Skip to main content
CoIT — Salesforce Partner

Personal Data Processing Policy

Last updated: 2026-03-07

This personal data processing policy (hereinafter "the Policy") establishes the guidelines under which Colibrí IT S.A.S. (Colibri IT S.A.S., NIT 901.266.708-1) collects, stores, uses, circulates, and deletes personal data, in compliance with Statutory Law 1581 of 2012, Regulatory Decree 1377 of 2013, and other applicable regulations.

1. Definitions

Data subject: natural person whose personal data is subject to processing.
Data controller: Colibri IT S.A.S., which decides on the database and processing.
Data processor: natural or legal person that processes data on behalf of the controller.
Personal data: any information linked to an identified or identifiable natural person.
Sensitive data: data that affects the privacy of the data subject or whose misuse may cause discrimination (racial origin, political orientation, religious beliefs, health data, biometric data).
Consent: prior, express, and informed consent of the data subject for processing.
Database: organized set of personal data subject to processing.
Processing: any operation on personal data (collection, storage, use, circulation, deletion).

2. Guiding principles

Personal data processing at CoIT is governed by the following principles established in Law 1581 of 2012:

  • Legality: processing is subject to current Colombian law.
  • Purpose: processing serves a legitimate purpose communicated to the data subject.
  • Freedom: processing may only be carried out with prior consent from the data subject.
  • Truthfulness: information subject to processing must be truthful, complete, and up-to-date.
  • Transparency: data subjects may know at any time about the existence of their data.
  • Restricted access and circulation: processing is subject to the limits of the Law and authorized purpose.
  • Security: information is protected with technical, human, and administrative measures.
  • Confidentiality: persons involved in processing are obligated to ensure confidentiality.

3. Controller identification

Legal name: Colibri IT S.A.S. NIT: 901.266.708-1 Domicile: Bogota D.C., Colombia Address: Calle 99 #10-57, Edificio Ecoteck, Bogota D.C. Email: info@colibriit.com Phone: +57 604 5626319 Data protection officer: General Management

4. Data subject categories

This policy applies to the following categories of data subjects:

  • Clients and prospects: companies and their representatives who request or contract Salesforce consulting services.
  • Candidates: persons who apply for job openings or submit their resume.
  • Suppliers and partners: contact persons of companies with which we maintain commercial relationships.
  • Website visitors: persons who browse colibriit.com and/or use contact forms.

5. Data collected and purposes

Clients and prospects

  • Name, email, phone, company, job title, service of interest — to manage requests and commercial relationships.
  • Billing data — for tax obligation compliance.

Candidates

  • Name, email, phone, education, work experience — to manage selection processes.

Web visitors

  • IP address, cookies, browsing data — for analytics and experience improvement.

6. Consent

The data subject authorizes processing when: (a) filling out forms on our website, (b) submitting their resume, (c) signing service contracts that include a data processing clause, or (d) any other mechanism that allows concluding consent was granted.

7. Data subject rights

Data subjects have the right to: know, update, and rectify their data; request proof of consent; be informed of data usage; revoke consent; request data deletion; access data free of charge; and file complaints with the SIC. These rights may be exercised through written communication to info@colibriit.com.

8. Inquiry and complaint procedures

Inquiries (Art. 14, Law 1581): will be answered within a maximum of 10 business days, extendable by 5 more days. Complaints (Art. 15, Law 1581): will be answered within a maximum of 15 business days, extendable by 8 more days. Complaints must include: data subject identification, description of facts, supporting documents, and contact information.

9. International transfers and transmissions

CoIT may transfer personal data to data processors located outside Colombia, particularly:

  • Salesforce, Inc. (USA) — CRM platform for client relationship management.
  • Google LLC (USA) — cloud infrastructure (Google Cloud Platform) and analytics.
  • Google reCAPTCHA Enterprise (USA) — spam and automated submission protection for forms.

These transfers are made with adequate guarantees, pursuant to Article 26 of Law 1581 of 2012, and processors comply with equivalent data protection policies.

10. Security measures

CoIT holds ISO 27001 certification (Information Security Management System) as part of its tri-standard Integrated Management System (ISO 9001 + ISO 27001 + ISO 14001). This ensures that we implement technical, administrative, and physical controls to protect personal data against unauthorized access, loss, alteration, or destruction.

11. Effective date

This policy is effective from its publication on the website and will remain in force as long as CoIT performs data processing activities. Data will be retained as long as necessary for the purposes described or as required by legal obligations. Prospect data will be retained for a maximum of 24 months after the last contact.