Política de Protección de Datos Personales - DOE Studio

Privacy Policy

Effective Date: June 26, 2025

1. DATA CONTROLLER ACTIVITY

Name: Diana Ocampo Estrada (individual) domiciled in Colombia

2. SCOPE

This policy applies to the website www.studio-doe.art and all personal data processing activities conducted directly or indirectly by the data controller. This includes activities carried out by contractors and providers who process data on behalf of Diana Ocampo Estrada under data transmission agreements.

3. PURPOSE

This policy establishes guidelines for the collection, storage, use, circulation, suppression, and other operations ("Processing") performed on personal data of website visitors, clients, suppliers, and any other data subject interacting with the site. It ensures the protection of rights enshrined in the Colombian Constitution and Law 1581 of 2012.

4. LEGAL FRAMEWORK AND PRINCIPLES

This policy is governed by Statutory Law 1581 of 2012, Decree 1377 of 2013, Decree 1074 of 2015 (Chapter 25, Title 2, Part 2, Book 2), and the guidelines of the Superintendence of Industry and Commerce (SIC). Data Processing will adhere to the principles of legality, purpose, freedom, veracity or quality, transparency, restricted access and circulation, security, and confidentiality.

5. DEFINITIONS

This policy adopts the definitions contained in Article 3 of Law 1581 of 2012, including but not limited to: personal data, public data, private data, sensitive data, data controller, data processor, data subject, processing, transfer, and transmission.

6. PROCESSING AND PURPOSES BY DATA SUBJECT

6.1 Visitors and Subscribers - Information collected (e.g., name, email, Browse data) is used to: (i) Manage website access and user experience,(ii) Send requested newsletters or content, (iii) Address inquiries, questions, complaints, and claims (PQR), (iv) Conduct statistical analysis of website usage and preferences, (v) Comply with legal obligations.

6.2 Clients - In addition to the purposes above, client data is used to: Process purchases or contracted services, Track orders, Conduct satisfaction surveys, Send transactional communications.

6.3 Suppliers and Contractors - Required information is used to: Evaluate, select, and enter into contracts, Perform background checks and verify the origin of funds, Administer the contractual relationship and payments, and Comply with tax and accounting obligations.

6.4 Data of Minors - Data of minors will only be processed with the express authorization of their legal representatives and when relevant to activities that safeguard their interests, in accordance with Article 7 of Law 1581 of 2012.

7. RIGHTS OF DATA SUBJECTS

Data subjects can freely exercise the following rights: (a) Access their personal data, (b) Update their personal data, (c) Rectify inaccurate or incomplete personal data, (d) Suppress their personal data, (e) Revoke their authorization for data processing, and (f) Request proof of authorization. These rights are exercised in accordance with Articles 8 and 9 of Law 1581 of 2012.

8. PROCEDURE FOR INQUIRIES AND CLAIMS

Inquiries will be resolved within a maximum of ten (10) business days from the date of complete receipt. Claims will be addressed within fifteen (15) business days, extendable for an equal period if justified, in accordance with Article 15 of Law 1581 of 2012. Requests must be sent to the email address indicated in Section 1 and include: full name, identification number, description of the request, notification address, and supporting documents.

9. REVOCATION OF AUTHORIZATION AND DATA SUPPRESSION

Data subjects may revoke their authorization and/or request the suppression of their data if they believe that constitutional and legal principles, rights, and guarantees are not being respected. Data suppression will not proceed where there is a legal or contractual duty preventing the deletion of information.

10. INTERNATIONAL TRANSFERS AND TRANSMISSIONS

When data is sent or shared with third parties located outside of Colombia, it will be verified that the receiving country has adequate levels of data protection, or standard contractual clauses approved by the SIC will be executed.

11. SECURITY MEASURES

Reasonable administrative, technical, and physical controls are implemented to protect information against unauthorized access, use, disclosure, loss, alteration, or destruction. The security level will be reviewed periodically based on identified risks.

12. DATABASE RETENTION

Databases will be retained as long as the purpose of processing or the relationship with the data subject persists, and in any case, for the periods established in applicable accounting, tax, or contractual regulations.

13. POLICY EFFECTIVENESS AND UPDATES

This policy is effective from the date indicated and may be modified due to regulatory changes, operational adjustments, or changes in purposes. Substantial modifications will be communicated through a notice on the website and/or email and will take effect upon publication.

14. CONTACT

To exercise your rights or submit inquiries and claims, please contact: privacidad@studio-doe.art or the address specified in Section 1.

Last Updated: June 26, 2025