{"id":588,"date":"2025-05-08T20:45:50","date_gmt":"2025-05-08T20:45:50","guid":{"rendered":"https:\/\/bycseguros.com\/?page_id=588"},"modified":"2025-05-12T15:03:26","modified_gmt":"2025-05-12T20:03:26","slug":"politicas-de-privacidad","status":"publish","type":"page","link":"https:\/\/bycseguros.com\/en\/politicas-de-privacidad\/","title":{"rendered":"Privacy Policies"},"content":{"rendered":"
\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t

INFORMATION SECURITY POLICY<\/h1>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

By virtue of BONDS AND CREDIT LTDA's strong commitment to the proper handling of public, private, and sensitive data\u2014ensuring not only the safeguarding and security of information but also the exercise of Habeas Data\u2014the company establishes this Policy applicable to information security within the organization.<\/p>

1. OBJECTIVE<\/h5>

This Policy sets forth the general guidelines for Information Security within BONDS AND CREDIT LTDA, with the goal of providing the necessary security conditions to prevent the alteration, loss, consultation, unauthorized or fraudulent use, or access to the information processed by BONDS AND CREDIT LTDA.<\/p>

2. SCOPE<\/h5>

This Information Security Policy shall be applied in all administrative, managerial, logistical, and control aspects established by the company. It must be followed by executives, employees, contractors, third-party service providers, employees of third-party suppliers bound by contractual terms, and in general all individuals who have any kind of relationship involving the handling of information at BONDS AND CREDIT LTDA.<\/p>

3. SPECIFIC POLICIES FOR THE PROCESSING OF PERSONAL DATA<\/h5>
1. ACTIVITY LOGGING AND MONITORING<\/h6>

Purpose<\/b>: To log events and generate evidence.<\/p>

Policy<\/strong><\/p>

Regular and careful reviews will be conducted of event logs that record user activities, exceptions, failures, and information security events.<\/p>

Information logs will be protected against tampering and unauthorized access. System and network administrator activities will be logged.<\/p>

These logs will be protected and regularly reviewed.<\/p>

All relevant IT system clocks will be synchronized to a single time reference source.<\/p>

2. PHYSICAL AND ENVIRONMENTAL SECURITY<\/h6>

Purpose<\/b>: To prevent unauthorized physical access, damage, or interference to the organization\u2019s information and processing facilities.<\/p>

Policy <\/strong><\/p>

Computing equipment must be located and protected to reduce environmental threats and risks of unauthorized access.\nEquipment must be protected against power failures and other interruptions caused by utility service failures.\nCabling that carries data, power, and telecommunications or information support services must be protected against interception, interference, or damage.\nComputing equipment must be properly maintained to ensure its continuous availability and integrity.<\/p>

Equipment, information, or software may not be removed from company premises without prior authorization. Security must be applied to assets taken off-site, considering the different risks of working outside the organization\u2019s facilities.<\/p>

All equipment containing storage media must be checked to ensure that sensitive data and licensed software are securely removed or overwritten before disposal or reuse.<\/p>

Users must ensure that unattended equipment is adequately protected.<\/p>

Workstations must be clear of papers and removable storage, and computer screens must be locked when unattended.<\/p>

Where appropriate, papers and information media must be stored in secure cabinets, especially outside of regular working hours.<\/p>

3. ACCESS CONTROL REQUIREMENTS<\/h6>

Purpose<\/b>: To limit access to information and information processing facilities.<\/p>

Policy <\/strong><\/p>

Workers must ensure that the following security measures are met:<\/p>

  • Access to secure areas where confidential and restricted information is processed or stored is limited only to authorized individuals.<\/li>
  • Secure areas require access control mechanisms such as cards, keys, or locks.<\/li>
  • The person in charge of a secure area must ensure that no cameras, video equipment, or mobile phones with cameras are brought in unless expressly authorized.<\/li>
  • Physical access is restricted to devices such as wireless access points, network gateways, and terminals located in secure areas.<\/li><\/ul>
    4. ACCESS TO EMPLOYEE SENSITIVE DATA<\/h6>

    Purpose<\/b>: To ensure that sensitive employee data\u2014such as health, religious beliefs, politics, sexuality, development plans, recognition, and legal and extra-legal benefits\u2014can only be accessed by competent and relevant personnel according to their roles, in line with the principle of Restricted Access.<\/p>

    Policy<\/strong>:<\/p>

    The purposes for which sensitive data are processed by the company are limited and specified in the corresponding consents granted by the data subject.<\/p>

    In general, the processing of sensitive data will be limited to General Management and the Administrative and Financial department, based on the specific purposes authorized by the data subject.<\/p>

