This policy is issued in compliance with Law and other regulations that modify or add the personal data protection regime and seeks that BU BE YOU, in its capacity as responsible for the management of personal information , carry out the treatment of the same in strict compliance with the aforementioned regulations, guaranteeing the right of the holders of the information that assists them. It is important that our clients, suppliers, employees, users and consumers are aware of this policy, for which we invite you to read it in its entirety.


For the purposes of this policy, the definitions below will have the following meaning in accordance with the regulations:

to. User: Natural person whose personal data is processed.

b. Treatment: Any operation or set of operations on personal data, such as collection, storage, use, circulation and deletion.

c. Authorization: Prior, express and informed consent of the Owner to carry out the processing of their data.

d. Personal Data: Any information linked or that can be associated with one or several determined or determinable natural persons.

and. Treatment Manager: Natural or legal person, public or private, that by itself or in association with others, performs the processing of personal data on behalf of the data controller.

F. Responsible for the Treatment: Natural or legal person, public or private, that by itself or in association with others, decides on the database and/or the treatment of the data.


Company name: BU BE YOU
night 438711058
Address: Parcelacion La Maria CA 8 KM 2 Med Ant
Telephone: (4) 3116353898
Area in charge: ADMINISTRATIVE


The Personal Data provided will be kept as long as its deletion is not requested by the interested party (unless it is requested and there is a legal duty to keep it). The BU BE YOU databases will have a validity period defined in the company's document retention tables, in view of the nature of the information collected. This version of this policy is in force as of the date of its publication, which completely replaces any provision or previous data processing policy, and will be in force indefinitely and during the time that BU BE YOU executes the activities described. in it and they correspond to the treatment purposes that inspired this policy.

Any modification that is made to this policy will be published in the same way as the initial policy.


In the exercise of its corporate purpose, BU BE YOU carries out the processing of personal data of its employees, suppliers, clients, users, consumers of its products, shareholders and in general any third party; activity that they carry out directly, or by their contractors or agents in charge of it.

In development of the principles of purpose and freedom, the collection of personal data by BU BE YOU. It will be limited to those personal data that are pertinent and adequate for the purpose for which they are collected or required in accordance with current regulations. Except for the cases expressly provided for in the Law, personal data may not be collected without the authorization of the Owner, and data of children and adolescents will not be collected or stored.BU BE YOU. They will be empowered to share among themselves and with the other companies that make up or become part of the business group, the data provided to any of them, as long as they respect the stipulations contained in this Policy.

When reference is made in this Policy to BU BE YOU., it will be understood that any other company that forms part of the business group is included. BU BE YOU. They have the obligation to maintain the confidentiality of the personal data, subject to treatment and may only disclose them at the express request of the surveillance and control entities and / or authorities that have the legal power to request it and will allow at all times and free of charge to know, update and correct the personal information of the Holder in accordance with article 8 of Law 1581 of 2012.

to. Purposes common to all databases

Except for what is expressly provided for each of the Databases in particular, the following purposes pursued by BU BE YOU with the processing of personal information, are common to all its Databases:

• Establishment of communication channels with the holders of personal data and sending newsletters and information of a commercial and institutional nature.

• Compliance with legal and/or contractual obligations related to the development of activities inherent to the corporate purpose of BU BE YOU.

• Attention and processing of requirements, complaints and claims.

• Storage of information in inactive files, when there is a legal duty to maintain information after the execution of the activities or relationships that give rise to the treatment, in accordance with the provisions of the specific legislation that regulates the matter.

• Verification and consultation of information related to the owners, in lists and databases of a public or private nature, both national and international, directly or indirectly related to (a) judicial, criminal, fiscal, disciplinary records, liability for damages to the State patrimony, (b) disabilities and incompatibilities, (c) money laundering, (d) financing of terrorism, (e) corruption, (f) transnational bribery, (g) wanted by the courts, and in the other databases that report on the linking of people with illegal activities of any kind.

