This store requires javascript to be enabled for some features to work correctly.

envíos internacionales

Idioma

Política de privacidad

Collection of personal information:

At www.zierraleona.com hereinafter "site", we request information from our customers to enhance the experience and communication of products, services and business activities. To this end, we collect information such as your name, email address and address, which are provided by you when you register on our site or when you place an order. For security, information about your payment method is not processed or stored directly by us, to maintain the privacy of the same, the information is treated only between you and our electronic payment system provider PayU.

By using the site www.zierraleona.com, you are agreeing to the policies stated here.
Use of personal information:
At www.zierraleona.com we may use information collected on the site to process and fulfill your request and order. We also use e-mail addresses at various locations within the site in order to send e-mail communications related to your purchase. In addition, the site keeps a record of your purchases and any other information that allows us to enhance and personalize your shopping experience. We also monitor the site to verify traffic patterns in order to improve its design and the products and services we offer.
Through the information you provide us, we may fulfill the purpose of building a better communication about our products, events, commercial activities or personalization of your shopping experience on our site.
All data that you voluntarily provide us at www.zierraleona.com will be treated, in accordance with the provisions of the ZIERRA LEONA Personal Data Use and Database Management Policy can be consulted at www.zierraleona.com /data-policy/.
Security:
Personal information that is received by www.zierraleona.com , is protected from any unauthorized access, processing and/or disclosure. This protection is provided through servers and internal security protocols applicable to its transfer, transmission and in general to all activities related to the treatment established in the Policy of Use of Personal Data and Database Management of ZIERRA LEONA.
Additionally, shopping at www.zierraleona.com is 100% secure. Our e-commerce technology platform and our payment partner PayU Latam have the PCI DSS certification for the secure handling of the information of the means of payment enabled on our platform.
We recommend that you consult PayU's policies and conditions on the web www.payulatam.com/co and use the secure modes of your browsers and internet security programs.
Cookies:
Cookies are small data files that web portals such as www.zierraleona.com , store in your browser and optionally on your hard drive. Cookies allow us to "remember" information about your preferences and session, and allow you to move around areas of our website without re-entering your information. This makes it possible to create a more personalized and convenient shopping experience.
www.zierraleona.com uses a third party to place cookies on your computer to collect non-personally identifiable information. Although cookies contain a unique user number, they do not collect or store any personally identifiable information. Although you can set your Internet browser to not accept cookies, cookies are required in order to view, create an account, or make purchases through the www.zierraleona.com portal.
Usage Restrictions:
ZIERRA LEONA may, in its sole discretion, terminate your account or prevent you from using the www.zierraleona.com portal at any time in accordance with the terms and conditions available at www.zierraleona.com.
User Responsibility:
By accessing this site, you agree not to use any device, software, routine or data to obstruct or attempt to obstruct the proper functioning of the www.zierraleona.com site or any activity conducted on this site. You further agree not to use or attempt to use any engine, software, tool, agent, data or other device or mechanism (including, without limitation, browsers, spiders, robots, digital characters or intelligent agents) to navigate or search the ZIERRA LEONA site other than the search engine or search agents provided by us or available browsers.

Modifications to the privacy policy:
This policy is subject to be updated, for such reason we recommend all users to periodically consult www.zierraleona.com in order to find out how your information is being protected. In any case you can always consult and accept this policy before placing your orders through our site.
The use of this Web page implies that you agree with our Security and Privacy Policy. If you do not agree with these terms, do not use this Web site.
PROCESSING OF PERSONAL DATA
ZIERRA LEONA, is committed to complying with the right to the protection of personal data and the right of all persons to know, update and rectify the information that has been collected about them in databases or files, and other rights, freedoms and constitutional guarantees referred to in Articles 15 and 20 of the Constitution.

1. DEFINITIONS
For the purposes of this document, the following definitions must be taken into account in order to apply the personal data processing policy.

