The privacy policy as a component of the Terms and Conditions while surfing inside aguabendita.com works as a contract to state the rules about collecting, usage, and storage of data and information from the internauts, besides registration from de website.
Throughout the purchase process at www.aguabendita.com, we will request some personal information from our clients. In compliance with Law 1581 of 2012 "Personal Data Protection Law" and Decree 1377 of 2013, AGUA BENDITA S.A.S. informs that it is responsible for administering said data. According to our policies for the Treatment of personal data, the mechanisms through which we use them are safe and confidential since we have the appropriate technical means to ensure that they are stored to avoid unwanted access by third parties. In that same order, we provide their confidentiality.

We can deliver and send notifications and information that the customer has requested or might be useful to you, thanks to the information provided by him. Including information about our products, services, and offers, unless you specify not wanting contact for these purposes.

Subject to obtaining your knowledge, we can contact them by text message / SMS, M.M.S.), email, direct mail, or telephone. Suppose you do not wish to receive communications through any or all these channels. In that case, you can communicate it at any time through the email customercare@aguabendita.com.co, at WhatsApp + 57-3138007604 or through direct mail to the address Cra 37ª No 2 sur 101- Medellín and will stop receiving such communications.

A. THIRD PARTIES: We may share your data with third parties to help us with any of the functions mentioned in our Privacy Policy. For example, we may use third parties to assist us with delivering promotional products, collecting payments, shipping products, or managing customer service systems. We may exchange information with third parties for fraud protection and risk reduction. Third parties must commit to maintaining the privacy policies of this document for the handling of your data.

B. PAYMENT INFORMATION: Payments made through the site will be processed by our online payment agent PayPal. Only on our website, we will provide your information. Such information is up to date and must be accurate and truthful. If any changes occur to your details, you must update them through the "My Account" page.

Our VTEX electronic commerce technology platform and our payment partner PayPal have the PCI DSS certification to secure handling of the credit card information. While we cannot guarantee 100% security, these systems have proven to be effective in handling proprietary information and will make it difficult for a hacker to decrypt your data.

This personal data treatment policy follows the provisions of Law 1581 of 2012 regulated by Decree 1377 of 2013, and other complementary clauses, which will be applied by AGUA BENDITA S.A.S. concerning the processing of personal data.

A. OBJECTIVE:
In this policy, AGUA BENDITA SAS establishes the necessary guidelines to protect the Personal Data of the Holders, as well as the purpose of collecting the information, establishes the criteria for the collection, storage, use and deletion of the data of the holders, your rights, the obligations of AGUA BENDITA SAS as the person in charge, the channels for answering inquiries and complaints, the procedures for handling these, and the validity of the databases.
B. DEFINITIONS:
● Authorization: Prior, express, and informed consent of the owner to carry out the processing of personal data.
● Database (BB.DD): the organized set of personal data that is subject to Treatment.
● Personal data: any information linked or associated with one or more specific or determinable natural persons.
● Owner: a natural person whose personal data is subject to Treatment.
● The person in charge of the Treatment: natural or legal person, public or private, that by itself or in association with others, carries out the processing of personal data on behalf of the person responsible for the Treatment.
● Responsible for the Treatment: natural or legal person, public or private, who by himself or in association with others, decides on the database or the Treatment of the data.

