Actualizado el: 03/May/2023
KUTAI INC is a company whose business is to identify how people eat and the impact that food has on them using a website, a mobile application, a Nutritional Monitor and an artificial intelligence platform for food recognition.
KUTAI INC, in order to comply with the Personal Data protection regulations, as established in Law 1581 of 2012, Decree 1074 of 2015 and other provisions that modify, add or complement them, issues this PERSONAL DATA PROTECTION AND PROCESSING POLICY (hereinafter "Processing Policy") to take care of the information provided by the Owners who have a relationship with KUTAI INC such as partners, suppliers, customers, employees, collaborators and any other natural person who KUTAI INC, obtains, collects, processes or treats personal data, whether such treatment is carried out by KUTAI INC or by third parties, suppliers, customers, clients, employees, collaborators and any other natural person from whom KUTAI INC obtains, collects, processes or treats personal data, whether such treatment is carried out by KUTAI INC or by third parties on behalf of KUTAI INC.
The Treatment Policy aims to protect the constitutional right of Habeas Data that all persons have to know, update, and rectify the information that has been collected and stored in the various databases of KUTAI INC, and by virtue of compliance with that right only collects and treats Personal Data, when previously authorized by the Holder. It explains the policy to protect the Personal Data of the Owners, the purposes of information processing, the area responsible for handling complaints and claims, and the procedures to know, update, rectify and delete information and the respective channels for them to exercise them.
Definitions
Authorization: Prior, express and informed consent of the Data Subject to carry out the processing of personal data.
Privacy Notice A communication addressed to the personal data owners informing them of the existence of the applicable personal data processing policies, how to access them, and the purpose for which their personal data will be used.
Personal database Organized set of personal data that are subject to processing by a natural or legal person.
Custodian of the databases Natural person, within the company, who is the custodian of the personal databases.
Personal data: Any information concerning or linked to determined or determinable natural persons.
Private data It is personal data that, due to its intimate or confidential nature, is relevant to the Data Subject. Public data It is personal data classified as such according to the Constitution and the law, and which has not been classified as private or semi-private personal data.
Semi private data It is personal data known and of interest both for the owner and for a certain sector of people or for society in general, so it is not of an intimate, reserved or public nature.
Sensitive data It is personal data that affects the privacy of the Data Subject and whose incorrect use could generate discrimination. Among others, health data, sexual orientation data, racial and ethnic origin, political opinions, religious, philosophical or moral convictions are considered sensitive data. Data Processor: Natural or legal person, who by himself or in association with others, carries out the processing of personal data on behalf of the data controller.
Ways to collect personal data: KUTAI INC may know, collect, store, manage the information of the owner of the information in accordance with the data use policy contained in this document through the following means: (i) Registration and use of the KUTAI mobile application; (ii) Registration and use of the KUTAI website; (iii) use of the Kutai Nutritional Monitor; (iv) subscription of any type of contract, alliance and/or agreement with KUTAI INC; (v) Registration as a supplier of KUTAI INC; (vi) Registration as a supplier of KUTAI INC.
Habeas data: It is the right of the Holder of personal data to demand from the administrators of such data the access, inclusion, exclusion, correction, addition, updating and rectification of the data, as well as the limitation in its disclosure, publication or transfer.
Data Controller Natural or legal person of a public or private nature that by itself or in association with another or others decides on the processing of personal data.
Personal Data Subject: Natural person whose data is processed. In the context of this personal data processing policy, the data subjects may be: (i) Users/Subscribers of the platform; (ii) Contractors; (iii) suppliers; (iv) all those persons not related to KUTAI INC whose personal data is processed.
Transfer: The Transfer of Personal Data takes place when the Controller and/or Processor of Personal Data sends the information or personal data to a recipient, which in turn is responsible for the processing and is located inside or outside the country.
Transmission: Processing of Personal Data that involves the communication to a third party of the same, within or outside the territory of the Republic of Colombia, when such communication has as its purpose the performance of a Processing by the Processor on behalf of and for the account of the Controller, in order to fulfill the purposes of the latter.
Processing: Any operation or set of operations on personal data, such as collection, storage, use, circulation or deletion.