  1. 1. Authorization: Prior, express and informed consent of the holder to carry out the processing of personal data.
  2. 2. Privacy Notice: Verbal or written communication generated by the Controller, addressed to the Data Subject for the Processing of his personal data, by means of which he is informed about the existence of the information processing policies that will be applicable to him, the way to access them and the purposes of the Processing that is intended to be given to the personal data.
  3. 3. Database: Organized set of personal data that is subject to processing.
  4. 4. Personal data: Any information linked or that may be associated to one or more specific natural persons.
  5. 5. Public data: Data that is not semi-private, private or sensitive. Public data includes, among others, data relating to the marital status of individuals, their profession and their status as merchants or public servants. By their nature, public data may be contained, among others, in public records or documents, official gazettes and bulletins, and duly executed court rulings that are not subject to confidentiality.
  6. 6. Sensitive Data: Sensitive data are understood as those that affect the privacy of the Data Subject or whose improper use may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership in trade unions, social organizations, human rights or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data related to health, sex life, and biometric data.
  7. 7. Data Processor: Natural or legal person, public or private, who by himself or in association with others, carries out the processing of personal data on behalf of the data controller.
  8. 8. Data Controller: Natural or legal person, public or private, who alone or in association with others, decides on the database and/or the processing of data. Data subject: Natural person whose personal data is the object of processing.
  9. 9. Processing: Any operation or set of operations on personal data, such as collection, storage, use, circulation or deletion.
  10. 10. Habeas data: Fundamental right of every person to know, update, rectify and/or cancel information and personal data collected and/or processed in public or private databases, in accordance with the provisions of the law and applicable regulations.
  11. 11. Transfer: The transfer of data takes place when the Controller and/or Processor of personal data, located in Colombia, sends the information or personal data to a recipient, which in turn is the Data Controller and is located inside or outside the country.
  12. 12. Transmission: Processing of personal data that involves the communication of the same within or outside the territory of the Republic of Colombia when the purpose of the Processing is carried out by the Processor on behalf of the Controller.

Autorización tácita: se entenderá que el Titular ha otorgado autorización para el tratamiento de sus datos personales cuando mediante su conducta permita concluir de forma razonable que otorgó la autorización.

2. PRINCIPIOS ORIENTADORES PARA EL TRATAMIENTO DE DATOS PERSONALES
La Compañía aplicará de manera armónica e integral los siguientes principios al realizar el tratamiento de datos personales:

  1. 2.1. Principio de legalidad en materia de tratamiento de datos: El tratamiento de datos personales debe sujetarse como mínimo a lo establecido a las leyes vigentes que regulen la materia y disposiciones que la desarrollen.
  2. 2.2. Principio de finalidad: El tratamiento debe obedecer a una finalidad legítima de acuerdo con la Constitución y la ley, la cual debe ser informada al titular.
  3. 2.3. Principio de libertad: El tratamiento sólo puede ejercerse con el consentimiento, previo, expreso e informado del titular. Los datos personales no podrán ser obtenidos o divulgados sin previa autorización, o en ausencia de mandato legal o judicial que releve el consentimiento.
  4. 2.4. Principio de veracidad o calidad: La información sujeta a tratamiento debe ser veraz, completa, exacta, actualizada, comprobable y comprensible. No debe efectuarse el tratamiento de datos parciales, incompletos, fraccionados o que induzcan a error.
  5. 2.5. Principio de transparencia: En el tratamiento debe garantizarse el derecho del titular a obtener del responsable del tratamiento o del encargado del tratamiento, en cualquier momento y sin restricciones, información acerca de la existencia de sus datos personales.
  6. 2.6. Principio de acceso y circulación restringida: El tratamiento se sujeta a los límites que se derivan de la naturaleza de los datos personales, de las disposiciones de la Constitución y la ley. En este sentido, el tratamiento sólo podrá hacerse por personas autorizadas por el titular y/o por las personas habilitadas por la ley o la autoridad judicial.
  7. 2.7. Principio de seguridad: La información sujeta a tratamiento se deberá manejar con las medidas técnicas, humanas y administrativas necesarias para dar seguridad a los registros evitando su adulteración, pérdida, consulta, uso o acceso no autorizado o fraudulento.
  8. 2.8. Principio de confidencialidad: Todas las personas que intervengan en el tratamiento de datos personales que no tengan la naturaleza de públicos están obligadas a garantizar la reserva de la información, inclusive después de finalizada su relación con alguna de las labores que comprende el tratamiento, pudiendo sólo realizar suministro o comunicación de datos personales cuando así lo permita la ley y en los términos que ésta lo disponga.
  9. 3. DERECHOS DE LOS TITULARES
  10. La Compañía en todo tratamiento de datos personales será respetuosa de los derechos de los titulares. Para efectos de la presente manual, el titular de los datos personales tendrá los siguientes derechos:
  11. 1. Conocer, actualizar y rectificar sus datos personales frente a los responsables del tratamiento o encargados del tratamiento. Este derecho se podrá ejercer, entre otros frente a datos parciales, inexactos, incompletos, fraccionados, que induzcan a error, o aquellos cuyo tratamiento esté expresamente prohibido o no haya sido autorizado.
  12. 2. Solicitar prueba de la autorización otorgada al responsable del tratamiento salvo cuando expresamente la ley lo exceptúe.
  13. 3. Ser informado por el responsable del tratamiento o el encargado del tratamiento, previa solicitud, respecto del uso que le ha dado a sus datos personales.
  14. 4. Presentar ante la Superintendencia de Industria y Comercio o ante la autoridad competente en ésta material quejas por infracciones a la ley que regule la protección de datos personales y las demás normas que la modifiquen, adicionen o complementen.
  15. 5. Revocar la autorización y/o solicitar la supresión del dato cuando en el tratamiento no se respeten los principios, derechos y garantías constitucionales y legales. La revocatoria y/o supresión procederá cuando la Superintendencia de Industria y Comercio, o la autoridad competente, haya determinado que en el tratamiento el responsable o encargado ha incurrido en conductas contrarias a la normatividad vigente.
  16. 6. Acceder en forma gratuita a sus datos personales que hayan sido objeto de tratamiento.

3.1 Authorization of the holder
Any processing of personal information by the Company requires the prior and informed authorization of the holder, which must be obtained by any means that may be subject to subsequent consultation.
The authorization shall not be necessary in the exceptions provided by law, by way of example and without prejudice to the rules that modify, add or complement, the authorization shall not be necessary in the following cases:

  1. 1. information required by a public or administrative entity in exercise of its legal functions or by court order.
  2. 2. Data of a public nature.
  3. 3. Cases of medical or sanitary emergency.
  4. 4. Processing of information authorized by law for historical, statistical, or scientific purposes.
  5. 5. Data related to the Civil Registry of persons.

Tacit authorization: it shall be understood that the Data Subject has granted authorization for the processing of his/her personal data when his/her conduct allows to reasonably conclude that he/she has granted the authorization.


3.2 Duty to inform the Data Controller
The data controller, at the time of requesting the authorization to the data owner, shall clearly and expressly inform him/her of the following:

  1. 1. The processing to which their personal data will be subjected and the purpose thereof;
  2. 2. The optional nature of the answer to the questions asked, when they deal with sensitive data or data of children and adolescents;
  3. 3. The rights to which you are entitled as owner;
  4. 4. The identification, physical or electronic address of the person responsible for the treatment.

3.3. Means for granting authorization
The authorization may be recorded in a physical or electronic document, data message, internet, websites or in any format that allows guaranteeing its subsequent consultation, or through a suitable technical or technological mechanism that allows expressing or obtaining the consent, by means of which it may be unequivocally concluded that if the holder had not acted, the data would never have been captured and stored in the database. The authorization will be generated by the Company and will be made available to the holder in advance and prior to the processing of personal data.


