STAFFINGABROAD S.A.S., identified with Tax ID No. 901.507.209-8, with headquarters at Carrera 12 #96-81 of Bogotá, D.C. (“STAFFINGABROAD”) is respectful of and is committed to the privacy and safeguard of the data of the persons comprising its stakeholders, including, amongst others: Shareholders, Applicants, Employees, Talents, Clients, Suppliers, Advertising Campaign Participants, Attendants, and Digital Users (“Stakeholders”), as well as, in general, the information of all the individuals from whom it collects and processes Personal Data.
The purpose of this Privacy Policy (“Policy”) is to describe the practices and standards followed by STAFFINGABROAD during the Processing of the Databases and the Personal Data included in them, to propel the safeguarding of this information and ensure the effective enforcement of Data Subject’s rights. Furthermore, this Policy enables Data Subjects to know how and for what purposes the Processing of their personal information is carried out. Likewise, this Policy aims to ensure that the Processing of Personal Data fully complies with the Colombian Personal Data Protection Regulation (“CDPR”).
The guidelines set forth in this Policy shall be complied with during the Processing of all Personal Data that STAFFINGABROAD collects, stores, uses, transfers, deletes, and/or suppresses, by means of all Employees or Data Processors that carry out the Processing of Personal Data on behalf of and/or in the name of STAFFINGABROAD.
Consent: It is the prior, express, and informed consent given by the Personal Data Subject to the Controller, which allows it to process his/her Personal Data.
Privacy Notice: It is the verbal or written communication that STAFFINGABROAD discloses to the Data Subject, and by means of which it informs him/her about the existence of the Privacy Policy, the mechanisms available to access it, and the purposes applicable to the Processing of his/her Personal Data.
Database(s): It is the database containing the Personal Data of the Talents to be made available to the Processor, which is under the Controller’s control.
Employees: All individuals linked to STAFFINGABROAD and who carry out activities aimed at developing its purpose, regardless of the type of relationship or contract signed.
Query: It is the consultation made by the Data Subject, the assignee, or his representative regarding the Processing of his Personal Data by the Controller or the Processor.
Cookies: These are files and/or automated tools that the Website installs on the User’s device to collect information, including Personal Data.
Personal Data: It is any information associated or that can be associated with one or several determined or determinable natural persons.
Private Data: It is that which, due to its intimate or reserved nature, is only relevant to the Data Subject.
Public Data: Personal Data that is not semi-private, private, or sensitive. Among others, data related to the marital status of individuals, profession or trade, and the status of merchant or public servant are considered public data.
Semi-private Data: It is information that is not of an intimate, reserved, or public nature and the knowledge or disclosure of which may be of interest not only to its Data Subject but also to a certain sector or group of people or to society in general, such as financial and credit data of business or service activity.
Sensitive Data: Personal Data that affects the privacy of the Personal Data Subject or whose improper use may generate discrimination. Among others, racial or ethnic origin, political orientation, convictions, beliefs, religious, health, sex life, and biometric Personal Data.
Data Processor/Processor: It is the person or legal entity, public or privately owned, which carries out the Processing of the Database on behalf of the Controller, by itself or in association with others.
Website: It is the web browser under STAFFINGABROAD management. It is accessed through the link: https://staffingabroad.com/.
Privacy Policy / Policy: It is this STAFFINGABROAD Privacy Policy.
Accountability Principle: It consists of the obligation of Data Controllers and Processors to comply with the CDPR, being able to demonstrate that they have adopted appropriate and effective measures to fully comply with the requirements of the rules that make up the CDPR.
Complaint: It is the request submitted by the Data Subject, its successor, or representative, before the Data Controller or the Data Processor, in the cases in which he/she considers that the information contained in a Database should be subject to correction, updating, or deletion; or, in the cases in which he/she notices the alleged breach of a duty under the CDPR.
Colombian Data Protection Regulations / CDPR: It is the regulations on the processing of Personal Data in Colombia, which includes both the Colombian General Data Protection Regulations and the Colombian Financial Data Protection Regulations.
Colombian General Data Protection Regulations / CGDPR: Means the general regulations governing the protection of Personal Data in Colombia, which includes Law 1581 of 2012, Law 2300 of 2023, Regulatory Decree 1377 of 2013, Decree 886 of 2014, Unified Regulatory Decree 1074 of 2015, Decree 255 of 2022, Title V of the Unified Directive of the Superintendence of Industry and Commerce and other regulations that complement or modify them.
Colombian Financial Data Protection Regulations / CFDPR: This refers to the special regulations governing the processing of personal data in the context of financial, credit, business, service, and third-country information databases, which include Law 1266 of 2008, Decree 4886 of 2011, Law 2157 of 2021, and Title V of the Unified Directive of the Superintendency of Industry and Commerce and other regulations that complement or modify them.
