I. Introduction

Welcome to Empathy’s Personal Data Processing Policy. This document explains in a clear and transparent way how we protect and manage your personal information, ensuring its privacy and security at all times.

Our priority is to respect your rights and provide you with the tools needed to exercise them. If you have any questions or concerns, our team is here to assist you.

II. How do we use your Personal Data?

Empathy collects only voluntarily provided personal data via client interactions, employee relationships, training, and digital platforms. When you share your personal data with us, it may be used for the following purposes:

• To register you in our systems and manage our relationship with you.
• To fulfill contractual, legal, and administrative obligations.
• To send you relevant information about our services or important updates to this policy.
• To respond to your inquiries, requests, or complaints.
• To ensure the safety of our facilities and systems.

Client data is used for service delivery and communication.

Employee data is used for payroll and benefits.

Sensitive Personal Data like health, sexual life, political beliefs, etc is collected only when essential and with prior consent, except in emergencies or legal requirements.

Data From Minors is collected only with guardian consent and for public purposes.

Cookies are used to enhance user experience. Users can disable cookies without affecting access to Empathy’s website

III. What are your rights?

As the Data Subject, you have the right to:

1. Access and know the information we hold about you.
2. Update and correct your data when it is inaccurate or incomplete.
3. Request the deletion of your data if it is no longer needed for the stated purposes.
4. Withdraw your consent, unless there is a legal obligation preventing it.
5. Be informed about how we use your data.

To exercise your rights, please contact us using the channels listed below

IV. How do we protect your Personal Data?

We implement physical, technical, and administrative security measures to:

• Prevent unauthorized access or misuse of your information.
• Ensure the confidentiality of your data.
• Safeguard the integrity and availability of the information in our databases.

Our team follows strict internal protocols to guarantee the protection of your privacy.

Non-compliance may lead to internal sanctions.

Data is transferred internationally only under strict legal conditions (e.g., contracts, public health emergencies) and with strict adherence to Empathy’s policies and laws that apply in this particular case.

V. How long do we keep your data?

We retain your Personal Data only for as long as necessary to fulfill the purposes described above, in accordance with applicable legal requirements. Once these purposes have been achieved, your data will be securely deleted, unless we are required by law to keep it.

VI. How can you exercise your rights or contact us?

If you wish to submit inquiries, requests, or complaints, you can reach our Data Protection Officer through:

• Email:  [email protected] o [email protected]
• Phone: +57 3006146660
• Address: Dg. 30a #15C Sur 148, Office 401, Medellín, Antioquia.

We will respond to your requests within the legally established timeframes.

Empathy has implemented internal procedures and controls to ensure compliance with this Privacy Policy and applicable data protection regulations. These measures include regular monitoring, staff training, and adherence to best practices in data management.

VII. Policy updates

This policy may be updated periodically to reflect changes in our practices or legal requirements. We will inform you of any significant changes through our usual communication channels.

Thank you for trusting us!

We are committed to handling your data responsibly and respectfully, ensuring you always have control over your information.

This policy’s effective from January 2025. Data processing duration depends on legal and operational needs, with some cases being indefinite