    The company will define, within job function manuals, the specific roles that may access sensitive data, without violating the restricted access policy.<\/p>

    Likewise, the previously identified restricted access security mechanisms apply to personal data.<\/p>

    5. INFORMATION SECURITY IN HUMAN RESOURCES<\/h6>

    The processing of personal data before, during, and after employment will follow these rules:<\/p>

    • BONDS AND CREDIT LTDA will inform applicants about the data processing rules during the selection process, including any data obtained in the process.<\/li>
    • The processing of applicant data will be limited to what is specified in the authorization provided by the applicant.<\/li>
    • The company will conduct security checks before hiring new staff.<\/li>
    • The company will delete r\u00e9sum\u00e9s of candidates who are no longer under consideration.<\/li>
    • Upon hiring, the selected candidate will sign an employment contract, confidentiality agreement, and, if applicable, be assigned a user profile aligned with their role to access personal information as needed.<\/li>
    • The company will store employee data in a folder labeled with the person\u2019s name. Only the Administrative and Financial department will have access, to manage the employment relationship.<\/li>
    • If third-party services are contracted to process employee data, data may be transferred to a third party (Processor), under strict compliance with data transmission guidelines.<\/li>
    • Upon contract termination, the company will sign a confidentiality agreement with the former employee and request the return of any assigned credentials and profiles.<\/li>
    • After the employment relationship ends, the company will store personal data in a general archive, applying appropriate security measures based on the sensitivity of the data.<\/li><\/ul>
      6. CONFIDENTIALITY WITH THIRD PARTIES<\/h6>

      Purpose<\/b>: To establish confidentiality requirements in relationships with vendors, contractors, and third parties in general.<\/p>

      Policy <\/strong><\/p>

      In contractual, commercial, and labor relations, third parties must accept the confidentiality agreements defined by the organization. These agreements must establish a commitment to safeguard information, ensure proper use, prevent unauthorized access, and maintain confidentiality. The agreement must also specify which information is protected and for how long.<\/p>

      These agreements must be part of the contracts signed between the organization and third parties or signed independently. Accepting the confidentiality terms is a requirement for granting third-party access to protected information.<\/p>

      7. SELECTION OF DATA PROCESSORS FOR PERSONAL DATA TRANSMISSION<\/h6>

      Purpose<\/b>: To ensure that when personal data transmissions occur, the chosen processor meets the standards of data protection laws.<\/p>

      Policy <\/strong><\/p>

      Whenever BONDS AND CREDIT LTDA transmits personal data as the data controller, the following must be followed:<\/p>

      • Define the scope of data processing the processor will be allowed to perform.<\/li>
      • Evaluate the processor\u2019s competence and capability.<\/li>
      • Review the processor\u2019s personal data processing policy.<\/li>
      • Verify that the processor\u2019s security measures comply with BONDS AND CREDIT LTDA\u2019s standards.<\/li>
      • Sign a data transmission contract.<\/li>
      • Conduct audits to evaluate the level of data protection during the contract execution.<\/li><\/ul>
        8. INFORMATION SECURITY REVIEWS<\/h6>

        Purpose<\/b>: To ensure that information security is implemented and applied according to company policies and procedures.<\/p>

        Policy <\/strong><\/p>

        Information systems are regularly reviewed through audits to ensure compliance with the organization's information security policies and standards.<\/p>

        4. INCIDENT RESPONSE PROCESS<\/h5>

        Whenever an information security incident occurs at BONDS AND CREDIT LTDA, the following procedure must be followed:<\/p>

        1. Incident Reporting<\/strong>: The first person aware of the incident must immediately notify the Administrative and Financial department and the person responsible for information security. A detailed report must be submitted as soon as possible.<\/li>
        2. Notification to the SIC<\/strong>: Every security incident must be reported to the Superintendence of Industry and Commerce, specifically to the National Database Registry (RNBD). It is the duty of the Administrative and Financial department to report incidents once notified.<\/li>
        3. Information Security Committee Meeting<\/strong>: The Administrative and Financial department must convene an extraordinary meeting with Management or the highest social authority, as appropriate.
          1. Issuance of Technical Report<\/strong>: After evaluating the case, a technical report must be issued detailing all contingencies.<\/li>
          2. Identification of Failures<\/strong>: Based on the technical report, the failure that caused the incident must be fully identified.<\/li>
          3. Corrective Measures<\/strong>: The committee must take the necessary actions to prevent future incidents.<\/li><\/ol><\/li><\/ol>
            5. POLICY MODIFICATION<\/h5>

            BONDS AND CREDIT LTDA reserves the right to modify this Information Security Policy at any time and will promptly notify all relevant individuals involved in handling company information to ensure proper implementation.<\/p>