Violation of personal data: This is the crime typified in article 269 of the Penal Code. Which states: "Whoever, without being authorized to do so, for his own benefit or that of a third party, obtains, compiles, subtracts, offers, sells, exchanges, sends, buys, intercepts, discloses, modifies or uses personal codes, personal data contained in files, archives, databases or similar means, shall incur a prison sentence of forty-eight (48) to ninety-six (96) months and a fine of 100 to 1000 legal monthly minimum wages in force."
Principles for data processing
According to the provisions of Title II of the Statutory Law 1581 of 2012, the protection of personal data shall be governed by the harmonious and comprehensive application of the following principles:
Restricted access and circulation: The treatment is subject to the limits derived from the nature of the personal data, the provisions of the Statutory Law 1581 of 2012 and the Constitution. In this sense, the treatment may only be made by persons authorized by the Holder and/or by the persons provided for in the aforementioned law.
Confidentiality: All persons involved in the processing of personal data that are not of a public nature are obliged to guarantee the confidentiality of the information, even after the end of their relationship with any of the tasks involved in the processing, and may only provide or communicate personal data when it corresponds to the development of the activities authorized in the Statutory Law 1581 of 2012 and under the terms of the same.
Purpose: The processing of personal data must obey a legitimate purpose in accordance with the Constitution and the law, which must be informed to the Data Subject.
Legality in the processing of personal data: The processing of personal data referred to in Statutory Law 1581 of 2012 is a regulated activity that must be subject to the provisions set forth therein and in the other provisions that develop it.
Freedom: The processing of personal data can only be exercised with the prior, express and informed consent of the Data Subject. Personal data may not be obtained or disclosed without prior authorization, or in the absence of legal or judicial mandate that relieves the consent.
Security: The information subject to processing by the Data Controller or Data Processor referred to in the Statutory Law 1581 of 2012, shall be handled with the technical, human and administrative measures necessary to provide security to the records avoiding their adulteration, loss, consultation, use or unauthorized or fraudulent access.
Truthfulness or quality: The information subject to processing must be truthful, complete, accurate, updated, verifiable and understandable. The processing of partial, incomplete, fractioned or misleading data is prohibited.
Transparency: In the processing of personal data, the right of the Data Subject to obtain from the Controller or Processor, at any time and without restrictions, information about the existence of data concerning him/her, must be guaranteed.
Rights of owners
In compliance with the fundamental guarantees of the Constitution and the law, and without prejudice to the provisions of the other rules governing the matter, the Owners of the personal data may exercise the following rights:
- Access to your personal information subject to processing.
- Updating of personal data subject to processing.
- Opposition to the processing of personal data.
- File complaints and claims before the Superintendence of Industry and Commerce for violations of the provisions of the Statutory Law 1581 of 2012 and other regulations that modify, add or complement it.
- Rectification of personal data subject to processing.
- To revoke consent to the processing of personal data.
- To be informed by the Responsible and/or Responsible party of the use and treatment that will be given to the personal data, as well as of the modifications and updates of the protection policies, security measures and purposes.
- Request proof of authorization for treatment.
- Suppression of personal data when the treatment does not respect the principles, rights and constitutional and legal guarantees.
How to collect data
Form of collection of personal data of Users/Subscribers
The collection of personal data from potential users and users of KUTAI INC, will be carried out in the following ways:
- Automatic storage of data of users accessing the KUTAI INC platform using cookies. Some of the data that can be automatically stored are URLs, browser used, IP address, among others.
- For using the company's Web site.
- Through the access to the application, creating the user and password.
- For sending e-mails.
- Through telephone calls.
- Through events carried out by KUTAI INC.
- Through transmission or transfer by strategic allies.
How to collect data from workers or candidates
The collection of personal data of employees will be carried out in the following ways:
- Through the candidates' academic resumes.
- Through an employment or service contract.
- Through employees' academic resumes.
- Through the KUTAI INC entrance form or job application form.
- During job interviews.
- By sending information from companies that have the quality of headhunting and the owners have provided the data.
- By means of affiliation forms to EPS, ARLs.
Supplier Collection Form
The collection of personal data from suppliers will be done in the following ways: - Through service offers.
- Through service offerings.
- Through the exchange of e-mails.
- Through contracts or alliances.
