ITSense Let's talk

Legal

Privacy and personal-data policy.

ITSense Inc. / ITSense S.A.S. processes personal data under Colombia's General Personal Data Protection Regime (Law 1581 of 2012 and Decree 1377 of 2013). For our US and EU clients, our handling principles also align with GDPR (General Data Protection Regulation) and CCPA (California Consumer Privacy Act). This page describes the principles, purposes, and rights that apply.

Privacy Policy

1. Identification of the data controller

ITSENSE S.A.S., a commercial company organized and existing under the laws of the Republic of Colombia, incorporated by sole-shareholder private document on February 21, 2018, registered with the Bogotá Chamber of Commerce under registration number 02922248 dated November 21, 2018, identified with Tax ID NIT. 901159597 – 7.

Headquarters and address: ITSense's main office is located at Carrera 2 #16-45, Chía-Cundinamarca, Colombia. Our New York office is at 447 Broadway, 2nd floor, New York, NY 10013.

Email: protecciondedatos@itsense.com.co

Phone: +57 350 420 4785

2. Principles of data processing

All personal data processed by ITSENSE S.A.S. is handled under the principles of Colombia's General Personal Data Protection Regime, GDPR, and CCPA, in particular:

a. Lawfulness. Personal data is processed in line with applicable Colombian law, GDPR Article 6 lawful bases, and CCPA notice-and-choice requirements.

b. Purpose limitation. Data is processed only for the purposes set out in this policy, consistent with the legal framework that applies. Where local rules go further than Colombian law, we comply with the stricter standard.

c. Freedom / consent. Personal data is processed based on the data subject's prior, express, and informed consent, except where law provides another basis (e.g., contract, legitimate interest, legal obligation).

d. Security. ITSENSE S.A.S. implements technical, administrative, and human safeguards to protect personal data against unauthorized use, alteration, loss, or access. Our software-development practice is aligned with SOC 2-style control families.

e. Confidentiality. Personal data in our databases is processed under strict confidentiality.

f. Accuracy / quality. Information processed by ITSense is kept accurate, complete, current, verifiable, and intelligible.

g. Transparency. Data subjects can obtain information about their personal data at any time, free of charge, following the procedures described below.

h. Restricted access and circulation. Personal data is only processed by personnel authorized by the data subject or by other parties allowed by law.

Processing and purposes

Personal data of any individual with whom ITSENSE S.A.S. has or develops a permanent or occasional relationship will be processed within the applicable legal framework. In any case, personal data may be collected and processed to:

a. Carry out ITSENSE S.A.S.'s corporate purpose under its bylaws. b. Comply with applicable tax and commercial regulations. c. Use information, audiovisual media, IT and technical means for ITSENSE S.A.S. advertising or marketing. d. Conduct video surveillance and security at ITSENSE S.A.S.'s premises and for visitors. e. Comply with Colombian and US labor and social-security law applicable to former employees, current employees, and job candidates. f. Comply with healthcare-sector regulations and requirements from the entities that supervise the provision of healthcare and social-security services in Colombia, such as the Ministry of Health and Social Protection, the National Health Superintendency, departmental and municipal health secretariats, and EPS / IPS, among others. g. Run surveys related to ITSense's services or goods. h. Send commercial information about ITSENSE S.A.S. i. Develop programs in line with our bylaws. j. Meet all of ITSENSE S.A.S.'s contractual, legal, and regulatory commitments.

Sensitive-data processing

Sensitive personal data is used exclusively for purposes related to preventing the spread of contagious diseases (e.g., COVID-19), sanitary checks, and cooperation with state entities — for instance, indicators sent to oversight authorities, population-level health analyses, and risk analysis on tests performed. Sensitive data will never be used, without prior authorization, for marketing, sale of databases, or any purpose foreign to those described in this Policy.

Rights of data subjects

Under applicable data-protection law (Colombian Law 1581 / Decree 1377, plus GDPR and CCPA where relevant), data subjects have the right to:

Access, know, update, and rectify their personal data held by ITSENSE S.A.S. as data controller. This right may be exercised, among other situations, with respect to partial, inaccurate, incomplete, fragmented, misleading data, or data whose processing is expressly forbidden or has not been authorized. Request proof of the authorization granted to ITSENSE S.A.S. for data processing, by any valid means, except where authorization is not legally required. Be informed by ITSENSE S.A.S., upon request, of the use that has been made of their personal data. File complaints with Colombia's Superintendence of Industry and Commerce — or, for EU residents, the relevant Data Protection Authority — for breaches of Law 1581 of 2012 and any related regulations, after a prior request to ITSENSE S.A.S. Withdraw consent and/or request deletion of data. Access free of charge their personal data subject to processing at least once per calendar month, and whenever there are substantial modifications to this policy that warrant new consultations. Under CCPA, California residents may request disclosure of categories of personal information collected, the right to opt out of any "sale" or "sharing" of personal data (we do not sell personal data), and the right to non-discrimination for exercising these rights.

These rights may be exercised by:

The data subject, who must adequately prove their identity through the means ITSENSE S.A.S. provides. Their legal heirs, who must prove that capacity. Their representative or attorney-in-fact, after providing proof of representation. Anyone for whose benefit the data subject has stipulated.

