TAYRONA CAPITAL  

PRIVACY POLICY      

 

 

Welcome to our website – https://tayronacapital.com. We are TAYRONA CAPITAL (hereinafter “TAYRONA”), a world-class, fully regulated financial institution that offers a diversified investment portfolio and distinctive privileges worldwide. As per the provisions of the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA) (hereinafter “PIPEDA”) and other applicable regulations on this matter, TAYRONA is committed to the protection of the rights of data holders (hereinafter the “Data Subjects”) and the information provided by them. The channel that gathers the fundamental elements of Data Protection has been included as the core of this duty and commitment. 

 

This Processing Policy (hereinafter the “Policy”) shall apply to the processing of data that TAYRONA collects through different means, whether face-to-face or digital. In this regard, Data Subjects must read the information in this Policy in detail, as it is intended to provide Data Subjects with a comprehensive understanding of the personal data that TAYRONA collects, the processing of such data, and the procedures available to protect their rights. 

 

The following is information concerning the confidentiality and personal data protection policy in compliance with the provisions of the PIPEDA data protection regulations. 

 

If the Data Subjects disagree with this Policy, they must withhold from providing their data to TAYRONA. 

 

  1. PURPOSE

The purpose of this Policy is to provide the necessary and sufficient information to clients, suppliers, and employees who, in any instance, are associated with TAYRONA; as well as to determine the guidelines to ensure the protection of personal data that are subject to personal data processing through TAYRONA procedures, within the legal framework, policies, and procedures for the attention of the owners’ rights; criteria for collection, storage, use, circulation, and deletion that will be given to personal data. 

 

  1. ADDRESSEES

This policy shall apply to all physical and digital databases that contain personal data and are subject to processing by TAYRONA. Likewise, in the cases in which they operate as accountable for processing personal data. 

 

The policy aims to address persons who are in any way related to TAYRONA and have at their disposal the necessary and sufficient information about the handling and objectives for processing their data, as well as the rights they, as personal data holders, may perform against TAYRONA when it is responsible for the processing of their data. 

 

This policy is of mandatory understanding and compliance by all natural or legal persons accountable for TAYRONA’s personal database processing, especially for the processors of TAYRONA’s database management and those officials and contractors who receive, attend and respond directly or indirectly to requests (queries or claims) for information related to the PIPEDA personal data protection law. 

 

III. OBJECTIVE 

To allow the Information Owners to process agile and legal requests and claims. 

To fully comply with the current regulations regarding Personal Data protection.  

To protect the interests and needs of personal information holders processed by TAYRONA. 

 

  1. DEFINITIONS

The terms whose first letter is capitalised (except when it is exclusively because it starts a sentence or it is a proper name) have the meaning assigned to them below: 

 

“Authorization”: Prior, expressed, and informed consent of the Data Subject to process personal data. 

“Database”: Organized set of Personal Data subject to processing. 

“Personal Data”: Any information linked or that may be associated with one or more determined or determinable natural persons. 

“Data Processor”: Natural or legal person, public or private, who, by themselves or in association with others, performs the Personal Data processing on behalf of the Privacy Officer. 

“Privacy Officer”: Natural or legal person, public or private, who, alone or in association with others, performs decisions on the database and data processing. 

“Data Subject(s)”: Natural person whose Personal Data is subject to Processing. These include, without limitation, TAYRONA’s employees, suppliers, and clients. 

“Processing”: Any operation or set of functions on Personal Data, such as collection, storage, use, circulation, or deletion. 

“Cookies”: Websites send small text to your browser. They allow websites to retain information about visits, making it easier to revisit and make them more useful. 

“PIPEDA”: The Personal Information Protection and Electronic Documents Act (PIPEDA) is a Canadian federal law applicable to collecting, using, and disclosing Personal Information in conducting business in all Canadian provinces. 

“Personal Information”: Includes any objective or subjective information, whether recorded or not, about an identifiable individual; this includes information in any form, such as age, name, identification numbers, income, ethnicity, or blood type; opinions, evaluations, comments, social status, or disciplinary actions; and employee files, credit records, loan records, medical records, the existence of a dispute between a consumer and a merchant, or intentions (e.g., to purchase goods or services, or change job). 

 

  1. PROCESSING RESPONSIBLE

The legal entity responsible for processing the Personal Data provided by the Data Subjects, and therefore, of the Databases, is the company TAYRONA CAPITAL identified with TAX ID No. 002377505. The primary address is 12 B Brookers Lane Toronto Ontario M8V0A4, and the contact telephone and e-mail are +1-647-641-0351 and contactus@tayronacapital.com, respectively. In this regard, Tayrona Capital with e-mail contactus@tayronacapital.com and contact number +1-647-641-0351 is designated as “Privacy Officer”, who will be in charge of the Personal Information controlled by TAYRONA. 

 

  1. CONSENT

The processing of Personal Data by TAYRONA will be carried out after the authorisation granted by the Data Subject. The previous authorisation shall enable TAYRONA to collect and be the responsible party for the Processing of the provided information by the Data Subject and to transfer or transmit it, as the case may be, which shall be obtained by any means subject to prior consultation. According to PIPEDA, there are two forms of consent. The first is express or opt-in consent, which occurs when the person actively manifests (i) in writing, (ii) orally or (iii) through unequivocal conduct of the holder that allows the reasonable conclusion that they granted the authorisation. The second is implied or opt-out consent, which occurs when the person can refuse something and decides not to do so. 