National Database Registry / RNBD: It is the public directory of free consultation that contains the Personal Data Bases subject to Processing that operate in the country, which is operated by the SIC.
Data Controller: It is the natural or legal person, public or private, that by itself or in association with others, decides on the Processing of the Database and/or the Processing of Personal Data. For the purposes of this Policy, it will be STAFFINGABROAD, unless otherwise indicated.
SIC: It is the Colombian Data Protection Authority, i.e., the Superintendence of Industry and Commerce.
Data Subject(s): The natural person or persons whose Personal Data is held in the Database. In this case, it refers to the Talents.
Controller-to-Controller Transfer: Refers to the transmission of Personal Data between two independent entities (Controllers), located in Colombia or abroad. Both entities independently determine the purposes and means of Processing the Personal Data.
Controller-to-Processor Transfer: Refers to the transfer of Personal Data from a Data Controller to a Data Processor. In this relationship, the controller determines the purposes and means of Processing the Personal Data. The Processor Processes the data on behalf of the Controller, following the latter’s instructions.
Processing: It is any operation or set of operations performed on the Personal Data, such as the collection, storage, use, circulation, or deletion thereof.
User: It is the individual who enters and/or makes use of the Website or its functionalities, such as those available in the sections: “Contact Sales” and “Work With Us.”
STAFFINGABROAD will follow these principles during the Processing of the Databases and the Personal Data included therein:
Principle of Restricted Access and Disclosure:
The Processing shall be subject to the limits derived from the nature of the Personal Data, the Constitution, and the CDPR. Access to Personal Data must be adequate, relevant, and limited to the people authorized by the Data Subject and/or to the individuals provided for in the CDPR. The Databases and Personal Data, with the exception of Public Data, may not be made available on the Internet or other means of dissemination or mass communication unless access is technically controllable to provide restricted access solely to Controllers, Data Subjects, or authorized third parties.
Confidentiality Principle:
The reserve and integrity of the Personal Data shall be guaranteed by means of technical, legal, and administrative safeguards, even after the tasks that comprise the Processing have been completed. The provision or communication of Personal Data shall only be carried out when it pertains to the development of the processing activities allowed by the CDPR.
Principle of Freedom:
Processing may only be carried out with prior, express, and informed Consent granted by the Data Subject. Personal Data may not be obtained or disclosed without prior Consent or in the absence of a legal or judicial mandate that relieves this Consent.
Principle of Purpose:
The Processing of Personal Data must obey legitimate purposes in accordance with the Constitution, the Law, and the CDPR. Moreover, such purposes must be informed to the Data Subject and consented to by him/her in an express, prior, and informed manner, with the exception of those cases expressly exempted under the CDPR.
Legality Principle:
The Processing of Personal Data shall comply with the provisions applicable under the CDPR.
Security Principle:
All necessary technical, human, and administrative measures shall be implemented to provide security to the Databases and Personal Data, avoiding unauthorized or fraudulent adulteration, loss, consultation, use, or access.
Principle of Truthfulness or Quality of Information:
The Personal Data subject to Processing shall be truthful, complete, accurate, up-to-date, verifiable, and understandable. Partial, incomplete, fractioned, or misleading data shall not be processed.
Principle of Transparency:
The right of the Data Subject to obtain from the Controller or Processor, at any time and without restrictions, information about the existence of the Personal Data concerning him/her shall be guaranteed.
Principle of Minimization:
It shall be ensured that only Personal Data that are adequate, pertinent, and limited to what is necessary for each of the specific purposes of the Processing shall be used.
Principle of Accountability:
Appropriate and effective measures shall be implemented to enable compliance with the obligations and duties set forth in the CDPR, as well as to ensure the enforcement of the provisions contained in this Policy within the company.
STAFFINGABROAD will collect different types of Personal Data based on the context of its dealings with Data Subjects, future requests made by such Data Subjects regarding the Processing of their information, the services or products being used by the Data Subject, their location, and the applicable law. The Personal Data that STAFFINGABROAD may collect includes:
The Personal Data indicated in item 15 are considered Sensitive Data and thus its Processing will follow all the procedures established for such information in accordance with this Policy.
STAFFINGABROAD will only process Personal Data that has been previously, expressly, and informedly consented to by the Data Subject via written or verbal Consent, or by means of an unequivocal conduct performed by the Data Subject, or those Personal Data that, in accordance with what is expressly established in the CDPR, do not require the Data Subject’s Consent for processing. A copy of such Consent will be kept by STAFFINGABROAD.
At the moment the Data Subject grants his or her Consent, STAFFINGABROAD will inform him or her of the Processing to which his or her Personal Data will be subject and the purposes thereof, his or her rights, and the means by which he or she may exercise them. The Data Subject may revoke his or her Consent and request the immediate deletion of his or her Personal Data through the channels established in this Policy unless there is a contractual or legal duty to remain in the Database.
