Privacy Policy

Authorization for General and/or Sensitive Data Processing

Habeas Data

The authorization provided in this document empowers FIRMA SEGURO (a brand and application owned by the company Treda Solutions SAS) (hereinafter referred to as FIRMA SEGURO or we) to collect, store, use, and delete the personal data provided here, especially those defined as Sensitive Data [1].

FIRMA SEGURO, in order to fulfill its objective of providing a high-quality service, executing and promoting its electronic signature services, as well as creating, modifying, tracking processes, and, in general, any activity within the scope of its corporate purpose, adheres to the principles of data protection laws. This requires the processing of the aforementioned “Data,” ensuring that the purpose and use of the information provided will be purely professional, functional, commercial, administrative, and promotional. Under no circumstances will personal data be processed for marketing or circulation purposes. Exceptions provided by law will always apply.

In accordance with Article 8 of Law 1581 of 2012, the data subject, whose personal information is collected in this form, has the following rights:

  1. Know, update, rectify, and delete the provided data.
  2. Know the uses made of the information provided when requested by the data subject.
  3. Access their personal data, which has been processed by us, free of charge.
  4. Be informed about: a. Privacy impact assessments. b. Privacy by design and by default. c. Demonstrated accountability.

Through this policy, FIRMA SEGURO guarantees to individuals associated with it that:

A. FIRMA SEGURO has assessed the potential impact on human rights (including personal data protection and privacy rights) prior to the development and/or use of the application. B. FIRMA SEGURO has tested the robustness, reliability, accuracy, and security of the application’s data before putting it into use, including identifying biases in systems and data that may lead to unfair outcomes. C. FIRMA SEGURO has implemented Demonstrated Accountability measures appropriate to the risks of interference with human rights. D. FIRMA SEGURO has implemented measures to address risks, including safeguards, security measures, software design, technologies, and mechanisms that ensure the protection of personal data, taking into account the rights and legitimate interests of the data subjects and other potentially affected individuals.

The data subject can exercise any of the aforementioned rights by making a request to the email address Upon receiving the request in accordance with the procedures established by FIRMA SEGURO, the request will be processed in accordance with the law.


Specific information in each case and contractual, documentary, civil, or commercial details, etc., will be provided prior to electronic signature under the concept of “Acceptance and full understanding of the electronically signed method and its content,” which constitutes an integral and inseparable complement as a legal entirety of this policy.

Authorization for Information Processing

TREDA SOLUTIONS SAS (FIRMA SEGURO), with its registered office in the city of Medellin, located at Calle 30 No. 82 a – 23, and with the email address and phone number +57 4 6043734 (hereinafter referred to as “FIRMA SEGURO” or “we”), hereby informs individuals whose personal data are processed by FIRMA SEGURO of this information processing policy (the “Policy”). This action is in compliance with Law 1581 of 2012, Decree 1377 of 2013, Decree 4886 of 2011, Decree 1074 of 2015, recommendations from CONPES 3975 of November 8, 2019 (National Policy for Digital Transformation and Artificial Intelligence), “General recommendations for data processing in artificial intelligence” from the Ibero-American Network for the Protection of Personal Data, and the GPA (Global Privacy Assembly) “Adopted resolution on accountability in the development and use of artificial intelligence” from 2020, as well as other international regulations.

The primary purpose of this Policy is to inform individuals whose personal data is processed of their rights, the procedures and mechanisms established by FIRMA SEGURO to enforce these rights, and to provide insight into the scope and purpose of the processing to which personal data will be subjected should the data subject grant their express, prior, and informed authorization.


  1. The capitalized expressions in this Policy shall have the meanings ascribed to them here or the meanings given to them by applicable law or jurisprudence, as and when modified by such law or jurisprudence.

“Authorization”: It is the prior, express, and informed consent of the Data Subject to carry out the Processing of their Personal Data.

“Database”: It is the organized set of Personal Data that is the subject of Processing, whether electronic or not, regardless of the mode of its formation, storage, organization, and access.

“Financial Data”: It encompasses all Personal Data related to the birth, execution, and extinction of monetary obligations, regardless of the nature of the contract giving rise to them, the Processing of which is governed by Law 1266 of 2008 or complementary, modifying, or additional regulations.

“Personal Data”: Any information of any kind, linked or which can be associated with one or more specific or ascertainable natural or legal persons.

“Public Data”: It is Personal Data classified as such according to the mandates of the law or the Constitution and that which is not semi-private, private, or sensitive. Public data includes, among other things, information concerning a person’s marital status, profession or occupation, their status as a merchant or public servant, and that which can be obtained without any reservation. By nature, public data may be contained in public records, public documents, gazettes, official bulletins, and enforceable court judgments that are not subject to confidentiality.

