PRIVACY NOTICE

Código Conducta
MTA INTERNACIONAL S.A.S., located in Bogota D.C, Colombia, is responsible and in charge of personal data treatment. According to our personal data treatment, the mechanisms through which we use, are safe and confidential in order to ensure their protection. Contact us: Office Address: Cra 7 # 74-56 Of. 301 Bogotá D.C Email address: info@mtecnicas.com Phone number: (+57 1) 7568102 Bogotá, Colombia

Your personal data will be included in a database and will be used for the following purposes:

In order to a) Implement current contractual relationships with their customers, suppliers and employees, including contractual payment obligations; b) Provide services and products required by their users; c) Report new products or services or changes in them; d) Evaluate the quality of service; e) Carry out internal studies about consumption habits, sociodemographic studies of our workers, contractors and third parties. In addition, evaluate risks in order to prevent risks for workers and business operation; f) Send messages physically, electronically, by cellular or mobile devices, via text message (SMS and MMS) or through any other analogous or digital communication means created or that which will be created for commercial, advertising or promotional information about products, services, events or promotions commercial or not commercial in type, in order to promote, invite, direct, execute, inform and in a general way, carry out campaigns, promotions or competitions of commercial or advertising character, advanced by MTA INTERNACIONAL S.A.S and by third parties; g) Develop the selection, evaluation and employment relationship process; h) Support internal or external audit process; i) Register employees’ and pensioners’ information (active and inactive) in MTA INTERNACIONAL S.A.S ‘s database; i) The people indicated in the authorization granted by the data holder or described in the privacy notice, as the case may be; j) Provide, share, send or deliver personal data to associations, subsidiaries, affiliates or subordinates of MTA INTERNACIONAL S.A.S located in Colombia or any other country in case that said companies require information for purposes indicated here.
LPI occasionally accesses the sensitive information of the worker, just in order to ensure compliance with the requirements of Decree1072 of 2015 – chapter Occupational Health and Safety Management System MTA INTERNACIONAL S.A.S, identifies sensitive data of children and teenagers that may be collected or stored and on these:
-Guarantees the special care and responsibility reinforced in the data treatment, which means a higher demand in the protocols of information security, and in the fulfillment of protective duties.
-In the same way, restrictions in the access and use of the information have been applied. When questioning of the sensitive information arises, these kinds of consultations may be resolved according to the established procedures in the personal data policy treatment.
Information holders are informed that they can consult the personal data policy treatment, which contains our guidelines for the treatment of information, as well as consultation and complaint procedures that will allow you to exert the rights to access, consultation, rectification, upgrade and deletion of data.

INDICE DE POLÍTICAS DE PRIVACIDAD - MTA

PERSONAL DATA POLICY TREATMENT

Business name: MTA INTERNACIONAL S.A.S. Nit: 900.925.777-9 Address: Carrera 7 # 74-56 Office: 301 Bogotá Phone: (1) 7568102 Web page: www.mtecnicas.com

OBJECTIVE AND APPLICATION FIELD:

This document has as an aim to present the guidelines for personal data treatment and protection according to the information disposed in political constitution, Law 1581 of 2012, regulatory decree 1377 of 2013 and other complementary dispositions, as well as part of different mechanisms established by MTA INTERNACIONAL S.A.S. for the protection and security of information for the company managed by different internal and external users that maintain some kind of commercial link with the company. LEGAL REGULATIONS AND APPLICATION AREA. This policy of personal data treatment will be applied by MTA INTERNACIONAL S.A.S. regarding the collection, storage, use, circulation, suppression and all of those activities that constitute personal data treatment.

