CONTACT US
en_GB EN
en_GB EN es_CO ES
Data policy:

This document seeks to present the personal data processing policies that every entity must have in accordance with Law 1581 of 2012. In this document you will find all the guidelines, directives and principles that will govern the processing of personal data that COLOMBIA DIVERSA carries out in the execution of its mission activities.

COLOMBIA DIVERSA is an organisation that works for the defence of the human rights of LGBTI people and for the inclusion, respect for the integrity of rights, recognition, mobilisation and visibility of LGBTI people in the economic, social, political and cultural spheres, with the aim of contributing to the construction of a democratic, modern and socially just society in Colombia. COLOMBIA DIVERSA recognizes the importance of security, privacy and confidentiality in the processing of personal data of all persons with whom it has a relationship, which is why it has adopted a series of measures that seek to ensure compliance with Law 1581 of 2012 and its regulatory decrees and at the same time provide a guarantee of compliance to all persons that at all times performs an adequate treatment of their personal data.

Within this policy you will find a series of principles and rights that the holders of personal data have and then you will find the detailed procedure to exercise your right to consult, claim or request the deletion and/or revocation of the authorisation, as well as the suitable means of consultation for this purpose.

  1. OBJECTIVES:

The purpose of this document is to establish the criteria for the processing of personal data collected by COLOMBIA DIVERSA in accordance with the guidelines established by Law 1581 of 2012 and, likewise, to comply with the provisions of paragraph K of article 17 of the aforementioned law.

2. SCOPE:

This policy applies to all personal information of natural persons registered in the databases of COLOMBIA DIVERSA, who acts as responsible or in charge of the processing of personal data in the development of its activity and management, in compliance with the provisions of Law 1581 of 2012 and other provisions that modify, add or complement it. This policy is aimed at citizens, suppliers, donors, contractors, employees in general of all its stakeholders, on whom COLOMBIA DIVERSA processes personal information. Likewise, this processing policy shall be mandatory for all contractors, employees, volunteers, suppliers and in general with any natural or legal person with whom COLOMBIA DIVERSA maintains or enters into a contractual relationship.

2.3 DEFINITIONS:

Authorisation: Prior, express and informed consent of the Data Subject to carry out the Processing of personal data.

Database: An organised set of personal data which is the subject of processing.

Personal information: Any information linked or capable of being linked to one or more specific or identifiable natural person(s)

Sensitive data: Sensitive data are those that affect the privacy of the Data Subject or whose improper use may lead to discrimination, as well as data relating to health, sex life and biometric data.

Data Processor: Natural or legal person, public or private, who by himself or in association with others, carries out the Processing of personal data on behalf of the Controller.

Data Controller: Natural or legal person, public or private, who alone or in association with others, decides on the database and/or the Processing of the data.

Headline: Natural person whose personal data is the subject of processing.

Treatment: Any operation or set of operations on personal data, such as collection, storage, use, circulation or deletion.

3. GUIDING PRINCIPLES:

The data processing carried out by COLOMBIA DIVERSA shall be governed by the principles contained in Law 1581 of 2012, its regulatory decrees and, additionally, by the following:


3.1. PRINCIPLE OF NON-DISCRIMINATION AND RESPECT FOR DIVERSITY COLOMBIA DIVERSA is an organisation that respects the sexual orientation and gender identity of individuals. For this reason, it will always use the pronouns and the name provided by the owner of the personal data, regardless of whether it corresponds to the data contained in his/her identity document.

3.2. PRINCIPLE OF NO HARMFUL ACTIONS COLOMBIA DIVERSA will have as a guiding principle the confidentiality and no harmful actions when a person comes in search of services or as a beneficiary of a project. This includes the protection in the processing of personal data and will only request personal data strictly necessary for the provision of the service.

4. TREATMENT:

COLOMBIA DIVERSA will process the personal data that it captures, stores and collects, whether in the role of data controller or data processor, taking into account the principles established in Law 1581 of 2012 and also the purposes, which in any case will be presented to the data subject at the time of requesting authorisation for processing. Additionally, the processing includes the possibility that personal data may be transmitted to partner organisations, donors or project funders, in which case the holder will be informed, especially in the case of sensitive data.

