Tecnoglass S.A.S.,under its responsibility in the Processing of Personal Data and in compliance with applicable law and rules, Tecnoglass S.A.S., under its responsibility in the Processing of Personal Data and in compliance with applicable rules, in particular Articles 15 and 20 of the Political Constitution of Colombia,Statutory Act 1581 of 2012, its Regulatory Decree 1377 of 2013, adopts by thisdocument its Policy Processing of Personal data (hereinafter the”Policy”).

The Policy applies to all personal information of all third parties Tecnoglass S.A.S.  interacts, including, but not limited to customers, employees, suppliers or any other person who, for some reason, provides information to Tecnoglass S.A.S.

This Policy will be available to interested parties on Tecnoglass’ website https://www.tecnoglass.com/habeas-data Also, any updates thereof will be reported and loaded to public in general by publication in the mentioned website.


In accordance with applicable law on the matter the following definitions apply and will be implemented in the processing of personal data.

a) Authorization: Prior,express and written permission from Data Owner for the processing of personal data.

b) Privacy Notice: physical or electronic document generated by the Controller, which is available to the each Data Owner with the information regarding the existence of personal data processing policy applicable to that information, how to access it and the characteristics of the policy that is intended to give personal data.

c) Database: Structure set of personal data subject of the Policy.

d) Personal Data: Alland any information that allows or may be associated with one or more natural persons, determined or determinable. Data can be public, semi-private or private.

e) Private Data: All and any information that by nature is confidential or sensitive,relevant for the Data Owner.

f) Public Data: The information classified as such under the law or the Constitution. It is considered as public information, among others, data contained in public documents, final court judgments not subject to legal reserve and those regarding to civil status of persons..

g) Semiprivate Data: Defined as the data that has no sensitive, reserved or public nature and whose knowledge or disclosure may interest not only to its owner but also a certain group of persons or society in general, such as financial and credit information or commercial activity.

h) Sensitive Data: Any and all data related to Data Owner intimacy such as those which reveal racial or ethnic origin, political ideas, religious or philosophical beliefs, trade union, social or human rights organizations memberships, or promotes interests of any political party or to guarantee the rights of opposition political parties,as well as data related health to sexual life, biometrics such as fingerprints,photographs, iris, voice recognition, facial or hand palm.

i) Data Processor: natural or legal person, public or private, which by itself or in association with others performs the processing of personal data on behalf of the Controller.

j) Controller: natural or legal person, public or private, which by itself or in association with others decides the use on the database and / or processing of the data.

k) Data Owner: Natural person whose personal data are processed according to this Policy.

l) Processing: Any operation or set of operations on Personal Data, such as collection, storage,use, movement or deletion of those data.


Tecnoglass S.A.S. will apply in a comprehensive manner, the following guiding principles in the collection, handling, use,
processing, storage and exchange of personal data:

a) a) Data Processing Rule of Law:  Tecnoglass S.A.S. willcomply to applicable and enforceable and standards and laws governing the processing of personal data and other related basic rights.

b) Principle of purpose: Processing Data will obey a legitimate purpose in accordance with the Political Constitution and laws, which will be reported to the Data Owner.

c) Principle of Freedom: The Personal Data Processing will be only exercised with prior, express and informed consent of the Data Owner. Personal data will not be obtained or disclosed without prior authorization or in the absence of legal or judicial mandate relieve consent.

d) Principle of accuracy or quality of Data: The information subject to the processing of personal data must be truthful, complete, accurate, current, verifiable and understandable. Processing of partial, incomplete, split or misleading data is prohibited.

e) Principle of transparency: In the Processing of Personal Data, the Controller will ensure the right of the Data Owner to obtain from Tecnoglass S.A.S., at any time and without limitation,information about the existence of data concerning them.

f) Principle of restricted access and movement: The Processing of Personal Data is subject to limits arising from the nature of the personal data and to current and enforceable rules and laws governing the processing of personal data and other related basic rights. In this sense, personal data, except public information may not be available on the Internet or other mass media unless access is technically controllable to provide a limited knowledge communication only toData Owner or third parties authorized under the law.

g) Security principle: The information subject to processing by Tecnoglass S.A.S. will be handled with existing technical, human and administrative measures necessary to provide security torecords, avoiding adulteration, loss, consultation, use, or unauthorized or fraudulent access.

h) Principle of Confidentiality: All persons involved in the administration, management and updating or those who have access to information that kept in databases and do not have the nature of public, are obliged to ensure the confidentiality of information, even after the end of their relationship with some of the tasks which includes the processing of information, only being able to perform supply or communication of personal data when this is in the development of activities authorized inforce and applicable rules governing the processing of personal data and other related fundamental rights.

