Privacy Policy
1. Who We Are
This Privacy Policy describes how Acivem Solutions ("HWA", "we") processes personal data through the HWA platform. For data processed on behalf of educational centers, the center acts as data controller and HWA acts as data processor under the Operator DPA.
2. Data We Collect
- Account data: name, email, role, identity-provider subject (Auth0).
- Operational data: calendar entries, attendance records, center memberships.
- Technical data: IP address, device, browser, log timestamps, error traces.
- Communications: messages exchanged through in-app channels.
3. How We Use Personal Data
- Provide and maintain the Service.
- Authenticate users and prevent fraud or abuse.
- Send transactional notifications.
- Comply with legal obligations under Ley 1581 de 2012, Decreto 1377 de 2013, and related regulations.
- Improve security, reliability, and product quality.
4. Legal Basis
We process personal data based on: (a) the data subject's authorization; (b) performance of a contract; (c) compliance with legal obligations; (d) legitimate interests, where not overridden by the data subject's rights.
5. Minors
The Service may process data about minors when an educational center registers them. Such processing requires the prior, express authorization of the parent or legal guardian and is limited to purposes strictly necessary for the educational service.
6. Sharing
We share personal data only with:
- The educational center that controls your data.
- Sub-processors listed in the Operator DPA (hosting, identity, email delivery).
- Authorities, when required by Colombian law or judicial order.
7. International Transfers
Some sub-processors operate outside Colombia. Transfers are made with appropriate safeguards and only to countries with adequate protection levels or under contractual guarantees that meet the standards set by the Superintendencia de Industria y Comercio (SIC).
8. Retention
We retain personal data for the duration of your account and for legally required periods thereafter. Operational records may be retained up to five (5) years for audit and compliance purposes; technical logs are typically retained for ninety (90) days.
9. Your Rights
Under Ley 1581 de 2012 you may:
- Know, update, and rectify your personal data.
- Request proof of the authorization granted.
- Be informed about the use given to your personal data.
- File complaints with the SIC for violations.
- Revoke authorization and request deletion when appropriate.
- Access your personal data free of charge.
To exercise these rights, contact privacy@acivem-solutions.com. We will respond within fifteen (15) business days.
10. Security
We implement administrative, technical, and physical safeguards proportionate to the risk, including encryption in transit, access controls, audit logs, and least-privilege access for staff.
11. Cookies and Similar Technologies
We use strictly necessary cookies to operate the Service (session, security, preferences). Analytics or marketing cookies require separate consent.
12. Changes
We will publish updates to this Policy with at least fifteen (15) days' notice before they become effective.
13. Contact
Data Protection Officer: dpo@acivem-solutions.com.