top of page

Privacy Policy N'ayra

N'AYRA

(MELO KRAMELO S.A.S.)
Personal Data Management Policy

MELO KRAMELO S.A.S., owner of the establishment N'AYRA, is a small business committed to respecting your privacy. This policy outlines how we handle personal data, in accordance with the regulations of the Republic of Colombia, specifically Law 1581 of 2012, Decree 1377 of 2013, and related government regulations.

 

Our aim is to ensure the protection of your right to access your data, clarify how we process your personal information with your authorization, describe your rights, explain data transfers, and demonstrate our responsibility in managing personal data. This aligns with Articles 15 and 20 of the Political Constitution of Colombia regarding Data Protection.

 

1. Definition of Personal Data and Sensitive Data

 

Personal Data: This is any information about a natural or legal person that identifies or helps us identify them.

Computerized Personal Data: This refers to information we process using electronic or automated tools.

Sensitive Personal Data: This includes more private details like racial or ethnic origin, political views, religious or philosophical beliefs, union membership, health, sexual life, and biometric data. It also covers information about criminal or administrative offenses, financial details, credit information, and any other data that could lead to discrimination.

Commercial Personal Data: For N'AYRA, this refers to sensitive business data like customer, supplier, and human resources databases, often used for advertising or other core business activities.

 

2. Principles of Personal Data Processing

 

When we handle your personal data at N'AYRA, we follow these core principles, which are based on Colombian data protection laws:

  1. Principle of Legality: All personal data processing at N'AYRA strictly adheres to the Political Constitution of Colombia, Law 1581 of 2012, and Decree 1377 of 2013.

  2. Principle of Quality (Accuracy): We only process personal data that is appropriate, relevant, and necessary for the specific, clear, and legitimate reasons we collected it. We ensure your information is truthful, complete, accurate, up-to-date, verifiable, and easy to understand.

  3. Principle of Transparency: You have the right to know what personal data we have, why we use it, and who is responsible for managing our database. You can also ask the Personal Data Protection Directorate about our databases, their purposes, and who controls them.

  4. Principle of Limited Retention Period: You can ask us to delete your personal data from our records. Once our relationship with you ends (e.g., you're no longer a customer), you can request the deletion of your personal information. N'AYRA will remove personal data when it's no longer needed for the purposes we collected it for, or if you revoke your authorization, unless we're legally or contractually required to keep it for a specific time.

  5. Principle of Purpose: Every time we process personal data at N'AYRA, it's for a legitimate and clearly stated purpose, which we will inform you about.

  6. Principle of Freedom: We only process your data with your prior, explicit, and informed consent. We won't obtain or share your personal data without your permission, unless a law or court order requires us to.

  7. Principle of Security: We manage your personal data with the necessary technical, human, and administrative safeguards to prevent unauthorized changes, loss, access, or fraudulent use.

  8. Principle of Confidentiality: Everyone involved in processing personal data at N'AYRA is committed to professional secrecy regarding this information. This commitment continues even after their relationship with N'AYRA ends. They may only be relieved of this duty by a court order or for compelling reasons related to national security, defense, public safety, or public health.

 

3. Why We Process Your Personal Data (Purposes)

 

At N'AYRA, we collect, store, use, share, and delete personal data for the following essential business purposes:

  • For Our Customers and Users:

    • To process your orders, purchases, and transactions made through N'AYRA's establishment or our online channels.

    • To send you updates about your orders, promotions, offers, and news about N'AYRA's products and services (with your permission).

    • To respond to your questions, requests, complaints, and claims.

    • To conduct satisfaction surveys to make our products and services even better.

    • To manage our relationship with you as a customer or user.

  • For Our Suppliers:

    • To manage our business relationship and contracts with our suppliers.

    • To process payments and ensure services or products are delivered as agreed.

  • For Our Team (Human Resources):

    • To manage the hiring process for our staff.

    • To handle payroll and other employment-related obligations.

    • To monitor employee performance and development.

  • For Legal and Security Reasons:

    • To comply with all applicable laws and regulations that apply to N'AYRA.

    • To prevent fraud and manage business risks.

    • To keep N'AYRA's facilities and assets safe.

    • To respond to requests from legal or administrative authorities.

  • For Marketing and Business Development:

    • To analyze market trends and understand our customers better, which helps us develop new products and services.

    • To send you personalized advertising and promotional messages.

    • To allow you to participate in loyalty programs and rewards.

 

4. How We Get Your Permission to Use Your Data (Authorization)

 

Before we collect, store, use, share, or delete your personal data, we need your clear, express, and informed consent.