- Through meetings or telephone communications.
Form of membership collection
The collection of personal data from members will be carried out in the following ways: - Through the subscription of shares.
- Through the subscription of shares.
- At meetings of governing bodies or shareholder meetings and their respective calls.
- Through the exchange of emails or other means of communication with the shareholders.
Purposes of the processing of personal data
The Personal Data collected by KUTAI INC, are included in a Database to which the authorized personnel of KUTAI INC has access in the exercise of their functions, warning that in no case is authorized the Treatment of the information for purposes other than those described herein, and that they are communicated to the Holder directly at the time of collection at the latest.
Purpose of processing the personal data of Users / Subscribers
The main purpose of the collection, storage, use and/or circulation of personal data of KUTAI INC users is to provide the services offered and/or contracted in an adequate manner and with excellent quality. Therefore, the purposes of collection and processing of Personal Data of Users and Subscribers of KUTAI INC will be the following: Ordering, cataloging, classifying, dividing or separating and storing the personal data within the systems and files of KUTAI INC.
- Creation and administration of the user's account.
- To provide the maintenance, development and/or control of the commercial relationship between the Data Subject and KUTAI INC.
- Provide users with information, through the website and the application, about KUTAI's services.
- Conduct processes within KUTAI for operational development and/or system administration.
- Train and improve KUTAI's artificial intelligence systems and models to provide better services to users.
- To provide the company's services and follow up on the particular needs of the user, in order to provide the appropriate services and products.
- Sending news information, newsletters, educational forums, advertising or marketing, distance selling. Making use of means such as, email, PUSH notifications, text messages (SMS), offers of products and / or services found on the website and application.
- Keeping a historical record of information, for customer experience purposes, developing analysis on interests and needs, thus providing a better service. - Elaboration of commercial prospecting and market segmentation.
- Development of commercial prospecting and market segmentation.
- Conduct satisfaction surveys and offer or recognition of benefits of our loyalty program and after-sales service, to qualify the service and attention through the channels provided for this purpose.
- Manage requests, complaints or claims from the company's users or third parties; and direct them to the areas responsible for issuing the corresponding responses.
- Submit reports to the inspection, surveillance and control authorities, and process the requirements made by administrative or judicial entities.
- Administrative, commercial and advertising uses that are established in the agreements signed with the clients.
- Accounting, economic, tax, and administrative management of clients, users, and subscribers.
- Conservation of the information for the terms established in the Law, especially the one referring to the information of the books and papers of the merchant that must be stored for a period of ten (10) years, as provided in Article 28 of Law 962 of 2005.
- Transfer or Transmission of Personal Data nationally or internationally to suppliers with whom KUTAI INC develops activities in compliance with its corporate purpose. Likewise, Transfer may be made to strategic allies of the company to carry out marketing, advertising and promotional activities associated with the corporate purpose; all in accordance with the provisions of Colombian law.
- Forward information to the Processors to facilitate and improve the quality of service of KUTAI INC.
- Reports to credit bureaus for noncompliance with financial obligations derived from the commercial relationship.
- In the event that other types of purposes are used in the processing of personal data, the prior, express and informed authorization of the Data Subject will be requested.
Purpose of the processing of employee and candidate data
Before starting the employment relationship, KUTAI INC will inform the candidates in the selection processes the purposes of the treatment that will be given to the personal data they provide in such process, and will be responsible for requesting the corresponding authorization for its treatment, which will be limited to:
- Classify, store and file the personal data of the candidates of the selection processes. - Verify and obtain references from natural or legal persons, former employers provided by candidates in resumes, forms, among others.
- Deliver or transmit information to third parties responsible for the selection processes.
- Verify, compare and evaluate the work and personal competencies of prospective employees with respect to the selection criteria.
- Comply with the legal duties to which the company is bound.
- I send job offers.
The collection and processing of personal data of employees will be done in order to develop the activities agreed between KUTAI INC and its employees, as well as to carry out the following activities:
- To provide the maintenance, development and/or control of the commercial relationship between the Data Subject and KUTAI INC.
- Advance processes within KUTAI for the purpose of operational development or system administration.
- Carry out records of economic, accounting, tax, and administrative management, for the management of collections and payments, billing, and compliance with financial obligations.