 

VII. LIMITATION AND USE OF COLLECTION 

TAYRONA will only collect the Personal Information needed to meet the specifically identified purposes for which such collection is performed. The Personal Data processing within TAYRONA occurs mainly through the collection, storage, use, deletion, and circulation of Personal Data of i) suppliers, ii) customers, and iii) employees. In this sense, the purpose of this treatment within TAYRONA is divided as follows: 

 

Purpose of Processing Clients’ Personal Data  

TAYRONA collects, stores, and uses Clients’ Personal Data to track the products and services purchased by the client, send communications, send advertising and promotions to those brands that sell their products globally through different commercial establishments, evaluate the quality of services provided, and to contact clients for any need related to TAYRONA business. 

 

Purpose of Processing the Suppliers’ Personal Data 

TAYRONA collects, stores, and uses Suppliers’ Personal Data to maintain direct contact with suppliers, review tax information, and make purchases and payments. TAYRONA’s suppliers are both natural persons and legal entities. 

 

Purpose of Processing Employees’ Personal Data  

TAYRONA collects, stores, and uses Employees’ Personal Data to perform activities aimed at the payment of payroll and welfare benefits, affiliations, administration of active personnel, planning of business activities, sending internal communications, and other actions required for the execution of the employment contract signed with TAYRONA. 

 

When visitors write comments on the site, we collect the data as a comment, the visitor’s IP address and the browser user agent string to assist in spam detection. 

 

An anonymised string created from the Registrant’s email address (also called a hash) may be provided to the Gravatar service to know if it is being used. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. Upon approval of the comment, the profile picture is visible to the public in the context of the Holder’s statement. 

 

Uploading images with embedded location data (EXIF GPS) included should be avoided. Website visitors can download and extract any location data from images on the website. 

 

VIII. LIMITATION OF USE, DISCLOSURE, AND RETENTION 

TAYRONA will only use or share Personal Information for the purposes for which it was collected unless they have the consent or are legally obligated to use or share it for other purposes. The Personal Information provided by the Data Subjects to TAYRONA will be stored and maintained for as long as it is required for the efficient supplying of these services, unless the Data Subjects have given different instructions or, in any case, for the retention period contemplated in the applicable laws. If the Data Subject comments on the website, the comment and its metadata are retained indefinitely. This way, TAYRONA can automatically acknowledge and approve any subsequent comments instead of having them in a moderation queue. In the case of the Data Subjects who enrol on our website (if any), the personal information they provide in their user profile will also be stored. All Data Subjects can view, edit, or delete their personal information at any time (except for their user’s name). The website Privacy Officer can also view and modify that information. 

 

  1. ACCURACY 

All personal information compiled about the Data Subjects shall be accurate, precise, complete, and up-to-date. To this end, if the Data Subject has an account on this website or has placed comments, they may request that TAYRONA send an exported file of the Data Subject’s Personal Data. They may also request that any Personal Data TAYRONA holds about them be deleted. This does not include data that TAYRONA must retain for administrative, legal, or security reasons. 

 

  1. SAFEGUARDS

TAYRONA has adequate security measures to protect Data Subjects’ personal information against loss, theft, or any unauthorised access, disclosure, copying, use, or modification in an appropriate manner to how sensitive the information is. In compliance with its responsibility for the care and protection of information, TAYRONA has physical measures (e.g., locked filing cabinets, office access restriction, and alarm systems), up-to-date technological tools (e.g., passwords, encryption, firewalls, and security patches), and organisational controls (e.g., security clearances, access limitation, staff training, and agreements) in place for this purpose. The factors TAYRONA considers in safeguarding Personal Information include its sensitivity and the risk of harm towards the individual. For example, health and financial information would generally be regarded as sensitive, along with information such as ethnic and racial origins, political opinions, genetic and biometric data, an individual’s sex life or sexual orientation, and religious/philosophical beliefs; the amount of information; the distribution scope; the information format (e.g., electronic or paper); the storage type; and the types and levels of potential risk your organisation may encounter. 

 

  1. TRANSPARENCY

TAYRONA allows Data Subjects access to detailed information about the Policies and personal information practices regarding privacy. As per PIPEDA, TAYRONA’s privacy policy contains Privacy Officer contact details on how Data Subjects can exercise their right of private action; a description of the types of personal information held by the organisation; a copy of any other details disclosing TAYRONA’s policies; and the purpose explanation for which such information is used and how much of it is made available to other related organisations, such as affiliates or third parties. 

 

XII. INDIVIDUAL ACCESS  

The Data Subjects may consult the Personal Information contained in any TAYRONA Database to exercise their rights to know, update, rectify, and delete their personal information or revoke the authorisation granted. 

