top of page










LIZ HOLDINGS SAS., (hereinafter LIZ) identified by Nit. 901.502.123-0 domiciled in the city of Bogotá DC acts as responsible and / or in charge of the processing of personal data that it collects or is delivered in the execution of its commercial activities. By virtue of the foregoing, it has established this personal data processing policy.




Processing of public data


LIZ warns that it treats personal data of a public nature such as those contained in public records without prior authorization from the Holder. This situation does not imply that the necessary measures are not adopted to guarantee compliance with the principles and obligations contemplated in Law 1581 of 2012 and other regulations that regulate this matter in charge of LIZ.


Treatment of private and sensitive data


LIZ only processes private personal data to comply with the provision of its services and corporate purpose. LIZ will treat the information strictly necessary and in the event that the client discloses it, the owners are informed that the purpose of the treatment is exclusively for the provision of services.


LIZ uses and treats data classified as sensitive, when:

  • The treatment has been expressly authorized by the Holder of the sensitive data or his guardian or representative, except in cases where by Law, the granting of said authorization is not required.

  • The Treatment is necessary to safeguard the vital interest of the owner and he is physically or legally incapacitated. In these events, the legal representatives must grant the authorization.

  • The Treatment refers to data that is necessary for the recognition, exercise or defense of a right in a judicial process;

  • The Treatment has a historical, statistical or scientific purpose or, within the framework of improvement processes; the latter, as long as the measures leading to the suppression of the identity of the Owners are adopted or the data is dissociated, that is, the sensitive data is separated from the identity of the owner and is not identifiable or the person cannot be identified Owner of the data or sensitive data.


In addition to the above, LIZ complies with the following obligations:

  • Do not condition any activity to the owner providing sensitive personal data, unless there is a legal or contractual cause to do so.


Treatment of data of minors


In the event that LIZ comes to know the data of minors, it will proceed to process the personal data appropriately, for which the minors must be with their representative or guardian in order to authorize the processing of data. LIZ may know personal data of minors that comes from the information provided by employees. The foregoing, in accordance with the provisions of article 7 of Law 1581 of 2012. Likewise, the processing of minors' data will always ensure:

  • That responds to and respects the best interest of children and adolescents.

  • That the respect of their fundamental rights be ensured.


In any case, the representative or guardian of the child or adolescent certifies that at the time the data processing is authorized, the minor was heard and informed in an understandable manner of this data processing policy. The minor's guardian guarantees that he valued the minor's opinion taking into account maturity, autonomy and ability to understand the matter and that once heard, he proceeded to authorize the processing of his data.


LIZ and any person involved in the processing of the personal data of children and adolescents will ensure their proper use. In compliance with the foregoing, the principles and obligations established in Law 1581 of 2012 and Single Decree 1074 of 2015 are applied and developed.




LIZ recognizes and guarantees the holders of personal data the following fundamental rights:

  • Access, know, update and rectify your personal data against LIZ in its capacity as responsible and / or in charge of the Processing of personal data.

  • Request proof of the existence of the authorization granted to LIZ, except in cases in which the Law exempts the authorization.

  • Receive information from LIZ upon request, regarding the use that has been given to your personal data.

  • Submit complaints for alleged violations of the provisions of current regulations.

  • Modify and/or revoke the authorization and/or request the deletion of personal data, when the Treatment does not respect the current constitutional and legal principles, rights and guarantees. This right is not absolute as it is limited as long as there is a legal or contractual obligation that limits this right.

  • Be aware of and have free access to your personal data that has been processed.




LIZ is aware that personal data is the property of the people to whom it refers and only they can decide on it. Likewise, LIZ will make use of said data, only in compliance with the purposes for which it is duly empowered and previously authorized by the owner or by Law, and guaranteeing at all times respect for current regulations on Protection of Personal Data. .