- Make tax declarations or manage tax information and collection.
- Contact an emergency contact person or guardian
- Insure employees in the Social Security System.
- Perform human resources management in matters related to training, temporary employment, social benefits, occupational risk prevention, employment promotion and management, personnel selection, time control and, in general, payroll-related matters.
- Request information on credit accounts, deposits, compliance with financial obligations and pension fund management for the fulfillment of obligations and the normal development of the labor relationship.
- Process the preparation of certifications related to your status as an employee, such as income and withholding certificates, labor certificates, etc.
- Security and building access control.
- Inform clients about the work team.
- Make reports to the inspection, surveillance and control authorities.
- Process responses to requests from administrative or judicial entities.
- Other administrative, commercial, and labor uses established in contracts or arising from their work activity.
- Analysis and evaluation of the employee's academic background.
- Conservation of the information for the terms established in the Law, especially the one referring to the information of the books and papers of the merchant that must be stored for a period of ten (10) years, as provided in Article 28 of Law 962 of 2005.
- Transfer or transmission of data nationally or internationally, if applicable, for purposes related to the operation of KUTAI INC, in accordance with the provisions of law and always ensuring compliance with the requirements established in the Colombian regulations.
- In the event that other types of purposes are used in the processing of personal data, the prior, express and informed authorization of the Data Subject will be requested.
Purpose of the processing of Suppliers' personal data
The collection and processing of personal data of suppliers will be done in order to contact and contract the products or services that KUTAI INC requires for the normal functioning of its operation, likewise will have the following purposes:
- Request or perform consulting, auditing, advisory, or related services with suppliers.
- Comply with KUTAI's internal processes regarding supplier and contractor management.
- Advance processes within KUTAI for the purpose of operational development or system administration.
- Make tax declarations or manage tax information and collection.
- Maintain a record of supplier information.
- Submit reports to inspection, oversight, and control authorities and/or respond to administrative entity requirements.
- Conduct supplier management and payment collection and processing.
- Carry out the registration and control of entry and exit of KUTAI INC facilities.
- Verify the information provided by suppliers to control and prevent fraud.
- Manage administrative procedures to carry out any other activity in compliance with the relationship between suppliers and KUTAI INC.
- Conservation of the information for the terms established in the Law, especially the one referring to the information of the books and papers of the merchant that must be stored for a period of ten (10) years, as provided in Article 28 of Law 962 of 2005.
- Transfer or transmission of data nationally or internationally, if applicable, for purposes related to the operation of KUTAI INC, in accordance with the provisions of law and always ensuring compliance with the requirements established in the Colombian regulations.
- All other administrative and commercial uses established in the contracts or arising from their activity.
- For other purposes or treatments, prior, express, and informed authorization from the Data Subject will be requested.
The purpose of processing personal data of Partners.
The collection and processing of personal data of KUTAI INC partners will be of a private nature and will be carried out to enable the exercise of rights and duties related to such status, as well as to fulfill the following purposes:
- nomic, accounting, tax, and administrative management.
- Issue certifications of share ownership, as well as issue share certificates and any other necessary documents for the proper development of the corporate purpose, subject to prior authorization. • Carry out processes within KUTAI for the purpose of operational development or system administration.
- Fulfill any other purpose necessary for the development of the rights and duties inherent to their status as shareholders.
- Conservation of the information for the terms established in the Law, especially the one referring to the information of the books and papers of the merchant that must be stored for a period of ten (10) years, as provided in Article 28 of Law 962 of 2005.
- Transfer or transmission of data nationally or internationally, if applicable, for purposes related to the operation of KUTAI INC, in accordance with the provisions of law and always ensuring compliance with the requirements established in the Colombian regulations.
- For other purposes or treatments, prior, express, and informed authorization from the Data Subject will be requested.
Authorization and consent of the data subject.
The consent and authorization from the Data Subject is a requirement that data controllers must fulfill. Consent must comply with:
Prior: The Data Subject must authorize prior to any processing of personal data.
Express: The authorization must be granted unequivocally, clearly, and specifically.
Informed: The Data Subject must clearly understand for what purposes their personal data will be processed and the purposes that may arise from such processing.
