Up to 20% off Armchairs
Up to 20% off Beds
Up to 20% off Coffee tables
ASHLEY TARIFF GUARANTEE – MAXIMUM SAVINGS, MAXIMUM QUALITY
Privacy Policy

ASHLEY'S PERSONAL DATA PROCESSING POLICY

Data Controller: CLOVER4 SAS , with Tax Identification Number (NIT) No. 901.513.909-1, with registered address at Avenida Carrera 19 #109 -41 in Bogotá, Colombia ( hereinafterASHLEY and/or the company ”), will act as controller for the collection, storage, use, processing, updating, circulation, deletion, transfer, transmission and, in general, any operation or set of operations on and about your personal data.

This ASHLEY Privacy and Personal Data Processing Policy (hereinafter, the "Policy") sets out the terms and conditions under which ASHLEY will process personal data provided through physical stores, the ASHLEY website, related microsites, mobile versions, social networks and/or any other mechanism or channel enabled by ASHLEY for the collection of personal data.

Before purchasing any product and/or service offered by ASHLEY, you should carefully read this Policy to be aware of your rights, ASHLEY's obligations, the channels available to exercise your rights, the procedures established for inquiries and complaints, the purposes for which your personal data was collected, and other relevant information on current regulations regarding personal data.

By accepting this Personal Data Processing Policy, the data subject is informed and gives their free, informed, specific and unambiguous consent for the processing of the personal data provided by ASHLEY, as well as any data derived from their browsing and any other data that they may provide in the future.

1. Regulatory framework applicable to the processing . The legal and constitutional framework (hereinafter, the " Regulatory Framework ") under which the Policy is governed is as follows:

  • Political Constitution of Colombia.
  • Law 1266 of 2008.
  • Law 1581 of 2012.
  • Decree 1377 of 2013, incorporated into the Single Decree 1074 of 2015.
  • Other regulations that are incorporated into the legal system and are applicable.

2. Definitions and Principles: The concepts presented below are derived from current regulations. If these definitions are modified, supplemented, and/or replaced, their meaning will be as indicated in the applicable legal provisions.

  • Authorization: Prior, express and informed consent of the Data Subject to carry out the processing of personal data.
  • Database: An organized set of personal data that is subject to processing.
  • Personal data: Any information linked to or that can be associated with one or more specific or identifiable natural persons.
  • Processing: Any operation or set of operations performed on personal data or personal databases, such as the collection, storage, use, circulation, or deletion of data.
  • Owner: Natural person whose personal data is subject to processing.
  • Data Controller: A natural or legal person, public or private, who, alone or in association with others, decides on the database and/or the processing of the data.
  • Data Processor: The natural or legal person, public or private, who, alone or in association with others, carries out the processing of personal data on behalf of the Data Controller.
  • Personal Data Protection Area: Responsible within the company, in charge of supervising, controlling and promoting the application of the Personal Data Processing Policy.

The processing of information collected by ASHLEY will be governed by the following principles:

  • Principle of Legality : In the processing of personal data, the regulatory framework that governs the processing of this data will be applied.
  • Principle of Freedom : The processing of personal data will only be carried out with the prior, express and informed consent of the data subject.
  • Principle of Purpose : The processing of personal data will serve a legitimate purpose, which will be communicated to the respective owner.
  • Principle of Truthfulness or Quality : Protected Information subject to Processing must be truthful, complete, accurate, up-to-date, verifiable, and understandable. ASHLEY will not be liable to the Data Subject when partial, incomplete, fragmented, or misleading data is processed.
  • Principle of Transparency : The owner's right to obtain information about their data at any time and without restrictions must be guaranteed.
  • Principle of Restricted Access and Circulation : Processing may only be carried out by persons authorized by the Data Controller or by persons provided for by law.
  • Security Principle : Personal data under this policy subject to processing by ASHLEY will be protected to the extent that technical resources and minimum standards allow, through the adoption of the necessary technical, human and administrative measures to provide security to electronic records, preventing their alteration, modification, loss, consultation, and in general against any unauthorized or fraudulent use or access.
  • Principle of Confidentiality : Personal data that is not publicly available is confidential and may only be disclosed in accordance with the law. Anyone involved in processing information must guarantee its confidentiality.
  • Principle of Temporality : The storage and processing of personal data will be limited to what is essentially necessary to fulfill the previously specified purposes of the business relationship, as well as the fulfillment of the purposes authorized by the Owner.