            6. EFFECTIVE DATE<\/h5>

            This Policy is effective as of January 16, 2024.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>","protected":false},"excerpt":{"rendered":"

            POL\u00cdTICA PARA LA SEGURIDAD DE LA INFORMACI\u00d3N En virtud del fuerte compromiso de BONDS AND CREDIT LTDA con el adecuado tratamiento de datos p\u00fablicos, privados y sensibles, garantizando adem\u00e1s de la salvaguarda y seguridad de la informaci\u00f3n, y ejercicio del Habeas Data, la empresa establece la presenta Pol\u00edtica aplicables para la seguridad de la informaci\u00f3n en la organizaci\u00f3n. 1.OBJETIVO La presente Pol\u00edtica establece las directrices generales para la Seguridad de la Informaci\u00f3n al interior de BONDS AND CREDIT LTDA, con el objetivo de brindar las condiciones de seguridad necesarias que impidan la adulteraci\u00f3n, p\u00e9rdida, consulta, uso o acceso no autorizado o fraudulento a la informaci\u00f3n que es tratada por BONDS AND CREDIT LTDA. 2. ALCANCE Esta Pol\u00edtica de Seguridad de la Informaci\u00f3n ser\u00e1 aplicada en todos los aspectos administrativos, de gesti\u00f3n, log\u00edsticos y de control fijados por la empresa, que deben ser cumplidos por los directivos, funcionarios, contratistas, terceros que presten sus servicios, empleados de terceros proveedores que est\u00e9n regulados por t\u00e9rminos contractuales, y en general todas aquellas personas que tengan alg\u00fan tipo de relaci\u00f3n con la manipulaci\u00f3n de informaci\u00f3n en BONDS AND CREDIT LTDA. 3. POL\u00cdTICAS ESPEC\u00cdFICAS PARA EL TRATAMIENTO DE DATOS PERSONALES. 1. REGISTRO DE ACTIVIDAD Y SUPERVISI\u00d3N Prop\u00f3sito: Registrar eventos y generar evidencia. Pol\u00edtica Se producir\u00e1n revisiones regulares y cuidadosas a los registros de eventos que se graban de las actividades del usuario, excepciones, fallas y eventos de seguridad de la informaci\u00f3n. Los registros de informaci\u00f3n se proteger\u00e1n contra la manipulaci\u00f3n y el acceso no autorizado. Las actividades del administrador del sistema y de la red ser\u00e1n registradas. Estos registros ser\u00e1n protegidos y regularmente revisados. Los relojes de todos los sistemas de inform\u00e1tica relevantes ser\u00e1n sincronizados a una fuente de tiempo de referencia \u00fanica. 2. LA SEGURIDAD F\u00cdSICA Y AMBIENTAL Prop\u00f3sito: Evitar el acceso f\u00edsico no autorizado, da\u00f1os e interferencia para la informaci\u00f3n de la organizaci\u00f3n y las instalaciones de procesamiento de informaci\u00f3n. Pol\u00edtica Los equipos de c\u00f3mputo deben estar situados y protegidos para reducir los riesgos de las amenazas ambientales y los riesgos y las oportunidades de acceso no autorizado. El equipo deber\u00e1 estar protegido contra fallas de energ\u00eda y otras interrupciones causadas por fallas en el soporte de los servicios p\u00fablicos. El cableado que transporta datos, energ\u00eda y telecomunicaciones o el soporte de los servicios de informaci\u00f3n debe estar protegido contra la intercepci\u00f3n, interferencia o da\u00f1os. Los equipos de c\u00f3mputo deben tener un correcto mantenimiento para asegurar su continua disponibilidad e integridad. Los equipos, la informaci\u00f3n o el software no se sacar\u00e1n de las instalaciones de la empresa sin la previa autorizaci\u00f3n. Se aplicar\u00e1 seguridad a los activos fuera de las instalaciones, teniendo en cuenta los diferentes riesgos de trabajar fuera de las instalaciones de la organizaci\u00f3n. Todos los elementos del equipo que contienen los medios de almacenamiento deber\u00e1n ser verificados para garantizar que los datos sensibles y el software con licencia se han eliminado o sobrescrito de forma segura antes de su eliminaci\u00f3n o reutilizaci\u00f3n. Los usuarios deber\u00e1n asegurarse de que el equipo que no cuenta con vigilancia tenga la protecci\u00f3n adecuada. Los puestos de trabajo deben estar limpios de papeles, soportes de almacenamiento extra\u00edbles y cuando un computador este desatendido deber\u00e1 bloquearse la pantalla. Cuando sea apropiado, papeles y medios de informaci\u00f3n deben estar asegurados en armarios especiales, especialmente en horas fuera de las normales de trabajo. 