Privacy Policy

Bold Copy Lab (from now on the “Website“) is the property of Inteligencia Colectiva S.A.S. (N.I.T. 900889546-1; from now on, the “Operator”). This Privacy and Treatment of Personal Information Policy (the “Policy”) establishes the rights and responsibilities of the Bearers of the information. Also, the Operator’s duties and commitments in using said information.

Likewise, this Policy contains the general principles and parameters regarding the processing of personal data by the Operator, any official or collaborator of the company, or third parties designated as liable.

Therefore, Bearers must read this Policy carefully before sharing their personal information. The terms and conditions indicated herein will apply to the personal data provided physically and through non-contact mechanisms (the Operator’s website, information systems, emails, and forms). We recommend that you be aware of them before using the website. If you disagree with this Policy, the Bearers must refrain from using the Operator’s information systems or providing their data to the company.


This Policy applies to the Treatment and processing of data of suppliers, contractors, collaborators, beneficiaries, or third parties whose personal data the Operator has collected through different means that may be presential or not.


  • Authorization: A previous explicit and informed consent from the Bearer to process personal data. 
  • Database: Organized personal data subject to processing by the Operator or a third party appointed by it. 
  • The Operator: Inteligencia Colectiva S.A.S, N.I.T. 900889546-1, headquartered at Barranquilla (Colombia), Cra 56 # 68-85, PO 080020
  • Third-party liable for data treatment: Natural or legal person, public or private, that by itself or in association with others, carries out the processing of personal data on behalf of the Operator.
  • Information / Personal Data / Data: This refers to any information processed by the Operator that identifies a person or can reasonably be used to identify a person, either directly or indirectly, by itself or together with other data. 
  • Responsible for data treatment: The Operator
  • SIC: Colombia’s Superintendency of Industry and Commerce (Superintendencia de Industria y Comercio de Colombia).
  • Third-party: Natural or legal person, national or foreign, other than the Bearer or the Operator. 
  • Bearer: Natural person whose personal data is subject to processing. This Policy may refer to the Bearer as “the User” regarding personal information collected through the website. 
  • Transfer: When the company responsible or person in charge of personal data processing sends information or personal data to a third party who will be liable for the data and who may be inside or outside the country.
  • Transmission. Treatment of personal data regarding communication within or outside the Republic of Colombia’s territory. The latter is for the purpose of a manager carrying out the Treatment on behalf of the Operator. 
  • Treatment: Any operation or set of functions on personal data, such as the collection, storage, use, circulation, or deletion.


The Processing of Personal Data will be governed, in addition to what is established in this document, by the general principles of personal data processing protected by Law 1581 of 2012 (Colombia), described below:


  1. Principle of purpose: The Processing of Personal Data carried out by the Operator or any third party to which this Policy refers must obey a legitimate purpose under the applicable regulation. The Operator must also inform the Bearer at all times regarding the purpose of the data processing.

  2. Principle of freedom: The owner’s explicit and informed consent is always required to carry out any personal data processing activity.

  3. Principle of reliability or quality: All the information that the Operator collects, or any third parties to whom it entrusts the Treatment, must be truthful, complete, exact, updated, verifiable, and understandable. Under no circumstances may the Operator process partial, incomplete, or misleading data.

  4. Principle of transparency: The Bearer’s rights regarding Personal Data, protected in the applicable local regulation, must be guaranteed at all times.

  5. Principle of access and restricted circulation: The Treatment is subject to limitations regarding the nature of the Personal Data and the applicable local laws’ requirements. Thus, it is only for persons authorized by the Bearer or by the persons stipulated by Law.

  6. Security principle: The Personal Data the Operator collects or any third party on its behalf will be handled under strict technical, human, and administrative measures at all times. These measures are necessary to provide the record’s security and avoid adulteration, loss, unauthorized or fraudulent use, or access.

  7. Principle of confidentiality: Everyone to whom this Policy applies will be obliged to guarantee non-disclosure, even after the end of the relationship related to any tasks the Treatment comprises.

Personal Data subject to processing

Inteligencia Colectiva S.A.S, the organization that owns the website, may obtain and preserve the following information about visitors to its website or other presential or non-presential means through which it has collected personal data:

  • The date and time of access to our website: This allows us to find the busiest times and make the necessary adjustments to avoid overload problems during peak hours.

  • The Internet address from which the link to our website originated. This information allows us to determine the effectiveness of the different URLs that point to our server.

  • We can consequently focus on those that offer the best results and identify possible allies.

  • The number of daily visitors to each section allows us to identify the areas of most interest, increase, and improve their content to achieve more satisfying results.

