 4: GENERAL POLICIES
The General Information Treatment Policies of the Cali Christian Community of Faith Church will be supported by special rules and procedures that will regulate the treatment of information and that are contained in the respective specific procedure manuals.
- General Information Security Policy
The Iglesia Comunidad Cristiana de Fe Cali, aware of the importance of the transparent, correct and adequate treatment that must be given to the information, and with the purpose of safeguarding the fundamental right to computer self-determination, will adopt the necessary technical, legal and administrative measures, according to the management and assessment of risks, to minimize those associated with the confidentiality, integrity and availability of personal data and thus avoid its alteration, loss, treatment or unauthorized access.
The Iglesia Comunidad Cristiana de Fe Cali guarantees the free participation of the owners of the information in the processes of supply, collection and updating of information, always obtaining prior, express and informed authorization for such purposes. In any case, the Church will refrain from transferring, selling or sharing the personal data collected, without the express authorization of the Holder, except in those cases where the law expressly so indicates.
- General Policy for the Protection of Personal Data
The Iglesia Comunidad Cristiana de Fe Cali in its dual capacity as Responsible and Responsible for the Processing of Personal Data of visitors, members, students, collaborators, administrative staff, suppliers and third parties, will adopt the necessary measures to ensure the full exercise of the rights related to the collection, processing and circulation of personal data. To this end, the Church declares that the processing of personal data will be done in accordance with the provisions of Law 1581 of 2012, the Regulatory Decree 1377 of 2013, and the rules that complement, add and/or reform them, and always in harmony with the activities of the Church and that facilitate the normal development of the social purpose of the Institution.
For this purpose, the Church declares that it manages the following databases:
- Academic Data Base
It is the set of public, semi-private, private and sensitive data of the students enrolled in the different programs, and of the graduates of the Biblical Institute of the Church, Ministerial Institute of the Holy Spirit, IMES; which are used to facilitate the proper provision of educational services and to promote and advertise the activities, products and academic services offered by the Church.
- Administrative Database
It is the set of public, semi-private, private and sensitive data of the Institution, visitors, members, students, collaborators, administrative personnel, suppliers and third parties that are used for the acquisition and management of goods and/or services necessary for the normal development of the institutional missionary and visionary activities of the Church.
4.4 General Policy on Access to Information – Inquiries, Complaints and Claims
The Iglesia Comunidad Cristiana de Fe Cali in its double condition of Responsible and Responsible for the processing of personal information of visitors, members, students, collaborators, administrative staff, suppliers and third parties, adopts the appropriate measures and procedures to safeguard and guarantee the exercise of the rights of the Holder of the Information to know, update, rectify, delete the data and revoke the authorization for the processing of the information. Requests in this regard will be answered through the e-mail conexión@comunifecali.org or by written communication addressed to the Connection and Mobilization Office, Carrera 36 #5B2-54 Cali.
ARTICLE 5: ACTIONS TO BE TAKEN IN CASE OF NON-COMPLIANCE WITH THE INFORMATION TREATMENT POLICY:
The Iglesia Comunidad Cristiana de Fe Cali will adopt the disciplinary measures, procedures and sanctions regime necessary to ensure due and proper compliance with these Policies and, of the internal rules and procedures aimed at safeguarding its holders the exercise of their constitutional rights to Habeas Data and Information Self-Determination.
Given in Santiago de Cali, on the twenty-first (21st) day of May of the year two thousand nineteen (2019).
President Church Comunidad Cristiana de Fe (Christian Community of Faith)