Data controller and processor

ITSENSE S.A.S. acts as data controller. The Administrative department serves as the data processor.

Any communication on this matter should be sent to andrea.franco@itsense.com.co or protecciondedatos@itsense.com.co

Procedure for handling consultations, complaints, requests for rectification, update, and deletion of data

Data subjects or their heirs may consult the personal information held by ITSENSE S.A.S., who will provide all information contained in the individual record or linked to the data subject's identification. ITSENSE S.A.S. likewise provides the mechanism through which the data subject may submit complaints to update, rectify, delete data or definitively withdraw consent.

In any case — regardless of the channel used — consultations will be answered within a maximum of ten (10) business days from receipt. If we cannot answer within that period, we will inform the requester before the 10-day deadline expires, explaining the reason for the delay and indicating the date the consultation will be answered, which may not exceed five (5) additional business days after the original deadline.

Consultations may be sent to andrea.franco@itsense.com.co or protecciondedatos@itsense.com.co

Information-security measures

In compliance with the security principle, ITSENSE S.A.S. adopts the technical, administrative, and human measures necessary to protect records against alteration, loss, unauthorized or fraudulent access, use, or disclosure.

The company is committed to the proper use and treatment of clients' and users' personal data, preventing unauthorized access by third parties that could allow knowledge, modification, disclosure, or destruction of information held in the company's databases. Accordingly, the company has security and access protocols for its information, storage, and processing systems, including physical security-risk controls.

The company will adopt the measures required to comply with Law 1581 of 2012 and any other law that modifies or replaces it, plus GDPR and CCPA as applicable. As part of this legal obligation, we will adopt logical, administrative, and physical security measures appropriate to the criticality of the personal information accessed, to ensure that this information is not used, sold, transferred, or otherwise processed in a manner contrary to the purpose set out in this policy. We will notify any suspected loss, leak, or attack on personal information held in ITSENSE S.A.S.'s databases, once we become aware of such events, through the most relevant or effective mechanisms — e.g., publication on ITSENSE S.A.S.'s website or social channels, direct communication to the affected party's email address on file, or any other channel that guarantees the data subject's right to information. Loss, leak, or attack on personal information also entails the obligation to manage the security incident under applicable legal guidelines.

This policy is in effect as of March 22, 2018. Last reviewed for English-version disclosure: April 2026.

Information-security policy

This document is the exclusive property of ITSENSE S.A.S. Its use must follow the disposition set out in its classification, and the disclosure or reproduction (full or partial) of its content is forbidden without due authorization. Use and distribution are only authorized inside ITSENSE S.A.S. and by duly authorized personnel.

General information-security policy

To preserve the Confidentiality, Integrity, and Availability of information concerning parties involved in the acquisition of software, application, web, mobile-app development services, and any service offered in ITSENSE S.A.S.'s catalog, by managing information-security risks, we always seek to meet the requirements of interested parties, including legal and regulatory ones. Our practice covers SOC 2 control families and aligns with GDPR security requirements.

Compliance with this policy is mandatory for all internal and external collaborators and for organization suppliers. Likewise, Colombian Law 1453 of 2011 against money laundering and terrorism financing is applied through proprietary software (ANALYZER). With this policy, ITSENSE S.A.S. commits to continuously improving its Information Security Management System.

Information-security objectives

To meet the General Information-Security Policy, ITSENSE S.A.S. sets the following objectives:

Optimize technology infrastructure to ensure the confidentiality, integrity, and availability of information by identifying improvements, corrections, monitoring, and tracking of information-processing assets. Manage incidents that affect the confidentiality, integrity, or availability of information by analyzing events, gathering evidence, implementing necessary actions, and learning lessons to prevent future incidents. Manage information-security risks relevant to ITSENSE S.A.S.'s interested parties through the implementation of treatment options and applicable controls. Improve the performance of the Information Security Management System by increasing the effectiveness of information-security controls.

Terms and conditions

The www.itsense.com.co portal is owned by ITSENSE S.A.S. and will be referred to here as "the portal".

Access to and use of the portal — and participation in the forums, platforms, content, or interaction scenarios it offers — is free, and presupposes that you have read and accepted these terms and conditions. From here on, users of the portal will be referred to as "the user". To access the portal, users must be of legal age or be authorized by their legal representatives.

I. Privacy

When the user accesses the portal, ITSENSE S.A.S. may request data on personal information or assets — referred to as "the data" — and will process it exclusively to:

Store it. Maintain and improve service conditions, including maintenance, management, administration, provision, and expansion. Optimize the user's use of services. Offer new transactions associated with operations, including promotions, offers, commercial opportunities, advertising, etc. By accepting this privacy policy, the user expressly authorizes ITSENSE S.A.S. to send commercial information from the portal or third parties through the electronic or physical address registered on the portal. The data will be subject to automated processing by the portal directly or through a secure hosting provider, which will incorporate it into the corresponding automated archives, all under ITSENSE S.A.S.'s responsibility. Where applicable, ITSENSE S.A.S. guarantees full privacy for transactional data, integrity of exchanged messages, and mechanisms to ensure that, once a transaction is completed, there is a record of it. ITSENSE S.A.S. has adopted appropriate security levels to protect data submitted through its services and has taken technical measures within reach to prevent loss, misuse, alteration, unauthorized access, or theft of data. However, security measures are calibrated to the level of risk associated with low-impact information. ITSENSE S.A.S. is not liable for malicious third-party acts that target the security measures adopted. All rights, duties, and obligations, as well as communication channels related to personal-data processing, can be consulted in the Data Treatment Policy. Any transfer of data to third parties by ITSENSE S.A.S., or the use of data for purposes other than those mentioned in these terms, requires the user's express consent through any suitable means.