All persons who currently work or those to be hired subsequently for this purpose, in the administration and management of databases, must sign an amendment to their employment contract or provision of services in order to ensure the compliance of that obligation.


The Controller of personal data is Tecnoglass S.A.S., with business address in Av. Circunvalar a 100 metros de la Vía 40, Las Flores, Barranquilla, Atlántico, contact email habeas.data@tecnoglass.com and phone: (+575) 373 40 00.


Without prejudice to the exemptions provided inforce and applicable rules and laws in Processing Data a prior express and informed approval by the Data Owner is required, which must be obtained by any means that may be subject to consultation and subsequent verification, as a physical or electronic document, a data message or any technical or technological mechanism to express or obtain consent by that mean.


The Privacy Notice is the physical or electronic document or any other known or unknown format, by which the Data Owner becomes aware of information regarding the existence of processing of personal data policy applicable to that information, how to access it and the characteristics of the policy that is intended to give personal data.

The Privacy Notice at least shall include the following information:

a)The identity data, address and contact details of the Controller.

b)The type of processing which data will be submitted and the purpose of that information.

c)The general mechanisms provided by the Controller to guarantee the Data Owner knows Processing of Personal Data Policy and the substantial changes that may occur on it from time to time.


No prior approval of Data Owner will be required when:

a) The information is required by a public or administrative entity in the exercise of their legal functions orby court order.

b) In case of public data nature.

c) Cases involving of medical or health emergencies.

d) Information whose processing has been authorized by law for historical, statistical or scientific purposes.

e) In case of data related to the Civil Registry of Persons.


Any procedure that involves the processing by any company area or division personnel of personal data from customers, employees, suppliers and generally any third party with which Tecnoglass S.A.S. holds commercial and labor relations, should take into account the rights hold by the Data Owner, which are listed below:

a) Right to know, update, consultor rectify the Personal Data at any time, before Tecnoglass SA, with respect to any information considered partial, inaccurate, incomplete, split and / or misleading.

b) Right to request at any time apro of of the authorization granted to Tecnoglass S.A.S.

c) Right to be informed by Tecnoglass S.A.S., prior Data Owner request, the use that has given to such information.

d) Right to file to the Colombian Superintendence of Industry and Commerce complaints it deems appropriate to enforce the fulfillment of these rights by Tecnoglass S.A.S.

e) Right to revoke the authorization and / or request removal of any information when it is considers that Tecnoglass S.A.S. has not respected the constitutional rights and guarantees of Data Owner.

f) Right to access for free to the Personal Data voluntarily chooses to be shared with Tecnoglass S.A.S., for which the Controller is responsible for preserving and keeping safely and reliably authorizations for each Data Owner duly granted.


Tecnoglass S.A.S. may process the data classified as sensitive when:

a) The Data Owner has given itsprior consent to such processing, except in cases when authorization is not required by law.

b) Processing of Data is necessary to protect the interest of the Data Owner and this is physically or legally incapacitated. At these events, the legal representatives must give their authorization.

c) The processing is carried outin the course of legitimate activities with appropriate guarantees by a foundation,NGO, association or any other non-profit organization whose purpose is political, philosophical, religious or trade union, provided that is related exclusively to its members or to persons who have regular contact because of their purpose. In these events, the data cannot be provided to third parties without the authorization of the owner.

d) Data Processing relates to information necessary for the establishment, exercise or defense of a right in judicial proceedings.

e) Processing has a historical,statistical or scientific purpose. In this event, the Controller shall take all measures leading to the delete of identity of the Data Owners.


In the Processing of Personal Data kept in the Tecnoglass’ Databases related to children and adolescents, the rights of minors will be ensured.

In any case, any and all use of data minors registered in the company’s databases or, eventually requested, must be expressly authorized by the legal representative of the child or adolescent previous exercise the minor’s right to be heard, opinion which will be assessed in terms of maturity, autonomy and ability to understand the matter.

Furthermore, Tecnoglass S.A.S. shall provide minors’ legal representatives the possibility of exercising their rights of access, cancellation,rectification and opposition of their protected data.


Databases or files will not be provided to third parties, unless authorized by the Data Owner or by law. In such a case the transfer and / or sharing personal data of customers, employees or suppliers of Tecnoglass S.A.S. with third parties, will be made exclusively for purposes related to sending correspondence and communications of Tecnoglass S.A.S.


Tecnoglass S.A.S. will only use the Personal Data previously and expressly authorized by Data Owner,according to the purpose of Personal Data and the corporate purpose of Tecnoglass S.A.S. and respecting the rights to privacy, good name, image and other Constitutional rights.

