The Data Protection Strategy of LEAL COLOMBIA SAS aims to protect employees, partners and customers from harmful or illegal actions, focusing on the appropriate use of digital systems and tools for business purposes. The success of this strategy lies in the commitment and responsibility of each member of Leal, ensuring the security and optimal performance of information processing systems and structures for the benefit of the company and its customers.
LEAL COLOMBIA S A S uses Amazon Web Services to host its applications. Full use is made of security products integrated into the AWS ecosystem, including KMS, Secrets Manager, GuardDuty, and Inspector. In addition, containers are used for the deployment of applications under the CI/CD scheme, running on services managed by AWS, which means that normally no servers or EC2 instances are managed in production.
At LEAL COLOMBIA S A S, comprehensive security measures have been implemented to protect sensitive and confidential company information. The mechanisms used to protect data from unauthorized access are effective and access to data is limited to those employees who need to have it. In addition, critical data is backed up regularly for quick recovery in the event of a failure or loss of data. Constant monitoring of systems and user activity helps detect any suspicious activity that may indicate an attempt to steal data. LEAL COLOMBIA S A S has clear and precise data security policies to ensure the confidentiality and integrity of company information.
LEAL COLOMBIA S A S annually hires external application security experts to perform pentesting tests. Which evaluate the application in execution and the environment where it is implemented. In addition, Leal uses high-quality tools for static code analysis (SAST), secret detection, container analysis and dependabot to protect and continuously improve our product at every step of the development process.
The Information Security Policy of LEAL COLOMBIA S.A.S. seeks to protect its employees and partners from illegal or harmful actions by third parties, and establishes rules for the proper use and protection of the company's computer systems and resources. This policy is essential to protect customers, employees and the company itself from financial, reputational, legal and compliance risks associated with the inappropriate use of computer systems.
Users must report security events or incidents, whether known or suspected, including policy violations and detected vulnerabilities. These incidents must be reported immediately using the internal platform, the incident and requirements registration form, or by sending an email to support. When reporting the incident, it is important to describe the situation and provide relevant details.
The Anonymous Whistleblower Policy promotes the communication of serious problems internally, allowing inappropriate behavior to be addressed and corrected. It is the job of all employees to report concerns related to ethical, legal, or regulatory violations. Retaliation against employees who, in good faith, report ethical or legal violations will not be tolerated. Those who retaliate could face disciplinary action, including dismissal. Anonymous reports can be made using the incident registration form, omitting the information of the user submitting the request.
The Acceptable Use Policy states that LEAL COLOMBIA SAS's property and customer information must be protected in accordance with the Data Management Policy. Employees must use the data storage service that is stored in the cloud for storage and collaborative work, and are responsible for promptly reporting the theft, loss or unauthorized disclosure of information. Access and use of LEAL COLOMBIA SAS's exclusive information is only allowed if authorized and necessary to perform work functions.
Unacceptable use at LEAL COLOMBIA SAS includes prohibited activities, such as violating intellectual property rights, copying copyrighted material without authorization, accessing unauthorized data, introducing malicious programs into the network, disclosing passwords, engaging in harassment, making fraudulent offers, violating network security, and sharing employee information without authorization. These restrictions protect the company and its resources, and any employee who engages in illegal or unacceptable activities will be sanctioned.
The objective of this policy is to ensure the efficiency and security of information processing systems in LEAL COLOMBIA S A S. This is essential to ensure business continuity and protect company data. The policy extends to all critical information systems and to all employees and third parties who have access to the networks and resources of the LEAL COLOMBIA SA S. By following this policy, we can maintain our reputation for reliability and security in the market.
Documented operating procedures, change and capacity management, and separation of development, test and production environments are essential to ensure safety and efficiency in LEAL COLOMBIA S A S. Procedures are documented and shared with relevant users, while significant changes are tested, reviewed and approved before being implemented. Communication and documentation are key to this process. Capacity management addresses the use of resources and the availability of personnel, considering the scaling of resources. Finally, environments are kept separate to reduce risks, and sensitive customer data is only used in development and testing with express approval.
Systems and networks are managed following established configuration and reinforcement standards, using firewalls and access controls to control network traffic in the production environment. The annual review of access rules ensures security, and necessary changes are approved by creating tickets.
Backups of systems, databases and information are made to protect against data loss, with appropriate security measures. Restoration tests are carried out annually, and copies are stored separately from production data.
The production infrastructure generates detailed logs, including user activities, exceptions, and security events. These records meet specific criteria. The records center and information are protected against unauthorized access and alteration. The activities of system administrators and operators are recorded and reviewed according to their importance. Data restoration is tracked in auditable tickets.
The installation of software on production systems must meet the change management requirements set out in the policy.
Leal uses high-quality tools for static code analysis (SAST), secret detection, container analysis and dependabot to protect and continuously improve our product at every step of the development process. Vulnerabilities generated in the development cycle must be solved by each team before implementing changes.
SOC 2 Type II Audit Process.
These terms and conditions of use (hereinafter, the “Terms”) regulate access and use of the Internet site whose URL is Www.leal.co and/or the “Leal” mobile application (hereinafter, the “Site”) .By accessing, browsing and/or using the Site, you admit to having read and understood these Terms and agree to be bound by them, as well as to comply with all applicable laws and regulations. Consequently, by accessing, using and/or acquiring any of the products or services offered on the Site, you freely accept and expressly adhere to these Terms, as well as all their modifications and addenda. In the event that you do not wish to accept or disagree with these Terms, or their modifications, you must leave the Site immediately. LEAL Colombia S.A.S (“Loyal”) makes the Site available to Internet users and in particular to its customers (hereinafter the “Members” or the “Member”).
