top of page

In accordance with Articles 15 and 20 of the Political Constitution of 1991, Statutory Law 1581 of 2012, Decree 1377 of 2013, Constitutional Judgment 748 of 2011, and other related regulations, GRUPO NERO SAS. endorses the exercise of the fundamental right of Habeas Data, and makes its Privacy Policy public to all interested parties.

With this GRUPO NERO SAS guarantees the good use of the personal data of its users, the above for marketing and advertising purposes, by virtue of the fulfillment of its corporate purpose.

Privacy Policy and Data Protection

  1. Responsible and in charge of data processing: The company  GRUPO NERO  SAS with Nit 901.455.785-4_cc781905-5cde-3194-bb3b-136bad5cf58 with address in the main city of Bogotá and DC 22 No. 84-99.
  2. Scope of the privacy policy: It will be applied to all the databases that contain personal data that are subject to treatment by GRUPO NERO SAS, in the events in which it is considered as Responsible and / or In Charge of the Treatment of Personal Data of natural or legal persons, in accordance with the provisions of Statutory Law 1581 of 2012, Decree 1377 of 2013 and other regulations that hereafter modify and/or add them. Such as Business Allies, Suppliers, employee candidates, former employees, employees and visitors.
  3. Definitions:
  • Privacy Notice: Database: Any organized set of Personal Data that is subject to processing

  • Personal data: Any piece of information linked to one or several determined or determinable persons or that can be associated with a natural or legal person. Personal data can be public, semi-private or private. 

  • Personal data: It is any piece of information linked to one or several specific or determinable persons or that can be associated with a natural or legal person. 

  • Public data: It is the data classified as such according to the mandates of the law or the Political Constitution and all those that are not semi-private or private. Among others, the data contained in public documents, duly executed judicial sentences that are not subject to confidentiality and those related to the civil status of people are public.

  • Semi-private data. Semi-private data is not of an intimate, reserved, or public nature and whose knowledge or disclosure may be of interest not only to its owner but also to a certain sector or group of people or to society in general.

  • Information holder. It is the natural or legal person to whom the information that rests in a data bank refers and is subject to the right of habeas data and other rights and guarantees contemplated by law.

  • Source of information. It is the person, entity or organization that receives or knows personal data of the owners of the information, by virtue of a commercial or service relationship or of any other nature and that, by reason of legal authorization or of the owner, provides that data to an information operator, who in turn will deliver them to the end user. If the source delivers the information directly to the users and not through an operator, the source will have the double condition of source and operator and will assume the duties and responsibilities of both. The source of the information is responsible for the quality of the data provided to the operator which, as soon as it has access to and supplies third-party personal information, is subject to compliance with the duties and responsibilities established to guarantee the protection of the rights of the owner of the data. data.

  • Treatment: Any operation on Personal Data, such as collection, storage, use, circulation or deletion.

  • Authorization: Prior, express or informed consent of the Owner of the Personal Data to carry out the Processing of Personal Data. 

  • Treatment Manager: natural or legal person, public or private, that by itself or in association with others, performs the Processing of Personal Data on behalf of the Treatment Manager.

  • Responsible for the Treatment: Natural or legal person, public or private, that by itself or in association with others, decides on the treatment of the database.

  • Manual Data: Those whose information is physically organized and stored.

  • Automated Data: Those that are stored and managed with the help of computer tools. 

  • Sensitive data: Those that affect the privacy of the owner or whose improper use may affect the privacy of the Owner.

  • Transmission of Data: Treatment of Personal Data that implies the communication of the same within or outside the territory of the Republic of Colombia when its purpose is to carry out a Treatment by the Manager on behalf of the Responsible.

  • Data Transfer: It takes place when the Responsible and/or Person in Charge of the Treatment of Personal Data, located in Colombia, sends the information or personal data to a recipient, who in turn is responsible for the Treatment and is located inside or outside the country. . 

  • Data Protection Officer: Who exercises the monitoring and control function of the correct application of the Privacy and Data Protection Policy within GRUPO NERO SAS., which in this case is the legal entity Grupo Nero SAS.


