General Policies and Guidelines for Personal Data Protection (Privacy Policy)
In compliance with the personal data protection regulation (Law 1266 of 2008, Law 1581 of 2012, Decree 1074 of 2015, and other regulations that modify, complement, or replace them), BANCO DE LA REPÚBLICA (the Central Bank of Colombia), in its capacity as Data Controller, informs its policy and general guidelines for personal data protection (privacy policy) that have been provided to it:
General Information- Data Controller
BANCO DE LA REPÚBLICA, TIN 8600052167, Main Office: Bogotá, D. C.
Contact: Through the Citizen Services System (SAC in Spanish): On-site service points, Call Center (National toll-free line: 01 8000 911745), web-based service
In compliance with Article 25 of Law 1581 of 2012 and its regulatory decrees, Banco de la República registered in the National Registry of Databases (RNBD in Spanish), the databases containing personal data subject to processing and for which it is responsible (controller). The registered databases can be consulted at:
Website of the Superintendence of Industry and Commerce - National Registry of Databases (RNBD)
- Information Security
Banco de la República a is committed to the security and protection of the personal data for which it is responsible. Its management systems for handling information have the current ISO 9001 and ISO/IEC 27001 certifications, the latter referring to information security. The policies and standards of the Bank's information management system are focused on protecting the confidentiality of information. Some mechanisms that support these policies and standards include network access control and/or authentication devices, and software to manage authorization levels and monitor system and registry activity, among others. Documents and information are preserved in compliance with and within the terms set forth in Article 55 of Law 31 of 1992. See the information security policies (only in Spanish).
Specific Policies for the Processing of Personal Data
The specific policies for processing your personal data provided to Banco de la República on account of its constitutional or legal functions or services may be consulted in the regulations of the respective function or service by virtue of which you provided such data to the Bank. Consult the regulations for Central Banking services, and cultural services, only in Spanish (Luis Ángel Arango Library), or access the Citizen Services System (SAC).
Purpose of the Processing of Personal Data
Personal data provided to Banco de la República may be processed (collected, stored, used, put into circulation, or deleted) for the specific purpose for which they were provided, including the construction of indicators and statistics for the monitoring and control of such processes and services, the controls of law, legal oversight, and, in any case, to comply with its other constitutional and legal functions of the Bank.
The specific purpose of the processing of the personal data provided by you to Banco de la República may be found in the regulation of the function or service by virtue of which you provided such data to the Bank. Please consult the regulations for Central Banking services, and cultural services, only in Spanish (Luis Ángel Arango Library), or access the Citizen Services System (SAC).
Particularly, in relation to cultural activity, your personal data may be processed (collected, stored, used, put into circulation, or deleted) in order to adequately provide cultural services offered by the Bank, such as: the Gold Museum, Library Network, Concert Hall of the Luis Ángel Arango Library, Casa de la Moneda (The Mint Museum), Botero Museum, and Miguel Urrutia Art Museum, along with other art, numismatic and philatelic collections, cultural areas, and centers; as well as to disclose our cultural services, products, programs, and events, news of interest related to such activity, including the construction of indicators and statistics for the follow-up of this activity, legal controls or oversight, and, in any case, to comply with the other constitutional and legal functions of the Bank.
Personal Data of Children and Teenagers
It is possible that Banco de la República receives or has received data from children and teenagers who access its services, especially those of a cultural nature, and therefore, the provision of their personal data is optional.
Banco de la República shall ensure the proper use of the personal data of children and teenagers, and shall respect their best interest in their processing, providing the protection of their fundamental rights and, as far as possible, considering their opinion as owners of their personal data.
Sensitive Personal Data
Given the scope of some of the Bank's functions, services, and activities, it is possible that it may receive sensitive personal data, for which it is advised that the provision of such data is optional and, in the event that such data is provided, it will be processed for the purposes mentioned above.