Leal reserves the right to modify these Terms at any time and without prior notice. Any modification will take effect and will take effect with respect to Members as soon as it is posted on the Site. Consequently, the Member should review these Terms each time the Member accesses the Site. In addition, notices, regulations, circulars or instructions of any kind issued by Leal, published on the Site, and related in any way to access, browsing or use of the Site, or to the access and use of the products and/or services offered therein, will be an integral part of these Terms and will prevail over any other related provision, even if this provision is contrary to it.
The Member undertakes to use the Site in accordance with the laws of the Republic of Colombia and with the provisions of these Terms. The Member shall refrain from using the Site for illegal purposes or effects, detrimental to the rights and interests of third parties, or from performing acts that in any way may damage, disable, overload, deteriorate or prevent the normal functioning of the Site
Leal has provided certain content on the Site such as messages, designs, source codes, object codes, animations, graphics, sound and/or image files, photographs, recordings, and software (the “Contents”). Copyrights to the Contents are owned by Leal or the original creator of the same from whom Leal has received authorization for their use, and are fully protected by national and international copyright and intellectual property laws. Consequently, except as expressly stated in the Terms, the Member must refrain from copying, disclosing or reproducing in any form and by any means the Contents and, in general, any kind of material accessible through the Site, except in those cases in which Leal has expressly authorized its copying or reproduction. Therefore, the Member must refrain at all times from (a) using the Contents for purposes contrary to the law, morality and generally accepted good customs or public order; (b) reproduce, copy, distribute, allow public access through any form of public communication, transform or modify the Contents, unless authorized by the owner of the corresponding rights or this is legally permitted; (c) deleting, evading or manipulating any kind of texts, legends or messages whose purpose is the protection of intellectual property rights over the Contents, as well as the technical protection devices that may contain the Contents; (d) use the Contents and, in particular, information of any kind obtained through the Site to send advertising, communications for direct sales purposes or for any other type of commercial purpose, unsolicited messages addressed to a plurality of people regardless of their purpose, as well as to refrain from marketing the Content. Under the Terms, Members are authorized to display the Contents on the screen only for personal, non-commercial use, so the Contents must not be modified in any way and will keep all copyright and other proprietary legends contained therein. This authorization may be revoked by Leal at any time. Any unauthorized use of the Contents constitutes a violation of these Terms, copyright and trademark laws, and a violation of international intellectual property treaties.
Except as expressly stated in the “Intellectual Property” section, Leal does not grant any license or authorization to use any kind of its industrial and intellectual property rights or any other property or right related to the Site or the Contents.
The brands, logos and commercial slogans used and/or displayed on the Site are registered and unregistered industrial property rights owned by, or authorized to, Leal (“Brands”). Nothing on this Site may be interpreted as granting licenses or rights to use any Trademarks displayed on the Site.
In the event that any Member or a third party considers that any of the Content has been inserted into the Site in violation of their intellectual property rights, such Member or third party must send a notification to Leal stating the following: (a) personal data: name, address, telephone number and email address of the claimant; (b) precise and complete indication of the allegedly infringed Content, as well as its location on the Site; (c) express and clear statement that the use of The indicated content has been made without the consent of the owner of the allegedly infringed intellectual property rights; and (d) an express, clear statement under the responsibility of the complainant that the information provided in the notification is accurate and that the use of the Contents would constitute a violation of their intellectual property rights. These notifications should be sent to usuarios@leal.co
Any Member who intends to access and/or use the services offered by Leal on the Site must fully comply with these Terms, the Booking Conditions, and the Privacy Policy (check here) and the Personal Data Protection Policy (Check here).
The Member will be responsible for any damages that Leal may suffer, directly or indirectly, as a result of a breach of these Terms or the law. The Member acknowledges and accepts that access and use of the Site is at their own risk and responsibility.
Leal has no direct or indirect relationship with platforms or establishments trading mass consumer products. The use of trade marks is done informatively to indicate only the potential availability of legitimately marked products or services.
The Points Program is a platform through which Affiliate Brands generate consumer loyalty regarding the purchase of their products and/or services. This loyalty is materialized through the purchase by the consumer of products and/or services of the Affiliate Brand in different commercial establishments. The points can be redeemed and/or used to purchase and/or enjoy the products and/or services of the Brand Affiliated to the program; the Affiliated Brands define the prize scheme and redemption options that users will have with their points. On the other hand, certain commercial establishments are mentioned on the platform exclusively as a reference to the fact that the products of the Affiliated Brands can potentially be purchased in such stores without there being a direct or indirect relationship between them and Leal. Leal is not responsible for the products purchased or for the relationship between the consumer and the Affiliate Brand.
Leal Coins (“Leal Coins”) are rewards issued by Leal to reinforce consumers' purchase of products or services. Leal Coins can be used as a means of payment in the brands found on the page: Www.leal.co and in the Leal App with which Leal has signed the corresponding agreements.
