Privacy and Data Treatment Policy

1. Introduction and Strategic Justification

In strict adherence to the Institutional Principles of Legality and Confidentiality defined in the TECHNOCYRA Corporate Identity Manual, and complying with the regulatory framework of the Republic of Colombia, this policy establishes the protocols for the collection, storage, use, circulation, and suppression of personal data.

The elaboration of this document sustains the implementation of hermetic information protocols. We treat client and user data with military-grade privacy standards. This policy serves as the foundational guideline for our software architecture and business operations, ensuring that every bit of data processed by our systems is handled with Ethics, Innovation, and Professional Excellence.

This document guarantees the right to Habeas Data, allowing holders to know, update, and rectify information collected in our databases, thus ensuring the longevity and legitimacy of our operations.

2. Identification of the Responsible Party

In compliance with current regulations, the person acting as both Responsible for the Treatment (Controller) and In Charge of the Treatment (Processor) of personal data is:

3. Legal Definitions

To ensure semantic precision and legal clarity, the following definitions apply, as derived from Law 1581 of 2012 and Decree 1377 of 2013:

• Authorization: Prior, express, and informed consent of the Holder to carry out the Treatment of personal data.
• Database: Organized set of personal data that is the object of Treatment.
• Personal Data: Any information linked or that may be associated with one or several determined or determinable natural persons.
• Sensitive Data: Data that affects the intimacy of the Holder or whose misuse may generate discrimination (e.g., racial origin, biometric data).
• In Charge of the Treatment: Person who performs the Treatment of personal data on behalf of the Responsible party.
• Responsible for the Treatment: Person who decides on the database and/or the Treatment of the data.

4. Guiding Principles

5. Treatment and Purpose

TECHNOCYRA collects and processes personal data necessary for the execution of its corporate object: the development of software solutions and technological services.

5.1. Data Collected

• Identification Data (Name, ID/NIT).
• Contact Data (Address, email, phone).
• Professional/Corporate Data.
• Financial Data (Governed by Ley 1266 of 2008).

5.2. Sensitive Data (Biometrics)

TECHNOCYRA generally does not collect sensitive data, with the exception of Biometric Data solely for Authentication and Security purposes to grant access to platforms. Providing this data is optional unless essential for system operation.

5.3. Purpose

Contractual execution, administrative management, customer service, security verification, and technical communication.

6. Rights of the Holder

As per Article 8 of Law 1581 of 2012, the Holder has the right to:

• Know, update, and rectify personal data.
• Request proof of authorization.
• Be informed regarding data usage.
• File complaints before the SIC.
• Revoke authorization or request suppression.
• Access personal data free of charge.

7. Procedures for Inquiries and Claims

To exercise rights, contact the area in charge via email at technocyra@gmail.com.

8. Data Security

TECHNOCYRA implements security protocols aligned with our Corporate Identity Manual, utilizing modern encryption and access control architectures. All personnel are bound by strict non-disclosure agreements.

9. Validity

This policy is effective as of February 1, 2026. Databases remain active for the duration of the contractual relationship plus legal retention periods.