DEFINITIONS:

For purposes of implementing policy and in accordance with legal regulations, the following definitions will be applied: a) Authorization: Prior consent, expressed and informed to the holder in order to carry out personal data processing, b) Privacy notice: Physical, electronic document or any other format generated by the responsible party which is available to the holder in order to handle their personal data. The privacy note communicates to the holder the information regarding the existing policies of treatment of information that will be applied to them, the way to have access to them and the purpose intended for the personal data, c) Database: Organized set of personal data that is object of the treatment; d) Personal data: Any information linked to or associated with one or more natural or determinable people; e) Public data: Qualified data such as the mandates of law or political constitution and which is not semi private or sensitive. Data on marital status, profession or trade, status as a trader or public servant and those which can be obtained without reservation, are public. By their nature, public data may be contained in public records, public documents, gazettes and official bulletins; f) Private data: It is data that by its intimate or reserved nature is only relevant for holder; g) Sensitive data: those that affect the holder’s privacy or whose abuse may cause discrimination, such as those that show racial or ethnic origin, political orientation, religious or philosophical beliefs, membership of Trade unions, social organization, human rights organizations or that promote interests of any political party or which guarantee rights, and guarantees of opposing political parties, as well as health data, sexual life and biometric data, h) Person in charge of Treatment: Natural or legal person, public or private, by itself or in association with others who performs personal data treatment on behalf of the responsible, I) Responsible of treatment: Natural or juridical person, public or private, by itself or in association with others who decides on data base and treatment data, j) Owner: Natural persons whose personal data are processed, k) Treatment: Any operation or operations done on personal data, such as the collection, storage, use, circulation or elimination of the same.

CONTENT

INFORMATION WE COLLECT MTA INTERNACIONAL S.A.S, being responsible and in charge of treatment through their administrative and operational processes, collects the following personal information from holders:
• Identification data such as names and surnames, company name, document if identification.
• Contact details (Telephone, address, mailing address, email)
• Bank information
• Tax information
• Commercial references
• Work and personal references (when applicable for contractual processes)
• Certificate of Disciplinary and Judicial background
• Other information required for development of contractual object with suppliers or customers

PURPOSE OF PERSONAL DATA COLLECTION AND TREATMENT, MTA INTERNACIONAL S.A.S may use data in order to:

a) Execute current contractual relationship with their customers, suppliers and workers, including contractual obligations of payment
b) Provide services required by their clients.
c) Report new services and changes in them.
d) Evaluate quality of service provided.
e) Carry out internal studies about consumption habits, socio demographic studies of our worker, contractor and third parties, and evaluate preventions of risks for workers and business operations.
f) Send physical, electronic, cellular or mobile devices, via text message (SMS and MMS) or through any other analogous or digital communication means created or to be created, commercial, advertising or promotional information about products, services, events or promotions commercial or not commercial in type, in order to promote, invite, direct, execute, inform and in a general way, carry out campaigns, promotions or competitions of commercial or advertising character, advanced by MTA INTERNACIONAL S.A.S and by third parties.
g) Develop the selection, evaluation and employment relationship process;
h) Support internal or external audit process
i) Register employees’ and pensioners’ information (active and inactive) in MTA INTERNACIONAL S.A.S ‘s database
j) People indicated in the authorization granted by the data holder or described in the privacy notice, as the case may be
k) Provide, share, send or deliver your personal data to associations, subsidiaries, affiliates or subordinates of MTA INTERNACIONAL S.A.S located in Colombia or any other country in the case that said companies require information for purposes indicated here. In respect to the data (i) collected directly from the security points (ii) taken from documents provided by security personnel and (iii) obtained from the videotapes that are performed inside or outside of MTA INTERNACIONAL S.A.S’s offices, these will be used for security purposes, MTA INTERNACIONAL S.A.S’s property and facilities and may be used as evidence in any type of process.