Marketplace is a service provided by Leal through the website Www.leal.co and through its app where users can be redirected to the Affiliate Brand pages that are displayed to make purchases and earn Leal Coins according to the terms and conditions of each offer. Leal is not responsible for the products purchased or for the relationship between the Member and the Affiliate Brand. The Leal service in this modality consists only of the delivery of Leal Coins for purchases made by Users as specifically described in the Terms and Conditions specified in each offer.
This is a service provided by Leal through its app where users have access to offers in the form of Loyal Coins for the purchase of Consumer Products from Allied Brands at Physical Points of Sale that issue a Legal Invoice and that have a DGII Resolution (hereinafter “the Service”). The User accesses the Leal Coins specified in the offer once the invoice has been uploaded to the App evidencing the purchase made of the product linked to the Offer.
1. CASHBACK OFFERS TO THE USER. LEAL may make available to you CashBack offers on certain third-party products and services (each an “Offer”). When you redeem an Offer through the Service, you will accumulate LEAL COINS in your LEAL account. Each Offer is subject to additional terms published on the App in the Terms and Conditions of each Offer. These terms will refer, for example, to Supermarket Chains where they apply and to maximum quantities to be requested (per invoice, in certain periods of time and/or per user during the validity of the Offer), among others, and may be discontinued by LEAL at any time without prior notice. At any time and at LEAL's sole discretion, LEAL can: (i) determine if you are eligible to redeem an Offer; (ii) determine if you have earned LEAL COINS for an Offer or not; or (iii) adjust the total of LEAL COINS to accurately reflect the LEAL COINS you have actually won for an Offer. LEAL may, at its sole discretion, deduct from your LEAL account any amount of LEAL COINS in those situations in which LEAL determines, after verifying the documentation provided to support the transaction, that you have not complied with the conditions defined in this document or in the Terms and Conditions specific to each offer or that you have violated the Terms and Conditions.
2. CASHBACK OFFERS TO THE USER. LEAL may make available to you CashBack offers on certain third-party products and services (each an “Offer”). When you redeem an Offer through the Service, you will accumulate LEAL COINS in your LEAL account. Each Offer is subject to additional terms published on the App in the Terms and Conditions of each Offer. These terms will refer, for example, to Supermarket Chains where they apply and to maximum quantities to be requested (per invoice, in certain periods of time and/or per user during the validity of the Offer), among others, and may be discontinued by LEAL at any time without prior notice. At any time and at LEAL's sole discretion, LEAL can: (i) determine if you are eligible to redeem an Offer; (ii) determine if you have earned LEAL COINS for an Offer or not; or (iii) adjust the total of LEAL COINS to accurately reflect the LEAL COINS you have actually won for an Offer. LEAL may, at its sole discretion, deduct from your LEAL account any amount of LEAL COINS in those situations in which LEAL determines, after verifying the documentation provided to support the transaction, that you have not complied with the conditions defined in this document or in the Terms and Conditions specific to each offer or that you have violated the Terms and Conditions.
3. MODIFICATION OF THE TERMS. We reserve the right, at our discretion, to change the Terms in the future at any time. Please check the Terms periodically for changes. Your continued use of the Service after the changes take effect constitutes your binding acceptance of those changes. In the event that a change to the Terms materially modifies your rights or obligations, we will make an effort to notify you of the change at least fifteen days before the effective date of such change, using contact mechanisms that allow us to ensure effective communication (i.e. sending an email to the address we have registered, presenting a pop-up window or other notification through the Service when you log in, text messages or other communications that are efficient and effective) and we can ask you to accept the amended Terms in order to continue using the Service. Intangible modifications are effective immediately after posting, and material changes will take effect as soon as (a) continued use of the Service with actual knowledge of the modification, or (b) fifteen (15) days after the change. However, modifications that address new features of the Service or modifications made for legal reasons will take effect immediately. For the avoidance of doubt, any disputes that may arise after the modification of the terms will be resolved in accordance with the Terms in force at the time the dispute arose.
4. COMPLAINTS. The LEAL COINS provided in each offer are provided solely by LEAL and are not subscribed to, sponsored or provided by any other third party, including Allied Brands. By accepting these Terms of Use, you agree not to make LEAL COINS claims against suppliers, merchants, or manufacturers of third-party products and services. All Enquiries, Requests and Complaints related to the Service should be addressed to usuarios@leal.co .
5. PROHIBITED CONDUCT. BY USING THE SERVICE, YOU REPRESENT AND WARRANT THAT YOU WILL NOT:
5.1 Send LEAL information about false, inaccurate, manufactured, falsified, altered, adjusted purchases, not made by you or your family unit or in another artificial or inauthentic way in order to seek to accumulate LEAL COINS with LEAL;
5.2 Attempt to accumulate LEAL COINS for products that have not actually been purchased and held, or for products that have been purchased but returned to an online store or supplier, after purchase;
5.3 Upload invoices to LEAL that you or another user has already charged, in order to obtain LEAL COINS associated with products that were not purchased by you or for which you have already received a benefit in LEAL COINS;
5.4 Upload invoices to LEAL that reflect purchases that were made more than 15 days before the date the invoice is charged;
5.5 Upload more than 15 invoices from any physical point of sale that issue a legal invoice within a period of 30 calendar days and/or upload invoices whose total amounts exceed $3,000,000 COP (three million pesos) in a period of 30 calendar days.