LIZ as Responsible and/or Manager of the processing of personal data, complies with the duties and obligations set forth in article 17 and 18 of Law 1581 of 2012, and norms that regulate or modify it, namely:


  • Guarantee the Owner, at all times, the full and effective exercise of the right of habeas data;

  • Request and keep, under the conditions provided in this law, a copy of the respective authorization granted by the Holder;

  • Duly inform the Holder about the purpose of the collection and the rights that assist him by virtue of the authorization granted;

  • Keep the information under the necessary security conditions to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access;

  • Guarantee that the information provided to the Treatment Manager is true, complete, exact, updated, verifiable and understandable;

  • Update the information, communicating in a timely manner to the Treatment Manager, all the news regarding the data that he has previously provided and adopt the other necessary measures so that the information provided to him is kept updated;

  • Rectify the information when it is incorrect and communicate what is pertinent to the Treatment Manager;

  • Provide the Treatment Manager, as the case may be, only data whose Treatment is previously authorized by the owner;

  • Demand from the Treatment Manager at all times, respect for the security and privacy conditions of the Owner's information;

  • Process the queries and claims formulated in the terms indicated in Law 1581 of 2012 and other concordant regulations;

  • Inform the Treatment Manager when certain information is under discussion by the Holder, once the claim has been filed and the respective process has not been completed;

  • Inform at the request of the Owner about the use given to their data;

  • Comply with the instructions and requirements issued by the Superintendence of Industry and Commerce.


Duty of secrecy and confidentiality


LIZ guarantees and requires professional secrecy, regarding them and the duty to keep them, obligations that will subsist even after the end of their relations to any person who intervenes in any phase of the processing of private, sensitive or minor personal data. contractual with LIZ.


Failure to comply with the duty of secrecy will be penalized in accordance with the confidentiality agreement or confidentiality clause signed with the person who is in charge of the treatment.




Authorization Overview


In the case of data other than those of a public nature, defined in numeral 2 of article 3 of Regulatory Decree 1377 of 2013, LIZ will previously request authorization for the processing of personal data by any means that allows it to be used as evidence. Depending on the case, said authorization may be part of a broader document such as a contract, a specific document (format, form, other, etc.) or at the time of registering or putting such information in the software or LIZ platform (logs).


Collection, treatment and its purpose


LIZ may collect the following information from the owner:


  1. Names and surnames.

  2. Cell phone.

  3. Email.

  4. Password to access the platform.

  5. Location/Address.

  6. Identity document with photo on both sides.

  7. Identity validation photo (selfie type).

  8. -Credit Card Number.

  9. -expiration date of the credit card.

  10. -ccv of the credit card.

  11. -Credit card holder.

  12. -Identity card of the owner.

  13. -Name of the bank.

  14. -Account number.

  15. -Account holder.

  16. -Identity card of the owner.


LIZ will carry out the following treatment of the personal data that it collects to give it the purpose described below:


  1. Consult, verify and process the personal information provided by the owner.

  2. Process the information for the correct provision of services.

  3. Transfer to third parties (service providers, allies, collaborators, etc.) the strictly necessary data that is required for the contracting and/or adequate provision of the platform services.

  4. Carry out the pertinent steps for the development of the pre-contractual, contractual and post-contractual stage with LIZ or its third parties, with respect to any of the services offered by it or within the platform that it has acquired or, with respect to any underlying contractual relationship that it has with it, as well as to comply with Colombian or foreign law and the orders of judicial or administrative authorities;

  5. Manage procedures (requests, complaints, claims) and carry out satisfaction surveys regarding the company's services.

  6. The remittance of commercial information and/or advertising about products and/or services through the channels or means that LIZ establishes for this purpose (mail, SMS, push notifications, among others).

  7. Provide contact information and relevant documents to the commercial force and/or distribution network, telemarketing, market research and any third party with which the LIZ has a contractual relationship of any kind;

  8. Make known, transfer and/or transmit personal data inside and outside the country, to third parties as a result of the provision of the service, law or lawful link that is required by the operation of the platform.


Of the right of access


LIZ guarantees the right of access in accordance with Law 1581 of 2012, only to the Holders, their representatives and guardians, prior accreditation of the identity, legitimacy or personality of their representative, making available to him, without cost or expense, of in a detailed and detailed manner, the respective personal data processed, through any means of communication, including emails that allow direct access by the owner. Said access is subject to the limits established in the sole Decree 1074 of 2015.