All visitors to KUTAI INC's Platforms must register and authorize the processing of their personal data in order to use the services offered. Therefore, in each of the systems, there is a checkbox labeled "Privacy Policy" which must be read and accepted in order to proceed with the use of KUTAI INC's services.
Access channels and mechanisms provided by KUTAI INC.
In compliance with the constitutional guarantee of Habeas Data regarding the rights of access, updating, rectification, and deletion by the Data Subject of personal data, their successors, legal representatives, and/or agents, KUTAI INC will enable access channels for the Data Subjects.
All communications, inquiries, complaints, and/or claims must be directed to the Personal Database Protection Officer or to the CUSTOMER EXPERIENCE AREA of KUTAI INC, through any of the following means:
Electronic Attention: The Data Subject must submit their request through the help center available on the virtual platform.
Written Attention: The Data Subject must submit their formal request to the address: Customer Service, 2600 So Douglas Rd, Ste 913 Coral Gables, FL 33134, United States of America.
Legal procedure for requests, complaints, and claims.
Requests, complaints, or claims may be submitted either through a document with the characteristics described for each case or through the requests, complaints, and claims form available for consultation at www.kutai.co in the "Contact" section.
Requests
Regarding the right to petition for information and/or inquiries, KUTAI INC will respond within a maximum of ten (10) business days from the day following the date of receipt of the petition or inquiry.
If it is not possible to address the inquiry within said period, the interested party will be informed, indicating the reason for the delay and specifying the date when it will be addressed, which shall not exceed five (5) business days following the expiration of the initial term. The inquiry document must contain the following:
Department of KUTAI INC to which it is addressed (Customer Experience)
The name and identification number of the Data Subject.
Copy of the Data Subject's identification document
In case the successor of the Data Subject requests the inquiry, they must attach to the inquiry: Department of KUTAI INC to which it is addressed (Customer Experience)
The name and identification number of the Data Subject.
Copy of the successor's identification document.
Copy of the Data Subject's death certificate.
Document establishing the capacity in which they act.
Copy of the Data Subject's identification document
Full description of the inquiry.
Address and contact information of the inquirer.
If it concerns the legal representative and/or agent of the Data Subject, they must present:
Department of KUTAI INC to which it is addressed (Customer Experience)
The name and identification number of the Data Subject.
Copy of the legal representative's identification document
Document certifying the capacity in which they act (power of attorney, certification).
Copy of the Data Subject's identification document
If the agent is a minor, they must present their identity card and/or birth certificate, as well as the document certifying their status as the minor's representative or guardian.
Full description of the inquiry.
Address and contact information of the inquirer.
Complaints and/or claims
If the Data Subject believes that their information should be corrected, updated, or deleted, or if they identify a possible breach of their rights, the maximum term to address the complaint or claim shall be fifteen (15) business days, counted from the day following the date of receipt of the document.
If it is not possible to address the claim within that period, the interested party will be informed of the reason for the delay and the date it will be addressed, which shall not exceed eight (8) business days following the expiration of the initial term. If the claim is incomplete, the interested party will be required within five (5) days following the receipt of the complaint and/or claim to rectify the deficiencies. If two (2) months have passed since the date of the request without the applicant providing the required information, the complaint or claim will be considered withdrawn. The complaint or claim document must contain:
Department of KUTAI INC to which it is addressed (Customer Experience)
The name and identification number of the Data Subject.
Copy of the Data Subject's identification document
If the successor of the Data Subject submits the complaint and/or claim, they must attach: Department of KUTAI INC to which it is addressed (Customer Experience)
The name and identification number of the Data Subject.
Copy of the Data Subject's identification document
Copy of the successor's identification document.
Copy of the Data Subject's death certificate.
Full description of the inquiry.
Address and contact information of the inquirer.
Document establishing the capacity in which they act.
If it concerns a legal representative and/or agent:
Department of KUTAI INC to which it is addressed (Customer Experience)
The name and identification number of the Data Subject.
Copy of the Data Subject's identification document
Copy of the legal representative's identification document
Document certifying the capacity in which they act (power of attorney, certification).
If the agent is a minor, they must present their identity card and/or birth certificate, as well as the document certifying their status as the minor's representative or guardian. Description of the facts that give rise to the claim and/or complaint.