C. PRINCIPLES:
● Principle of legality regarding data processing: the processing of personal data is a regulated activity that must be subject to Law 1581 of 2012 and other requirements that develop it.
● Principle of security: the information subject to Treatment by the Person in Charge of Treatment or Person in Charge of Treatment referred to in Law 1581 of 2012, must be managed with the technical, human and administrative measures that are necessary to provide security to the records avoiding its adulteration, loss, consultation, use or unauthorized or fraudulent access.
● Principle of purpose: we shall inform the Holder about personal data processing obeys a legitimate purpose following the Constitution and Law 1581 of 2012.
● Principle of freedom: with the prior, express, and informed consent of the Holder, we will exercise the Treatment. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal or judicial mandate that relieves consent.
● Principle of truthfulness or quality: the information subject to Treatment must be truthful, complete, exact, verifiable, and understandable. The processing of partial, incomplete, fractioned, or misleading data is prohibited.
● Principle of transparency: in the Treatment, the right of the Holder to obtain from the Treatment Manager or the Treatment Manager, at any time and without restrictions, we will guarantee information about the existence of data that concerns him or her must be guaranteed.
● Principle of access and restricted circulation: The Treatment is subject to the limits derived from the nature of the personal data, the provisions of this law, and the Constitution. Regard, the Holder should authorize someone to respond for the Treatment or the persons provided for in Law 1581 of 2012.
● Principle of confidentiality: all persons who might process personal data must reserve the information. Even at the end of the processing tasks, they may only supply personal data communication when this corresponds to the development of the activities authorized in Law 1581 of 2012 and its terms.
D. RESPONSIBLE:
● Company name: AGUA BENDITA S.A.S.
● Address: Cra 37ª No 2 sur 101
● City: Medellín- Colombia.
● Email: customercare@aguabendita.com.co
● Telephone: (574) 605 18 46
● The area in charge: customer care

E. TREATMENT TO WHICH THE PERSONAL DATA / PURPOSES WILL BE SUBMITTED:
We use the personal information that you provide us for purposes that include, but are not limited to:
● We use your email address to help you create, manage, and maintain an account on our Services, communicate with you, provide you with updates or information you request, and respond to comments and questions.
● We use your email address and phone number to send you security alerts, shipping notifications, and other administrative messages and provide customer support.
● Fill orders for products, services, or information.
● Track and confirm orders online.
● Deliver products.
● Manage a loyalty or fidelity program.
● Provide customer service, respond to requests, complaints, or claims.
● Manage sweepstakes, promotions, or surveys.
● Offer new products and services.
● Improve the effectiveness of our web portal, our marketing efforts, and our services and offers.
● Conduct research and analysis for commercial purposes.
● Evaluate our products' quality and carry out studies on consumption habits, preference, purchase interest, product test, concept, service evaluation, satisfaction, and others related to our products.
● Send marketing communications, offers, or promotions.
● Control and prevent fraud in all its forms.
● To monitor and analyze trends, uses, and activities and improve our Services and product offerings.
● To facilitate transactions and payments.
● To record purchases, you have made through our Services.
● Eventually, you may consult external databases to guarantee the reliability and conformity of the information provided by the client.
● Control and prevent fraud in all its forms.
If you provide us with information about other people or give us information about you, we will only use that information for the specific reason for which it was provided. Some examples include providing an address for mailing advertising, purchases sent to a different address than the buyer as a gift or gift list.

F. WHAT INFORMATION DO WE COLLECT?
a. INFORMATION PROVIDED BY THE USER:
● Registration and profile information: When you create an account or place an order, we ask for your first name, last name, email address, phone number, identification number, payment information, shipping and billing address, neighborhood, city and state where you reside, demographic information may eventually be requested.
● Payment information: When you make a purchase, depending on the payment option chosen, we may use a third-party service provider that handles the transaction for us. In this way, we only receive the approval or rejection information of your payment. Payments made through the site will be processed by our online payment agent PayPal. We will provide your data exclusively on our website. Such information should be up to date and must be accurate and truthful. If any changes occur to your details, you must update them through the "My Account" page.
Our electronic commerce platform VTEX and our payment partner PayPal have the PCI DSS certification to secure handling of the credit card information.
● COMMUNICATIONS: If you contact us directly, we may receive additional information about you. For example, when you contact our customer care team, we will receive your name, email address, phone number, the content of a message or attachments that you can send to us, and other information that you can provide. We may also record your calls with our Customer Service team to handle your inquiry and product training, research, and development purposes.