  • Name, surname, gender, marital status, age, address, region, country, city, postal code, landline number, mobile phone number. Email address, social media, profession, job, employment relationship. The organization where you work, address, and phone numbers of the organization where you work. The Operator groups this information into personal data and professional data.

Purposes of the Processing of Personal Data

Current legislation on data protection, Law 1581 of 2012, Decree 1377 of 2013, and other regulatory decrees (Colombia) states the following. The Bearer must explicitly authorize and inform the Operator regarding data collection, storage, use, analysis, circulation, updating, and transfer. The latter concerns individual or third-party data provided at the time of registration through any known or unknown technology for any of these purposes:

  • Seeking information related to the Operator’s services

  • Sending documents or information related to the Operator’s services

  • Hiring collaborators, suppliers, or contractors

  • Linking beneficiaries and their participation

  • Comply with the obligations contracted with the Bearers of Personal Data

  • Development of activities with the bearers of the information

  • Carrying out activities related to corporate purposes

  • Attend to and manage the requests and suggestions the Bearers make

  • Sharing and transmitting data to third-party service providers in charge of data processing. They may store, process, protect, and preserve the Personal Data provided. In these cases, the Bearers will receive information about the contact details or the third party in charge of Data Processing.

  • The Operator may disclose the Personal Data of the Bearers to provide information to government entities when they request it. Also, I need to comply with tax regulations and meet administrative and judicial requirements. This means that the Operator may share personal data, for the mentioned purposes, with lawyers, external advisers, or auditors.

  • The Operator may use personal information collected through information systems for different purposes. Some of them are adding the Bearer to email subscription lists, analyzing trends and statistics, improving the website’s operation, providing content and announcements, or sending promotional materials about the Operator.

  • The Operator may collect data from the Bearers when they download documents, consult information, subscribe to webinars or activities, or participate in forums, chats, or online courses. The actions mentioned above may relate to:

(i). Reporting on trends and progress in the content marketing industry.

(ii) Advertising activities, products, and services of the Operator or its strategic allies through any known or unknown information means.

(iii) Developing strategic analysis for the Operator’s planning processes

(iv) Verifying the identity of the User and carrying out selection processes for different types of activities

(v) Answering questions and processing any comments that the User may make

(vi) Manage administrative tasks like registering suppliers and customers to issue invoices, purchase orders, contracts, or make payments.

The Operator may also process data for additional purposes that are included in any privacy notices.

Authorization for the Processing of Personal Data

The Operator will collect personal information subject to Treatment, with the prior authorization of the Bearer. The Bearers will receive information about the form of Treatment, the description of the purposes of the Treatment, and their privacy rights, together with the best means to exercise them.

Proof of authorization

The Operator may implement and adopt the necessary actions to maintain and preserve the authorization for personal data processing granted by the information Bearers through physical and technological mechanisms.

Rights of the Bearers

Under current Colombian legislation, Bearers have the right to:

  • Acknowledge, update, and request data modification from the treatment managers.

  • Request proof of this authorization, except when there is an exception for the treatment requirement. According to the provisions of article 10 of Law 1581 of 2012, the latter.

  • Request information from the Operator regarding the use of personal data.

  • Withdraw the authorization to include your data in the Operator’s databases anytime. Or request the deletion of personal data when the Treatment does not respect constitutional and legal principles, rights, or guarantees. The withdrawal or deletion will proceed when the Superintendency of Industry and Commerce (SIC) has determined that in the Treatment, the Responsible for data treatment or Third-party responsible for data treatment has been incurred in conduct contrary to this Law constitution.

Request free access to their previously authorized personal data.

Treatment of personal data

The Operator is responsible for the Treatment of personal data, and third-party service providers may be hired directly by the Operator. That is, companies and individuals who may perform services on behalf of the Operator, such as: sending emails, marketing campaigns, database purge, and analysis of consumer preferences, storage of Personal Data, or any other type of activity that the Operator entrusts to third parties which involve the Treatment of personal information.

The Operator and third-party service providers must treat personal information within the scope and for the purposes included in this item. The latter, following the requirements of Law 1581 of 2012, Decree 1377 of 2013, and other regulatory decrees and standards. If the Operator entrusts the personal data processing to a third party, references about these third parties (identification) will be explicit.

Exercise of Rights

To exercise their rights, the Bearers will have the appropriate means of communication at their disposal. There is an area in charge of ensuring compliance with this Policy at Bold Copy Lab. This area will also attend to the Personal Data Bearers’ queries and claims when exercising their rights. Bearers may contact the said department at +573186860183 in Barranquilla, Colombia. You may also contact us at [email protected] or by mail at Cra 56 #68-85 (Barranquilla, Colombia). Please write “Treatment of Personal Data” in the subject line.