• Transfer and transmission of personal data of the holders, nationally and internationally, to natural or legal persons that hold the status of strategic allies of BU BEYOU or with which BU BE YOU have entered into or are entering into collaboration or association agreements.

b. Employees:
The treatment activities on the Employee Databases (potential, current and former), in addition to the purposes common to all the Databases described above, will have the following purposes:

• Carrying out selection processes, promotion, labor welfare, payroll, performance and competencies, induction, training, education, safety and health at work and environment.

• Carrying out knowledge, psychological and/or technical tests on the holders of the personal data.

• Fulfillment of obligations derived from labor contracts in force, directly or through third parties.

• Execution of employee education and training programs and other events organized by BU BE YOU, or in which BU BE YOU has some interest in participating.

• Execution of performance evaluations of the company's employees.

• Transfer of personal data of the holders to funds of and similar entities employees that link or provide their services to the employees of BU BE YOU.

• Capture and use of images and videos for the development of activities related to occupational health and even for the inclusion of these in the publicity pieces of BU BE YOU.

• Adoption of control and security measures on the different BU BE YOU facilities.

c. Supplier database:
The treatment activities on the Supplier Databases (potential, current and old), in addition to the purposes common to all the Databases described above, will have the following purposes:

• Sending requests, contracts and requirements for services and/or supply of products, according to the needs of BU BE YOU.

• Evaluation of the quality of the products and services provided and received.

• Fulfillment of obligations related to the execution of the corporate purpose of BU BE YOU.

• Follow-up on compliance with obligations by suppliers.

• Billing and payment management.

• As an element of analysis for the establishment and/or maintenance of contractual relationships.

• As an element of analysis for the evaluation of risks derived from current contractual relationships.

• For compliance with binding legal and regulatory obligations for BU BE YOU.

d. Customer database:
The treatment activities on the Client Databases (Corporate and final consumer), in addition to the purposes common to all the Databases described above, will have the following purposes:

• Sending newsletters and information related to the products and services offered by BU BE YOU.

• Fulfillment of obligations related to the execution of the contractual object between BU BE YOU and its clients.

• Execution of marketing and publicity activities related to the corporate purpose of BU BE YOU, as well as other organized programs and events.

• As an element of analysis for the establishment and/or maintenance of contractual relationships.

• As an element of analysis for the evaluation of risks derived from current contractual relationships.

• Know the preferences and needs of potential buyers in order to offer the best alternative in terms of location, quality and price, which fully satisfies their requirements.

• Sending of invitations to project launches and capture of images and videos for the publicity of their products.

• Process the guarantees and post-sales originated by the acquisition of the products marketed by BU BE YOU.

• Consultation and report in risk centers.

• As an element of analysis to carry out market studies or commercial or statistical investigations.


According to Law 1581 of 2012, sensitive personal data is "those that affect the Owner's privacy or whose improper use may generate discrimination, such as those that reveal racial or ethnic origin, sexual orientation, political orientation, convictions religious or philosophical beliefs, membership in trade unions, social organizations, human rights organizations or organizations that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data related to health, sexual life and biometric data.” Within them are also recognized the data of minors.

BU BE YOU must process data of this nature, in the development of relations with its employees and/or candidates in selection processes, especially those related to health, and eventually data of a biometric nature in the implementation of security measures in security systems. control of access to its facilities or to some physical spaces, in any case in the processing of said data special security measures will be adopted, and in any case when authorization for the processing of sensitive data is to be requested, the owner will be warned of the purposes for which they will be treated and they will be informed that they have the right to refrain from answering questions about sensitive data or about data of children and adolescents.


As a general rule, in the execution of any personal data processing activity, BU BE YOU will refrain from manipulating data whose owner is a minor, in light of the provisions of article 7 of law 1581 of 2012.