5.6 Upload invoices to LEAL that reflect purchases that took place before the launch date of the Offer, and therefore, before adding the Offer to the Service;
5.7 Attempt to hide or alter the date or invoice number on an uploaded invoice, for example, by intentionally uploading a receipt without any visible or clearly legible date or invoice number, or by uploading an invoice with alterations to its date or invoice number;
5.8 Use the Service for any illegal purpose, or in violation of any national or international law, including, but not limited to, laws governing intellectual property and other property rights and data protection and privacy;
5.9 Use the Service for any business purpose;
5.10 Any other conduct where malicious action or bad faith is verified.
6. DEADLINE. These Terms take effect from the time you accept the Terms or when you download, install, access or use the Service for the first time and end when it is terminated as described in the Section
7. TERMINATION OF USE, INTERRUPTION AND MODIFICATION OF THE SERVICE. If you engage in Prohibited Conduct or violate any of the Terms, your permission to use the Service may be temporarily suspended or may be automatically terminated at LEAL's discretion.
8. TRANSACTIONAL DATA COLLECTED. LEAL will store and process the data contained in the purchase invoice provided by the user to analyze, transfer and transmit data on habits and patterns related to purchases in order to identify their traceability of consumption, make aggregated analysis of trends and consumption patterns. The data collected includes the details of the products, date, value and establishment of the purchase.
The Member's subscription is subject to these Terms and Conditions. Leal reserves the right to affiliate, use and exclude Members from its Platform. Registration on the Platform can be done through the Site or through the mobile application, available in Apple (iOS) and Google Play (Android) stores or in affiliated stores themselves, as follows:Registration through the Site: The Member may create an account using their email and, in the registration process, the following personal information will be collected in accordance with the provisions of our Personal Data Protection Policies
The Member may accumulate points, independently, for the purchases made at each of the establishments to which he chooses to join. Points will be accumulated for purchases made, according to the equivalencies defined by each of the affiliated merchants (for example, 1 point for every $1.00 USD in purchases). Each affiliate store will have its own policy of equivalence of points for purchase amounts. The points accumulated by the Member will operate independently in each affiliated establishment, so not a single exchange of points is created, but those equivalent to the stores to which the Member joins and are not transferable between merchants. The points accumulated in a store can be used for the benefits of that trade only. The accumulated points will be charged to the Member's account and are personal and non-transferable. The Member is the only one authorized to redeem them for products and/or services offered in the Points Program. The Member may also accumulate Leal Coins in the network of merchants affiliated with the Platform. The member will accumulate Leal Coins for purchases made at stores that deliver Leal Coins. The amount of Leal Coins that each merchant defines to deliver and their Leal Coins delivery rules are mentioned on the Site of each Allied Brand. The Member may also convert their points to Leal Coins according to the conditions established by the merchants that make users available to do so. The merchants and their rules for converting to Leal Coins are found in the terms and conditions of each trade.
The Member can check the point accumulation status of each of the affiliated merchants, or of their Leal Coins, both through the mobile application and the web portal or their Single Identity Document (DUI) number, which will include the number of points accumulated to date, as well as their history of accumulating points. To view points through the web portal, the Member must log in.
Each of the affiliated merchants will have their own redemption and point validity policies. It is clarified that at the time of redeeming points in each of the stores, the purchase that the Member makes with the redeemed points will not accumulate points. The validity of the Leal Coins will be 24 months from the date the user receives the Leal Coins.
The Member may leave the Points Program at any time, or may remove their affiliation to any of the loyalty programs of the associated retailers. To do so, the Member must send an email to usuarios@leal.co with the request to withdraw from that trade. The request will be processed within 15 business days after receiving the email. In addition, Leal reserves the right to remove from the Platform Members who misuse the account and/or for non-compliance with the provisions of these regulations. Events in which the accumulated points are obtained illegally or fraudulently are considered to be misused of the account. Leal is not responsible for the misuse or fraud that this fact causes. The sale of points and/or benefits of the Platform by Members is not allowed, and if verified, the Member will be immediately banned from the Platform. In addition, Leal reserves the right to remove from the Platform Members who misuse the account and/or for non-compliance with the provisions of these regulations. Events in which the accumulated points are obtained illegally or fraudulently are considered to be misused of the account. Leal is not responsible for the misuse or fraud that this fact causes. The sale of points and/or benefits of the Platform by Members is not allowed, and if verified, the Member will be immediately excluded from the Platform.
By accessing the Site, the member undertakes to provide correct and true personal information, as well as the commitment to update their data whenever required. The member undertakes to promptly notify Leal by email usuarios@leal.co the loss or theft of the personal password of the Program, in order to block the account. The member agrees not to use any device, software, routine or data to obstruct or attempt to obstruct the proper functioning of the Site and any activity carried out on it and will be subject to criminal and legal actions resulting from such actions.
These General Conditions are governed by the laws of the Republic of Colombia. Any controversy that derives from this document will be submitted to competent judges in accordance with Colombian law.
The Member expressly accepts that he will hold Leal, its subsidiaries, affiliates and employees harmless for any damages they may suffer as a result of an inappropriate use of the Site. Inappropriate use shall mean any use of the Site that is made without complying with the provisions of the law and these Terms.
The Member expressly accepts that he will hold Leal, its subsidiaries, affiliates and employees harmless for any damages they may suffer as a result of an inappropriate use of the Site. Inappropriate use shall mean any use of the Site that is made without complying with the provisions of the law and these Terms.