SENSITIVE DATA: Law 1581 of 2012 prohibits the processing of sensitive personal data in general, with the exception of only a few grounds, including the one established in article 6 paragraph c of the aforementioned law, for which reason COLOMBIA DIVERSA will process sensitive data within the framework of its legitimate functions as a civil society organisation, solely for the purpose of ensuring its mission objectives and in any case requesting authorisation for the processing of such data as will be seen below.

5. TYPES OF DATABASE:

a. Databases of recipients of the organisation's services: This database gathers the data of the people who receive the services provided by COLOMBIA DIVERSA as a civil society organisation and its purpose is to keep a record of the people who are beneficiaries of the services provided by the organisation. The information contained in this data serves as input for the reports that COLOMBIA DIVERSA must make to the donors of the different projects and may contain public, private and sensitive data.

Eventually, this database may be used to contact the beneficiaries in order to know the satisfaction with the care provided, to manage additional information about their queries and cases, to continue with the provision of the service and so on. In any case, within the authorisation for the processing of personal data, this option will be indicated and the person will be free to select whether they wish to participate in subsequent evaluations.

b. Donor Database: As a civil society organization, COLOMBIA DIVERSA receives donations from natural and legal persons, whose data will be organized in a database whose purpose is to compile the tax information required by the authorities. This database contains data of a public and private nature that are provided by the owners at the time of making the donation.

c. Database of collaborators, contractors, volunteers and interns: This database gathers all the data of the people who provide their services for COLOMBIA DIVERSA and its purpose is the effective contractual management, in each of the stages, and to comply with civil and labour regulations that apply as appropriate. This database contains personal data of a public, private and sensitive nature and will be for the exclusive use of COLOMBIA DIVERSA, so that personal data will only be transmitted if necessary for the fulfilment of legal and contractual obligations.

d. Database of beneficiaries of the organisation's programmes: The data of the beneficiaries of the services, programmes and projects implemented by the organisation itself or through third parties will be consolidated in a database containing personal, public, private and sensitive data of the participants. The purpose of this database is the effective management of information and the presentation of reports to donors and other entities with which COLOMBIA DIVERSA has contracts or agreements. In any case, the security and guarantee of the rights of the users will be ensured, with their due authorisation for the processing of personal data.

6. ACCESS, SURVEILLANCE AND SECURITY OF THE FACILITIES:

The facilities of COLOMBIA DIVERSA and its surroundings are videotaped at all times in order to ensure the security of the space and the constant monitoring of the same. The personal information captured in this way will be stored for a period of no more than 90 days.
The video surveillance will be announced through visible notices inside and outside the premises so that people entering the premises are aware that they are being videotaped.

7. AUTHORISATIONS:

7.1. AUTHORISATION FOR THE PROCESSING OF PERSONAL DATA:
COLOMBIA DIVERSA will request authorisation from the owner of the information in order to grant prior and informed consent for the processing of their personal data for the purposes contemplated in this policy.

The consent of the data subject may be provided by any means that may be subject to subsequent consultation, such as electronic means, written communication, verbal.

The authorisation granted by the holder to COLOMBIA DIVERSA allows, among other things, the use of the personal data and other information provided for the purposes of the organisation and the exercise of its corporate purpose, and to carry out the normal processes arising from the provision of services, mission projects and/or administrative procedures that are executed within the organisation.

7.1.1. AUTHORISATION FOR THE PROCESSING OF SPECIAL DATA:
Taking into account the purposes and purpose of COLOMBIA DIVERSA, in many cases it will be necessary to process sensitive data for the provision of services, inclusion in projects and in general for the mission activities of the organisation. In such cases, authorisation will always be requested from the owner of the personal data and the owner will be informed of the following:
1. You are not obliged to give your authorisation or consent to the processing of this type of information.
2. Prior and explicit information shall be provided on which sensitive data will be requested.
3. Communicate the purpose for which sensitive data will be processed.