Exceptionally and, taking into account the purpose of certain databases and the activities that are carried out on the data that compose it; BU BE YOU will require the processing of personal data of minors, as in the case of certain personal data of the children of related personnel, or of apprentices and practitioners who have not reached the age of majority. In this order of ideas, BU BE YOU will submit the processing of data of this nature to the following rules:

to) Respect for the best interest of the minor owner of the data.
b) Respect for the fundamental rights of the minor owner of the data.
c) Authorization issued by the legal representative of the minor owner of the data.

In accordance with the Colombian Constitutional Court, the personal data of minors under 18 years of age can be processed, as long as the prevalence of their fundamental rights is not put at risk and unequivocally responds to the realization of the principle of their best interest, without prejudice. of compliance with the foregoing, the collection and any use of the data of minors that are registered in the BU BE YOU databases or, that are requested, require the express authorization of the legal representative of the child or adolescent, these representatives to whom BU BE YOU will facilitate the possibility that they can exercise the rights of access, cancellation, rectification and opposition of the data of their wards.

All managers and managers involved in the processing of personal data of children and adolescents must ensure their proper use. For this purpose, the principles and obligations established in Law 1581 of 2012 and in the regulatory decree must be applied.

The family and society must ensure that those responsible and in charge of processing the personal data of minors comply with the obligations established in Law 1581 of 2012 and in the regulatory decree.

By virtue of the foregoing, BU BE YOU will only process the data of minors, subject to respect for the principles already indicated in the collection of the authorization and as long as the best interests of minors are respected in the treatment of these.


to. Guarantee the Owner, at all times, the full and effective exercise of their rights.

b. BU BE YOU must look for the means through which to obtain the express authorization from the owner of the data to carry out any type of treatment and keep a copy of said authorization.

c. Clearly and expressly inform its users, employees, suppliers, shareholders and third parties in general from whom it obtains data, the treatment to which they will be subjected, the purpose of said treatment and the rights that assist them by virtue of the authorization granted . For this, the company must design the strategy through which for each event, mechanism or data request that is made, it will inform them of the respective treatment in question. Some of these means can be sending emails, text messages, among others.

d. Inform the owners of the data for each case, the optional nature of responding and granting the respective information requested.

and. In all cases in which data is collected, the rights that all owners have regarding their data must be informed.

F. Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access.

g. BU BE YOU must report the identification, physical or electronic address and telephone number of the person or area that will have the quality of data controller.

h. Guarantee at all times the owner of the information, the full and effective exercise of the right to habeas data and petition, that is, the possibility of knowing the information that exists about him or rests in the data bank, request the update or correction of data and process queries, all of which will be carried out through the mechanisms for queries or claims provided.

Yo. Keep the personal data records stored with due security to prevent their deterioration, loss, alteration, unauthorized or fraudulent use and periodically and timely update and rectify the data, each time the owners of these report news or requests .

j. BU BE YOU must guarantee that the information provided to the Treatment Manager is true, complete, exact, updated, verifiable and understandable.

k. Update the information, communicating in a timely manner to the Treatment Manager, all the news regarding the data that has previously been provided and adopt the other necessary measures so that the information provided is kept up to date.

he. Rectify the information when it is incorrect and communicate what is pertinent to the Treatment Manager.

m. Provide the Treatment Manager, as the case may be, only data whose Treatment is previously authorized in accordance with the provisions of this policy.

no. Demand from the Treatment Manager at all times, respect for the security and privacy conditions of the Owner's information.

either. Process inquiries, claims and requests formulated in the terms indicated in the Law, in this policy and in the policies and/or procedures adopted within the company, which in any case must be structured in accordance with the Law and this policy.

Q. Inform the Treatment Manager when certain information is under discussion by the Holder, once the request has been submitted and the respective process has not been completed.

r. Inform, at the request of the Owner, about the use given to their data.

s. Inform the data protection authority when there are violations of the security codes and there are risks in the administration of the information of the Holders.

t. Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce.


