Aprio Colombia S.A.S. Privacy Policy

We, at Aprio Colombia S.A.S. identified with TIN 901.740.278 - 3 (hereinafter referred to as “Aprio” or the “Company”), value and respect your privacy. We thank you for visiting our website and for taking time and interest in browsing its various pages and contents. Also, we value the trust and confidence you placed in our firm in whatever capacity and as a visitor of our website. This Privacy Policy will explain to you as to: (1) how we will process and handle personal information you may provide us whenever you register with our site, secure any service, submit inquiries and applications, or avail of any feature of this site which may entail you disclosing personal information; and (2) choices available to you in terms of managing your personal information.

By visiting our website and/or subscribing to any features thereof (hence, providing us personal information), you consent to the collection, storage, use, circulation, transmission and transfer of your Personal Data in compliance with the Colombian Data Protection Regime composed by Law 1581 of 2012, Decree 1377 of 2013, Decree 1074 of 2015 and any other applicable laws related to Personal Data Protection (“CDPR”). 

Regarding the Processing of your Personal Data, Aprio will act as the Data Controller in accordance with Article 3 of Law 1581 of 2012.

Aprio may request Sensitive Data at any time, informing the Data Subject at the time of collection that the requested data has this nature and specifying the type of Sensitive Data that will be collected.

Our Firm – Who We Are and What We Do

We are a premier, full-service business advisory and certified public accounting firm that advises clients and associates on how to achieve what’s next. Our associates work as integrated teams across advisory, assurance, tax, outsourcing, talent solutions and private client services, bringing the best thinking and personal commitment to each client. Across practices, Aprio brings together proven expertise, deep understanding and strategic foresight for industries including Manufacturing and Distribution; Non-Profit and Education; Professional Services; Real Estate and Construction; Restaurant, Franchise & Hospitality; and Technology and Blockchain. Headquartered in Atlanta, Georgia, Aprio has grown to over 2000 team members.

What Personal Information Do We Collect

We may collect personal information from you in the course of our business and during our various transactions with you, including through your use of this website, when you contact or request information from us, when you engage our services or as a result of your relationship with one or more of our staff or clients. We outline below our purposes why we collect personal information from you:

  • To enable us to efficiently deliver responsive and timely services to you.
  • To guide us in improving the quality of our services to our clients.
  • To assist us in fulfilling your requests and in investigating and/or replying to your inquiries.
  • For identity verification.
  • To allow us to carry out our legal or contractual obligations to you and to enforce the same.
  • To comply with applicable laws, regulations, court orders and judicial processes, and other administrative or regulatory requirements.
  • To facilitate recruitment or hiring process and any other human resource management processes.
  • To protect your, third parties,’ and other clients’ safety and privacy; and
  • To enable us to utilize the same as required or authorized by applicable laws and regulations.

For our website visitor, the following personal information may be collected from you: name; employer/company name and work or job title/position; contact information (including phone numbers, mailing/physical address, e-mail address); demographic information; and other relevant information.

For individual clients currently being serviced by our firm or prospective individual clients, the following personal information may be collected from you: name; employer/company name and work or job title/position; contact information (including phone numbers, mailing/physical address, e-mail address); payment details; information on matters/engagements that you refer to our firm that will enable us to provide you with services; relevant information which we may need to know you better as our client and as required by laws and regulations; details that you provide us for purposes of meetings and events (including dietary information which may be connected to your health and/or religious affiliation or beliefs); and such other information as may be necessary to enable us to provide you the required or requested services.

For prospective recruits, the following personal information may be collected from you: name (and if applicable, current work or job title/position), contact information (including phone numbers, mailing/physical address, e-mail address), your resume/curriculum vitae (CV), documents which pertains to your employment history and educational background, and other relevant information necessary to enable us to assess your qualification and fitness for employment.

How Do We Use your Personal Information

Aprio will request prior and informed consent from the Data Subjects, informing them about the specific purposes of the Processing for which such consent is obtained, unless if one of the exceptions contained in article 10 of Law 1581 of 2012 is applicable for the purposes of the processing.

Aprio will carry out the processing of Personal Data voluntarily provided by the Data Subject. In general, Aprio will collect, store, use, circulate, transmit, and transfer the Personal Data it processes. It is important to note that this information can only be used by Aprio, its employees, consultants, advisors, group company affiliates, and commercial and strategic partners expressly authorized by the Company who require access to such information.

Security Measures in Place to Ensure the Confidentiality, Integrity, Availability of Your Personal Information

Our commitment to protect your personal information is complemented by our implementation of appropriate organizational, physical, and technical security measures that will ensure the confidentiality, integrity, and availability of your personal information. These security measures are being integrated in Aprio’s systems, processes, and procedures. But more importantly, Aprio is committed to maintaining the confidentiality, integrity and security of personal information provided and entrusted to us, by you, in order for us to provide thorough financial and planning services to you, our client. When you provide personal information to us, we believe you should be aware of our policies to protect the confidentiality of that information. The following information summarized the privacy policy of Aprio as to the collection, use, retention, and security of your personal information.

