Last updated: June 2026 · Version 2.0
This English translation is provided for convenience. The Spanish version is the legally binding text.
1. Data controller
CepoBIA S.A.S. (NIT 901.276.091-3), based in Cali, Valle del Cauca, Colombia, is the controller of the personal data collected in Colombia. For users and operations in the United States, the controller is CepoBIA LLC (Orlando, Florida). Both entities share this policy and the same protection standards.
2. Purpose and scope
This policy establishes the criteria for the collection, storage, use, circulation, and deletion of personal data processed by CepoBIA, in compliance with Law 1581 of 2012, Decree 1377 of 2013, and other applicable regulations. It applies to all personal information recorded in CepoBIA's databases and is mandatory for the organization and its collaborators.
3. Principles
Data processing at CepoBIA is governed by the following principles:
- Legality
- Processing is a regulated activity subject to Law 1581 of 2012 and its implementing rules.
- Purpose
- Processing serves a legitimate purpose, disclosed to the data subject.
- Freedom
- It is carried out only with the data subject's prior, express, and informed consent.
- Truthfulness or quality
- Information must be truthful, complete, accurate, up to date, and understandable.
- Transparency
- The data subject may obtain, at any time, information about their data.
- Restricted access and circulation
- Processing is subject to legal limits and the nature of the data.
- Security
- Technical, human, and administrative measures are applied against loss, unauthorized access, or use.
- Confidentiality
- Those who process the data guarantee its confidentiality, even after the relationship ends.
4. Purpose of processing
CepoBIA collects, stores, processes, uses, and transmits personal data for the following purposes:
- Develop products or solutions for the exclusive use of each client.
- Provide the services contracted with CepoBIA and fulfill the resulting obligations.
- Handle requests, complaints, and claims (PQR).
- Report on the status of services and/or products.
- Conduct risk analysis and background checks.
- Carry out satisfaction surveys on the products and/or services provided.
- Report on products, services, offers, promotions, partnerships, market studies, content, and events.
- Store technical information for profiling each user of the contracted services.
- Maintain labor, civil, and commercial relationships with clients, suppliers, partners, and employees, whether current or past.
5. Processing and transfer
Access to information is restricted according to the need and functions of each collaborator, with confidentiality agreements and an express prohibition on disclosing personal information to third parties without consent. Information may be delivered, transmitted, or transferred to public entities, business partners, contractors, affiliates, or subsidiaries solely to fulfill the purposes described here, and only after signing the commitments needed to safeguard confidentiality.
6. Data subjects' rights
- Know, update, and rectify their personal data held by CepoBIA.
- Request proof of the authorization granted, except for the legal exceptions (art. 10, Law 1581 of 2012).
- Be informed, upon request, about the use given to their personal data.
- File complaints with the Superintendency of Industry and Commerce for violations of the law.
- Revoke the authorization and/or request deletion of the data where applicable under the law.
- Access their personal data undergoing processing free of charge.
7. Contact channels
Any request, query, or claim related to personal data must be addressed to:
8. Queries and claims
The request must include the data subject's identification and contact details, the data concerned, the reason, and supporting documents.
- Queries (art. 14, Law 1581 of 2012): answered within a maximum of ten (10) business days; if not possible, the requester is informed and it is resolved within the following five (5) business days.
- Claims (art. 15, Law 1581 of 2012): if the claim is incomplete, the data subject is contacted within the following five (5) days; after two (2) months without a response, it is deemed withdrawn. The claim is resolved within a maximum of fifteen (15) business days, extendable by eight (8) more business days.
9. Rectification, deletion, and revocation
At any time and free of charge, the data subject may request the rectification or update of incomplete or inaccurate data, the deletion of their data when it is not processed in accordance with the law or is no longer necessary, and the revocation (total or partial) of the authorization, provided no legal or contractual provision prevents it. These requests are handled within a maximum of fifteen (15) business days.
10. Database retention
CepoBIA maintains an indefinite retention period for its databases, according to the purpose of each and the rights of the data subjects.
11. Users in the United States (CepoBIA LLC)
For users located in the United States, CepoBIA LLC processes personal data in accordance with applicable law. There is no single federal privacy law; the corresponding state laws apply where relevant.
- Data we collect: contact and identification data, company information, and site usage data (cookies and analytics).
- How we use it: to provide and improve our services, respond to requests, and communicate with you. We do not sell personal information.
- Your rights (incl. California residents, CCPA/CPRA): to know, access, correct, and delete your personal information, and to opt out of its “sale” or “sharing,” without receiving discriminatory treatment for exercising these rights.
- How to exercise them: email us at datos.personales@cepobia.com.
12. Effective date and versioning
This policy is based on articles 15 and 20 of the Political Constitution of Colombia, Law 1581 of 2012 and its implementing decrees, and on the privacy regulations applicable in the United States. CepoBIA may update it; relevant changes will be published on this page.