Loading...
Loading...
Last updated January 13, 2026
At CSG International Colombia SAS (“CSG,” the “Company,” or the “Controller”), we recognize the importance of the security, privacy, and confidentiality of personal information. This Personal Data Processing Policy (hereinafter, the “Policy”) describes how the Company processes Personal Data, how Data Subjects can contact the Company to exercise their rights, and other related matters.
In general, all information provided by the Data Subjects, or that CSG otherwise collects within the ordinary course of its business, will be processed in accordance with Law 1581 of 2012, Decree 1377 of 2013 (compiled in Decree 1074 of 2015) and other applicable regulations on data protection.
For the purposes of interpreting this Policy, the following definitions shall be taken into account:
Database: an organized set of Personal Data subject to Processing.
Personal Data: any information linked to or that can be associated with a specific or identifiable natural person.
Sensitive Data: any data that affects the privacy of the Data Subject or whose misuse may generate discrimination, such as data that reveals racial or ethnic origin, political orientation, religious or philosophical beliefs, membership in trade unions, social or human rights organizations or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data relating to health, sex life and biometric data.
Processor: natural or legal person, public or private, who, alone or in association with others, carries out the Processing of Personal Data on behalf of the Data Controller.
Applicable law: Law 1581 of 2012, Decree 1377 of 2013 (compiled in Decree 1074 of 2015), Title V of the Single Circular of the Superintendency of Industry and Commerce and other applicable regulations on data protection in Colombia.
Personal Data Processing Policy or Policy: refers to this document, as the Personal Data Processing Policy applied by CSG in accordance with the guidelines of current legislation on the matter.
Responsible: natural or legal person, public or private, who alone or in association with others, decides on the Database and/or the Processing of Personal Data.
Processing: any operation or physical or automated procedures that allow the collection, recording, reproduction, storage, organization, modification, transmission of personal data.
Data Subject: is the natural person whose Personal Data is being processed.
Transmission: refers to the communication of Personal Data by the Controller to a Processor, located within or outside the national territory, so that the Processor, on behalf of the Controller, processes Personal Data.
Transfer: occurs when the Controller and/or Processor of Personal Data sends the information or Personal Data to a recipient, who in turn is a Controller and is located inside or outside the country.
In order to comply with applicable law, when CSG processes Personal Data, it will be governed by the following principles:
Principle of legality: The Processing of Personal Data is an activity that must comply with the provisions of the regulations governing the matter.
Principle of purpose: The Processing must obey a legitimate purpose in accordance with the Constitution and the applicable Law, which must be informed to the Holder by the means provided for by law.
Principle of freedom: Processing may only be carried out with the prior, express, and informed consent of the Data Subject. Personal Data may not be obtained or disclosed without prior authorization, or in the absence of a legal or judicial mandate that waives the requirement for consent.
Principle of veracity or quality: the information subject to Processing must be truthful, complete, accurate, up-to-date, verifiable, and understandable. CSG must refrain from processing partial, incomplete, fragmented, or misleading data.
Principle of transparency: In the Processing, the right of the Data Subject to obtain from the Controller or the Processor, at any time and without restrictions, information about the existence of data concerning him or her in accordance with the rules that regulate this access must be guaranteed.
Principle of restricted access and circulation: Processing may only be done by persons authorized by the Data Subject and/or by persons provided for in the applicable law, for which the Company must take the necessary actions to obtain the corresponding authorization of the Data Subject as necessary.
Security principle: Information subject to Processing by CSG as Controller or Processor, must be handled with the technical, human and administrative measures necessary to ensure the security of the data, preventing its alteration, loss, consultation, use or unauthorized or fraudulent access.
Principle of confidentiality: all CSG staff and others involved in the processing of personal data on behalf of the company are obliged to guarantee the confidentiality of the information.
Principle of demonstrated responsibility: When collecting and processing Personal Data, CSG will implement appropriate and effective measures to comply with the obligations established by applicable law.