Of the right of consultation


The holders of personal data may consult the personal information that rests in any database of the company. Consequently, LIZ guarantees the right of consultation in accordance with the provisions of Law 1581 of 2012 on the data collected, whether private, sensitive and minor personal data corresponding to natural persons, providing the Holders of these personal data with the information contained in each one of the corresponding databases and that are under the control of the company.


LIZ will establish the authentication measures that allow the owner and/or his representative who makes the query or request to be safely identified.


Regardless of the mechanism implemented for the attention of consultation requests, these will be processed within a maximum term of ten (10) business days from the date of receipt. In the event that a query request cannot be answered within the term indicated above, the interested party will be informed before the expiration of the term of the reasons why no response has been given to their query, which in no case may exceed five (5) business days following the expiration of the first term.


Of the right to claim


The Holder, his representative or tutor who considers that the information contained or stored in a database, may be subject to correction, updating or deletion, or when they notice the alleged breach of any of the duties and principles contained in the regulations on Protection of Personal Data. In this sense, they may file a claim with LIZ.


The claim may be presented by the owner, his representative or guardian, taking into account the provisions of article 15 of Law 1581 of 2012.


If the claim is incomplete, the person responsible for the treatment will request the owner or his representative within five (5) business days following receipt of the claim, to correct the failures or errors, if two (2) months have elapsed from the date of the requirement, without the applicant presenting the requested information, it will be understood that the claim has been withdrawn.


In the event that LIZ receives a claim that is not within its competence, it will be transferred to the appropriate person within a maximum term of two (2) business days and the interested party will be informed of the situation.


Once LIZ has received the complete claim, a legend that says "claim in process" and the reason for it will be included in the database, within a term of no more than two (2) business days. Said legend will remain  until the claim is decided. The maximum term to resolve the claim is fifteen (15) business days, counted from the day following the date of receipt. When it is not possible to address the claim within said term, LIZ will inform the interested party of the reasons for the delay and the date on which their claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the first finished.


The right to rectify and update data


LIZ undertakes to rectify and update the personal information that corresponds to the owner of the data and that is incomplete or inaccurate, in accordance with the procedure and the terms indicated above. In this regard, LIZ will take into account the following:

  • In requests for rectification and updating of personal data, the Holder, his representative or guardian must indicate the corrections to be made and provide the documentation that supports his request.

  • LIZ has full freedom to enable mechanisms that facilitate the exercise of this right, as long as they benefit the Holder, his representative or guardian of the personal data. Consequently, electronic means or others that LIZ deems relevant and safe may be enabled.

  • LIZ may establish forms, formats, systems and other methods, which will be duly informed and made available to interested parties on the website or offices.


Of the right to the deletion of data


The Owner of personal data has the right at all times to request the company to delete (eliminate) their personal data. For this, the following assumptions will be taken into account:

  • That they are not being treated in accordance with the principles, duties and obligations set forth in the current regulations on Protection of Personal Data.

  • That they have ceased to be necessary or pertinent for the purpose for which they were collected.

  • That the period necessary for the fulfillment of the purposes for which they were collected has been exceeded.


This deletion implies the total or partial elimination or secure deletion of personal information in accordance with what is requested by the owner in the records, files, databases or treatments carried out by LIZ.


The right of deletion is not an absolute right, and LIZ, as the person in charge and/or in charge of the processing of personal data, can deny or limit the exercise of the same when:


  • The owner of the data has a legal or contractual duty to remain in the database.

  • The deletion of data hinders judicial or administrative actions related to tax obligations, the investigation and prosecution of crimes or the updating of administrative sanctions.

  • The data is necessary to protect the legally protected interests of the owner; to carry out an action based on the public interest, or to comply with an obligation legally acquired by the owner.


The right to revoke the authorization


Any owner of personal data may revoke consent to their processing at any time, as long as a legal or contractual provision does not prevent it. For this, LIZ has established simple and free mechanisms that allow the owner to revoke their consent.


In the cases in which the revocation of the authorization is possible, it will be dealt with under the following two modalities:

  • Total: On all consented purposes, that is, that LIZ must completely stop processing the data of the Holder, his representative or guardian.