Furthermore, in the context of recruitment processes, it is possible that STAFFINGABROAD Employees or Talents may submit Personal Data of referred Applicants, such as their resume and/or contact information. By submitting this Personal Data, the referrer declares to have informed the Data Subject of this circulation of information to STAFFINGABROAD, who will process the Personal Data as Controller, within the scope of the corresponding recruitment process. Likewise, the referrer declares to have informed the Data Subject about STAFFINGABROAD’s identification, his/her rights as a Data Subject, and that the information will be processed for the purposes stated above, declaring that the Data Subject has granted his/her Consent in those terms to submit his/her Personal Data to STAFFINGABROAD. In any case, STAFFINGABROAD will carry out the necessary measures to verify that the Data Subject has effectively given his or her Consent in the terms set forth by the CDPR and, if not, will immediately proceed with the deletion of the personal information.
STAFFINGABROAD will not be obliged to request Consent from the Data Subject when it pertains to:
In the aforementioned events, and in compliance with its legal duties, STAFFINGABROAD may collect Personal Data, including Sensitive Data, and transfer or deliver them to the corresponding public or government entities, or to the organizations that they delegate, in the exercise of their functions, without it being necessary to warn the Data Subject of this fact. In these scenarios, STAFFINGABROAD will refrain from using the Personal Data for purposes other than those permitted by its legal obligations or those authorized by the Data Subject.
STAFFINGABROAD will process the Personal Data of the individuals who comprise its Stakeholders, directly, through its Employees, or through its Data Processors, and in that regard, it will have all the obligations and rights set forth under the CDPR. Specifically, the Processing of Personal Data shall be subject to the provisions of this Policy.
Shareholders:
Applicants, Employees, and Talents:
Suppliers:
Clients:
Attendees:
Advertising Campaign Participants:
Digital Users:
In cases where this is absolutely necessary, STAFFINGABROAD will collect and/or process Sensitive Data. If applicable, STAFFINGABROAD will inform the Data Subjects which Sensitive Data would be subject to Processing, the specific purposes of its Processing, and that the Data Subject is not obliged to provide it unless there is a legal duty requiring it.
Sensitive Data may include health or biometric information used for:
STAFFINGABROAD will limit the collection and Processing of minors’ Personal Data to specific contexts such as:
In all cases, STAFFINGABROAD ensures:
STAFFINGABROAD’s communication channels are intended exclusively for adults. If minors’ data is unintentionally collected, STAFFINGABROAD will delete it immediately upon detection or notification.
Unsolicited Personal Data received by STAFFINGABROAD will be processed under the assumption that the Data Subject has authorized its use through unequivocal conduct. This includes:
In such cases, STAFFINGABROAD will request formal Consent for additional Processing purposes if the relationship is formalized.
Access to STAFFINGABROAD’s Databases is restricted to authorized Employees who require it for their duties. Personal Data may be shared with:
Aggregated, anonymized data may also be shared with business partners or affiliates for analytics or marketing purposes.
In the “Elite Recruiter” service, STAFFINGABROAD acts as a Processor, while Clients act as Controllers. STAFFINGABROAD ensures compliance with CDPR, including verifying Consent from Data Subjects.
STAFFINGABROAD implements industry-standard measures to ensure Personal Data is protected against unauthorized access, tampering, or loss. Stakeholders are encouraged to report any concerns about data security immediately.
STAFFINGABROAD retains Personal Data only as long as necessary to fulfill the purposes for which it was collected or comply with legal obligations. Data is deleted or destroyed after these requirements are met.
STAFFINGABROAD assumes Stakeholders have obtained Consent from third parties before providing their Personal Data. If Consent is not obtained, STAFFINGABROAD will limit itself to Processing Public Data only.
Data Subjects have the right to:
Administrative Area
Queries or complaints must be submitted to this contact, clearly describing the request.
STAFFINGABROAD uses Cookies for various purposes, including ensuring website functionality, analyzing user behavior, and personalizing content. Users can accept, reject, or customize Cookie preferences via the Privacy Notice.
The Policy is effective from November 20, 2024. Databases will remain valid as long as necessary for the purposes outlined in this Policy. Substantial changes to the Policy will be communicated via the STAFFINGABROAD website.
STAFFINGABROAD S.A.S.
Tax ID: 901.507.209-8
Address: Carrera 12 #96-81, Bogotá, D.C., Colombia
Email: administrative@staffingabroad.com
Phone: +1 (209) 665 3039
Elite Recruiter is your trusted partner in headhunting top-tier U.S. executive talent, offering personalized, cost-effective recruitment solutions to industry leading companies.