Company Name: CSG International Colombia SAS
NIT.: 900809106 – 0
Address: Calle 26 # 92-32, office 333, Bogotá – Colombia
Telephone: 601 6341500
CSG acknowledges that the Data Subject has the right to a reasonable expectation of privacy, taking into account, in all cases, their responsibilities, rights, and obligations to the Company. By virtue of the relationship established between CSG and the Data Subject, we inform you that the Personal Data subject to collection, use, updating, circulation, transmission, transfer, deletion, and, in general, any form of processing, will be done in accordance with the following purposes, which will be previously communicated to the Data Subject, and which, in any case, correspond to the development of its corporate purpose and the ordinary course of its business activities.
1. General Purposes:
The purposes described below apply to all data processed by CSG:
Register the information in the CSG systems.
Perform access controls to the Company's physical or technological facilities.
Perform identity verification processes.
Pay contractual obligations.
To transmit and transfer Personal Data to third parties within and outside of Colombia, complying with the applicable legal safeguards for each of these operations. CSG may transfer or transmit Personal Data to its subsidiaries or entities belonging to the CSG group, as well as within the framework of mergers, consolidations, sales of shares, acquisitions, divestitures or other restructuring processes, and to support external or internal, national or international audits.
Sending information to government or judicial entities at their express request or in the context of disputes.
Support in external or internal audit processes; national or international.
Report on substantial changes in the Policy adopted by
To establish and manage the pre-contractual and contractual commercial, labor, civil and any other type of relationship that arises by virtue of compliance with a legal or contractual obligation in charge of CSG.
Respond to requests, inquiries, claims and/or complaints.
Send information that may be of interest by email, SMS, telephone or any other electronic or physical channel, in accordance with the relationship with CSG.
Conducting consultations and verifications of Personal Data in judicial and/or background databases, of a public or private, national or international nature, for the control and prevention of fraud and money laundering, and all the necessary information required for SAGRILAFT.
Any other purpose that results from the relationship between the Personal Data Holder and CSG or from the authorization given by the Holder.
2. Human Resources:
CSG processes the Personal Data of past and present employees, interns and other staff members, candidates and, in some cases, family members of the above, for the following purposes:
Carry out selection processes.
Manage and process job applications, including passwords used to access the job application portal.
Conduct information searches in public and private, national and international databases to perform background checks and verifications of academic certifications.
Schedule interviews.
Perform analyses and tests related to health status.
Deploy evaluation processes and/or reliability studies of the information.
Include Personal Data in the employment contract, its modifications and other documents necessary to manage the employment relationship and the obligations arising from it.
Identify the challenges employees face so CSG can improve their employee experience.
Analyze issues of diversity, inclusion, and equal opportunities.
Measuring the success of CSG's diversity and inclusion initiatives.
Modify labor agreements taking into account health and disability conditions.
Conduct job performance evaluations and employment promotion programs.
Manage the information necessary for CSG to properly fulfill its obligations as an employer. For example: process the legally mandated affiliations of employees with the Comprehensive Social Security System, Family Compensation Funds, and other matters related to social benefits, contributions, withholdings, taxes, labor disputes, as well as contributions or payments to other entities where employees have previously authorized the processing of their data.
Manage the Personal Data of employees and their family members who have the right to process it in order to carry out the procedures of affiliation to health insurers, family compensation funds, occupational risk administrators and others necessary for CSG, as an employer, to comply with its legal obligations.
Pay the payroll.
To handle requests for the issuance of certificates and other documents related to the employment relationship.
Make contacts in case of emergency.
Keep records related to attendance, vacations and other leave and absences due to illness.
Manage travel and expenses (including organizing travel, tracking/recording corporate credit card transactions, managing expense reports, and managing travel emergencies).
Plan and assign work (including conducting labor analysis and planning).