4. DUTIES OF THE DATA CONTROLLERS AND DATA PROCESSORS
The data controllers shall comply with the following duties, without prejudice to the other provisions set forth in this manual and in the provisions regulating their activity:


4.1. duties of data controllers.

  1. 1. Guarantee the holder, at all times, the full and effective exercise of the right to the protection of his/her personal data under the terms established in the applicable regulations in force on this matter.
  2. 2. Request and keep a copy of the authorization granted by the holder for the minimum period of time in accordance with the provisions of the regulations in force.
  3. 3. Inform the holder about the purpose of the collection and the rights that he/she has by virtue of the authorization granted.
  4. 4. Keep the information under the security conditions necessary to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.
  5. 5. Ensure that the information provided to the data processor is truthful, complete, accurate, current, verifiable and understandable, in the manner and under the terms authorized by the Data Controller.
  6. 6. Update the information, communicating in a timely manner to the data processor, all developments with respect to the data previously provided by the owner and take other necessary measures to ensure that the information provided to the data controller is kept up to date.
  7. 7. Rectify the information when it is incorrect and communicate the pertinent to the data processor.
  8. 8. To provide to the data processor only data whose processing is previously authorized in accordance with the provisions of the applicable regulations in force.
  9. 9. To require the data processor at all times to respect the security and privacy conditions of the holder's information.
  10. 10. To process the queries and claims formulated in the terms indicated in this manual and in the current regulations applicable to this matter.
  11. 11. To inform the data processor when certain information is under discussion by the owner, once the claim has been filed and the respective process has not been completed.
  12. 12. Inform at the request of the holder on the use given to their data.
  13. 13. To inform the data protection authority when there are violations to the security codes and there are risks in the administration of the holder's information.
  14. 14. Comply with the instructions and requirements given by the Superintendence of Industry and Commerce.

4.2 Duties of data processors.
Data processors shall comply with the following duties, without prejudice to the other provisions set forth in this manual and in the rules that regulate their activity:

  1. 1. guarantee the holder the protection of his personal data at all times, the full and effective exercise of the right of habeas data.
  2. 2. To keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.
  3. 3. Timely update, rectification or deletion of data under the terms of this manual or in accordance with the provisions of the applicable regulations in force.
  4. 4. Update the information reported by the data controllers within five (5) working days from the receipt of your request.
  5. 5. To process the queries and claims made by the owners in the terms set forth in the applicable regulations in force.
  6. 6. Register in the database the legend "claim in process" in the manner regulated by the regulations in force.
  7. 7. Insert in the database the legend "information under judicial discussion" once notified by the competent authority about judicial proceedings related to the quality of the personal data.
  8. 8. Refrain from circulating information that is being disputed by the owner and whose blocking has been ordered by the Superintendence of Industry and Commerce or any other competent authority.
  9. 9. Allow access to the information only to the persons who may have access to it.
  10. 10. To inform the Superintendence of Industry and Commerce or the competent authority when there are violations to the security codes and there are risks in the administration of the information of the owners.
  11. 11. Comply with the instructions and requirements given by the Superintendence of Industry and Commerce or the competent authority in this matter.

5. TREATMENT AND PURPOSES OF THE DATA PROVIDED
The personal data collected will be included in a database and will be used directly or through those responsible or in charge in the terms established in the regulations applicable to this matter, for direct and indirect purposes related to the object and purposes of the company. The general purposes are indicated by way of illustration, without prejudice that each authorization includes the particular purposes with respect to each relationship with the Data Subject:

  1. 1. Operational and registration activities.
  2. 2. Capture, recording, transmission, storage, conservation or reproduction in real time or later of images by video surveillance systems, access controls, closed circuit television in order to ensure the security of goods and persons in the facilities or headquarters of the Company.
  3. 3. Statistical analysis, referencing, consultation in public databases, verification and audits.
  4. 4. To achieve an efficient communication related to our services and other activities related to the company's own functions.
  5. 5. To maintain an efficient communication of the information that is useful in the contractual or commercial links in which the Information Holder is a party.
  6. 6. For statistical, control, supervision and commercial information purposes. As a consequence of the authorization, the Company may collect information on commercial relations with other entities, consultation of financial data in the credit bureaus that manage financial information databases and the data required to manage the contractual or commercial relationship with the Data Subject.
  7. 7. To comply with the obligations undertaken by the Company with the Holders of the Information.
  8. 8. Use in communication campaigns, disclosure and promotion of products, activities or services.

6. TREATMENT OF SENSITIVE DATA
For the purposes of this manual and in accordance with the regulations in force, sensitive data are understood as those that affect the privacy of the holder or whose improper use may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership in unions, social organizations, human rights or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data relating to health, sex life and biometric data.

6.1. Processing of sensitive data
In general terms, the company will refrain from processing sensitive data in accordance with the limitations imposed by the applicable regulations in force. It is understood that this type of data may be processed when one of the following circumstances occurs:

  1. 1. The owner has given his explicit authorization to such processing, except in cases where, in accordance with the provisions of current regulations, the granting of such authorization is not required.
  2. 2. The processing is necessary to safeguard the vital interest of the holder and he/she is physically or legally incapacitated. In these events, the legal representatives must grant their authorization.
  3. 3. The processing is carried out in the course of legitimate activities and with due guarantees by a foundation, NGO, association or any other non-profit organization, whose purpose is political, philosophical, religious or trade union, provided that they refer exclusively to its members or to persons who maintain regular contacts by reason of their purpose. In these events, the data may not be provided to third parties without the owner's authorization.
  4. 4. The processing refers to data that are necessary for the recognition, exercise or defense of a right in a judicial process.
  5. 5. The processing has a historical, statistical or scientific purpose. In this event, the measures leading to the suppression of the identity of the owners must be adopted.

6.2 Processing of personal data of children and adolescents.
The processing of this type of personal data requires special respect for the prevailing rights of children and adolescents.
The use of personal data of children and adolescents is prohibited in the Company except in the cases permitted by the current regulations applicable to this matter.
7. PROCEDURES
RESPONSIBLE FOR THE ATTENTION OF REQUESTS, INQUIRIES AND COMPLAINTS
The Holder may at any time request the Company to access the personal data it has registered, as well as request the correction, updating or deletion of personal data, revoke the authorization granted for the processing thereof and in general exercise the rights granted by law by submitting queries and claims through the following instances or means:
Customers: send a request to the email zierraleonaoficial@gmail.com


7.1. Consultations
The holders or their assignees may consult the personal information of the holder that is in the Company's database. The data controller or person in charge of the processing shall provide them with all the information contained in the individual record or that is linked to the identification of the data subject.
The consultation shall be made by e-mail as indicated in the previous point or by the means enabled by the Company for such purpose, provided that proof of such consultation can be kept.
The consultation shall be answered within a maximum term of ten (10) working days from the date of receipt. When it is not possible to attend to the consultation within such term, the interested party shall be informed, stating the reasons for the delay and indicating the date on which the consultation shall be attended to, which in no case may exceed five (5) working days following the expiration of the first term.


7.2 Claims
The owner or his assignees who consider that the information contained in a database should be corrected, updated or deleted, or when they notice the alleged breach of any of the duties contained in the Constitution and the law, may file a claim with the person responsible or in charge of the processing designated by the Company, which will be processed under the following rules:

  1. 1. The claim shall be formulated by means of a request addressed with the identification of the owner, the description of the facts giving rise to the claim, the address, and accompanied by the documents to be asserted. If the claim is incomplete, the interested party will be required within five (5) days after receipt of the claim to correct the faults. After two (2) months from the date of the requirement, without the applicant submitting the required information, it will be understood that the claim has been abandoned.
  2. 2. In the event that the person receiving the claim is not competent to resolve it, he/she will transfer it to the appropriate person within a maximum term of two (2) business days and will inform the interested party of the situation.
  3. 3. Once the complete claim has been received, a legend will be included in the database stating "claim in process" and the reason for the claim, within a term not exceeding two (2) business days. Said legend shall be maintained until the claim is decided.