3. Scope of the Policy: This Policy will have the same scope of application as established in the Regulatory Framework. Consequently, it will apply to all operations carried out by ASHLEY in Colombia, safeguarding any use or processing of Protected Information by affiliated companies, in compliance with legal requirements.

4. Personal data and consent for its processing: ASHLEY obtains personal data from Data Subjects through its physical stores, the Website, social networks or through other channels.

The Data Subject expressly consents to the processing (collection, storage, use, circulation, deletion) of Protected Information by accepting the authorization requested through documents, on the website, or through other methods of obtaining personal data.

The Personal Data that will be processed includes: identification data, contact information, location and geolocation information, browsing data, data classified as sensitive (e.g., health-related data, fingerprints, photos, video recordings, and other biometric data), financial information, assets, socioeconomic data, employment and academic information, consumer preferences, tastes and behavior, data inferred or not from information observed or provided directly by the Data Subject or by third parties, and demographic and transactional information. Personal Data will be collected through the various channels provided by ASHLEY.

If ASHLEY requests sensitive personal data such as racial or ethnic origin, political opinion, religion, biometric data, etc., the Data Subject's response will be optional.

ASHLEY only collects and receives personal information voluntarily provided by Data Subjects through the channels intended for this purpose and only from individuals of legal age.

ASHLEY does not process data of minors, but if the processing of this type of data is required, ASHLEY will protect this type of data with special care and comply with the provisions of Articles 6 and 12 of Decree 1377 of 2013 and Article 5 of Law 1581 of 2012.

If the Data Subject provides data belonging to third parties, they declare that they have the consent of those third parties and undertake to provide them with the information contained in this Policy, thereby releasing ASHLEY from any liability in this regard. However, ASHLEY may carry out periodic checks to verify this, taking appropriate due diligence measures in accordance with data protection regulations.

5. Purposes of processing: The personal data provided to ASHLEY by the Data Subjects will be collected, stored, used, analyzed, circulated, updated, reported and, in general, processed for the following purposes:

As the data controller for the collected data, ASHLEY has several databases, which it declares will be processed for one or more of the following purposes:

Administrative, Accounting and Legal Management:

  • Perform the corresponding invoicing and carry out all fiscal, accounting, tax and legal procedures and obligations.
  • Administration and formalization of commercial agreements and contracts with suppliers of goods and services.
  • Third-Party Contract Management.
  • Carry out the relevant procedures for the development of the pre-contractual, contractual and post-contractual stages, as well as with respect to any underlying negotiation, and comply with Colombian or foreign law and the orders of judicial or administrative authorities.
  • Verify the identity of the data subject, conduct security studies and/or implement security protocols to prevent and mitigate the risk of fraud, money laundering and/or terrorist financing.
  • Analyze website usage and understand owner preferences and behaviors to improve communication with website owners. Manage and respond to inquiries, requests, petitions, incidents, complaints, and claims.
  • As a tool for the collection process.
  • As support for external and internal audits.
  • For the information to be transferred and/or transmitted to ASHLEY's parent companies, subsidiaries or affiliates or to third parties with whom ASHLEY has alliances or contractual links for any of the purposes provided herein, which may be located outside the national territory.
  • For the advancement of any procedure before a public authority or a private person or entity, regarding which the information is relevant.
  • To guarantee the holder, at all times, the full and effective exercise of the right of habeas data, the rights included in Law 1581 of 2012 and all applicable regulations in the matter.
  • To know, store and process all information provided by the subjects of personal data in one or more databases, in the format that is considered most convenient and secure.
  • Conduct data update campaigns for the purposes described in this Policy.
  • If the nature of the activities requires it, report to the Information Centers on compliance or non-compliance with the obligations you have acquired with ASHLEY.
  • Manage relationships with clients and suppliers to facilitate internal accounting, administrative, and financial processes.