N'AYRA obtains this permission in ways that make your consent obvious, such as:

  • Through physical or online forms where the purpose of data processing is clearly stated.

  • Via acceptance checkboxes on our website or apps.

  • Through voice recordings of telephone calls, where you'll be informed beforehand that the call is being recorded and for what purpose.

  • Any other method that allows us to confirm you've given us permission.

You can withdraw your permission at any time, unless a legal or contractual obligation requires us to keep your data.

 

5. Your Rights Regarding Your Data

 

As a data subject, you (or your legal representative, with proper identification) have specific rights regarding your personal data:

  • Access (Consultation): You have the right to freely ask us what personal data we hold about you. We'll provide this information within the legal timeframe.

  • Update: You can ask us to update your personal data if it's incomplete, fragmented, or incorrect.

  • Rectification: You have the right to correct any inaccurate personal data we have.

  • Deletion (Revoking Authorization): You can request that we delete your personal data, unless there's a legal or contractual reason we must keep it. This includes the right to revoke your authorization for us to process your data.

  • Proof of Authorization: You can ask us for proof that you gave us permission to process your data.

  • Complaints to the SIC: If you believe we've violated data protection laws, you have the right to file a complaint with the Superintendence of Industry and Commerce (SIC).

 

6. Who to Contact for Your Data Rights (Our Data Protection Contact)

 

To exercise your rights regarding your personal data, N'AYRA has designated Our Legal Service Team as the contact area for all data protection inquiries, consultations, and claims.

You can reach us through the following channels:

  • Email: legal@nayracolombia.com

  • Physical Address: Cll 16 a sur No 45 -25, Medellin, Colombia

  • Telephone: +57 3043914214

 

7. How We Handle Your Requests (Procedures)

 

  • Consultations: We'll respond to your consultations within a maximum of ten (10) business days from when we receive them. If we need more time, we'll let you know why and when you can expect a full response, which won't be more than five (5) business days after the initial deadline.

  • Claims: If you believe your data needs correction, updating, or deletion, or if you suspect any legal breach, you can submit a claim to N'AYRA. Your claim should include:

    • Your identification details.

    • A description of why you're filing the claim.

    • Your address and contact information.

    • Any documents you want to support your claim.

    If your claim is incomplete, we'll ask you to provide the missing information within five (5) days of receiving it. If you don't provide the requested information within two (2) months, we'll assume you've withdrawn your claim.

    We'll address your claim within a maximum of fifteen (15) business days from the day we receive it. If we need more time, we'll inform you of the delay and the new response date, which won't be more than eight (8) business days after the initial deadline.

 

8. How We Keep Your Data Secure (Security Measures)

 

At N'AYRA, we've put in place the necessary technical and organizational measures to protect the integrity, confidentiality, and security of your personal data. This helps prevent unauthorized changes, loss, access, or fraudulent use. While we strive for maximum security, being online means there's always a risk of hacking attempts. In such cases, N'AYRA will take appropriate legal action. Our security measures include:

  1. Physical Security Measures: These are actions and tools (with or without technology) designed to: a) Prevent unauthorized access, damage, or interference with our physical premises, sensitive areas, equipment, and information; b) Protect mobile or easily removable equipment inside or outside our premises; c) Maintain equipment storing personal data to ensure it's available, functional, and intact; and d) Ensure secure data disposal.

  2. Organizational Security Measures: These involve setting up management, support, and review processes for information security within N'AYRA. This includes identifying and classifying information, and ensuring our staff are aware, trained, and educated on personal data protection. These measures also encompass physical security.

  3. Technical Security Measures: These are measurable activities or controls using technology to ensure: a) Only identified and authorized users access our databases; b) Access is limited to what's necessary for their job functions; c) We follow secure practices when acquiring, operating, developing, and maintaining our systems; and d) We manage communications and operations of our information resources securely.

 

9. Our Commitment to Confidentiality

 

N'AYRA has taken steps to ensure the confidentiality of the data and information we process. Anyone involved in handling personal data is legally bound to professional secrecy. This obligation continues even after their relationship with N'AYRA ends. They can only be released from this duty by a court order or for justified reasons related to national security, defense, public safety, or public health.

 

10. Effective Date of This Policy

 

This Personal Data Processing Policy is effective as of July 5, 2025, and will be available for all data subjects to consult.

N'AYRA may update this policy at any time. We will communicate any significant changes to you promptly.

  • TripAdvisor
  • Facebook
  • Whatsapp
  • Instagram
  • TikTok
  • Youtube

Subscribe

©2024 by N'ayra Powered and secured by Wix

bottom of page