NON SENSITIVE INFORMATION TREATMENT If personal data is provided, this information will be used exclusively for purposes indicated here, MTA INTERNACIONAL S.A.S. will not proceed to sell, license, transmit or disclose it, unless: (i) there is express authorization to do it (ii) it is necessary to enable contractors or agents to provide commissioned services. (iii) it is necessary in order to provide our services (iv) it is necessary to give out to entities that provide marketing services on behalf of MTA INTERNACIONAL S.A.S or to other entities which have market or contractual agreements defined within a legal framework and that they meet the requirements of this law (v) information relates to a company merger, consolidation, acquisition, divesture or other restructuration process (vi) required or permitted by law. MTA INTERNACIONAL S.A.S may subcontract third parties for processing certain functions or information. When processing is effectively subcontracted to third parties or provides personal information to third party suppliers of raw materials, inputs, machinery, equipment, service providers, MTA INTERNACIONAL S.A.S, warns third parties about the necessity to protect personal information with appropriate security measures, information use for its own use is prohibited and it is requested that personal information not be disclosed to others. SENSITIVE INFORMATION TREATMENT FROM CONTRACTING AND MANAGEMENT SAFETY AND HEALTH PROCESSES AT WORK MTA INTERNACIONAL S.A.S accesses worker or contractor sensitive information, in order to ensure compliance of legal requirements of labor management, occupational health and safety management systems according to Decree 1072 of 2015 requirements . With this information MTA INTERNACIONAL S.A.S, identifies sensitive data and children and teenagers data that may be collected or stored and in this: - Guarantees the special care and responsibility reinforced in the data treatment, which means a higher demand in the protocols of information security, and in the fulfillment of protective duties. - In the same way, restrictions in the access and use of the information have been applied. MTA INTERNACIONAL S.A.S, may use and treat data classified as sensitive when: The holder has given his explicit authorization for data treatment, except in cases by law, authorization guarantee is not required,- Treatment is necessary to safeguard holder’s vital interest and is physically or legally incapacitated. In this case, legal representatives must grant their authorization.-Treatment refers to necessary data for recognition, practice or defense in a judicial process by court order. Treatment has a historical, statistical or scientific purpose, or within framework for improvement of processes as long as strong measures are adopted to identify holders’ exclusion.

APPLICABLE PRINCIPLES FOR PERSONAL DATA PROCESSING data treatment in MTA INTERNACIONAL S.A.S, will be governed by the following principles:

a) Legality principle regarding data processing: Personal data processing is a regulated activity that must be subject by law established and other provisions developed.
b) Principle purpose: Data treatment collected must obey legitimate purpose, which should be informed to holder.
c) Freedom principle: treatment can be carried out exclusively with holder’s previously expressed and informed consent. Personal data may not be obtained or disclosed without prior authorization or in absence of legal or judicial disclosure of consent.
d) Truth or quality principle: treatment Information subject must be truthful, complete, accurate, updated, verifiable and understandable. Partial, incomplete, fractional or incorrect data will not be processed.
e) Transparency principle: treatment must guarantee holder right to obtain from MTA INTERNACIONAL S.A.S. at any time and without restrictions, information of the existence of data concerned.
f) Access and restricted circulation principle: treatment is subject to limits derived from the nature of personal data, provisions of current law and constitution. Personal data, except public information and provisions of authorization granted by data holder, may not be available on the internet or other mass communication mediums, unless access be technically controllable to provide restricted knowledge to holders or third parties,
g) safety principle treatment Information subject to MTA INTERNACIONAL S.A.S. must be protected by technical, human and administrative measures necessary to provide records security, preventing adulteration, loss, unauthorized consultation or fraudulent adulteration use or access,
h) confidentiality principle: every person who in involved in personal data treatment is obliged to guarantee information reserve, even after the end of their relationship with any task included in the treatment, FIRST PARAGRAPH: In case sensitive personal data is collected, holder may refuse treatment authorization.

HOLDERS’ RIGHTS TO THEIR PERSONAL DATA TREATMENT BY MTA INTERNACIONAL S.A.S.