II. Disclaimers

ITSENSE S.A.S. does not guarantee the availability and continuity of the portal's operation, but will, when possible, advise of interruptions. ITSense also does not guarantee the portal's usefulness for any particular activity, the infallibility of the information it contains, or that the information is correct, current, or complete — and warns that the site may contain technical inaccuracies or typographical errors.

The user must therefore confirm that the information published is accurate and complete before making any decision related to a service, product, or topic described on this site.

It is also not guaranteed that, once an error is reported, it will be repaired or corrected within a specific time.

ITSENSE S.A.S. is not responsible for damages of any kind that may arise from the lack of availability or continuity of the portal's operation, the failure of any usefulness users could attribute to the portal and services, the fallibility of the portal, and in particular — though not exclusively — failures in access to the various web pages or sections of the portal.

ITSENSE S.A.S. is not liable to any party for any damage, of any kind, arising from or related to the portal, its use, or any site or resource linked to or referenced by the portal, nor from the use, download, or access to any included material, information, products, or services.

ITSENSE S.A.S. neither controls nor guarantees — and is therefore not responsible for — the presence of viruses or other elements in the portal's content that could cause alterations to the user's IT system (software and hardware) or to electronic documents and files stored in the user's IT system.

III. Content ownership

The portal may contain texts, notices, images, videos, animations, graphics, databases, applications, application demos, and, in general, a series of legal assets protected by national and international intellectual-property laws. Unless otherwise stated, all content is owned by ITSENSE S.A.S. In sections that include interaction — comments, articles, etc. — owned by the user or third parties, those parties are responsible for authorship, respecting the provisions described below.

No authorization is granted for the total or partial reproduction, translation, inclusion, transmission, storage, or access via analog, digital, or any other system or technology, created or to be created, without the prior written authorization of the rights holder, when ITSENSE S.A.S. requires it, of any content owned by ITSENSE S.A.S. or by third parties that have authorized its use on the portal.

Access to the portal is permitted, in a non-transferable and limited manner, only for personal use or use by the user's staff, provided the content is not modified and the notices of ownership reservation, authorship, or title remain intact. Where downloads are allowed, the situation will be expressly indicated, with specific terms of use stated.

Any violation of these restrictions implies the cancellation, without prior notice, of permissions granted, and the user's resulting obligation to destroy any goods downloaded or accessed through any means.

Except for the limited permission indicated above, ITSENSE S.A.S. does not grant the user — even tacitly — any right or license over any patent, trademark, copyright, or other intellectual-property right. The user may not duplicate any portion of this site's content on another website or any other medium.

Where the user includes their own material in interaction sites, they guarantee to ITSENSE S.A.S. that such materials were created or acquired without violating any third party's rights, allowing ITSENSE S.A.S. to verify this. By the very act of uploading, mounting, including, or attaching any content, the user grants ITSENSE S.A.S. the licenses or authorizations needed to reproduce, adapt, compile, store, and distribute the content provided through this internet page, free of charge and on a non-exclusive basis. This free license includes authorization for ITSENSE S.A.S. to publish content on any electronic or physical medium and to sublicense it to any parent, subsidiary, or affiliate. If the user violates any third-party right, the user agrees to hold ITSENSE S.A.S. harmless against any claim raised by anyone claiming to be the legitimate rights holder.

IV. Linking to and from other portals

Where ITSENSE S.A.S., users, or third parties include links or references to other internet pages accessible from the portal that do NOT belong to ITSENSE S.A.S., its parents, affiliates, or subsidiaries, ITSENSE S.A.S. is not and will not be responsible for them, nor does it exercise control over them or their content. Accordingly, the technical suitability — including security — and the quality of the information they contain are not guaranteed.

Where such links lead to sites belonging to ITSense partners or to ITSense alliance products, the situation will be indicated.

All links from this website must be approved in writing by ITSENSE S.A.S., and links will be accepted as long as they do not imply misleading advertising, or cause confusion as to the approval or recommendation of any product or service, or imply the creation of frames or modify the content in any way. The user accepts that, if ITSENSE S.A.S. so considers, the written permission may be revoked, and the user must remove the links from their pages or portals.

V. Indemnification

Any participation in user-interaction spaces — forums, blogs, chats, etc. — presupposes knowledge and acceptance of these terms of use. In each space of this nature, the user will be identified, or mechanisms will be in place to do so. The intention is that, when a user causes harm to a third party, the user will defend ITSENSE S.A.S. against any claim raised against it.