Cookies are small data files that websites such as emails save in your browser and optionally on your hard drive. Cookies allow you to “remember” information about Member preferences and session, and allow you to move within areas of our websites without re-entering your data. This makes it possible to create a more personalized and comfortable shopping experience. Www.leal.co uses a third party to implement cookies on your computer, to collect information that is not personal and identifiable. Although cookies contain a unique Member number, they do not collect or store any personally identifiable information. Although the Member can configure their Internet browser to not accept cookies, they are necessary to be able to view, create an account, or make purchases through the Site. If the Member does not have cookies enabled, they will not be able to use the Site. The Internet browser automatically collects information from the web page that the Member consulted before visiting Www.leal.co , the browser you used and any search terms you entered on our site, among other things. The Site may also use other technologies to track the pages that Members visit to ensure a better and safer shopping experience and to help us understand how visitors use our website.
The Site contains links to other sites operated by third parties, including on a non-exclusive basis where, among others, the trademarks of affiliated businesses are displayed. These links are available for the convenience of Members and are for the sole purpose of allowing access to these third-party sites. Leal does not guarantee or make any statements about the essence, quality, functionality, accuracy, fitness for a particular purpose, marketability, or any statement about third party sites or their content. A link to a third-party site at Www.leal.co does not constitute any sponsorship, endorsement, approval or responsibility with respect to such third party site. Leal does not guarantee or make any statements about the products or services offered on third party sites. The terms of use and privacy policy of any third-party site may differ greatly from the Terms and Conditions of Use and the legal notices that apply to the use of the Site.
All computer, graphic, advertising, photographic, multimedia, audiovisual and/or design material, as well as all content, texts and databases (hereinafter “the Contents”), made available on this Site are the exclusive property of the Site, or in some cases, of third parties who have authorized the Site to be used and/or exploited. Likewise, the use of some content owned by third parties is expressly authorized by law and is protected by copyright, trademark and all national regulations and international as applicable to you. Any act of copying, reproduction, modification, creation of derivative works, sale or distribution, exhibition of the Contents, among others, in any way or by any means, including, but not limited to, electronic, mechanical, photocopying, recording or any other means, without the prior written permission of LEAL or the respective copyright holder, is prohibited. In no case do these Terms and Conditions confer rights, licenses and/or authorizations to carry out the acts described above. Any unauthorized use of the Contents will constitute a violation of these Terms and Conditions and of the current rules on trademarks, copyrights and/or other applicable national and international intellectual property rules.
Under no circumstances do these Terms and Conditions confer rights, licenses and/or authorizations to perform the acts described above. Any unauthorized use of the Contents will constitute a violation of these Terms and Conditions and of the current rules on trademarks, copyrights and/or other applicable national and international intellectual property rules.
Leal warns Members that the information on this Site may contain errors or inaccuracies and may not be complete or up to date. Therefore, The Site reserves the right to correct any error, omission or inaccuracy, change or update it at any time and without prior notice.
1. Advertising and links With respect to the companies, products and/or services that are advertised on the Site, as well as the links, Leal plays no role in the production of those products and/or the provision of services and does not constitute any warranty, express or implied, of their content or their suitability for a particular purpose. In this regard, when the use of a product and/or service is suggested, it is the exclusive autonomy of the Member and the Customer to decide on its use, and therefore Leal Colombia, its branches or associates, assumes no responsibility for direct or indirect damages, certain or possible, past, present or future, that may result from such use.
By accepting the Legal Terms and Conditions and the Data Processing Policy, the Member indicates that they know and authorize Leal Colombia, its subsidiaries and associates in a prior, express and informed manner, so that their personal data can be stored and used for the purpose of achieving efficient communication during the present process or activity and authorizes, in the same terms, that such information may be treated in accordance with the provisions of Law 1581 of 2012 of Colombia and its Regulatory Decrees, for the purposes described in the Policy. In addition, the Member has been informed about the Data Protection Policy available on the Site, which includes the consultation and complaint procedures that make it possible to enforce the rights of Members to access, know, consult, rectify, update, and delete data, and the Customer may also submit any request regarding personal data through: The Customer Service channels provided on the Leal website Www.leal.co and in the Leal App, as well as to email usuarios@leal.co
These Terms and Conditions, the Booking Conditions and the Data Protection Policy, form a single document that must be interpreted and complied with as a whole.
Any concerns, requests or complaints related to the use of the Site may be made through usuarios@leal.co
That LEAL is a company whose main activity consists of providing retail establishments with a customer loyalty service through digital tools.
Article 1. Applicable legislation and scope of application. These policies apply to data processing in which LEAL COLOMBIA S.A.S. (“Leal”), a Colombian company identified with NIT 900931706-0, with address at Cr 12 No. 90-20 6th floor, Bogotá, Colombia, telephone number 3009114182, and email address usuarios@leal.co is Responsible for the Treatment and/or in which the latter acts as Processor, in accordance with the applicable regulations on the processing of personal data.
Article 2. Purpose, collection procedures and type of information collected. The Data Protection Policy regulates the procedures for the collection, management and processing of Personal Data carried out by Leal or whoever he designates, in order to guarantee and protect the rights of the Data Controllers. Leal may collect and process personal data on any of the channels it has enabled, such as through its website, its application for mobile devices (app), through physical formats, or through its business partners in their respective business premises. In the same way, Leal may receive information from its business partners about their owners, for the purpose of linking them to Leal programs, as long as those partners have a legal basis for transmitting or transferring such information to Leal.
