ALTERNA S.A.S.
901.307.127-4
Bogotá D.C., Colombia
Contact form at sendme123.com | Phone: +57 333 602 7000 | Email: [email protected] This Policy applies to the website sendme123.com, its subdomains, and associated digital services (the “Platforms”). SendME is a service provided by ALTERNA S.A.S. This Privacy and Personal Data Processing Policy is incorporated by reference into the SendME Terms and Conditions and is an integral part of the contract with our Clients.
This Policy applies to the processing of personal data collected by SendME through the sendme123.com website, its applications, APIs, and customer service channels. When acting as processors on behalf of our Clients, processing is governed by the Client's instructions and the DPA.
ALTERNA S.A.S. acts as the data controller regarding personal data collected through sendme123.com and its subdomains for site management, query handling, and business relations. When we provide messaging services, email, WhatsApp Business, or other SendME functionalities on behalf of our Clients, we process personal data as a Processor. In this scenario, the Client is the Data Controller and we follow their lawful and documented instructions according to this Policy and the Terms and Conditions. As a Processor, we limit processing to the assigned purposes; apply appropriate security measures; may engage Sub-processors under equivalent obligations; perform transfers and, when applicable, international transfers necessary to provide the service; and, upon termination of the relationship, we will return or delete the data processed on behalf of the Client, retaining only minimal information required for evidentiary, audit, and legal compliance purposes.
Use of the SendME platform ('sendme123.com', 'we' or the 'Platform') constitutes full acceptance of these T&Cs and the Privacy Policy. Acceptance is considered given when the user/client (the 'Client') (i) checks the acceptance boxes upon registration, (ii) continues using the service, or (iii) integrates our APIs.
The Privacy Policy published on our website (hereinafter the 'Privacy Policy') forms part of this contract with the same scope and binding force as these T&Cs. Any reference to the “Contract” includes, in addition to these T&Cs, the Privacy Policy and the Data Processing Addendum (DPA) when applicable.
In case of conflict between these T&Cs and the Privacy Policy solely on personal data processing matters, the Privacy Policy shall prevail. If a DPA/Data Processing Addendum has been signed with the Client, the DPA shall prevail over the Privacy Policy and T&Cs regarding processing.
The Client declares having read and understood the Privacy Policy available on our website and undertakes to communicate it to their end users when applicable.
Any information linked to or that can be associated with one or more identified or identifiable natural persons.
Information that affects privacy or whose misuse may cause discrimination (e.g., health, sexual orientation, biometric data).
Natural person to whom the data refers.
Any operation on personal data (collection, storage, use, circulation, or deletion).
The one who decides about the database and the one who processes data on behalf of the controller, respectively.
We process data according to the principles of legality, purpose, freedom, accuracy, transparency, restricted access and circulation, security, and confidentiality. Legal bases include: (i) consent; (ii) contractual necessity; (iii) legal obligation compliance; and (iv) legitimate interest when applicable and compatible with the data subject’s rights.
We generally do not request sensitive data or data from minors. We may process, among others, identification and contact data; Platform usage data; transactional data; and technical metadata. Purposes: (i) service provision, maintenance, and improvement; (ii) support and transactional communications; (iii) billing and collection; (iv) security, fraud, and incident prevention; (v) analytics and product development; (vi) commercial communications when a valid legal basis exists and opt-out mechanisms; and (vii) compliance with legal and regulatory obligations. Depending on your relationship with sendme123.com, we may process:
name, document type and number, email, phone, address.
request content, usage history, preferences, support tickets.
IP addresses, device identifiers, visited pages, cookies, and similar technologies.
data necessary to process payments through third parties, payment gateways (we do not store full card data).
recordings or logs of interactions when applicable.
representative and contact data.
We process your data for:
create and manage accounts, provide Platform functionalities, handle requests and complaints.
incident diagnosis, usage analytics, performance and security testing.
order management, billing, collection, payments, and legal compliance.
sending service notifications. Commercial or advertising messages will only be sent with your consent, and you can always opt out.
authentication, monitoring, risk management, and regulatory compliance.
remember preferences and relevant content using cookies and similar technologies, when you authorize it.
selection, evaluation, and management of contracts and payments.
responding to judicial or administrative requests.
We request prior, express, and informed authorization by verifiable means (e.g., checkboxes, web forms, contract clauses, electronic means with timestamp) and retain proof of authorization. Authorization is not required in cases provided by law (public data, medical/emergency situations, authority requests, historical/statistical/scientific purposes), respecting applicable principles.
Data subjects can access, update, and correct their data; be informed about its use; submit inquiries and complaints; revoke consent and/or request deletion when authorized by law; and access their data free of charge at least once per month and whenever there are substantial modifications.
Channel: [email protected] (or the PQRS form on the site). All requests must include identification of the data subject or representative, description of facts, and supporting documents.
will be answered within ten (10) business days, extendable by five (5) additional business days in justified cases.
will be resolved within fifteen (15) business days, extendable by eight (8) additional business days when necessary.
We may share data with processors and sub-processors acting under our instructions and equivalent confidentiality and security agreements. When international transfers occur, we apply appropriate safeguards (e.g., contractual clauses, binding corporate rules, or other accepted mechanisms). We will maintain a master list of sub-processors and notify relevant changes in advance.
We use cookies and similar technologies to operate the Platform, understand usage, and, when applicable, provide advertising. We will show a banner with options 'Accept all / Reject non-essential / Configure' on equal hierarchy and a preference center to manage consent by categories (functional, analytics, marketing). Details can be consulted in the Cookies Policy, including third-party list, purposes, and validity.
We implement reasonable technical, organizational, and administrative measures to protect data against unauthorized access, use, disclosure, loss, alteration, or destruction. Continuous testing and improvements are carried out proportionally to risk and data nature.
In the event of a security incident affecting personal data, we will activate our response plan, record and document the event, and notify the Superintendence of Industry and Commerce (SIC) and, when required, the Data Subjects, within fifteen (15) business days of detecting the incident, making subsequent updates as needed. We will include the nature of the incident, compromised data, measures taken, and recommendations.
We retain data as long as necessary to fulfill informed purposes, contractual, accounting, tax, and legal obligations, or while a relationship with the Data Subject exists. When no longer needed and no legal obligation requires retention, we will securely delete or anonymize the data.
We may update this Policy to reflect regulatory or process changes. The current version will be published on sendme123.com with the last update date, and material changes will be communicated through registered contact channels.
SendME does not target its services to minors. We do not deliberately collect data from children or adolescents.
By using our Platforms, registering, or providing data by any means, you declare having read and accepted this Policy and the corresponding privacy notice.