Privacy Policies
STEMVERSE has created this Privacy and Personal Data Processing Policy with the aim of safeguarding and protecting the information of the data subjects collected or obtained in the future through interactions or transactions.
PURPOSE
To establish the criteria for the collection, storage, use, circulation, and deletion of personal data processed by STEMVERSE
STEMVERSE declares that he/she guarantees the rights to privacy, confidentiality, and good name in the processing of personal data, and consequently, all his/her actions will be governed by the principles of legality, purpose, freedom, truthfulness or quality, transparency, restricted access and circulation, security, and confidentiality.
All persons who, in the exercise of commercial or work activities, provide STEMVERSE with any type of information or personal data may access, update, and rectify it.
SCOPE
This policy applies to all personal information of users.
DEFINITIONS
Authorization: Prior, express, and informed consent of the Data Subject to carry out the processing of personal data.
Database: An organized set of personal data that is the subject of processing.
Personal data: Any information linked to or that can be associated with one or more specific or determinable natural persons.
Private data: Data that, due to its private or confidential nature, is only relevant to the user who owns it.
Public data: Public data includes, among others, data relating to a person’s marital status, their profession or occupation, and their status as a merchant or public servant. This data may be obtained and offered without reservation and regardless of whether it refers to general, private, or personal information.
Semi-private data: Semi-private data is data that is not private, confidential, or public in nature and whose knowledge or disclosure may be of interest not only to its owner but also to a certain sector or group of people or to politics in general, such as financial and credit data related to commercial activity.
Sensitive Data: Sensitive data is understood to be data that affects the Data Subject’s privacy or whose misuse may lead to discrimination, such as data that reveals racial or ethnic origin, political orientation, religious or philosophical beliefs, membership in unions, social organizations, human rights organizations, or that promotes the interests of any political party, among others.
Data Processor: A natural or legal person, public or private, who, either alone or in association with others, processes personal data on behalf of the Data Controller.
Data Controller: The natural or legal person, public or private, who decides on the purpose of the databases and/or their processing.
Data Subject: Natural person whose personal data is subject to processing;
Processing: Any operation or set of operations on personal data, such as collection, storage, use, circulation, or deletion.
User or Expert: Natural or legal persons who use the Website for informational and/or commercial purposes.
PRINCIPLES
For the purposes of ensuring the protection of personal data, STEMVERSE will harmoniously and comprehensively apply the
following principles, in light of which the processing, transfer, and transmission of personal data must be carried out:
Principle of legality in data processing:
Data processing is a regulated activity, which must be subject to the current and applicable legal provisions that govern the subject matter.
Principle of purpose:
The processing of personal data carried out by STEMVERSE or to which he has access will be carried out for a legitimate purpose in accordance with the Colombian Political Constitution, a place in which all data is processed and all clients, patients and users are treated, of which the respective data subject must be informed.
Principle of freedom:
The processing of personal data may only be carried out with the prior, express, and informed consent of the Data Subject. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal, statutory, or judicial mandate that waives consent.
Principle of truthfulness or quality: Information subject to personal data processing must be truthful, complete, accurate, up-to-date, verifiable, and understandable. Processing of partial, incomplete, fragmented, or misleading data is prohibited.
Principle of transparency:
In the processing of personal data, STEMVERSE will guarantee the Data Subject the right to obtain, at any time and without restrictions, information about the existence of any type of information or personal data that may be of interest to them or that they own.
Principle of restricted access and circulation:
The processing of personal data is subject to the limits derived from the nature of the data, the provisions of the law, and the Constitution. Consequently, processing may only be carried out by persons authorized by the data subject and/or by the persons provided for by law. Personal data, except for public information, may not be made available on the internet or other means of dissemination or mass communication, unless access is technically controllable to provide restricted knowledge only to data subjects or third parties authorized by law.
Security principle:
Information subject to processing by STEMVERSE must be handled with the technical, human, and administrative measures necessary to ensure the security of records, preventing their alteration, loss, unauthorized or fraudulent access, or use.
Confidentiality Principle:
All persons who administer, manage, update, or access information of any kind contained in Databases at STEMVERSE are obligated to guarantee the confidentiality of that information. Therefore, they undertake to preserve and maintain in a strictly confidential manner and not disclose to third parties any information they may acquire in the performance of their duties, except when it involves activities expressly authorized by data protection law. This obligation persists and will continue even after the end of your relationship with any of the tasks involved in the Processing.
INFORMATION COLLECTED BY STEMVERSE ON THE PLATFORM stemverse.com.co
STEMVERSE, on its website stemverse.com.co, only collects personal data provided directly by the USER for their registration, and for the purpose of:
– Sending commercial information about offers, promotions, and other information that motivates them to use THE PLATFORM, as well as
– Analyzing the main needs of Users.
In accordance with current regulations on personal, private, and sensitive data, the natural person will use said information solely and exclusively to fulfill the functions and obligations described above, as well as those arising from our contractual obligations. STEMVERSE will also use said information for statistical, marketing, advertising, or notification purposes, among others, unless the user expressly or verbally states that their information must be deleted, rectified, or deleted from the database.
OBLIGATIONS TO THE DATA CONTROLLER.