“Sensitive Data”: It is Personal Data that affects the privacy of the Data Subject or whose misuse may lead to discrimination, such as medical history, medical data, information revealing union affiliations, racial or ethnic origin, political orientation, religious, moral, or philosophical beliefs, membership in unions, social organizations, human rights organizations, or promoting the interests of any political party or guaranteeing the rights and guarantees of opposition political parties, as well as data related to health, sexual life, and biometric data.

“Informed Consent”: It is the free acceptance by a person of a legal act, whether it is a document, contract, commercial or civil agreement, etc., after they have been properly informed about its nature, risks, and implications. Full acceptance and understanding of the method of electronic signing and its content.

“Data Processor”: It is the natural or legal person, public or private, who, alone or in conjunction with others, performs the Processing of Personal Data on behalf of the Data Controller.

“Authorized”: It includes FIRMA SEGURO and all persons under the responsibility of FIRMA SEGURO who, by virtue of Authorization and these Policies, are legitimized to Process the Personal Data of the Data Subject. Authorized parties include those Enabled.

“Enablement”: It is the legitimization expressly and in writing, through a contract or equivalent document, granted to FIRMA SEGURO, in compliance with applicable law, for the Processing of Personal Data, making such third parties Data Processors of the Personal Data provided or made available.

“Data Controller”: It is the natural or legal person, public or private, who, alone or in conjunction with others, decides on the Database and/or the Processing of Personal Data.

“Data Subject” for Personal Data: It is the natural or legal person to whom the information stored in a Database refers, and who is the subject of the right to habeas data.

“Transfer”: It is the Processing of Personal Data that involves the communication of such data within or outside a territory or jurisdiction when the purpose is to carry out Processing by the Processor on behalf of the Controller.

“Transmission”: It is the activity of Processing Personal Data through which they are communicated, internally or with third parties, within or outside a territory or jurisdiction, when such communication has the purpose of carrying out any Processing activity by the recipient of the Personal Data.

“Processing of Personal Data”: It encompasses all systematic, electronic or non-electronic operations and procedures that allow the collection, preservation, organization, storage, modification, linking, use, circulation, evaluation, blocking, destruction, and, in general, the processing of Personal Data, as well as its transfer to third parties through communications, queries, interconnections, assignments, and data messages.



FIRMA SEGURO, in the course of its commercial activities, will collect, use, store, transmit, and perform various operations on the personal data of the Data Subjects. In all Processing of Personal Data carried out by FIRMA SEGURO, the Data Controllers, Data Processors, and/or third parties to whom Personal Data are transferred must comply with the principles and rules established by law and in this Policy to guarantee the right to habeas data of Data Subjects and to fulfill FIRMA SEGURO’s legal obligations. These principles are as follows:

Prior Authorization: All Processing of Personal Data will be carried out once the prior, express, and informed Authorization of the Data Subject has been obtained, unless the law establishes an exception to this rule. In case the Personal Data has been obtained before the law, FIRMA SEGURO will seek ordinary and alternative means to summon the Data Subjects and obtain their retroactive authorization, following the provisions of Decree 1377 of 2013 and related regulations.

Authorized Purpose: All activities involving the Processing of Personal Data must conform to the purposes stated in this Policy or in the Authorization granted by the Data Subject or in specific documents that regulate each type or process of Personal Data Processing. The purpose of the particular Processing of Personal Data must be communicated to the Data Subject at the time of obtaining their Authorization. Personal Data cannot be processed beyond the purposes informed and consented to by the Data Subjects.

Data Quality: Personal Data subject to Processing must be truthful, complete, accurate, up-to-date, verifiable, and understandable. When partial, incomplete, fragmented, or misleading Personal Data is in possession, FIRMA SEGURO must abstain from Processing them or request the Data Subject to complete or correct them.

Information Delivery to the Data Subject: When requested by the Data Subject, FIRMA SEGURO must provide them with information about the existence of Personal Data concerning the requester. The unit responsible for the protection of personal data at FIRMA SEGURO will carry out this information delivery (see section 6 of this Policy).

Restricted Circulation: Personal Data may only be Processed by FIRMA SEGURO personnel who are authorized to do so or who, within their functions, are responsible for carrying out such activities. Personal Data may not be disclosed to individuals who are not Authorized or have not been Enabled by FIRMA SEGURO to carry out the Processing.

Timeliness: FIRMA SEGURO will not use the Data Subject’s information beyond the reasonable period required by the purpose that was informed to the Data Subject for their Personal Data.