The Holders of personal data have the following rights:

  • to. Know, update and rectify your personal data in front of those responsible or in charge of the treatment. This right may be exercised, among others, against data that is partial, inaccurate, incomplete, divided, misleading, or whose processing is expressly prohibited or has not been authorized.
  • b. Request proof of authorization granted to the person responsible for the treatment, except when expressly excepted as a requirement for treatment.
  • c. Be informed by the person in charge or in charge of the treatment, upon request, regarding the use that has been given to your personal data.
  • d. Submit complaints to the Superintendence of Industry and Commerce for violations of the provisions of this Policy and the rules that regulate it.
  • and. Revoke the authorization voluntarily and/or request the deletion of the data when the principles, rights and constitutional and legal guarantees are not respected in the treatment. The revocation and/or deletion will proceed when the Superintendence of Industry and Commerce has determined that in the treatment the person in charge or in charge has incurred in conduct contrary to the Constitution and the Law.
  • F. Free access to your personal data that has been processed.

The holders of personal data should direct their queries, requests or claims to the email:

to. Queries:

BU BE YOU. They must respond to queries within a term of ten (10) business days from the date on which it was received. When it is not possible to comply with this time, the interested party must be informed, stating the reasons for the delay and the date on which the query will be addressed within a term of no more than five (5) days.

b. Claims:

The owner or successor in title who considers that the information contained in a database should be corrected, updated or deleted, or when they notice the alleged breach of any of the duties contained in the law or in this policy, may file a claim to BU BE YOU., which will be processed under the following rules:

Yo. The claim will be formulated by means of a request addressed to the person in charge or in charge of the treatment, to the email , with the identification of the owner, the description of the facts that give rise to the claim, the address, and accompanying the documents that you want. enforce. If the claim is incomplete, BU BE YOU., will require the interested party within five (5) days after receiving it to correct the faults. After two (2) months from the date of the request, without the applicant submitting the required information, it will be understood that the claim has been withdrawn.

ii. Once the complete claim is received, a legend that says "claim in process" and the reason for it will be included in the database, within a term of no more than two (2) business days. Said legend must be maintained until the claim is decided.

iii. The maximum term to address the claim will be fifteen (15) business days from the day following the date of receipt. When it is not possible to address the claim within said term, the interested party will be informed of the reasons for the delay and the date on which their claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the first term.

iv. The owner or successor in title may file a complaint with the Superintendence of Industry and Commerce, once the consultation or claim procedure has been exhausted before the person in charge or in charge of the treatment.

c. Revocation of the authorization and/or deletion of the data:

The owners may at any time request BU BE YOU., the deletion of their personal data and / or revoke the authorization granted for the treatment thereof, by filing a claim, in accordance with the provisions  and the procedure indicated in this policy. Said revocation may be requested by the owner or successor in title to the email . In the case of emails related to marketing information of the brands that BU BE YOU. manufactures and/or distributes may also request the revocation through a link that appears at the end of each email. If the respective legal term has expired, BU BE YOU., has not deleted the personal data, the owner will have the right to request the Superintendence of Industry and Commerce to order the revocation of the authorization and/or the deletion of the personal data. Notwithstanding the foregoing, personal data must be kept when required to comply with a legal or contractual obligation.


BU BE YOU., may only process personal data for as long as is reasonable and necessary, in accordance with the purposes that justified the processing, taking into account the provisions applicable to the matter in question and administrative, accounting aspects , tax, legal and historical information, as well as the legal terms of documentary retention. Once the purposes of the treatment have been fulfilled or the maximum legal term in which BU BE YOU has the obligation to keep the personal data has expired, BU BE YOU., or the person in charge of the treatment will proceed to the deletion of the personal data in their possession.

BU BE YOU. they must document the procedures for the treatment, conservation and deletion of personal data in accordance with the provisions applicable to the matter in question, as well as the instructions issued in this regard by the Superintendence of Industry and Commerce. BU BE YOU. They may modify the personal data use policy at any time, as long as the rights of the owners are not infringed.


To find out what is related to the BU BE YOU data protection policy, you can contact +573183228170 , or by email: , where you can make the respective request.