7.2. AUTHORISATION FOR THE PROCESSING OF CHILDREN'S DATA:
Due to the best interests of children and adolescents and the prevalence of their rights over others, COLOMBIA DIVERSA - as a civil society organisation with the constitutional duty to assist and protect children and adolescents in order to guarantee their harmonious and integral development and the full exercise of their rights - may exceptionally dispense with requesting the authorisation of the legal representative of the minor for the processing of their data when their fundamental rights, especially the life and dignity of children and adolescents, children and adolescents in order to guarantee their harmonious and integral development and the full exercise of their rights - may exceptionally dispense with requesting the authorisation of the legal representative of the minor for the processing of their data when their fundamental rights, especially life, integrity, health or the free development of their personality, are at serious and imminent risk due to situations of physical or moral violence, abandonment or serious parental negligence. In any case, COLOMBIA DIVERSA will respect the right of the child or adolescent to be heard and will only process those data that are absolutely essential to guarantee their best interests, after assessing the maturity, autonomy and capacity of the minor to understand the matter in question.

7.3. CASES WHERE AUTHORISATION IS NOT REQUIRED:
Law 1581 of 2012 establishes a series of cases in which authorisation is not required for the processing of personal data, which COLOMBIA DIVERSA may process in the course of its mission. These cases in which authorisation is not required are the following:
1. Information required by a public or administrative body in the exercise of its legal functions or by court order.
2. Data of a public nature.
3. Cases of medical or health emergencies.
4. Processing of information authorised by law for historical, statistical or scientific purposes (in which case the information will be anonymised).
5. Data related to the Civil Registry of Persons.

8. RIGHTS OF THE OWNERS:

The holders of personal data have a series of rights which are contained in Law 1581 of 2012 and its regulatory decrees, such as Decree 1377 of 2013. Among these are the rights of the data subject to:
8.1 To know, update and rectify your personal data in relation to COLOMBIA DIVERSA. This right may be exercised, among others, in relation to partial, inaccurate, incomplete, fractioned, misleading data, or data whose processing is expressly prohibited or has not been authorised.

8.2 Request proof of the authorisation granted to the Data Controller, except when expressly exempted as a requirement for the Processing, in accordance with the provisions of article 10 of the present law.

8.3 Be informed by COLOMBIA DIVERSA upon request about the use that has been made of their personal data.

8.4 File complaints before the Superintendency of Industry and Commerce for infringements of the provisions of this law and other regulations that modify, add to or complement it.

8.5 Request the revocation of the authorisation and/or request the deletion of the data when COLOMBIA DIVERSA has incurred in conduct contrary to this law and the Constitution.
The above rights may be exercised by the following persons

  • The holder of the personal data.
  • For their successors in title.
  • By the representative and/or attorney-in-fact of the Data Controller, upon accreditation of the
    representation or proxy.

9. DUTIES OF COLOMBIA DIVERSA:

COLOMBIA DIVERSA is aware of its responsibility in the processing of personal data, whether as a data controller or data processor. In this regard, the organisation undertakes to:

9.1 Guarantee the Data Subject, at all times, the full and effective exercise of the right of habeas data through the channels of attention established in this policy.

9.2 Keep a copy of the authorisations granted by the holders of the information.

9.3 Inform about the purposes of the collection, the use and the rights to which they are entitled by virtue of the authorisation granted.

9.4 Have security protocols and infrastructure in place to prevent tampering, loss or unauthorised access to personal data collected.

9.5 Ensure that the information to be transmitted or transferred to third parties is authorised for the processing of personal data.

9.6 Rectify information when it is known to be incorrect.

9.7 Require third parties with whom it transmits or transfers personal data to have the security and privacy conditions to guarantee the same standards implemented by Colombia Diversa.

9.8 To process complaints and queries under the terms established by law and by this processing policy.

9.9 Adopt an internal policies and procedures manual to ensure proper compliance with Law 1581 of 2012.

9.10 Inform the data protection authority when there are violations of security codes and there are risks in the administration of data subjects' information.

9.11 Comply with instructions.

10PROCEDURE FOR THE EXERCISE OF THE RIGHT TO PROTECTION OF PERSONAL DATA:

In compliance with the rules of personal data protection, COLOMBIA DIVERSA has established the following procedure so that the owners of the information can exercise their rights fully and with all the guarantees.

10.1. CONSULTATIONS:
The right to consultation consists of the right of the owner of the data, their successors in title, or anyone with a legitimate interest to make enquiries before COLOMBIA DIVERSA in order to find out what personal data of the owner are processed by COLOMBIA DIVERSA.