Restricted Access: Except for expressly authorized data, FIRMA SEGURO may not make Personal Data available for access through the Internet or other mass media of communication unless technical and security measures are established to control and restrict access only to Authorized persons.

Confidentiality: FIRMA SEGURO must always carry out the Processing by implementing the technical, human, and administrative measures necessary to maintain the confidentiality of the data and to prevent its adulteration, modification, consultation, use, access, deletion, or knowledge by Unauthorized persons or by Authorized and Unauthorized persons in a fraudulent manner, or the loss of Personal Data. Any new project involving the Processing of Personal Data must consult this Processing Policy to ensure compliance with this rule.

Confidentiality and Subsequent Processing: All Personal Data that are not Public Data must be treated as confidential by the controllers, even when the contractual relationship or the link between the Data Subject and FIRMA SEGURO has ended. Upon the termination of said relationship, such Personal Data must continue to be Processed in accordance with this Policy and the Law.

Individuality: FIRMA SEGURO will keep separate databases in which it has the quality of Data Processor from the databases in which it is the Data Controller.

Necessity: Personal Data can only be Processed for the time and to the extent justified by the purpose of their Processing.


The Personal Data processed by FIRMA SEGURO must strictly adhere to the following purposes. Likewise, Data Processors or third parties who have access to Personal Data by virtue of the law or contract will keep the Processing within the following purposes:

  1. Manage all the necessary information for the fulfillment of tax and commercial, corporate, and accounting records obligations of FIRMA SEGURO.
  2. Comply with FIRMA SEGURO’s internal processes regarding the administration of suppliers and contractors.
  3. Fulfill service contracts entered into with clients.
  4. Provide services according to the specific needs of participants in simple and/or certified electronic signature activities or clients of FIRMA SEGURO, in order to fulfill the service contracts entered into, including, but not limited to, verifying affiliations and rights of the individuals to whom FIRMA SEGURO’s clients will provide services, using Personal Data for marketing and/or commercialization of new services or products.
  5. Other purposes determined by the data controllers in the process of obtaining Personal Data for Processing and communicated to Data Subjects at the time of data collection.
  6. Control and prevention of fraud and money laundering, including, but not limited to, checking against restricted lists and all necessary information required for SARLAFT.
  7. The archiving process, system updates, protection, and custody of FIRMA SEGURO’s information and databases.
  8. Internal processes within FIRMA SEGURO, for development, operational and/or system management and administration purposes.
  9. Data transmission to third parties with whom contracts have been entered into for scientific, technological, educational, commercial, administrative, marketing, and/or operational purposes, including but not limited to the issuance of ID cards, customized certificates, and third-party certifications, in accordance with current legal provisions.
  10. Maintain and process by computer or other means any type of information related to the client’s business to provide relevant services and products.
  11. Other purposes determined by the data controllers in the process of obtaining Personal Data for Processing, in order to comply with legal and regulatory obligations, as well as FIRMA SEGURO’s policies.


In accordance with the law, Data Subjects have the following rights:

  1. Know, update, and rectify their Personal Data in relation to FIRMA SEGURO or those responsible for their Processing. This right can be exercised, among other things, with respect to partial, inaccurate, incomplete, fragmented data that may lead to errors, or those whose Processing is expressly prohibited or not authorized.

  2. Request proof of the Authorization granted to FIRMA SEGURO, unless the law indicates that such Authorization is not required.

  3. Submit requests to FIRMA SEGURO or the Data Processor regarding how they have used their Personal Data and request that this information be provided.

  4. File complaints with the Superintendence of Industry and Commerce or international entities for violations of the law.

  5. Revoke their Authorization and/or request the deletion of their Personal Data from FIRMA SEGURO’s databases when the Superintendence of Industry and Commerce or an international entity has determined through a final administrative act that FIRMA SEGURO or the Data Processor has engaged in conduct contrary to the law, or when there is no legal or contractual obligation to keep the Personal Data in the responsible party’s database.

  6. Request access and access for free to their Personal Data that have been processed in accordance with Article 21 of Decree 1377 of 2013.

  7. Be informed of any modifications to the terms of this Policy in advance and efficiently before the implementation of the new modifications or, if necessary, the new information processing policy.

  8. Have easy access to the text of this Policy and its modifications.

  9. Access Personal Data under FIRMA SEGURO’s control easily and simply in order to effectively exercise the rights granted to Data Subjects by law.

  10. Know the department or person authorized by FIRMA SEGURO to whom they can submit complaints, queries, claims, and any other requests regarding their Personal Data.