Article 3. Among other data, Leal may collect directly from the owners information such as name and identification, contact and address details, business preferences, payment information, equipment identification, location and purchase history in allied stores. In addition, Leal may process other information from its users that correspond to data observed, inferred or derived from their interactions with our platforms and complement its databases and records with information provided to it by its partner businesses.
Leal may also collect personal data using cookies, or through interaction with the mobile devices used to use its platform. With these interactions, Leal will be able to collect information from its users, including georeferencing and user interactions on the platform or device, connection times, device types and connection modes. Among other information, Leal may collect the location of its users and the applications that they have downloaded to their devices. This information will allow Leal to infer the user's location and the applications that will allow them to use or earn more Leal Coins or other benefits of Leal's programs. Access to this information allows us to improve the user experience and provide benefits to our users that are tailored to their preferences.
Article 4. Databases. Leal has and will have several databases in the development of its business activities. Thus, the policies set out here apply to all of our Databases that include Personal Data. The type of information contained therein, the security measures for the storage, transfer, transmission and/or assignment of databases will be reported in the National Database Registry, in accordance with applicable regulations.
Article 5. Principles. Our Treatment policy is based on the following principles:
5.1. Principle of purpose. The Treatment has a legitimate purpose and in accordance with the legal framework. The purpose of the Treatment will always be informed to the Data Controller.
5.2. Principle of freedom. Personal Data will be collected and subject to Processing, with the prior express and informed consent of the Owner.
5.3. Principle of veracity or quality. Personal Data must be collected that is true, complete, accurate, updated, verifiable and understandable, so that the information collected is not misleading or fractional.
5.4. Principle of transparency. Any Owner may request and obtain information about the existence of their own data, or of those who concern them, in the Leal Databases. However, to access third party data, the owner must be entitled to do so (art. 2.2.2.25.4.1 Single Decree 1074 of 2015).
5.5. Principle of restricted access and movement. The Treatment is subject to the limits that derive from the nature of the personal data and from applicable law. The information processed by Leal will not be made available to third parties unless there is legal authorization to do so.
5.6. Safety principle. Leal will strive to ensure that there are the necessary technical, human and administrative measures to provide security to the records, so as to prevent their adulteration, loss, consultation, unauthorized or fraudulent use or access.
5.7. Principle of confidentiality. The persons involved in the Treatment will guarantee the confidentiality of information, even after the end of their relationship with any of the tasks included in the Treatment, and may only provide or communicate personal data when this corresponds to the development of the activities authorized in this law and in the terms of the same.
5.8. Sensitive Data Protection. Neither Leal nor whoever he designates as Manager or Subprocessor of Personal Data will collect or process Sensitive Data, unless expressly authorized by the Owner.
5.9. Protection of Personal Data for minors. By virtue of the conditions of legal capacity established in the Colombian Civil Code and the validity of the expression of will through electronic means established in law 527 of 1999, Consumers, at the time of creating the User Account, expressly declare that they have the capacity to enter into the type of transactions that can be carried out in brands allied to Leal; and based on the provisions of law 1098 of 2006 of the Republic of Colombia, minors are able to enter into this type of transaction, However, Leal, i) You will inform the authorities of any situation, of which you are aware, that endangers the integrity of a minor; ii) You will inform minors who are interested in joining Leal and accumulating points with our partners, who must carry out the transaction through their parents or legal representatives, after registering on the platform by them.
Article 6. Rights of the Owners. In relation to the Treatment, the Data Controllers have the following rights:
6.1. Right of access. The Data Controllers can obtain all the information regarding their own Personal Data, whether partial or complete, about the Processing applied to them, about the purpose of the Treatment and about the communications and/or transfers made with respect to them.
6.2. Right to update. At any time, Data Subjects can update their Personal Data.
6.3. Right of correction. The Data Controllers may modify their Personal Data, which turn out to be inaccurate, incomplete, non-existent or those whose processing is prohibited or has not been authorized.
6.4. Right of deletion. The Data Controllers may request the removal of their personal data from the Databases managed by LEAL unless there is a legal or contractual duty to remain in said database, in the terms established by the Law.
Paragraph. The Owner may request the deletion of their personal data through (i) the App, clicking on the “Delete my Leal account” option visible in the user's profile, (ii) the internal chat of the App through an agent, or (iii) the email provided by Leal for the Owners to exercise their rights as described in article 14, Chapter IV of this Policy.
6.5. Right to revoke consent. The Owners can revoke their consent or the authorization that empowers Leal and/or whoever he designates as Manager or Subprocessor, except when there is a legal or contractual duty that imposes on him the duty to remain in the Database.
6.6. Right to grant Authorization for the Processing of Personal Data and to request proof of it. The Data Controllers have the right to grant Authorization to Leal or whoever he designates for the Processing of their Personal Data. The Owner may request proof of the authorization granted. Paragraph. The Data Controller may consult your personal data free of charge: (i) at least once every calendar month, and (ii) every time there are substantial changes to the Information Processing Policies that give rise to new inquiries. For inquiries whose frequency is greater than one for each calendar month, the Responsible Party may only charge the Owner for the costs of shipping, reproduction and, where appropriate, certification of documents. Because they are a very personal power, they must be exercised by the Owner exclusively, except for the exceptions of the Law.
6.7. Right to file complaints with the Superintendency of Industry and Commerce. The Data Controllers may file complaints with the Superintendency of Industry and Commerce when they notice that the processing of their personal data violates the provisions of the applicable law.