3. REQUISITOS PARA EL CONTROL DE ACCESO Prop\u00f3sito: Limitar el acceso de la informaci\u00f3n y a las instalaciones de procesamiento de la informaci\u00f3n. Pol\u00edtica Los trabajadores tienen la obligaci\u00f3n de vigilar y garantizar que se cumplan las siguientes medidas de seguridad: El acceso a \u00e1reas seguras donde se procesa o almacena informaci\u00f3n confidencial y restringida, es limitado \u00fanicamente a personas autorizadas. El acceso a \u00e1reas seguras, requieren esquemas de control de acceso, como tarjetas, llaves o candados. El responsable de un \u00e1rea segura debe asegurar que no ingresen c\u00e1maras fotogr\u00e1ficas, videos, tel\u00e9fonos m\u00f3viles con c\u00e1maras, salvo se tenga una autorizaci\u00f3n expresa. Se restringe el acceso f\u00edsico a dispositivos como: puntos de acceso inal\u00e1mbricos, puertas de enlace a redes y terminales de red que est\u00e9n ubicadas en las \u00e1reas seguras. 4. ACCESO A DATOS SENSIBLES DE LOS EMPLEADOS. Prop\u00f3sito: Garantizar que los datos sensibles relacionados con los datos de la salud, creencias religiosas, pol\u00edticas, sexuales, planes de desarrollo, reconocimiento, y pago de beneficios legales y extralegales, entre otros de los trabajadores, solo puedan ser conocidos por el personal competente y pertinente en virtud de sus funciones, teniendo en cuenta el principio de Acceso Restringido. Pol\u00edtica: Las finalidades para las que son tratados los datos sensibles en la empresa son limitadas y especificadas en las respectivas autorizaciones otorgadas por el titular de la informaci\u00f3n. De forma general, el tratamiento de datos sensibles en la empresa estar\u00e1 limitado \u00fanicamente a la Gerencia General y al \u00e1rea Administrativa y Financiera, atendiendo las finalidades particulares autorizadas por el titular. La empresa de forma particular y en los respectivos manuales de funciones seg\u00fan el cargo, determinar\u00e1 aquellos cargos particulares que podr\u00e1n tener acceso a datos de car\u00e1cter sensible, sin que ese acceso signifique una violaci\u00f3n a la pol\u00edtica de seguridad de acceso restringido. Igualmente, aplican los mecanismos de seguridad identificados previamente como de acceso restringido a los datos personales. 5. SEGURIDAD DE LA INFORMACI\u00d3N EN TORNO AL RECURSO HUMANO El tratamiento de los datos personales, antes, durante y despu\u00e9s de la relaci\u00f3n laboral, se regir\u00e1 por las siguientes reglas: BONDS AND CREDIT LTDA, informar\u00e1 a las personas interesadas en participar en un proceso de selecci\u00f3n, las reglas aplicables al tratamiento de los datos personales que suministre el interesado durante el respectivo proceso de selecci\u00f3n, as\u00ed como de aquellos datos que se obtengan durante la realizaci\u00f3n del mismo. El tratamiento de los datos suministrados por los interesados en las vacantes de BONDS AND CREDIT LTDA, y los obtenidos del proceso de selecci\u00f3n, ser\u00e1 \u00fanicamente la informada en la autorizaci\u00f3n al aspirante. La empresa realizar\u00e1 estudios de seguridad previos a la contrataci\u00f3n de nuevo personal para la empresa. La empresa contar\u00e1 con un<\/p>","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"site-sidebar-layout":"no-sidebar","site-content-layout":"","ast-site-content-layout":"full-width-container","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"disabled","ast-breadcrumbs-content":"","ast-featured-img":"disabled","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"class_list":["post-588","page","type-page","status-publish","hentry"],"_hostinger_reach_plugin_has_subscription_block":false,"_hostinger_reach_plugin_is_elementor":false,"_links":{"self":[{"href":"https:\/\/bycseguros.com\/en\/wp-json\/wp\/v2\/pages\/588","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bycseguros.com\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/bycseguros.com\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/bycseguros.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bycseguros.com\/en\/wp-json\/wp\/v2\/comments?post=588"}],"version-history":[{"count":16,"href":"https:\/\/bycseguros.com\/en\/wp-json\/wp\/v2\/pages\/588\/revisions"}],"predecessor-version":[{"id":1092,"href":"https:\/\/bycseguros.com\/en\/wp-json\/wp\/v2\/pages\/588\/revisions\/1092"}],"wp:attachment":[{"href":"https:\/\/bycseguros.com\/en\/wp-json\/wp\/v2\/media?parent=588"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}