  • Partial: On certain consented purposes such as for advertising or market research purposes. In this case, LIZ must partially suspend the processing of the data of the owner, his representative or guardian. Other purposes of the treatment are then maintained that the Controller, in accordance with the authorization granted, can carry out and with which the owner agrees.


The right of revocation is not an absolute right and LIZ, as the person in charge and/or in charge of the processing of personal data, can deny or limit the exercise of the same when:


  • The owner of the data has a legal or contractual duty to remain in the database.

  • The revocation of the authorization of the treatment hinders judicial or administrative actions related to fiscal obligations, the investigation and prosecution of crimes or the updating of administrative sanctions.

  • The data is necessary to protect the legally protected interests of the owner; to carry out an action based on the public interest, or to comply with an obligation legally acquired by the owner.

  • The data is data of a public nature and corresponds to public records, which are intended for publicity.


Applicable general rules.


LIZ has established the following general rules for the protection of personal, sensitive and minor data, such as the care of databases, electronic files and personal information:


  • LIZ guarantees the authenticity, confidentiality and integrity of the information under its responsibility, and it will make it known 1) to third parties that require it to provide the service requested through the platform.

  • LIZ is the one that executes and designs the strategy for compliance with this document.

  • LIZ adopted all the necessary and possible technical measures to guarantee the protection and control of the existing database and under its control.

  • In cases where the infrastructure depends on a third party, it will ensure that both the availability of information and the care of personal, sensitive and minor data is a fundamental objective.




  • Any consultation or claim against the inherent rights of the holders on personal data must be made by means of a letter addressed to LIZ, attaching a photocopy of the identity document of the interested Holder or any other equivalent document that proves their identity and ownership according to law.

  • The rights of access, updating, rectification, deletion and revocation of the authorization of personal data are very personal and may only be exercised by the Holder. However, the Holder may act through a legal representative or proxy when he is in a situation of incapacity, minority or facts that make it impossible for him to exercise them personally, in which case it will be necessary for the legal representative or proxy to prove such condition.

  • No value or fee will be required for the exercise of the rights of access, update, rectification, deletion or revocation of the authorization. (The provisions of article 21 of Regulatory Decree 1377 of 2013 will be taken into account)

  • Once the terms indicated by Law 1581 of 2012 and the other norms that regulate or complement it have been fulfilled and exhausted, the Owner who is denied, totally or partially, the exercise of the rights of access, update, rectification, deletion and revocation, On behalf of LIZ, you may notify the National Authority for the Protection of Personal Data (Superintendence of Industry and Commerce - Delegation for the Protection of Personal Data -) of the denial or non-conformity with respect to the right exercised.




The responsible


The person responsible for the processing of personal data of LIZ is the legal representative, who will ensure due compliance with this policy and the other regulations that regulate the proper use of personal data.


Their contact details are:



Address: Cr 12 No. 91- 24 Bogotá, DC


The managers


Any natural or legal person, public or private, who processes personal data on behalf of LIZ is responsible for the processing of personal data. This assumes that their respective managers have been defined for each data processing and that they act by precise instruction of the person in charge of the company.


Duties of Managers.


LIZ distinguishes between internal manager and external manager. The internal managers are employees of LIZ, while the external ones are natural or legal persons who process data that LIZ provides them in order to fulfill its corporate purpose (suppliers, consultants, advisers, outsourcing companies, allies, etc.).




This policy is effective as of January 18, 2022. The databases managed by LIZ will be in force as of the promulgation of this Data Treatment Policy.


Policy updates: LIZ may modify this policy in order to reflect any change in operations or functions, in which case all information holders will be made aware of the updates made on the data processing policy before for it to be implemented.




If you have any questions about this policy, please contact us through any of the following communication channels:



Address: Cr 12 No. 91-24Bogota, D.C.





LIZ's suppliers and employees accept the Processing of their Personal Data at the time of linking with the company, in accordance with the terms of this document and LIZ may continue processing the data for the purposes described, if they do not exercise their right to revoke or delete.


For their part, LIZ users accept the Processing of their Personal Data at the time of accepting the processing of their personal data. Acceptance of data processing in any case must be made before being linked to LIZ.

bottom of page