6. Commercial Management: The personal information of potential clients, clients, suppliers and contractors may be processed for the following purposes:

  • To seek, establish, maintain and execute a contractual or commercial relationship, regardless of its nature.
  • Develop commercial and marketing activities, such as consumer analysis; profiling; brand traceability; sending news, advertising, promotions, offers and benefits; customer loyalty programs; market research; and generation of campaigns and events.
  • Send commercial communications to the Owner about benefits, advertising, promotions, offers, news, discounts, customer loyalty programs, market research, campaign generation and events, by electronic and conventional means, and in general about the offer of products and services of ASHLEY, (i) of companies with which ASHLEY collaborates, and; (ii) Companies linked to ASHLEY.
  • To notify you about purchases, orders, shipments, news or events related to the products or services you buy or contract.
  • Conducting quality and satisfaction surveys to understand owners' opinions about ASHLEY products and services.
  • Manage, process, send and track quotes and purchases made.
  • Contact the owner to complete your purchase if you have saved products in your shopping cart without completing the process.

7. Human Resources and SG-SST: Purposes of processing within the selection and/or hiring processes.

  • To fulfill the purposes of the company's selection and/or hiring process, to evaluate their suitability and/or eventual hiring.
  • Verify and confirm the truthfulness of the information included in the resume and in any other document or information provided to the Company.
  • Conduct candidate security checks, which include checking or obtaining criminal backgrounds, conducting home visits, and consulting data at information centers, among other things.
  • Be part of the applicant database for future hiring.
  • Sending communications about selection processes similar to those in which the owner has participated.
  • Comply with the company's hiring policies.
  • Conduct background checks in accordance with binding compliance programs, such as crime prevention, ethics, and unfair competition.
  • Request supporting documents for your resume, medical exams, psychological tests, and any other necessary information.
  • Manage the human resources of companies in accordance with applicable legal and contractual terms.
  • To comply with the legal obligations of companies in their capacity as employers, including, among others, payroll management, social benefits, comprehensive social security system, prevention of occupational risks, etc.
  • Control and monitoring of active and inactive personnel for statistical purposes.
  • Manage the Occupational Health and Safety Management System (OHSMS) in order to mitigate risks, as well as provide appropriate attention to incidents or events in the development of different work activities.
  • Manage employee training and development programs.
  • Promote the development of wellness activities, action plans, staffing, and comprehensive development of employees in their work environment.
  • To use personal information and images generated within the framework of the activities, processes and events of the Companies to share them internally and externally through digital channels, social networks, WhatsApp, YouTube or any other means of communication; as well as the creation and distribution of physical, digital or audiovisual advertising materials.
  • Perform physical and digital security risk management activities for the employing company through video surveillance devices and biometric registration.
  • Conduct due diligence and disciplinary investigation procedures related to the management of legal or reputational risks, such as fraud, potential criminal offenses, violations of antitrust legislation, information leaks, or any other risk defined by the company.
  • Register, process and store the information provided in complaints and/or inquiries submitted to the company.

7. D) Technology and security:

  • Promote control over the company's IT and technology systems to manage passwords, users, IT licenses, and technology support.
  • Ensuring the security of the personal and financial information of suppliers and collaborators, while guaranteeing that we have complete and sufficient information to offer them the best service.
  • Video surveillance. ASHLEY may use video surveillance installed in various internal and external locations of its commercial establishments, facilities, or offices. Therefore, ASHLEY informs the general public about the existence of these systems and also displays them in a visible location. The information collected through these systems is used for security purposes, to improve services, and to enhance the visitor experience. It is also used as evidence in any type of proceeding before any authority or organization.

ASHLEY will process your Personal Data for as long as necessary to fulfill the purposes mentioned above and/or for as long as necessary to comply with legal or contractual obligations.

All personal data collected by ASHLEY will be processed exclusively for the purpose and end for which it was provided.

Personal data may be processed through physical, automated or digital means, depending on the type and method of information collection.