b. INFORMATION WE COLLECT WHEN USING OUR SITE:
● Location information: When you use our Services, we receive your precise location information. We also infer your more general location information (for example, your I.P. address may indicate your general geographic region).
● Device information: We receive information about the device and the software you use to access our Services, including the Internet protocol (I.P.) address, the type of web browser, the version of the operating system, the telephone operator, and the manufacturer, app installations, device identifiers.
● Usage Information: To help us understand how you use our services and to help us improve them, we automatically receive information about your interactions with our Services, such as the pages or other content you view, the searches you perform, the purchases you make, and the dates and hours of your visits.
● User Comments: We receive information about ratings and comments that you post when you use our Services.

c. INFORMATION WE RECEIVE FROM THIRD PARTIES:
● Information from third-party services: If you choose to link our Services to a third-party account, we may receive information about you, including your profile information, and third-party account usage. Suppose you want to limit the information available to us. In that case, you should visit your third-party accounts' privacy settings to know your options, for example, to log in to our site, you can choose whether you want to log in with your Google or Facebook account.

G. PROCESSING OF SENSITIVE PERSONAL DATA
According to Law 1581 of 2012, sensitive personal data is "those that affect the privacy of the Holder or whose improper use may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions. Also, Membership in trade unions, social organizations, human rights organizations or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties as well as data related to health, sexual life and biometric data. " Within them, the data of minors is also recognized.
AGUA BENDITA S.A.S must process data of this nature, in the development of relations with its employees or candidates in selection processes, especially those related to health, and eventually biometric data to implement security measures in security systems. We will adopt access control to its facilities or some physical space, in any case in the Treatment of said data special security measures. In any case, when one requests authorization for the Treatment of sensitive data, we will advise the owner of the purposes that they will be processed and inform the rights to refrain from answering questions about sensitive data or children's and adolescents' data.

H. PROCESSING OF MINORS DATA
AGUA BENDITA S.A.S in the development of its economic activity tries not to collect information from minors. If you are under 18 years of age, your data can only be entered into our databases with the minor's legal representative's express consent.
Notwithstanding the preceding and if data is provided to us by minors, this data will be subject to the following rules.
Special requirements for the processing of personal data of children and adolescents.
The processing of children and adolescent’s personal data is prohibited, except it is public data, following the provisions of article 7 of Law 1581 of 2012 and when such processing complies with the following parameters and requirements:

1. responds and respects the best interests of children and adolescents.
2. respect for their fundamental rights.

Once the above requirements have been fulfilled, the child or adolescent's legal representative will grant the authorization before the exercise of the minor's right to be heard, an opinion that will be valued is, taking into account the maturity, autonomy, and capacity to understand the matter.
According to the Colombian Constitutional Court, one can process the personal data of minors under 18 years of age, as long as the prevalence of their fundamental rights is not put at risk and unequivocally responds to the realization of the principle of their best interests, without prejudice compliance with the preceding, the collection or request, and any use of the minor's data that are registered in the databases of AGUA BENDITA S.A.S require the express authorization of the legal representative of the child or adolescent, These representatives to whom AGUA BENDITA S.A.S will facilitate the possibility of exercising their rights of access, cancellation, rectification and opposition of the minor.
Every person in charge involved in the processing of children and adolescents' data must ensure their proper use. For this purpose, one must apply the principles and obligations established in Law 1581 of 2012 and the regulatory decree.

The family and society must ensure that those responsible and in charge of processing minor's personal data, comply with the obligations established in Law 1581 of 2012 and the regulatory decree.
AGUA BENDITA SAS will only process minor's data, respecting the principles already indicated in the collection of the authorization, and as long as there is respect for the superior interests of the minors in the Treatment.

I. AUTHORIZATION
For the processing of personal data by AGUA BENDITA S.A.S, the prior will require informed and express authorization of the Holder obtained by consulting by any verbal, written, physical, or electronic means. Later, without prejudice to the exceptions provided by law, understand that in any case, that one gives this authorization when registering in our offices, points of sale, and on the website, accepting the collection and data processing. AGUA BENDITA S.A.S will keep the proof of said authorizations appropriately, respecting the principles of confidentiality and privacy of information.

Any modification to these policies or how you use your Personal Information will be announced and published through a notice before applying the new conditions. All modified terms will automatically take effect five (5) days after the appearance of a notice on our website.