 

XIII. COMPLIANCE CONTESTATION 

Data Subjects may contest TAYRONA’s compliance with the PIPEDA by filing a complaint. The Data Subject who considers that the information contained in a TAYRONA Database should be subject to correction, updating, or deletion, or when noticing an alleged breach of any of the duties included in PIPEDA, may file a claim to TAYRONA, which will be processed under the following rules: 

  1. The claim shall be formulated through a request addressed to TAYRONA at contactus@tayronacapital.com with the identification of the Data Subject, the description of the facts that give rationale to the claim, the address, and the accompanying documents to be asserted.

If the claim is incomplete, TAYRONA will request the interested party to complete the information sent within five (5) days following the receipt of the claim. After two (2) months from the request date, without the applicant submitting the required information, it will be understood that the claim has been withdrawn. 

  1. The maximum term to address the claim will be fifteen (15) business days from the day following the date of receipt. When it is not possible to address the claim within such terms, the interested party shall be informed of the reasons for the delay and the date on which the claim will be handled, which in no case may exceed eight (8) business days following the expiration of the first term.

 

XIV. DATA SUBJECT RIGHTS 

As per the provisions of the PIPEDA, the Data Subject shall have the following rights: 

(a) To know, update, and rectify all their Personal Data in TAYRONA’s database. 

  1. b) To request proof of the authorisation granted to TAYRONA for their Personal Data processing.
  2. c) To be informed by TAYRONA, upon written request, about the use given to their Data.
  3. d) To file complaints before TAYRONA for not complying with the provisions of the PIPEDA and other rules that modify or supplement them.
  4. e) To revoke the authorisation or request the deletion of their Data when the processing does not respect the constitutional and legal principles, rights and guarantees.
  5. f) To free access to their Personal Data subject to processing.
  6. COOKIES

If the Data Subject comments on our website, they may save their name, e-mail address, and website in Cookies; this is for their convenience so they do not have to re-provide their Personal Information when leaving another comment. These cookies will last for one year. If they visit our login page, a temporary Cookie will be set to determine if their browser accepts Cookies; this Cookie does not contain Personal Information and is discarded when they close their browser. When they log in, several Cookies will also be set to store the Data Subjects’s login information and screen display options. The login cookies last for two days, and the display options Cookies last for one year. If they select “Remember Me”, their login information will remain for two weeks. If they log out of their account, their login Cookies will be deleted. An additional cookie will be saved in their browser if they edit or publish an article; this Cookie does not include Personal Data and indicates the article ID they have edited. It expires after one (1) day. 

 

XVI. INFORMATION USE 

TAYRONA does not disclose, sell, or rent the Personal Information provided by the Data Subjects to third parties. Said information will be kept under the appropriate security and confidentiality conditions, and its use will be exclusively for the purposes for which it was provided. In this sense, TAYRONA will only give this information to the persons established in the PIPEDA and the conditions outlined in this regulatory provision. 

The Data Subjects must consider that the Personal Information requested may be sent to third parties within the framework of TAYRONA’s outsourcing services, who will act as the persons in charge of this information by the obligations established in the PIPEDA. Additionally, such transmission shall be made based on the authorisation given by the Data Subjects in a prior, expressed,  and written manner by means of which the transmission of the Personal Information provided shall be authorised. 

If TAYRONA, in the exercise of its activities, transfers the information collected internationally, it shall ensure compliance with current national regulations on Personal Data Protection. It shall do so based on the authorisation given by the Data Subjects in advance and in writing authorising the Personal Data international transfer.  

TAYRONA may transfer, sell, or assign the information collected in the event of a sale, merger, consolidation, change in corporate control, substantial transfer of assets, and reorganisation or liquidation of the company. 

 

XVII. REQUESTS AND INQUIRIES 

The Data Subject may make inquiries and requests regarding the Personal Information contained in any TAYRONA Database, in writing, addressed to the following e-mail address: contactus@tayronacapital.com. This email must specifically include the request of the Data Subject. Once the information is received, TAYRONA will record the date of receipt and process it. 

The consultation will be answered within a maximum term of ten (10) working days from the date of receipt of the same. When it is not possible to attend the consultation within such term, the interested party shall be informed, stating the reasons for the delay and indicating the date on which the consultation will be attended, which in no case may exceed five (5) working days following the expiration of the first term. 

 

XVIII. MODIFICATIONS 

This Policy may be modified at any time and without prior notice by TAYRONA, for legal or institutional reasons, using a timely communication in which the Data Subjects will be notified of the modifications made. In the event of a substantial improvement to the purposes of the Processing of Personal Data, or terms of those responsible for it, these changes will be informed promptly to the Data Owners and before the implementation of the new policies, by the provisions of Law 1581 of 2012 and Decree 1377 of 2013. 

 

XIX. COMMUNICATION CHANNEL                                                                                                        

If you have any doubts or queries about this Policy or the collection and processing of information by TAYRONA, don’t hesitate to contact us at contactus@tayronacapital.com. Messages will be dealt with as soon as possible. Through this channel, you may communicate and process the exercise of your rights and communicate any indication or knowledge of potential security breaches and/or possible breaches or irregularities regarding data protection regulations or this TAYRONA policy. 

 

  1. VALIDITY

This Policy is effective as of September 1, 2023, until the implementation of a new version