To ensure the correct application of the provisions of the Internal Work Regulations, including disciplinary procedures and relevant investigations.
Prepare and send reports to public authorities.
Maintain active and historical employment records and keep them up to date.
Support and manage employee work and performance, as well as any health issues.
Managing conflicts of interest.
Publish content on internal communication channels, websites, social media and media outlets of CSG and CSG group member companies.
Those purposes contained in the CSG Systems International Inc. and its affiliates' Global Employee and Staff Privacy Notice; the CSG Systems International Inc. and its affiliates' Acceptable Use Policy; the Diversity, Equity and Inclusion Privacy Notice; the CSG Systems International Inc. and its affiliates' Privacy Notice; the CSG Systems International Inc. and its affiliates' Job Applicant Privacy Notice; and the CSG Systems International Inc. and its affiliates' Reporting Line Privacy Notice.
Provide work tools (including computer tools such as email, computers, mobile devices, access to databases, etc.).
As part of its processing activities, CSG monitors its IT and communications systems and assets, and all work tools, such as employees' desktop and laptop computers, servers, network infrastructure, mobile computing devices, email, social media (related to their work), remote technologies, electronic media, and non-electronic media (paper and others), which may involve the processing of Personal Data. These monitoring activities are carried out by CSG for the following purposes (even after the employment relationship has ended):
Ensure the reliability, integrity, and security of the network and systems.
Protect the security of confidential information, Personal Data and intellectual property that may be stored on the network and systems.
Verify that the use of the systems is legitimate and lawful.
Investigate alleged infractions, misconduct, crimes or disciplinary matters, or possible violations of CSG policies and procedures.
Provide maintenance, support, and troubleshooting for CSG assets.
Provide training and education.
Justify and file business transactions.
To allow business continuity.
Ensure the physical security of CSG's facilities.
Legal defense
3. Suppliers and/or Contractors:
CSG processes the Personal Data of suppliers/contractors (natural persons), individual contractors and their staff, as well as the personal data of the staff and representatives of their suppliers/contractors if they are legal entities, for the following purposes:
Implement processes for selecting and awarding contracts.
Develop proper management of the contractual relationship.
To inform, communicate, organize, control, attend to and certify the activities related to your status as a supplier and/or third party related to CSG, and other associated processes under the responsibility of CSG.
Pay the invoices and receipts submitted to CSG, including managing bank account numbers for the correct processing of payment.
Evaluate the services or goods offered or provided.
To comply with any other legal obligation that falls under the responsibility of CSG.
Analyze the financial, technical and other aspects that allow CSG to identify the contractor/supplier's ability to meet its obligations.
To fulfill the obligations arising from the business relationship.
To provide assistance and/or general and/or commercial information.
4. Customers:
CSG processes the Personal Data of clients who are natural persons, and of its staff, as well as that of the staff and representatives of its clients if they are legal persons, in accordance with the following purposes:
Preparation of budgets and proposals.
Develop proper management of the contractual relationship.
To inform, communicate, organize, control, attend to and certify the activities related to your status as a client and/or third party related to CSG, and other associated processes under the responsibility of CSG.
Issue invoices and receipts submitted to CSG.
To comply with any other legal obligations that are the responsibility of CSG.
To fulfill the obligations arising from the business relationship.
To provide assistance and/or general and/or commercial information.
Register orders.
Deploy customer loyalty management actions.
5. People recorded and monitored by closed-circuit television:
CSG uses closed-circuit television (CCTV) to monitor its physical facilities, which entails the Processing of Data for the following purposes:
Maintaining security at CSG facilities.
Conducting research activities related to the commission of crimes, offenses and irregularities.
Provide training to CSG's human resources.
Holders may exercise the following rights against CSG:
To know, update and rectify your Personal Data with the Data Controller or Data Processor. This right may be exercised, among others, with respect to data that is partial, inaccurate, incomplete, fragmented or misleading.