Who Do We Share/Disclose Your Personal Information

We are a premier, full-service business advisory and certified public accounting firm that advises clients and associates and any information that we collect or that you furnish us may be shared and processed by any of the Aprio affiliates or any of its authorized third parties/entities. Apart from Aprio affiliates or authorized third parties/entities, we may share or disclose your personal information with any of the following categories of authorized parties of Aprio (the list below is non-exhaustive):

  • Outside consultants and advisors/counselors, such as local and foreign legal advisers/lawyers, accountants, and auditors.
  • Government/regulatory agencies and law enforcement authorities.
  • Third parties to whom we outsource certain services, including, but not limited to, document processing services, IT systems or software providers, IT Support service providers, and document and information storage providers.
  • Third parties engaged in the course of the services we provide to clients such as firms that assist us with servicing your account or accounts and processing transactions you request.
  • Third party postal, courier, and messenger services providers.

How Long Do We Retain Your Personal Information

We will retain your personal information for so long as the purposes for which we collected and processed them remain and until such purposes have been served unless the retention for a longer period is required to fulfill a legal or contractual obligation.

Your Rights as a Data Subject

As a Data Subject, you have the following rights under the CDPR:

  • To know, update, and rectify your Personal Data held by the Data Controllers or Data Processors. This right may be exercised, among others, with respect to partial, inaccurate, incomplete, misleading, or data whose processing is expressly prohibited or not authorized.
  • To request proof of the consent granted to the Data Controller, unless expressly exempted as a requirement for processing, in accordance with Article 10 of Law 1581 of 2012.
  • To be informed by the Data Controller or Data Processor, upon request, regarding the use that has been made of your Personal Data.
  • To file complaints with the Superintendency of Industry and Commerce for breaches of Law 1581 of 2012 and other laws that modify, add to, or complement it.
  • To revoke the consent and/or request the deletion of your Personal Data, provided that there is no legal or contractual obligation that requires the Data Subject to remain in the database.
  • To access your Personal Data that has been processed free of charge, at least once every calendar month and each time there are substantial modifications to the processing policies.

Procedures to be followed by the Data Subject to exercise their Personal Data Rights

The Data Subject’s may exercise their rights regarding their Personal Data provided through the area assigned for the attention of requests, inquiries, and complaints about Personal Data within Aprio. The Data Subject may exercise their aforementioned rights as follows:

A) Procedure to make inquiries (request proof of consent, know the data that has been collected and the processing that has been applied to it)

The Data Subject, his/her heirs, representatives and/or proxy may file inquiries about the Personal Data that is held in the databases of Aprio, in accordance with the following rules:

  • The inquiry will be analyzed to verify the identification of the Data Subject. If the inquiry is made by a person other than the Data Subject and it is not accredited that they act on behalf of the Data Subject in accordance with the current laws, the inquiry will be rejected.
  • All inquiries will be addressed within a maximum period of ten (10) business days counted from the date of receipt. When it is not possible to address the inquiry within this term, the interested party will be informed, expressing the reasons for the delay, and will be indicated the date on which the inquiry will be addressed, which in no case may exceed five (5) business days following the expiration of the first term.

B) Procedure for filing claims for updating, correction, deletion, or revocation of the consent.

The Data Subject or their heirs, who consider that the information contained in Aprio's databases should be updated, corrected, or deleted, or who notice a breach of any of the duties, may file a claim according to the following rules:

  • The claim will be analyzed to verify the identification of the Data Subject. If the request is made by a person other than the Data Subject and it is not proven that the person is acting on behalf of the Data Subject in accordance with the current laws, the request will be rejected.
  • The claim must contain the following information: (i) The identification of the Data Subject; (ii) The contact information (physical and/or electronic address and contact phone numbers); (iii) The documents that prove the identity of the Data Subject, or the representation; (iv) A clear and precise description of the Personal Data in relation to which the Data Subject seeks to exercise any of their rights; (v) The description of the facts that give rise to the claim; (vi) The documents that are to be relied upon; (vii) Signature and identification number.
  • If the claim is incomplete, Aprio will require the interested party to correct the deficiencies within five (5) days following the receipt of the claim. If two (2) months have passed since the date of the request for information without the applicant providing the required information, it will be deemed that Data Subject has withdrawn his/her claim.
  • If the department receiving the claim is not competent to resolve it, it will be forwarded to the appropriate department within a maximum of two (2) business days, and the interested party will be informed of the situation.
  • Once the complete claim is received, a note stating, "claim in process" and the reason for it will be included in the database within two (2) business days. This note must be maintained until the claim is decided.
  • The maximum term for addressing a claim will be fifteen (15) business days from the day following its receipt. If it is not possible to address the claim within this term, the interested party will be informed of the reasons for the delay and the date on which his/her claim will be addressed, which may not exceed eight (8) business days following the expiration of the initial term.

The Data Subject has the right, at any time, to request the deletion of his/her Personal Data. The deletion implies the total or partial elimination of Personal Data from the databases, according to the request of the Data Subject. The right to deletion is not absolute, and Aprio may deny its exercise in the following events: (i) The Data Subject has a legal or contractual duty to remain in the database, or the Data Controller has a legal or contractual obligation to maintain the Personal Data; (ii) The deletion of the Personal Data obstructs judicial or administrative proceedings related to tax obligations, the investigation and prosecution of crimes, or the updating of administrative penalties; (iii) The Personal Data is required to protect the legally protected interests of the Data Subject, to carry out an action in the public interest, or to comply with a legal obligation acquired by the Data Subject or the Data Controller.

Effective date

This Policy shall be effective as of April 1, 2024.

Changes to this Privacy Policy

This Privacy Policy may be updated from time to time. We request that you periodically review this Privacy Policy for latest updates.