The objective pursued.
Address and contact information of the claimant.
Processing of sensitive personal data
KUTAI INC will not collect, store, or process sensitive data unless strictly necessary. If such a situation arises, no processing will be conducted without the proper prior, informed, and express authorization from the Data Subject, except in cases where the granting of authorization is not required by law, and one of the following exceptions applies:
- When the processing is necessary to safeguard the vital interests of the Data Subject and they are physically or legally incapacitated.
- When the processing is carried out in the course of legitimate activities with appropriate safeguards by a foundation, NGO, association, or any other non-profit organization, whose purpose is political, philosophical, religious, or union-related, provided that it exclusively concerns its members or individuals who maintain regular contact due to its purpose, in which case, the data cannot be disclosed to third parties without the Data Subject's authorization.
- When the processing concerns data necessary for the recognition, exercise, or defense of a right in a judicial process.
- When the processing has a historical, statistical, or scientific purpose. In this case, measures must be taken to ensure the anonymization of the Data Subjects.
- When carried out in compliance with a public or administrative order in the exercise of its legal functions or by judicial order.
Responses to questions about sensitive data are optional; therefore, they will not be mandatory. In any case, KUTAI INC will strictly observe legal limitations on the processing of sensitive data. KUTAI INC will not condition any activity on the provision of sensitive data. Sensitive data will be treated with the utmost diligence and with the highest security standards. Limited access to sensitive data will be a guiding principle to safeguard their privacy, and therefore, only authorized personnel will have access to this type of information.
The processing of sensitive data for purposes other than those expressly authorized by the Data Subject is prohibited.
Processing of personal data of minors
KUTAI INC avoids processing personal data of children and adolescents under 18 years of age. The use of the platform is only for adults. However, in the event that minors under 18 years of age with legal capacity wish to use the service, they must obtain express authorization from their legal representative.
If processing personal data of minors is necessary, KUTAI INC, as the Data Controller, will ensure that such personal data is treated appropriately, applying the principles and obligations established in Law 1581 of 2012 and other provisions regarding the protection of personal databases.
The processing of personal data of minors will receive special handling and rigorous measures for their protection. Personal data that is not of public nature will comply with the following parameters and requirements.
- KUTAI INC will respond to and respect the best interests of minors.
- The respect for the fundamental rights of minors will be ensured.
- The opinion of the minor will be considered when they have the necessary capacity and autonomy to understand the matter.
Only the legal representatives of minors authorize the processing of personal data. If this authorization is not available, no processing of such data will be carried out, and the service will not be provided to the minor.
Transmission or transfer, either national or international
KUTAI INC may share personal data information with third parties for the development of its activities and corporate purpose, always protecting the rights and information of the data subject.
The Transmission or Transfer of Personal Data that is carried out will adhere to the rules established by the applicable regulations and the regulatory authority, especially the following:
- When it comes to domestic transmissions or transfers of personal data, KUTAI INC will ensure compliance with the requirements of the current data protection legislation and the protective measures by the processor or new controller, as appropriate.
- If it is an international transfer, it must be ensured that the recipient country of the personal data provides adequate levels of protection, as established by the Control Authority in Colombia, so that it issues the conformity declaration referred to in the first paragraph of Article 26 of Law 1581 of 2012. When the recipient country does not meet the appropriate data protection standards, the transmission or transfer will be prohibited unless one of the following legal exceptions is met:
Or that the Data Subject has given express and unequivocal authorization for the transfer or transmission of data.
Or exchange of medical data when required by the treatment of the Data Subject for reasons of public health and hygiene.
Banking or stock transfers, in accordance with the legislation applicable to them. Or transfers agreed upon within the framework of international treaties in which Colombia is a party, based on the principle of reciprocity.
Transfers necessary for the execution of a contract between the Data Subject and the data controller, or the execution of pre-contractual measures provided that authorization from the Data Subject is obtained.
Validity
The Personal Data that are stored, used, or transmitted will remain in KUTAI INC's databases for as long as necessary to fulfill the purposes stated in this manual or for the Company to comply with its legal obligations
If necessary, KUTAI INC reserves the right to unilaterally modify this Policy.