The Bearers or their representatives may consult their personal information at any time. For this, the Bearer must make a formal request through the means enabled by the Operator.

The Operator must respond to the query within a maximum term of ten (10) business days from the date of receipt. When it is impossible to reply to the query within said term, the Operator will inform the interested party, stating the reasons for the delay and indicating the date on which the Operator will respond. That date shall not exceed five (5) business days after the expiration of the first term.


The Bearers or their representatives may request their data’s correction, update, or deletion. For this, they must submit a written declaration, which must contain the following information:

  • Identification of the Bearer 

  • Description of the facts that enable the claim 

  • Correspondence address or email address of the Bearer 

  • Documents supporting the application

The Operator may require the interested party to provide additional documents, in cases where the request is incomplete, within five (5) days after receiving the claim.

If the interested party doesn’t submit the required information within two (2) months from the request’s date, the interested party has withdrawn the claim. Once the Operator receives the claim, the Operator will update this information in our databases within two (2) days after receiving the request, stating that “a claim is in progress.”

The Operator, or any other third party associated with the Operator, will attend the claim within fifteen (15) business days, starting the day after the date of receipt. Suppose it’s not possible to answer within that term. In that case, the interested party will receive the information regarding the reasons for the delay, and the Operator will respond within a maximum period of eight (8) days.

The Bearers may acknowledge and update their data, among other actions, at any time. They may ask to rectify partial, inaccurate, incomplete, fractioned, misleading data or data that is expressly prohibited or unauthorized.

According to the Law, the Operator may deny access to Personal Data or any withdrawal of authorization or request for data deletion in the following cases:

  1. The applicant is not the owner of Personal Data, the beneficiary, or the legal representative, and he or she is not duly accredited.


  2. There is no court order when the applicant is not a public or administrative entity in the exercise of its lawful functions.


  3. When the Bearer has a legal duty to remain in the database


  4. When the Operator doesn’t find the applicant’s data in its database


  5. When the rights of a Third Party are disturbed


  6. When there is a legal obstruction. For example, a resolution from a competent authority that doesn’t allow the rectification or cancellation of data.


  7. When the rectification or cancellation has already been requested


If there is an unresolved claim, the Operator will classify the Bearer’s registered data as a: “Claim in Process.” The Bearers of the personal data may only file a complaint with the Superintendency of Industry and Commerce (SIC) once they have carried out the consultation or claim process before the Operator.

Security Measures Regarding the Treatment of Personal Information

 The Operator will store the information of the Bearers securely. Therefore, the Operator will take all precautionary measures to protect your data against adulterations, losses, consultations, use, or unauthorized or fraudulent access. Subcontractors and suppliers that, in one way or another, have access to the personal data of Bearers due to specific orders (Treatment Managers) are contractually obliged to keep this information confidential. They may not use this information for any other purpose.

Treatment of Personal Data for minors

The Operator does not wish to collect personal data from individuals under 18 (minors, under Colombian Law). 

-What if parents or other legal guardians discover that children under their supervision have provided personal information to the Operator without their consent? 

-If they wish to delete this information, they may contact the Operator for immediate instructions.

-However, if it is necessary to treat minors’ data, the Operator must obtain the prior explicit authorization of both parents or legal representatives of the child. This authorization must specify the purpose of the Treatment. 

Cross-Border Transfer of Personal Data

In the recollection, Treatment, and Processing of Personal Information, the Operator may transfer Personal Information to third parties related to treatment activities. These entities may be in jurisdictions other than Colombia. When the Operator must carry out the transfer to entities located in countries with no standards equivalent to those of Colombia on privacy and data protection, the Operator will ask the owner of the information for their consent to carry out such transfers. The latter is based on this Policy and subject to the requirements established in Colombian legislation. The Operator may entrust the processing of Personal Data to third parties who must comply with this Policy or under their policies, which may not contradict this Policy.

Regulatory requirements

The Operator will cooperate with the competent authorities to ensure compliance with the laws regarding intellectual property protection, fraud prevention, and other matters.

The Users of authorize the Operator to supply any Personal Information about them to comply with the competent authority’s requirement. If necessary, the Operator must cooperate with the competent authorities to the extent that we discretionally deem it essential. Especially regarding any investigation of an illicit nature like fraud, infringement of intellectual property rights, or other illegitimate activity that may expose the Operator to any legal responsibility. 

Furthermore, the User authorizes the Operator to share his name and surname, address, city, region, postal code, country, telephone number, email address, and company name to the competent authorities about the investigation of fraud, infringement of intellectual property rights, piracy, or any other illegal activity. This Data Treatment Policy was revised in May 2017 and will be in force as long as necessary to achieve the purposes mentioned in this Policy.