J. CASES IN WHICH AGUA BENDITA SAS DOES NOT REQUIRE AUTHORIZATION FOR THE PROCESSING OF THE DATA, OR FOR THE DELIVERY OF THE DATA IN ITS POWER

• When the information is requested from AGUA BENDITA SAS by a public or administrative entity acting in the exercise of its legal functions or by court order.
• In the case of a public nature data because the applying law does not protect them.
• Events of medical or health emergency duly verified.
• In those events where the information is authorized by law to fulfill historical, statistical, and scientific purposes.
• In the case of data related to the civil registry of persons or that resides in public records. Because this information is not considered as data of a private nature.

K. DATA SECURITY: We use specific organizational security measures, physical techniques designed to ensure the integrity and security of the personal information that we process. We take steps to ensure that your personal information is treated securely and in accordance with this Privacy Policy. Unfortunately, the Internet cannot be guaranteed to be 100% secure. We cannot guarantee the security of the information you provide us. We will do everything possible and, in our power, to ensure that the information you provide is under our domain and control, avoiding its alteration, loss, consultation, use, or unauthorized or fraudulent access.

L. VALIDITY OF THE POLICY: This Policy is effective since February 5, 2016.
The Personal Data provided will be kept as long as its deletion is not requested by the interested party (unless it is requested and there is a legal duty to keep it). The AGUA BENDITA S.A.S databases will have an indefinite period of validity since their Treatment will be necessary. At the same time, AGUA BENDITA S.A.S subsists and the development of its corporate purpose. In any case, this term will not last less than (50) years. This version of this policy governs from the date of its publication, which completely replaces any previous provision or data treatment policy. It will be indefinitely in our domain, and for as long as AGUA BENDITA SAS executes the activities described. In it and they correspond to the treatment purposes that inspired this policy.

Any modification made to this policy will be published in the same way as the initial policy.
M. RIGHTS OF THE HOLDERS: The holders of personal data have the following rights:
a. Know, update, and rectify your personal data in front of those responsible or in charge of the Treatment, for the case AGUA BENDITA S.A.S. This right may be exercised, among others, against partial, inaccurate, incomplete, fractioned, misleading data, or those whose Treatment is expressly prohibited or has not been authorized.

b. Request proof of authorization granted to the data controller, except when expressly exempted as a requirement for the Treatment, in accordance with the provisions of article 10 of Law 1581 of 2012.

c. Be informed by the person in charge of the Treatment, upon request, regarding the use that has been given to your personal data.
d. Submit complaints to the Superintendence of Industry and Commerce for violations of this policy's provisions and the rules that regulate it.

e. Revoke the authorization voluntarily and request the data's deletion when the Treatment does not respect the principles, rights, and constitutional and legal guarantees. The revocation and deletion will proceed when the Superintendence of Industry and Commerce has determined that in the Treatment, the person in charge has incurred in conduct contrary to the Constitution and the Law.

f. Free access to your personal data that has been processed.

N. PROCEDURE FOR EXERCISE OF RIGHT BY THE HOLDERS: The holders of personal data should direct their queries, requests or claims to the email: customercare@aguabendita.com.co

a. Queries: AGUA BENDITA S.A.S., must answer queries within a term of ten (10) business days from the date it was received. When it is not possible to comply with this time, the interested party must be informed stating the reasons for the delay and the date on which the consultation will be attended in a term not exceeding five (5) days.
b. Claims: The owner or successor in title who consider that the information contained in a database should be subject to correction, updating or deletion, or when they notice the alleged breach of any of the duties contained in the law or this policy, may submit a claim to AGUA BENDITA S.A.S, which will be processed under the following rules:
● The claim will be formulated utilizing a request addressed to the person in charge of the Treatment, to the email customercare@aguabendita.com.co with the identification of the owner, the description of the facts that give rise to the claim, the address, and accompanying with the documents that you want to assert yourself.
● If the claim is incomplete, AGUA BENDITA S.A.S. will require the interested party within five (5) days to correct the faults.
● After two (2) months from the date of the request, without the applicant submitting the required information, it will be understood that the claim has been withdrawn.
● The maximum term to attend the claim will be fifteen (15) business days from the day following the date of receipt. When it is not possible to attend the claim within said term, the interested party will be informed of the reasons for the delay and the date on which their claim will be attended, which in no case may exceed eight (8) business days following the expiration of the first finished.
● The owner or assignee may file a complaint with the Superintendence of Industry and Commerce, once they have exhausted the consultation or claim process or if the person in charge of the Treatment has not had a satisfactory response to their request.