Information about customers, suppliers, and employees, current or past, is obtained and preserved in order to facilitate, promote, allow or maintain labor,civil and commercial relations. The purposes of the databases will depend on the person who provides that personal data and in accordance with that, he/she will be expressly informed at the time of requesting for authorization.


Data Owners may exercise their right to know, update, rectify and delete the personal data they have provided to Tecnoglass SA, by sending a communication,at any time and free of charge to the following email: habeas.data@tecnoglass.com

In accordance with Article 20 of Decree 1377 of 2013, the rights of the Data Owners established in the Law may be exercised by:

a) The Data Owner must prove his/her identity by the means provided the Controller.

b) By their successors, who must prove such condition.

c) By the representative and / or duly authorized attorney of the Data Owner, prior proof of the representation or power of attorney.

The requests submitted by Data Owner should contain as minimum:

a) Full name of Data Owner.

b) Contact information for notices.

c) Documents proving duly representation or power to act, if necessary.

d) Clear and precise description of the personal data for which the Data Owner seeks to exercise any of his/herrights.

These rights can be exercised, among others, against partial, inaccurate,incomplete, split data, or those whose processing is prohibited or notauthorized by the Owner


Data Owners, their successors or representatives may consult the personalinformation kept in any database of Tecnoglass S.A.S., providing the company allinformation contained in the individual record or that is linked to theidentification of Data Owner. The consultation shall be made in writing, by themeans indicated in this policy, provided that it is made by the Data Owner orhis/her representative.


When Data Owners, their successors or representatives consider that theinformation contained in a database of Tecnoglass S.A.S. should be subject tocorrection or update, they will be entitled to file a complaint against Tecnoglass S.A.S., which will be processed under the following rules:

The claim shall be made addressed to Tecnoglass S.A.S., by the means setforth in Section 13th above, with the following information:

a) Full name of Data Owner.

b) Contact information fornotices.

c) Documents proving dulyrepresentation or power to act, if necessary.

d) Description of the factsgiving rise to the claim.

e) Clear and precise descriptionof the personal data for which the Data Owner seeks rectification or update.

f) The documents considered asevidence.


Data Owners, their successors or representatives may request, at any timeand for free to Tecnoglass S.A.S., deletion of personal data when:

a) They believe the data is notbeing processed in accordance with the principles, duties and obligations undercurrent regulations and in this Policy.

b) Data is no longer necessary orrelevant for the purpose for which it was collected.

c) The time required to fulfillthe purposes for which the information was collected has expired

This deletion involves partial or total removal of personal data, accordingto the request of Data Owners, their successors or representatives on records,files and databases managed by Tecnoglass S.A.S.

The claim shall be addressed to Tecnoglass S.A.S., by the means set forth inthis policy, containing at least the following information:

a) Full name of Data Owner.

b) Contact information fornotices.

c) Documents proving dulyrepresentation or power to act, if necessary.

d) Description of the factsgiving rise to the claim.

e) Clear and precise descriptionof the personal data for which the Data Owner seeks deletion.

f) The documents considered asevidence.

However, it is important to consider that the right of data suppression isnot absolute and Controller may deny the exercise thereof when:

a) The Data owner has a legal orcontractual duty to remain in the database.

b) When data removal hindersjudicial or administrative proceedings related to tax obligations,investigation and prosecution of crimes or updating administrative sanctions.

c) When data is necessary toprotect the legal interests of the Data Owner to perform an action in thepublic interest or to fulfill an obligation legally acquired by the Owner.


Data Owners, their successors or their representatives may, at any time andfor free, revoke consent to the processing of personal data, as long as it is not prevented by legal or contractual provision.

To this end, the Data Owner may revoke his/her consent by the same means by which it was granted.

In this regard, it should be noted that there are two types of revoking consent: One is given on all consensual purposes and the other is given on some specific types of data processing.


Tecnoglass S.A.S. will be directly responsible for the processing and custody of personal data, directly or indirectly, collected and stored. However, it reserves the right to delegate to a third party such treatment, which will require the manager’s attention and implementation of policies and appropriate procedures for the protection of personal data and strict confidentiality thereof, in accordance with Article 18 of Act 1581 of 2012.


Tecnoglass S.A.S. shall adopt the technical, human and administrative measures to ensure the security and confidentiality of the data and to prevent alteration, loss, consultation, use, or unauthorized access. Personal Data that Owner provides to Tecnoglass S.A.S. under any means, shall be managed confidentially with due constitutional, legal and other rules governing the protection of personal data.


This Processing of Personal Data Policy is effective from October 3rd of 2016 and for the time Tecnoglass S.A.S. performs its corporate purpose.