In accordance with the above, COLOMBIA DIVERSA will guarantee the right of consultation by disclosing the personal information linked to the holder.

Queries shall be submitted through the channels provided for this purpose and shall be dealt with within a maximum period of ten (10) working days from the date of receipt thereof. When it is not possible to deal with the query within said term, the interested party shall be informed, stating the reasons for the delay and the date on which the query will be dealt with, which shall not exceed five (5) working days following the expiry of the first term, in accordance with the provisions of article 14 of Law 1581 of 2012.

10.2. CLAIMS and COMPLAINTS:
Claims consist of a request that the Data Subject or his/her assignees who consider that the information contained in a database should be corrected, updated or deleted, or when they notice the alleged breach of any of the duties contained in this policy or in the law, may submit a claim to COLOMBIA DIVERSA.

The claim shall be formulated by means of a request addressed to COLOMBIA DIVERSA through the established channels, with the identification of the Holder, the description of the facts that give rise to the claim, the address, and accompanying the documents that the claimant wishes to assert.

Once the complaint has been received, a legend will be included in the database stating "complaint in process" and the reason for the complaint, within a period of no more than two (2) working days. This legend must be maintained until the complaint is resolved.

The maximum term to deal with the claim will be fifteen (15) working days from the day following the date of receipt. When it is not possible to deal with the claim within this period, the interested party will be informed of the reasons for the delay and the date on which the claim will be dealt with, which in no case may exceed eight (8) working days following the expiry of the first period.

10.3. DELETION OF INFORMATION AND REVOCATION OF AUTHORISATION:
The holders of the personal data have the right to request the deletion of the personal data and/or the revocation of the processing authorisation, taking into account the following exceptions:

Deletion: Deletion is understood to mean the elimination of all or part of the personal data held on the holder from COLOMBIA DIVERSA's databases. However, this deletion shall not apply in cases in which a record must be kept, either by law or due to contractual links that the holder has or has had with COLOMBIA DIVERSA.

Revocation of the authorisation: The revocation of the authorisation consists of a faculty that the holder has to revoke the authorisation previously granted to COLOMBIA DIVERSA, this will only proceed when it is not necessary to continue with the processing of the information by mandate of the law or for contractual purposes.

Once COLOMBIA DIVERSA receives a request for deletion of the information or revocation of the authorisation, COLOMBIA DIVERSA will proceed to the analysis of such request, which must contain at least the identification of the owner, contact details, reasons or facts to which the request refers.

11. SERVICE CHANNELS:

COLOMBIA DIVERSA, as the party responsible for the processing of personal data, is authorised to exercise the rights of the owners:

Email: protecciondedatos@colombiadiversa.org

Area Responsible for Complaints: The area of COLOMBIA DIVERSA in charge of ensuring compliance with this policy is the Executive Management, which will advance the processing of requests from the holders to enforce their rights. This will have a direct communication with those responsible for the different databases previously identified and treated by COLOMBIA DIVERSA, in order to ensure that all aspects mentioned are properly collected and that the duties stipulated by law are fulfilled.

12. AMENDMENTS TO THIS POLICY:

COLOMBIA DIVERSA, may modify the terms and conditions of this document of policies and procedures as part of the effort to comply with the obligations established by Law 1581 of 2012, regulatory decrees and other regulations that complement, modify or repeal the contents of this document. Should this occur, the new policies and procedures document will be published on the website www.colombiadiversa.org or in any other medium deemed relevant.

13. VALIDITY:

This Policy is effective as of (8) February 2022.

DIVERSE COLOMBIA
WORK AREAS
INSTITUTIONAL
FOLLOW US
Facebook-f Instagram Youtube X-twitter
With the support of:
KINGDOM OF THE NETHERLANDS - LOGO
FORD FOUNDATION - LOGO
IDRC - logo
NORWEGIAN FUND - logo
OUTRIGHT - logo
ICTJ - logo
CAID V - logo
ARCUS - logo
EUROPEAN UNION - logo
AECID - logo
DIAKONIA - logo
WELLSPRING - logo
INTERPARES - logo
© 2025 colombia diversa