ASHLEY may subcontract certain functions to third parties. When the processing of personal data is subcontracted to third parties or personal data is provided to third-party service providers, ASHLEY informs such third parties of the need to protect that personal data with appropriate security measures, prohibits them from using the information for their own purposes, and requests that they not disclose the personal data to others.

8. Transmission and Transfer of Personal Data: ASHLEY may transmit or transfer personal data to its parent company, affiliates, subsidiaries, branches, related companies, or third parties located within or outside the territory of the Republic of Colombia. This transfer of personal data must be carried out in strict accordance with the provisions of this Data Processing Policy, the implemented security standards, and ensuring compliance with the applicable principles established in this Policy.

By accepting this Policy, the Data Subject acknowledges that, in the event of a sale, merger, consolidation, change of corporate control, substantial transfer of assets, reorganization or liquidation of ASHLEY, ASHLEY may transfer, dispose of or assign Personal Data to one or more relevant parties, including affiliated companies.

9. Rights and obligations of data subjects: Data subjects, either directly or through a third party duly authorized for this purpose, may exercise the following rights with respect to the Personal Data that is subject to Processing:

  • To know, update and rectify your personal data. This right can be exercised, among others, in the case of data that is partial, inaccurate, incomplete, fragmented, misleading or whose processing is expressly prohibited or unauthorized.
  • Request proof of the authorization granted to the data controller, unless such authorization is not required by law.
  • To be informed by the Data Controller or the Data Processor, upon request, about the use that has been made of your Personal Data.
  • File complaints with the Superintendency of Industry and Commerce for violations of the provisions of the Regulatory Framework, after consulting or submitting a request to the Data Controller.
  • Revoke authorization in whole or in part and/or request the deletion of personal data, except when they must remain in the database of the Controller or Processor due to legal or contractual obligations.
  • Access your personal data that has been processed free of charge.
  • Know the Personal Data Processing Policy and any substantial changes that may occur.
  • Please refrain from answering questions about sensitive data. Responses related to sensitive data or data about children and adolescents are optional.
  • Others granted by current legal regulations.

10. Duties of the Controller: ASHLEY is obliged to:

  • To guarantee the Holder the full and effective exercise of their rights at all times.
  • Request and keep a copy of the respective authorization granted by the Owner.
  • Inform the Data Subject, clearly and sufficiently, about the purpose of the collection and the rights to which he or she is entitled as a Data Subject.
  • Maintain the information under the necessary security conditions to guarantee your duty of confidentiality at all times.
  • Correct the information where necessary.
  • Request express authorization from the Data Subject to confirm and rectify the personal information provided by contacting public entities, specialized companies or credit bureaus, their contacts, or their employer, as well as their personal, banking or employment references, among others.
  • Provide the Data Controller, as the case may be, only with data whose processing has been previously authorized in accordance with the provisions of this law.
  • Demand that the Manager respect the Owner's information security and privacy conditions at all times.
  • Process inquiries and complaints submitted in accordance with the terms established in the current regulations on the matter.
  • Ensure the principles of legality, freedom, purpose, truthfulness or quality, transparency, restricted access and circulation, security, confidentiality and temporality of information in the terms established in the Policy.

11. Handling Inquiries, Requests, and Complaints: ASHLEY has established a department responsible for handling and resolving inquiries, requests, and complaints from personal data owners or those authorized to do so. The following channels have been designated for handling inquiries, requests, and complaints:

Email: Privacy@ashleycolombia.com

Address : Carrera 19 Avenue #109 – 41 Bogotá DC, Colombia

In the claim or inquiry, the owner must provide their full name and identification. If a third party is submitting the claim or inquiry, they must demonstrate that they are authorized to do so. The claim or inquiry must also include a precise and complete description of the facts giving rise to the claim, request, or specific inquiry; a physical or email address for sending the response and providing timely updates on the status of the process; and, in the case of claims, any documents or evidence they deem relevant or wish to submit.

ASHLEY will address and respond to claims or requests from Data Subjects within the timeframes and terms established for this purpose by the Regulatory Framework.

The Holder, without prejudice to the foregoing, and in the event that his request or claim has not been addressed by ASHLEY, may in any case appeal subsequently to the Superintendency of Industry and Commerce in the second instance.

