Privacy Policy

At Sumerce Guru we value the privacy of visitors, clients and users of our site. This Privacy Policy explains what personal data we collect, for what purposes, under what legal bases, with whom we share it, and what rights you — as the data subject — can exercise.

This policy should be read in conjunction with our Personal Data Processing Policy (Law 1581 of 2012) and our Cookie Policy.

1. Data controller

2. Applicable legal framework

The processing of personal data by Sumerce Guru is governed by:

• The Political Constitution of Colombia, article 15 (habeas data).
• Colombian Statutory Law 1581 of 2012 — General Regime for the Protection of Personal Data.
• Decree 1377 of 2013, regulating Law 1581.
• Single Regulatory Decree 1074 of 2015 of the Commerce, Industry and Tourism sector.
• The circulars and guidelines of the Superintendence of Industry and Commerce (SIC).
• Regulation (EU) 2016/679 — General Data Protection Regulation (GDPR), where the data subject is located in the European Union.

3. Data we collect

3.1 Data you provide directly

• Identification and contact data: name, email, phone number, company, role.
• Content of communications you send us (emails, WhatsApp messages, forms).
• Contractual and billing information when you engage our Services: ID or tax ID, tax address, bank information for reconciliation.
• Professional information voluntarily shared for the execution of the Services.

3.2 Data collected automatically

• IP address, browser type, operating system, language, device.
• Pages visited within the site, dwell time, traffic source, search terms.
• Data collected via cookies and similar technologies (see Cookie Policy).

3.3 Sensitive data

We do not request or process sensitive data in the ordinary course of our activity (health data, ethnic origin, sexual orientation, religious or philosophical convictions, trade union membership, biometric data). If a specific project requires processing any special category, we will do so with express, specific, written authorization from the data subject, observing the applicable special provisions.

4. Processing purposes

We process your personal data for the following purposes:

1. Contact and request management: responding to inquiries, quotes and information requests.
2. Provision of contracted Services: executing contractual obligations and managing the relationship with the Client.
3. Legal compliance: electronic invoicing, withholdings, tax, accounting and document retention obligations.
4. Commercial communications: sending newsletters, commercial proposals, industry news and educational content, subject to the data subject's authorization.
5. Site improvement: aggregated analysis of site usage to optimize its performance, accessibility and content.
6. Security: preventing fraud, unauthorized access, attacks and malicious behavior.
7. Third-party collaborator management: administering relationships with suppliers, partners and contractors.

5. Legal bases for processing

Processing of your data is based on one of the following, as applicable:

• Prior, express and informed consent of the data subject, granted when filling out forms, accepting banners or initiating conversation through our channels.
• Performance of a contract to which the data subject is a party, or pre-contractual measures taken at their request.
• Compliance with a legal obligation to which Sumerce Guru is subject.
• Legitimate interest of Sumerce Guru, when not overridden by the rights and freedoms of the data subject (e.g., in aggregated analytics and site security).

6. Third parties and data processors

To provide the Services and operate the site we use technology providers acting as data processors under our instruction and control. These include:

• Web hosting and infrastructure: cloud providers (AWS, Cloudflare, Google Cloud or others) and CDN services.
• Email and collaboration: Google Workspace.
• Web analytics: Google Analytics with anonymized IPs.
• Messaging: WhatsApp / Meta Platforms for commercial conversation.
• Commercial management (CRM): customer relationship management tools.
• Electronic invoicing: technology provider authorized by DIAN.
• AI models: providers of language and generative models, when necessary for contracted Services.

These providers process your data solely on our instructions, under contractual agreements requiring adequate levels of security and confidentiality.

7. International transfers

Some of our providers are located outside Colombia, mainly in the United States and the European Union. We ensure that such transfers meet the requirements of article 26 of Law 1581 and, where applicable, the adequate safeguards provided for by GDPR (standard contractual clauses, adequacy decisions or other legitimate mechanisms).

8. Rights of the data subject

As a personal data subject, you have the right to:

• Access, update and rectify your personal data.
• Request proof of the authorization granted to Sumerce Guru.
• Be informed, upon request, about the use given to your data.
• File complaints with the Superintendence of Industry and Commerce (SIC) for infringements of the regulations.
• Revoke authorization or request deletion of the data, provided no legal or contractual duty requires its permanence.
• Access free of charge your data that has been processed.

If you are located in the European Union, you additionally have the rights of access, rectification, erasure, restriction, portability and objection provided for by the GDPR.

9. How to exercise your rights

To exercise any of the rights above, write to contacto@sumerce.guru with the following information:

• Full name and ID number.
• Clear subject line (e.g., "Habeas data query" or "Habeas data claim").
• Description of the right being exercised and the facts giving rise to the request.
• Contact means and details to receive a response.
• Supporting documents, if any.

Response deadlines in accordance with articles 14 and 15 of Decree 1377 of 2013:

• Queries: ten (10) business days, extendable by five (5) additional business days with notice to the data subject.
• Claims: fifteen (15) business days, extendable by eight (8) additional business days with notice to the data subject.

10. Retention period

We retain your data for the time necessary to fulfill the described purposes and applicable legal obligations (tax, accounting, document retention). Upon expiration of such term, data is deleted or irreversibly anonymized.

11. Security

Sumerce Guru applies reasonable technical, human and administrative measures to protect personal data against loss, unauthorized access, alteration, destruction and unauthorized use. Among them:

• In-transit encryption (HTTPS/TLS).
• Role-based access controls and principle of least privilege.
• Periodic backups and recovery plans.
• Audit and review of technology provider security.
• Team training in privacy and information security.

No system is completely infallible. In the event of an incident affecting personal data, we will notify the data subject and the competent authority in accordance with regulations.

12. Minors

Our Services are directed exclusively at adults or organizations represented by adults. We do not knowingly collect data from minors. If you suspect information has been collected from a minor, please write to contacto@sumerce.guru for immediate deletion.

13. Changes to this policy

We may update this policy when necessary due to regulatory, technological or business changes. The current version will always be published at sumerce.guru/en/privacy.html with the last updated date. We recommend periodic review.

14. Contact

For any inquiry regarding this Privacy Policy, please write to contacto@sumerce.guru.