Personal data holders by themselves or through their representative or their successor, may exercise the following rights, in respect to personal data by MTA INTERNACIONAL S.A.S:
a) right to access: Under which they may access the personal data under MTA INTERNACIONAL S.A.S control, for free consulting purposes at least once every month and whenever substantial changes to data treatment that motivate new consultations exist,
b) updating rectification and exclusion right of personal data treatment, in such a way that it satisfies treatment purposes.
c) Right to request authorization test: except in events in which according to current legal norms, authorization to do treatment is not required.
d) Right to be informed regarding personal data use,
e) right to complain to industry and commerce superintendence: for violations to provisions in current legislation about personal data.
F) Right to request order compliance issued by industry and commerce superintendence. FIRST PARAGRAPH: In order to exercise right described above, both holder and their representative must prove their identity and if applicable the virtue of the quality the holder represents. SECOND PARAGRAPH: Rights of minors shall be exercised through empowered persons to represent them.

MTA INTERNACIONAL S.A.S Duties:

all those obligated to comply to this policy must keep in mind that MTA INTERNACIONAL S.A.S is obligated to comply duties imposed by law. Consequently following obligations must be complied: A. duties when acting as a responsible:
(i) Request and keep, in foreseen conditions in this policy, respective holder authorization copy.
(ii)Clearly and sufficiently inform holder about collection purpose and rights granted by authorization.
(iii) Discuss personal data treatment by holder request.
(iv) Process complaints and claims formulated on terms indicated in this policy
(v) Ensure that truthfulness, quality, security and confidentiality principles in the following policy.
(vi) Keep information under necessary security conditions to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.
(vii) Update information when necessary.
(viii) Rectify personal data when appropriate. B. Duties when working as data processing manager. If you perform data processing on behalf of another entity or organization (Treatment responsible) you must fulfill the following duties.
(i) Establish the Responsible for the treatment is authorized to provide personal data that he is going to treat like one in charge.
(ii) Guarantee to holder at all the times, the full and effective exercise of rights to habeas data. (iiI) Maintain the information under the necessary security conditions to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.
(iv) Make timely updating, rectification, or exclusion data. (v) Update information reported by managers within five (5) business days from received date.
(vi) Process consultation and claims made by holders on indicated terms in present policy.
(vii) Register in database the legend “claim in process” as established in this policy.
(ix) Insert into database the legend “information under judicial discussion” once notified by competent authority of judicial processes related to personal data quality.
(x) Refrain from circulating information that is being disputed by owner and whose blockade has been ordered by industry and commerce Superintendence.
(xi) Allow access to information only to authorized persons by holder or by law to do so.
(xiii) Inform industry and commerce Superintendence when there are security violations of security codes and there are risks of holders’ security information.
(xiii) Comply with instructions and requirements issued by industry and commerce Superintendence. C. Duties when performing treatment through manager.
(i) Provide to person in charge of treatment only personal data whose treatment is previously authorized. For purposes of national or international transmission data, a contract for personal data transmission or contractual clauses must be signed in accordance to article 25 of decree 1377 of 2013.
(ii) Ensure that information provided to treatment manager is truthful, complete, accurate, updated, verifiable and understandable.
(iii) Communicate in a timely way to data processing officer all new information regarding data they have previously provided and take other measures in order to keep information provided updated.
(iv) Report in a timely way to person in charge of processing the corrections made on personal data in order to make appropriate adjustments.
(v) Require the person in charge of treatment at all times to respect security and privacy holder conditions.
(vi) Inform manager of treatment information when certain information is being discussed by owner, once claims have been fielded and respective processes have not been completed. D. Duties with respect to industry and commerce Superintendence.
(i) inform of possible security violations codes and risks in existence in regards to holder information administration .
(iii) Comply with instructions and requirements issued by industry and commerce Superintendence.

AUTHORIZATION TO PERSONAL DATA HOLDER APPLICATION:

In advance or at the moment of collecting personal data MTA INTERNACIONAL S.A.S, shall request to data holder his authorization to be collected and processed, indicating purpose for which data is requested, using for those purpose technical automated means, written or oral, that allow to preserve authorization test and unequivocally conduct describe in article 7 of decree 1377 of 2013. Such authorization will be requested for the time that be reasonable and necessary to satisfy needs that gave rise to request data and in any case, in compliance with legal provisions governing.