Procedure for Submitting Inquiries, Requests and Complaints: ASHLEY will have the following procedures to address questions, complaints, inquiries, claims and suggestions submitted by Data Subjects:

Inquiries and Requests: The owner of the information, their successors in title, or any other person with a legitimate interest, will make inquiries through written communication or by email, in which:

  • Determine your identity, including your name and identification number.
  • The reason for the consultation must be clearly and expressly specified.
  • The legitimate interest with which the person acts must be proven, always attaching the corresponding supporting documents.
  • Please provide the physical or electronic mailing address to which the response to the request can be sent.

According to article fourteen (14) of Law 1581 of 2012, it is established that: "The consultation will be addressed within a maximum period of ten (10) business days counted from the date of its receipt. When it is not possible to address it within said period, the interested party will be informed, indicating the reasons for the delay and indicating the date on which their consultation will be resolved, which in no case may exceed five (5) business days following the expiration of the first term."

Complaints: The owner, their successors in title, or any other person with a legitimate interest who believes that the information contained in a database should be subject to correction, updating, deletion, or revocation of the authorization granted for its processing, or who notices the alleged breach of any of the duties contained in Law 1581 of 2012, may, by physical or electronic means, submit a timely complaint to the responsible area. In accordance with Article Fifteen (15) of Law 1581 of 2012, such a complaint will be admissible once compliance with the requirements presented below has been verified:

The claim must:

i) include the identity of the claimant, indicating their name and identification number;

ii) clearly and expressly specify the reason for the consultation;

iii) prove the claimant's legitimate interest, always attaching the appropriate documentation; and

(iv) Indicate the physical or electronic mailing address to which the response to the request should be sent. If the claim is found to be incomplete, the interested party will be required to correct the deficiencies within five (5) days of receipt. If the applicant does not submit the required information within two (2) months of the date of the request, the claim will be considered withdrawn.

If ASHLEY is not competent to resolve the claim, it will forward it to the appropriate person within a maximum of two (2) business days and will inform the interested party of the situation.

The maximum period for processing the claim will be fifteen (15) business days, starting from the day after the date of receipt. If it is not possible to process it within this period, the interested party will be informed of the reasons for the delay and the date on which their claim will be resolved, which in no case may exceed eight (8) business days following the expiration of the first period.

ASHLEY may deny access to Personal Data or the right to rectify, cancel, or oppose the processing of such data when: (i) the applicant is not the Data Subject or the legal representative is not duly accredited to do so; (ii) the applicant's Personal Data cannot be found in its Database; (iii) the rights of a third party are violated; (iv) there is a legal impediment or, where applicable, a resolution from a competent authority that restricts access or prevents the rectification, cancellation, or opposition to the processing of such data; (v) the rectification, cancellation, or opposition has already been carried out; and (vi) the Data Subject has a legal or contractual obligation with ASHLEY to remain in its Information Systems.

10. Personal Data Security Measures: ASHLEY has implemented the necessary and sufficient measures to ensure that this Policy is respected at all times, establishing the administrative, technical and physical security measures that facilitate the protection of your Personal Data, as well as preventing any damage, loss, alteration, destruction or unauthorized use thereof.

11. Validity and Modifications: The Personal Data provided will be retained until its deletion is requested by the data subject (unless such deletion is requested and there is a legal obligation to retain it). ASHLEY's databases will have an indefinite validity period, as the processing of said data will be necessary for as long as the legal entity exists and its corporate purpose continues; in no case will this period be less than fifty (50) years. This version of this policy is effective from the date of its publication, completely superseding any previous data processing provisions or policies, and will remain valid indefinitely as long as ASHLEY carries out the activities described herein and they correspond to the processing purposes that gave rise to this policy.

12. Applicable Law and Jurisdiction: This document shall be governed by and construed in accordance with the laws of the Republic of Colombia. Any dispute arising out of or relating to this document shall be submitted to the competent courts in accordance with Colombian law, and both Ashley and the Owner expressly waive any other jurisdiction that may apply to them based on their present or future domicile.