c. Revocation of the authorization or deletion of the data: The holders may at any time request AGUA BENDITA S.A.S, the deletion of their personal data and/or revoke the authorization granted for the Treatment thereof, by filing a claim, in accordance with the provisions of article 15 of Law 1581 of 2012, Decree 1377 of 2013 and the procedure indicated in this policy. The owner or successor might request the said revocation in title to the email customercare@aguabendita.com.co. In the case of emails related to marketing information of the brands that AGUA BENDITA S.A.S. distributes, you may also request the revocation through a link that appears at the end of each email. If the respective legal term has expired, AGUA BENDITA S.A.S has not deleted the personal data; then, the owner will have the right to request the Superintendence of Industry and Commerce revocation of the authorization and/or the deletion of the personal data. Notwithstanding the foregoing, personal data must be kept when required to comply with a legal or contractual obligation.

CONCERNED TO LEGITIMATELY ADVANCE THE CLAIMS AND CONSULTATIONS AND TO WHOM THE INFORMATION OF THE HOLDERS MAY BE PROVIDED TO:

the owners of the data, their heirs, or representatives at any time and through any means when they request it from AGUA BENDITA S.A.S.
judicial or administrative entities in the exercise of functions that ask for any requirement to the company to deliver any information.
third parties that are authorized by law.
third parties to whom the Data Owner expressly authorizes to deliver the information and whose authorization is sent to AGUA BENDITA SAS
CONTACT: To find out what is related to AGUA BENDITA S.A.S.'s data protection policy, you can contact us at (4) 6051846, or by email: customercare@aguabendita.com.co where you can make the respective request.

Cookies or anonymous identifiers are small data files that websites such as www.aguabendita.com or emails store in your browser. Cookies allow us to "remember" information about your preferences and session, and allow you to move within the areas of our website without re-entering your data. This makes it possible to create a more personalized and comfortable shopping experience. Although cookies contain a unique user number, they do not collect or store any personally identifiable information. You can set your preferences in the configurations of your Internet browser so that it does not accept cookies. Although, these cookies are necessary to view, create an account, or make purchases through the AGUA BENDITA S.A.S. website. If you do not have cookies enabled, you will not be able to use the website.
When you first visit our website, you will be asked if you accept our cookies. We use cookies to track your current shopping session, customize your experience, store items in your shopping bag and try to ensure that the ads or offers you see online are more relevant to you. If you click to accept cookies, you are enabling AGUA BENDITA S.A.S. to use your personal information for these purposes. If you do not accept our cookies, the functionality of our website will be severely limited and user experience on our website may be affected. The following type of cookies may be sent eventually:

• Session cookies: Cookies that disappear after closing your browser.
• Persistent cookies: Cookies that remain after closing your browser and can be used by your browser in subsequent visits to our Services.
• Strictly necessary cookies: Essential cookies for the website to provide the service for which it was built.
• Performance cookies: Cookies that collect anonymous information about how people use our website and the data is merged with other users so that we can improve the way the website works.
• Functional cookies: Cookies that remember the choices you make, such as language, search parameters such as size, color or product line. These can be used to give you a more appropriate experience with your selections and make visits more personalized and enjoyable.
• Analytics/activity cookies: Cookies that determine if you have interacted with a certain page.
• Guidance or advertising cookies: Cookies that collect information about your browsing habits to make advertising relevant to you and your interests. They remember the websites he has visited and that information is shared with other parties, such as advertisers.