PRIVACY NOTICE
The Privacy Notice is the physical, electronic or any other format known or to be known, which is made available to the Holder for the processing of their personal and sensitive data. Through this document, the Holder is informed about the existence of the information processing policies that will be applicable to him/her, the way to access them and the characteristics of the processing that is intended to be given to personal and sensitive data.
PROCEDURE FOR THE STORAGE OF PERSONAL DATA INFORMATION
The company will adopt all appropriate and sufficient technical and administrative measures that allow the care and preservation of the personal data of the owners, avoiding its adulteration, loss, consultation, use or unauthorized or fraudulent access.
Likewise, the implementation of these measures will allow the conservation of the authorization granted by the owners of the personal data for the treatment of the same. The company will adopt all the mechanisms to keep the confidentiality of the information and will refrain from using the information for purposes other than those expressly authorized by the owner.
FINAL DISPOSITION AND SECURITY OF THE DATA
The persons in charge of each database and the Systems and Technological Support Manager are responsible for ensuring that only authorized employees have access to the Company's personal databases. The company has secure protocols at the computer level, access restrictions and internal development practices of secure software to protect the information stored.
At the time when the Data Subject so requests or when the information of the Data Subject is not required by the Company according to the processing policies and the purposes set forth in this Manual, the information of the Data Subject contained in the respective Databases will be deleted.


8. TRANSFER OF DATA
The transfer of data takes place when the Controller and/or Processor of personal data in accordance with the provisions of this Manual, sends the information or personal data to a recipient, which in turn is the Data Controller and is located inside or outside the country.
The transfer of personal data is allowed as long as the Data Subject has authorized the transfer by any of the means and in accordance with the provisions of paragraph 3.1 of this Manual. In any case, the Receiver of the information must guarantee the security of the information and adequate levels of data protection.

TRANSFER OF DATA TO THIRD COUNTRIES
The transfer of personal data of any kind to countries that do not provide adequate levels of data protection is prohibited. It is understood that a country offers an adequate level of data protection when it complies with the standards set by the Superintendence of Industry and Commerce on the matter.
The prohibition does not apply when: Information with respect to which the owner has given express and unequivocal authorization for the transfer. Exchange of medical data, when so required by the treatment of the holder for reasons of health or public hygiene. Banking or stock exchange transfers, in accordance with the applicable legislation. Transfers agreed within the framework of international treaties to which the Republic of Colombia is a party, based on the principle of reciprocity. Transfers necessary for the execution of a contract between the holder and the data controller, or for the execution of pre-contractual measures, provided that the holder's authorization is obtained. Transfers legally required for the safeguarding of public interest, or for the recognition, exercise or defense of a right in a judicial process, as well as other cases determined by law, the Superintendence of Industry and Commerce or the competent authority.


9. CONTACT INFORMATION FOR THE PROCESSING OF PERSONAL DATA
For purposes of requesting clarifications, filing complaints or claims or generally requesting any information regarding the processing of personal data, the Company has enabled the following instances or means:
Customers: send a request to the e-mail zierraleonaoficial@gmail.com or through Contact Us on our website zierraleona.com.


10. EFFECTIVE DATE AND PERIOD
This Manual of Policies and Procedures for the Treatment of Personal Data will be effective as of June 17, 2020.
Period of validity: The period of validity for the processing of personal and sensitive data will be the reasonable time to fulfill the purposes of the processing of information.