General Policies and Guidelines on Personal Data Protection

Pursuant to the regulation on personal data protection (Law 1266 of 2008, Law 1581 of 2012, Decree 1074 of 2015, and other regulations that modify, complement, or replace them), outlined below are the policies and general guidelines on personal data protection established by Banco de la República in its capacity as the party responsible for processing and managing the personal data it receives.

  • General Data – Responsible Party

In compliance with Article 25 of Law 1581 of 2012 and its regulatory decrees, the databases containing personal information subject to processing and for which Banco de la República is responsible are listed with the National Database Registry. They can be consulted at:

   Registered Databases

   Website of the Office of the Superintendent of Industry and Commerce – RNBD

BANCO DE LA REPÚBLICA, NIT No. 8600052167, Headquarters: Bogotá D.C.

Contact: Through the Public Service System (SAC): onsite at service points, via the call center (national toll-free line: 01 8000 911745), or on the website.

  • Data Security

Banco de la República is committed to protecting and safeguarding the personal data for which it is responsible.  Its data management systems are currently ISO 9001 and ISO/IEC 27001 certified (the latter refers to information security). The policies and standards of its data management system focus on protecting the confidentiality of information. Some of the mechanisms adopted to support these policies and standards involve network access control and/or authentication devices, and software to manage authorization levels and to monitor system and registration activity, among others. Documents and information are preserved in compliance and within the bounds of the terms indicated in article 55 of Law 31 of 1992.  Click here for information on security policies.

 

Specific Policies on how Personal Data is Processed

The specific policies on processing personal data provided to Banco de la República in connection with its constitutional or legal functions or services are contained in the regulations on the respective function or service for which you supplied your personal data to the Bank. To consult the regulations on the Bank and its cultural services (Luis Ángel Arango Library), click here; or, to access the Public Service System (SAC), click here.

The Purpose of Processing Personal Data

Personal data provided to Banco de la República will be processed (collected, stored, used, circulated, or deleted) according to the specific purpose for which it was given, including the construction of indicators and statistics to monitor and control such processes and services, legal  oversight, and, in any case, to comply with the Bank’s other constitutional and legal duties.

The specific purpose of processing the personal data you provide to Banco de la República is outlined in the regulations on the function or service for which you supplied your personal data to the Bank. To consult the regulations applicable to the Bank and its cultural services (Luis Ángel Arango Library), click here; or, to access the Public Service System (SAC), click here.

Specifically, with respect to cultural activity, your personal data will be processed (collected, stored, used, or deleted) to enable  the Bank to provide its cultural services adequately (such those offered by the Gold Museum, the library network, the Luis Ángel Arango Library Concert Hall,  the Mint Museum, the Botero Museum and the Miguel Urrutia Art Museum, together with its other art, coin and stamp collections, cultural areas and centers), to circulate information on its services and cultural products, programs, and cultural events, and news of interest on cultural activity, including the construction of indicators and statistics to monitor and control such activity, for legal  oversight, and, in any case, to comply with the other constitutional and legal functions of the Bank.

Personal Data Collected from Children and Adolescents

Banco de la República may receive or may have received data from children and adolescents who access its services, especially those of a cultural nature.  Provision of their personal data is optional.

The Bank  shall ensure that the personal data on children and adolescents is used appropriately, and it shall respect their best interests when processing it, so as to guarantee protection of their fundamental rights and, insofar as is possible, to consider their opinion as owners of their personal data.

Sensitive Personal Data

Given the scope of some functions, services and activities, the Bank may receive sensitive personal data which you are advised to provide on an optional basis.  Should you do so, it will be processed for the purposes mentioned above.

To control and register who enters and exits the Bank’s facilities and remains therein, it is necessary to register personal data as part of our security system. This may include supplying basic identification data verbally, taking a photography and/or fingerprint, and the use of video surveillance, as appropriate. In these instances, the purpose and processing of data thus collected will be indicated verbally or by means of signs or notices, as the case may be.

Images (Photographs and Videos) recorded during our Events

If you attend our events, please remember they may be photographed or videotaped. This includes participants or guests, in which case your image may be used in different media such as television broadcasts, Internet, and other written publications related to the events we promote in development of our constitutional and legal functions and our institutional communication strategy, which is aimed at bringing the Bank closer to the public. Since your presence and permanence at these events could be recorded in this way, please bear in mind the personal data processing policies described herein.

Registration of Personal Data at the Reception Desk When entering Buildings or Areas with Video Surveillance

If you are a visitor or user, you must register your personal data in the access control system, ledger or forms when entering the Bank´s facilities, as indicated by our security personnel.  This process may include taking your photograph, your fingerprint, and the use of video surveillance, as appropriate. Consequently, by providing your information you are authorizing Banco de la República to verify and process it (collection, storage, use, or deletion) so as to control and register those who enter and exit the Bank’s facilities and remain therein.  This is part of our security system.

As owner of the personal data you provided, you may access, know, update, and correct it, be informed as to how it is used, submit inquiries and complaints, or ask that it be deleted, when appropriate.  You may do so by contacting the Public Service System (SAC), either on site at the service points, or via our call center (national toll-free line: 01 8000 911745) or through the webpage.

Exercise of your Rights with Respect to Personal Data

You are entitled to access, know, update, and correct the personal data you provide, be informed about how it is used, submit inquiries and complaints about the way it is handled, revoke authorization, or ask that the information be deleted when appropriate and to exercise all other rights protected by law.

Your fundamental right to a writ of habeas data may be exercised through the contact mechanisms announced by the Bank or through the Public Service System (SAC) at  on-site service points, via the call center (national toll-free line: 01 8000 911745), or through the webpage.

The terms and procedures for inquiries, claims and other requests concerning exercise of the right to a writ of habeas data are subject to Law 1266 of 2008 and the principles on data protection outlined in Law 1581 of 2012.

Effective Date:

These data-protection policies took effect on June 18, 2013.

Letter on appropriate treatment of members of the public who access services or information provided by Banco de la República (Only available in Spanish).