To control and record the entry, stay, and exit of the Bank’s facilities in the development of our security system, it is necessary to record personal data, which may include the verbal provision of primary identification data, the taking of a photograph, fingerprint, and the use of video surveillance, as applicable. In these events, by means of posters or notices or verbally, as the case may be, the purpose and processing of the data collected will be informed.
Recording of Images (Photographs or Videos) During our Events
If you attend our events, please be aware that the events of Banco de la República may be photographed or videotaped, including the attendees or guests, in which case the treatment of your image will have the purpose of using such records in different media such as television broadcasts, the internet, and other written publications related to the events that we promote in the development of our constitutional and legal functions and our institutional communication strategy aimed at promoting the approach of the Bank with the citizens. Given that by attending and participating in this event, you could be part of such records, please consider the personal data processing policies described herein.
Registration at Receptions of Buildings and Areas Where Personal Data Are Collected for Entry to the Facilities or Areas with Video Surveillance
If you are a visitor or user, we inform you that upon entering our facilities, you will be asked to provide or register your personal data in the system, books, or access control forms indicated by our security personnel. This may include taking a photograph, capturing your fingerprint, and the use of video surveillance, as the case may be. Therefore, by providing your information, Banco de la República is authorized to verify it and process it (collect it, store it, use it, or delete it) with the purpose of controlling and registering the entrance, stay, and exit of our facilities in the development of our security system.
As the owner of the personal data provided, you may access, know, update, and rectify them; be informed about their use; submit queries and claims; or request the deletion of these, where appropriate. To do this, you can contact the Citizen Services System (SAC) through the points of on-site services, the call center (national toll-free line: 01 8000 911745), or the web.
Exercise of the Rights of the Holders of the Personal Data
The holders of personal data may access, know, update, and rectify such data; be informed about the use given to them; submit inquiries and complaints about the handling of such data; revoke the authorization; or request the deletion of their data where appropriate and other rights conferred by law.
To exercise your fundamental right of habeas data, you may use the contact mechanisms informed by the Bank or through the Citizen Services System (SAC): On-site service points, Call Center (National toll-free line: 01 8000 911745), or web-based service.
The procedures and terms for the attention of inquiries, claims, and other requests related to the exercise of the right of habeas data shall follow the provisions of Law 1266 of 2008 and the principles on data protection set forth in Law 1581 of 2012.
Cookies Policy
Our websites: the Institutional Site, the Portal de Investigaciones Económicas (the Economic Research Site), and the Portal de la Actividad Cultural (the Cultural Activity Site), among others, use their own and third-party cookies. Cookies are files that are downloaded to a user's computer or mobile device during a visit to the website for the purpose of storing and retrieving data. Like most sites on the Internet, cookies are used on our websites to: i) set levels of protection and information security ii) personalize and facilitate the users’ navigation. Cookies are only associated with an anonymous user and his/her computer; however, they do not provide references that allow to deduce the user's personal data, and iii) to statistically measure the activity of the website, to improve its content based on the qualitative and quantitative analysis of the data usage made by users.
On our websites, we use two types of cookies: i) technical cookies that are necessary to navigate them and also to control traffic and data communication to establish levels of protection and information security, and ii) Google Analytics cookies that are used to measure how users interact with the contents, about which you can find more information in: Use of Google Analytics cookies on websites. (Banco de la República uses atuvc, __atuvs, _gat, _gid,_ga_* and SESS*, among others).
Our websites will not share users’ personal data with third parties. Third-party websites that are referenced in links to our websites have their own personal data protection (privacy) or cookies policies, which are unrelated to Banco de la República and, therefore, do not bind it; users may authorize them or not when accessing such websites.
Considering that the websites listed make use of the cookies described above, when visiting these websites, the user may accept their use or, otherwise, continue navigating by disabling them by clicking “Reject and continue.”
Banco de la República may modify this cookie policy at any time when required to comply with applicable regulations.
Effective Date
The effective date of these personal data protection policies is 18 June 2013.