Request proof of the authorization granted to the Data Controller except when expressly exempted as a requirement for the Processing.
To be informed by the Data Controller or the Data Processor, upon request, regarding the use that has been made of your Personal Data.
To file complaints with the Superintendency of Industry and Commerce for violations of the provisions of the applicable Law and other regulations that modify, add to or complement it.
Revoke authorization and/or request the deletion of Personal Data, unless there is a legal or contractual obligation that entitles CSG to retain the information
Access your Personal Data free of charge.
The Chief Compliance Officer is responsible for handling inquiries, requests, and complaints, and generally overseeing compliance with applicable law within CSG . Data subjects may exercise their rights verbally, by submitting a written communication, and/or by sending an email through any of the following contact channels:
Address: Carrera 11 No. 93 A- 83, Spaces building, Bogotá – Colombia
Inquiries: Data Subjects wishing to make inquiries should note that CSG, as the Data Controller, will provide them with the requested information and, if no specific information is requested, all information contained in the individual record or linked to the Data Subject's identification. Inquiries must be submitted through the channels provided by CSG and will be addressed within a maximum of ten (10) business days from the date of receipt of the request. If it is not possible to address the inquiry within this timeframe, the interested party will be informed of the reasons for the delay and the date on which their inquiry will be addressed, which in no case may exceed five (5) business days following the expiration of the initial timeframe, without prejudice to the provisions contained in special laws or regulations issued by the National Government, which may establish shorter timeframes, taking into account the nature of the Personal Data.
Complaints : The Data Subject who believes that the information contained in a CSG Database should be corrected, updated or deleted, or who notices the alleged breach of any of the duties contained in the applicable Law, may file a complaint with CSG or the Data Processor, which will be processed under the following rules:
The complaint will be made by means of a request addressed to the Data Controller or the Data Processor, with the identification of the Data Subject, the description of the facts that give rise to the complaint and the address, accompanying the documents that you wish to use.
If the claim is incomplete, the interested party will be required to correct the deficiencies within five (5) days of receiving the claim. If two (2) months have passed since the date of the request without the applicant submitting the required information, it will be understood that they have withdrawn the claim.
If the person receiving the complaint is not competent to resolve it, they will forward it to the appropriate person within a maximum of two (2) business days and inform the interested party of the situation.
Once the complete claim is received, within no more than two (2) business days, a note stating "claim in process" and the reasons for it will be added to the Database. This note must remain until the claim is resolved.
The maximum time to address the claim will be fifteen (15) business days, starting from the day after the date of receipt. If it is not possible to address the claim within this period, the interested party will be informed of the reasons for the delay and the date on which their claim will be addressed, which in no case may exceed eight business days following the expiration of the initial period.
In accordance with the security principle established in Law 1581 of 2012, CSG has adopted and incorporated into its various processes the necessary and appropriate technical, human, and administrative measures to ensure the security of records containing personal information, preventing their alteration, loss, unauthorized or fraudulent access, use, or disclosure. Personnel processing personal data will follow the protocols established by CSG to guarantee information security. This will be done in accordance with the current state of technology, the type and nature of the data contained in the databases, and the risks to which it is exposed.
Personal Data obtained by CSG through any format, contract, physical or electronic communication, will be treated with confidentiality and discretion, committing to maintain due secrecy regarding them and guaranteeing the duty to store them by adopting the necessary measures to prevent their alteration, loss and unauthorized processing or access, in accordance with the provisions of the applicable Law.
CSG may only process Personal Data for as long as is reasonable and necessary, in accordance with the purposes that justified the Processing, taking into account the provisions applicable to the matter in question and the administrative, accounting, tax, legal and historical aspects of the information.
Once the purpose for the Processing has been fulfilled, the Personal Data will be deleted from the Company's files, unless there is a legal or contractual obligation that requires it to keep them in its Databases.
This version of the Policy came into effect on March 14, 2024.