The user, at the time of completing any survey or entering any type of information through STEMVERSE platforms, expressly or tacitly by submitting the form, expressly consents to the policy for the handling of said information. However, this consent must be free, prior, express, and informed by the data controller for the processing of said data, except in cases expressly authorized by law.
The data controller may express their authorization in the following manner:
(i) By submitting the form.
Authorization may be provided by the data controller, who must sufficiently prove their identity; by the data controller’s legal successors in title, who must prove such status; or by the data controller’s representative and/or attorney-in-fact, upon proof of representation or power of attorney.
LACK OF AUTHORIZATION BY THE DATA CONTROLLER.
User authorization will not be required for the use or provision of the data provided in the following cases:
• When such information is required by a public or administrative entity in the exercise of its constitutional or legal functions.
• When a court order requires.
• In the event of a medical and/or health emergency.
• Processing of information authorized by law for historical, statistical, or scientific purposes.
• Data related to the Civil Registry of Persons.
• Any other information established by law.
PURPOSE OF THE PROCESSING OF PERSONAL DATA BY STEMVERSE
• To coordinate and develop assistance activities and identify the needs of our USERS and/or personal data holders. This includes the preparation of statistics necessary to carry out corrective measures aimed at providing improved technical assistance and response times.
• Respond to all requests and inquiries made by USERS and have the means to contact them.
• Send commercial offers related to what is offered on THE PLATFORM.
• Carry out objection processes, in accordance with the terms and conditions of stemverse.com.co.
RIGHTS OF THE HOLDER REGARDING THEIR DATA
Every USER is the owner of their personal data, as are their heirs or representatives, who may exercise the following rights:
1. To know, update, rectify, and request the deletion of the data held by the company.
2. To be informed of the uses to which their data is being used.
3. Submit the respective complaints and claims to the policy or to the Superintendency of Industry and Commerce, be informed of the filing, the timeframe for their response, and receive a response in a clear, complete, and understandable manner for the user.
4. Revoke the authorization provided to the company for the use of data.
5. Any other obligations established by law.
DUTIES OF STEMVERSE REGARDING DATA
The following duties shall apply to the USER:
1. Request the user’s authorization for the processing of their data in the respective databases and inform them of the intended use.
2. Recognize the exercise of the fundamental right to habeas data.
3. Use the information under maximum security conditions to prevent its loss, manipulation, tampering, or fraudulent use.
4. Update or rectify the information when requested by the user who owns it.
5. Any other obligations established by law.
TRANSFER OF PERSONAL DATA
STEMVESRE may only transfer the USER’s personal data in the following cases:
• When prior, express, and informed consent is obtained from the data subject.
• Respond to any request for information we receive from a competent administrative, judicial, or investigative body.
• Comply with the requirements or natural obligations for the handling of personal data held by the competent administrative authorities.
• Detect, prevent, or otherwise address any fraud, vulnerability, technical, or security incident that may affect the stability, operation, and security of our Website.
AUTHORIZATION FOR THE USE OF USER PERSONAL DATA
By responding to any survey or submission on the website stemverse.com.co, the USER authorizes STEMVERSE to collect, store, use, and transfer their personal data, under the conditions set forth above. STEMVERSE is responsible for the processing and correction of their data in those cases where requested by the USER. All personal data that is not public data will be treated by STEMVERSE as confidential, even after the contractual relationship has ended. Upon termination of the contractual relationship, the USER authorizes STEMVERSE to continue processing their personal data for the purposes described above.
USER SERVICE CHANNEL
The USER, directly or through duly authorized persons, may consult their personal data at any time, especially whenever there are changes to the INFORMATION PROCESSING POLICIES. To do so, they must send a written request to stemverse.com.co stating this intention.
COMPLAINTS
The data subject or their successors in title who consider that the information contained in a database should be corrected, updated, or deleted, or when they notice a presumed breach of any of these obligations, may file a complaint with STEMVERSE, which will be handled as follows:
1. The complaint will be submitted by means of a request addressed to the Data Controller, including the Data Subject’s identification, a description of the facts giving rise to the complaint, the address, and accompanying the documents they wish to assert. If the complaint is incomplete, the interested party will be required within five (5) days of receipt to correct the deficiencies. After two (2) months from the date of the request, if the applicant does not submit the required information, the complaint will be deemed to have been withdrawn. The complaint may be submitted to: STEMVERSE
2. Once the complete complaint is received, a message stating “complaint in process” and the reason for it will be included in the database within a period of no more than two (2) business days. This message must remain in effect until the complaint is resolved.
3. The maximum period for addressing the complaint will be fifteen (15) business days, starting the day following the date of receipt. When it is not possible to address the complaint within this period, the interested party will be informed of the reasons for the delay and the date on which their complaint will be addressed, which in no case may exceed eight (8) business days following the expiration of the first period.
4. A complaint may only be filed with the Superintendency of Industry and Commerce once the consultation or complaint process with the Data Controller or Data Processor has been exhausted. PHYSICAL NOTIFICATIONS
If you wish to submit your complaint physically, it must be sent to this address. The procedure for processing it will follow the procedure described above.
Mall Lemont. Antioquia, Envigado. Colombia.
VALIDITY
This policy is effective as of July 1, 2025.