PRIVACY NOTICE:

In the event MTA INTERNACIONAL S.A.S, cannot make the present data policy available to the personal data holder, it will publish the privacy note attached to this document, text will be kept for further reference by data subject and the industry and commerce Superintendence.

TEMPORARY LIMITATIONS ON PERSONAL DATA PROCESSING MTA INTERNACIONAL S.A.S.:

Only collects, stores, uses or circulates personal data for the time it is reasonable and necessary, according to purposes that justified treatment, taking into account the applicable provisions to subject matter and aspects of marketing or productions, administrative, accounting, tax, legal and historical information. Once the purpose of the treatment has been fulfilled and without legal provisions prejudice to the contrary, it will proceed to personal data deletion in its possession. Notwithstanding the foregoing, personal data must be retained when it is necessary for compliance with a legal or contractual obligation.

RESPONSIBLE AREA AND PROCEDURE FOR EXERCISE RIGTHS OF PERSONAL DATA HOLDERS:

MTA INTERNACIONAL S.A.S management will be in charge of rights contemplated in number 4 of this policy, except for the one described in its literal one e) in what is related to customer, suppliers existing and retired contractors and workers. For such purposes, the personal data holder or representative may send his request, complaint or claim from Monday to Friday between 8:00 am and 5:00 pm, to emails info tecnicas.com and administrativatecnicas.com, or call MTA INTERNACIONAL S.A.S phone line in Bogota (1) 7568102 or go to the address corresponding to our offices in Bogotá, located at Carrera 7 # 74- 56 office 301. Holders or their successors may consult holder personal information located in any database, whether in the public or private sector. The person in charge of treatment must supply to these holders all the information contained in each individual registry or that is linked to holder identification. Consultation will be complete through means enabled by the person in charge of treatment as long as proof of this is obtained. Consultation will be attended in a maximum term of ten (10) business days, starting at the date of receipt of the same. When it is not possible to attend the consultation within that term, the interested will be informed, stating reasons for delay and indicating the consultation date, which in any case cannot exceed five (5) business days following first expiration term. Request, complaint or claim must contain holder identification, description of the facts which give rise to the claim, address and with the necessary documents to shows its virtue. If claim is incomplete, interested party will be required within five (5) following days of claim receipt to remedy faults. After two (2) months from request date, without the requested information of the applicant, it will be understood that they have withdrawn the claim. In case the person who receives the complaint is not competent to resolve it, it will transfer to whom it corresponds in a maximum term of two (2) business days and the interested party will be informed. Once a complete complaint has been received, a legend that says “complaint process” and the reason for it, within a period no more than two (2) business days will be included in database. This legend must be maintained until claim is settled. Maximum term to attend the claim will be fifteen (15) business days from the day after receipt. When it is not possible to deal with claim within that term, the interested will be informed of the reasons for delay and date on which their claim will be dealt with, which in no case may exceed eight (8) business days following the expiration of the first time limit..

DATA COLLECTED BEFORE EXPIRATION OF DECREE 13377 OF 2013:

in accordance to provisions in number 3 of article 10 regulatory decree of MTA INTERNACIONAL S.A.S, will publish a notice on its official website www.mtecncias.com addressed to the personal data holder for the purpose of disclosing the present treatment policy for information and how to exercise their rights as personal data holders presented in MTA INTERNACIONAL S.A.S database.

SAFETY MEASURES:

Developing of the safety principle established in law 1581 of 2012 MTA INTERNACIONAL S.A.S, shall adopt technical, human and administrative measures necessary to provide records security, preventing unauthorized or fraudulent adulteration, loss, consultation, use or access. Staff that performs personal data treatment will execute the established protocols in order to guarantee security information.

DATE OF ENTRY INTO FORCE:

Updating of this personal data policy under version 1, becomes effective November 4, 2016. Any change to the present policy, will be reported through the web site www.mtecnicas.com, Sincerely MTA INTERNACIONAL S.A.S. Address: Carrera 7 # 74-56.