6.8. Right to be informed of the use that has been given to personal data. The Owner, upon request, may request from Leal and/or whoever he designates as Manager or Subprocessor, information related to the use that any of them has given to their personal data.
Article 7. Mechanisms for granting Authorization. Leal, or whoever he designates, may request Treatment Authorization from its Controllers through different mechanisms, such as written (physical format or through a website), verbal means when the owner requests affiliation with Leal's services, through unambiguous conduct that allows us to reasonably conclude that the authorization was granted or in any other format that allows us to guarantee his subsequent consultation. The Authorization guarantees that the Data Controller has been informed of the fact of the Processing of their Personal Data, the purposes of the processing, and their rights with respect to said Treatment.
Article 8. Proof of Authorization. Leal and/or whoever he designates will take whatever measures are necessary to keep proof of authorization and keep records of when and how he obtained it from the Data Controllers.
Article 9. Privacy Notice. In cases where it is not possible to make the Information Processing Policies available to the owners, Leal will make the Privacy Notice available to inform them about the existence of these and how to access them. Leal will inform the Owners and the general public of information regarding the existence of the Personal Data Processing policies and procedures that this Policy deals with, taking into account the parameters required by applicable law. Leal will keep a copy of the model Privacy Notice for its files.
Article 10. Duties of the Data Controller. In its capacity as Data Controller of the Personal Data stored in its Databases, Leal will fulfill the following duties:
10.1. Guarantee the Owner, at all times, the full and effective exercise of the right to habeas data.
10.2. Request and keep, under the conditions provided for in the applicable regulations, a copy of the respective Authorization granted by the Owner.
10.3. Duly inform the Owner about the purpose of the collection and the rights granted to him by virtue of the Authorization granted.
10.4. Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, unauthorized or fraudulent use or access.
10.5. Ensure that the information provided to the Data Processor is true, complete, accurate, updated, verifiable and understandable.
10.6. Update the information, communicating in a timely manner to the Data Processor, all the news regarding the data you have previously provided and take the other necessary measures to keep the information provided to the Data Processor up to date.
10.7. Rectify the information when it is incorrect and communicate the pertinent to the Data Processor.
10.8. Provide the Data Processor, as the case may be, only data whose Processing is previously authorized in accordance with the provisions of the applicable regulations.
10.9. Require the Data Processor, at all times, to respect the security and privacy conditions of the Data Controller's information.
10.10. To process inquiries and complaints made in the terms indicated in this Policy and in the law.
10.11. Inform the Data Processor when certain information is under discussion by the Data Controller, once the complaint has been submitted and the respective procedure has not been completed.
10.12. Inform, at the request of the Owner, about the use of their Personal Data.
10.13. Inform the data protection authority when there are violations of security codes and there are risks in the management of the Holders' information.
10.14. Comply with the instructions and requirements issued by the Superintendency of Industry and Commerce regarding habeas data.
Article 11. Duties of the Data Processor. In those situations in which Leal acts as Personal Data Processor, Leal or whoever he designates, will fulfill the following duties:
11.1. Guarantee the Owner, at all times, the full and effective exercise of the right to habeas data.
11.2. Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, unauthorized or fraudulent use or access.
11.3. Update, rectify or delete data in a timely manner in accordance with the law.
11.4. Update the information reported by the Data Controller within five (5) business days after its receipt.
11.5. To process inquiries and complaints made by the Owners in the terms indicated in this Policy and in the law.
11.6. Record in the Personal Data Base the legend “pending complaint” in the manner in which it is regulated by law, with respect to those complaints or unresolved claims submitted by the Holders of the Personal Data.
11.7. Insert in the Databases the legend “information under judicial discussion” once notified by the competent authority about judicial processes related to the quality of Personal Data.
11.8. Refrain from circulating information that is being controversial by the Owner and whose blocking has been ordered by the Superintendency of Industry and Commerce.
11.9. Allow access to information only to people who are legitimate to have access to it.
11.10. Inform the Superintendency of Industry and Commerce when there are violations of security codes and there are risks in the management of the information of the Holders.
11.11. Comply with the instructions and requirements issued by the Superintendency of Industry and Commerce.
Article 12. Transmission of Personal Data. In the event that Leal delegates the Processing of Personal Data to a third party, who becomes a Data Processor, he will take all necessary measures to ensure compliance with this Policy, as well as to guarantee the Owner the exercise of his rights. All transfers of data made by Leal to third parties will be enabled by Law, by the Terms of Service accepted by Users before starting to use the services provided by Leal, and, when necessary, by the legal instruments that establish the conditions of the treatment.
Article 13. Transfer of Personal Data. In the event that Leal transfers Personal Data to a third party, inside or outside Colombia, who becomes the Personal Data Controller, it will take the necessary measures to preserve the rights of the Holders during the Transfer.
Article 14. Submission of inquiries and complaints. The Owner can exercise the rights described in Article 6 of this Policy via email usuarios@leal.co addressed to the customer service area responsible for responding to inquiries, requests or complaints submitted by the Owners.