Data Subjects may exercise their legal rights and follow the procedures established in this Policy by presenting their original identification document. Minors may personally exercise their rights or do so through their parents or the adults who hold parental authority, who must demonstrate it through the relevant documentation. Likewise, individuals who have stipulated in favor of another person or for another person, as well as representatives and/or agents of the Data Subject with the corresponding authorization, may exercise the rights of the Data Subject.


FIRMA SEGURO has designated Customer Service Management as responsible for receiving and addressing requests, complaints, claims, and inquiries of all types related to Personal Data. The person in charge of Customer Service will process inquiries and complaints related to Personal Data in accordance with the Law and this policy.

Some of the specific functions of this area regarding Personal Data include:

  1. Receiving requests from Data Subjects, processing and responding to those based on the law or these Policies, such as requests to update Personal Data, requests to know Personal Data, requests for the deletion of Personal Data when the Data Subject provides a copy of the decision of the Superintendence of Industry and Commerce or international entity as established by law, requests for information about the use of their Personal Data, requests to update Personal Data, and requests for proof of the granted Authorization, when it has proceeded according to the law.

  2. Responding to Data Subjects regarding requests that do not comply with the Law.

The contact information for Customer Service is as follows: Physical Address: Calle 30 No. 82 a – 23, Medellín, Colombia; Email:; Phone: +57 4 6043734, Monday to Friday, 8:00 am to 5:00 pm (Colombia Time).

Title of the contact person: Customer Service Specialist.


Inquiries: FIRMA SEGURO will provide mechanisms for Data Subjects, their successors, representatives, and/or legal proxies, those who have stipulated in favor of another or for another, and/or the representatives of underage Data Subjects to make inquiries about what Personal Data of the Data Subject is held in FIRMA SEGURO’s Databases.

These mechanisms can be physical, using certified physical mail, electronic through the email, and by phone at +57 4 6043734. These are the designated channels for receiving requests, complaints, and claims.

Regardless of the medium used, FIRMA SEGURO will keep a record of the inquiry and its response.

If the requester is capable of making the inquiry, as per the criteria set out in Law 1581 and Decree 1377, FIRMA SEGURO will collect all the information about the Data Subject contained in the individual record or associated with the Data Subject’s identification within FIRMA SEGURO’s databases and provide this information to the requester.

If the request cannot be addressed within ten (10) business days, the requester will be contacted to explain the reasons for the pending status of their request. The same medium or a similar one to that used by the Data Subject to submit the request will be used for this communication.

Claims: FIRMA SEGURO has mechanisms for Data Subjects, their successors, representatives, and/or legal proxies, those who have stipulated in favor of another or for another, and/or the representatives of underage Data Subjects to file claims regarding (i) Personal Data processed by FIRMA SEGURO that should be corrected, updated, or deleted, or (ii) the alleged breach of FIRMA SEGURO’s legal duties.

These mechanisms can be physical, using certified physical mail, electronic through the email, and by phone at +57 4 6043734. These are the designated channels for receiving requests, complaints, and claims.

The claim must be submitted by the Data Subject, their successors or representatives, or those accredited in accordance with Law 1581 and Decree 1377, as follows:

It must be addressed to FIRMA SEGURO at the physical address Calle 30 No. 82 a – 23, Medellín, Colombia; email address; and phone +57 4 6043734, Monday to Friday, 8:00 am to 5:00 pm (Colombia Time).

It must contain the name and identification document of the Data Subject.

It must include a description of the facts giving rise to the claim and the desired objective (update, correction, deletion, or fulfillment of duties).

It must indicate the address and contact information of the claimant.

It must be accompanied by all the documentation the claimant wishes to rely on.

Before addressing the claim, FIRMA SEGURO will verify the identity of the Data Subject, their representative and/or legal proxy, or the accreditation of a stipulation in favor of another or for another. To do so, FIRMA SEGURO may require the original identification document of the Data Subject, and special or general powers of attorney or other documents as required, depending on the case.

If the claim or additional documentation is incomplete for any reason, FIRMA SEGURO will request that the claimant rectify the issues once, and they will have ten (10) business days to do so. If the claimant fails to provide the required documentation and information within ten (10) business days from the date of the initial claim, it will be considered as withdrawn.

If, for any reason, the person receiving the claim within FIRMA SEGURO is not competent to resolve it, it will be forwarded to the Customer Service Specialist, and the claimant will be informed of this transfer.

Once the claim is received with complete documentation, a note will be added to the Database where the Data of the Data Subject subject to the claim are stored, stating “claim in progress” and the reason for the claim. This note must be kept until the claim is decided.


This Policy is effective from June 9, 2021. Personal Data that is stored, used, or transmitted will remain in our Database based on the criteria of temporality and necessity for the time required to fulfill the purposes mentioned in this Policy for which they were collected.

[Updated to June 9, 2021]