Article 15. Procedure for submitting and answering inquiries. The Owner or his successors may make inquiries about Personal Data stored in Leal's Databases, in writing or through the means described in this Policy. Consequently, Leal or whoever he designates will guarantee the right of consultation, providing the Owner or his legal relatives with all the information that has been collected from the Owner. The consultation will be answered within a maximum period of ten (10) business days from the date of receipt of the consultation. When it is not possible to respond to the query within that period, the Data Controller will be informed, stating the reasons for the delay and stating the date on which their query will be answered, which in no case may exceed five (5) business days following the expiration of the initial term.
Article 16. Procedure for dealing with complaints. The Owner or his dependants who consider that the information contained in the Databases must be corrected, updated or deleted, or when they notice the alleged breach of any of the duties contained in the Personal Data protection regulations, may file a complaint with the Data Controller, which must include: (i) the identification of the Owner; (ii) the description of the facts giving rise to the complaint; (iii) the physical or electronic address where he wishes to receive notifications; and (iv) the documents that substantiate the facts of the claim. The complaint will be made in writing to Leal or whoever he designates, and must be sent through the channels established in this policy. If the claim is submitted incompletely, the Owner or his or her dependants will be required within five (5) days of receiving the claim to complete the claim. After two (2) months from the date of the request, without the applicant submitting the required information, it will be understood that the claimant has abandoned his claim. Once the complete claim has been received, a legend will be included in the Database stating “pending claim” and the reason for it, within a period not exceeding two (2) business days. This legend must be kept until the claim is decided. The maximum period for dealing with the claim will be fifteen (15) business days from the day following the date of its receipt. When it is not possible to deal with the claim within that period, the interested party will be informed of the reasons for the delay and the date on which their claim will be dealt with, which in no case may exceed eight (8) business days following the expiration of the first term.
Article 17. Information report. Leal may report financial, credit, commercial or service information to the information operators of the holders who have given their authorization. Leal may report negative information regarding non-compliance with obligations by the Owners who have given their Authorization for this purpose, but in any case it will require prior notification to the Owner, which may be included in the extracts or other periodic information sent to the respective customers, provided that it is included in a clear and legible manner. In any case, the Owners may authorize such information to be communicated by sending a data message. In the event that successive and continuous delays occur, the obligation to notify the Owner in advance will be understood to have been fulfilled with the communication corresponding to the initial delay.
Article 18. Purposes of Personal Data Processing. The Processing of the Personal Data collected by Leal is carried out for the following purposes:
Data from Users of the Loyal Platform:
Leal's main mission is to provide benefits to its Users, so that they can take advantage of the offer of its partner businesses, earn and redeem points, obtain discounts, receive advertising and offers that fit their interests. In order to provide our Users with the best shopping experiences and information, we collect personal information and use it in accordance with our data protection commitments. In the same way, Leal may process data observed, inferred or derived from the information it processes. For these purposes, we may use the information we collect from our Users for the following main purposes:
● Contact our Users with advertising, our own or those of our allied businesses, present or future, that we believe are in line with the preferences of our customers.
● Provide our Users' information to our partner businesses so that they can contact them directly, with relevant information for our users.
● To forward the information of our Users to Leal's partner merchants to allow our partners to contact them and offer them the benefits of our current points and loyalty programs, or that we will develop in the future. Our partners, in turn, may provide us with information about their current or future customers, or transfer data about our users, after validating the purchases of goods or services and other transactions they have carried out with those partners.
● Store, collect, analyze, transfer and transmit customer consumption data in order to identify their consumption traceability, make aggregated analysis of trends and consumption patterns, and communicate with the parties involved in the contracts that are signed in the development of Leal projects;
● Send own or third-party communications for informational or marketing purposes;
● Report on the conclusion of alliances and process information for statistical purposes.
● Create profiles of our Users in order to send them relevant information that fits their consumption preferences.
● To send information about our Users to payment platforms, information integrators, API developers, marketplaces or other platforms of Leal group companies or third parties, in order to provide Users with more functionality or to improve their experience within Leal's own loyalty programs, Leal's allies or third parties.
● Transfer or transmit the information of our Users to third parties who act as Data Processors on behalf of Leal following the precise instructions given by Leal. As part of these information treatments, the Processors may in turn hire sub-processors as long as they use the information only for the purposes of the Order made by Leal.
Personal Data of our employees, candidates or contractors:
● The personal data collected will also be used for admission, selection and engagement processes for Leal's contractors, employees, suppliers and customers;
● The personal data of Leal employees will be processed for the purposes provided for by current labor laws and to allow Leal to fulfill its obligation as an employer, including linking to the social security system, paying social benefits, monitoring Leal's information assets and preventing practices that threaten Leal's operation and/or preventing illegal conduct at work and in general for any purpose to comply with the law and employment obligations. Leal may report financial, credit, commercial or service information to the information operators of the holders who have given their authorization. In the same way, you can submit the report of debtors who do not comply with payment obligations in favor of Leal, for which they may remain in the database that Leal can manage or to which the debtor can be reported.
Article 19. Validity. This Policy is effective from the date of issue. The period of validity of the databases will be governed by the provisions that govern the matter in accordance with the principles of purpose and temporality of information.
Article 20. Update. Leal may modify this Policy at any time in order to adapt it to current regulations and to the best practices that are developed on the protection of Personal Data. Any change related to the identification of the Responsible and the purposes of the Treatment, which may affect the content of the authorization granted by the Data Controllers, will be communicated to them efficiently through appropriate and efficient means for this purpose and, in any case, before its implementation.
Given in Bogotá on the 15th day of the month of May 2023.
Privacy Policies - Version 2023/1