4. Principles for the Processing of Personal Data according to Statutory Law 1581 of 2012:


  • Principle of legality in terms of Data Processing: The Treatment referred to in this law is a regulated activity that must be subject to what is established in it and in the other provisions that it develops.

  • Principle of purpose: The Treatment must obey a legitimate purpose in accordance with the Constitution and the Law, which must be informed to the Owner.

  • Principle of freedom: The Treatment can only be exercised with the prior, express and informed consent of the Holder. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal or judicial mandate that relieves consent.

  • Principle of veracity or quality: The information subject to Treatment must be true, complete, exact, updated, verifiable and understandable. The Processing of partial, incomplete, fractional or misleading data is prohibited.

  • Principle of transparency: In the treatment, the right of the Holder must be guaranteed to obtain from the person in charge or in charge of the Treatment, at any time and without restrictions, information about the existence of data that concerns him.

  • Principle of access and restricted circulation: The Treatment is subject to the limits that derive from the nature of the personal data, the provisions of this Law and the Constitution. In this sense, the treatment can only be done by persons authorized by the owner and/or by the persons provided for in this law.  Personal data, except for public information, may not be available on the Internet or other means of dissemination or mass communication, unless access is technically controllable to provide restricted knowledge only to Holders or authorized third parties in accordance with this law.

  • Security principle: The information subject to Treatment by the person in charge of the Treatment or in charge of the Treatment referred to in this Law, must be handled with the technical, human and administrative measures that are necessary to grant security to the records avoiding their adulteration, unauthorized or fraudulent loss, consultation, use or access.

  • Principle of confidentiality: All persons involved in the Processing of personal data that are not of a public nature are obliged to guarantee the confidentiality of the information, even after the end of their relationship with any of the tasks included in the Treatment, and may only Provide or communicate personal data when it corresponds to the development of the activities authorized in this law and in its terms.


5. Treatment of Databases by GRUPO NERO SAS:

In the development of its corporate purpose and economic activity, GRUPO NERO SAS  acts as responsible for the Data Processing found in its databases, which are subject to: collection, Storage, Use, Circulation , Analysis, Suppression.


6. Treatment of data of minors: 

In application of the provisions of Article 7 of Law 1581 of 2012 and Article 12 of Decree 1377 of 2013, GRUPO NERO SAS will proceed to carry out the Treatment of Personal Information of children and adolescents, respecting the best interests of the themselves and ensuring, in all cases, respect for their fundamental rights and minimum guarantees and will only be relevant and appropriate for the development of the signed contract.  

In all events that require processing of databases that contain this information, GRUPO NERO SAS will obtain the corresponding authorization from the minor's legal representative, prior to exercising their right to be heard, an opinion that will be assessed taking into account the maturity, autonomy and capacity of the minor to understand the content of the Authorization and the Processing of their personal data.


7. Use of the privacy and information protection policy:

  • GRUPO NERO SAS informs all the holders of the personal data that is provided, either electronically or manually, that their Treatment will be subject to this Privacy Policy. 

  • GRUPO NERO SAS is committed to the security and good use of the personal data that is provided to it and, consequently, is obliged to give them the appropriate uses, as well as to maintain the required confidentiality regarding them in accordance with the provisions of this Privacy Policy and in the existing legislation regarding the matter.

  • Specifically, but not limited to, GRUPO NERO SAS may use service providers and data processors that work on its behalf. Such services may include system hosting and maintenance, analysis services, email messaging services, delivery services, payment transaction management, and solvency and address checks, among others. Consequently, the Holders must understand that by providing information to GRUPO NERO SAS, they will automatically be granting these third parties authorization to access their personal information, to the extent that they need it to provide their services._cc781905-5cde-3194- bb3b-136bad5cf58d_

  • It is important to clarify that GRUPO NERO SAS has undertaken and will undertake all the necessary actions to guarantee that both the service providers and the processors that work on its behalf and other authorized third parties in accordance with this Privacy Policy, protect, in all events, the confidentiality of personal information in their charge.

8. Effects of authorization:

  • For all purposes, it is understood that the express and informed authorization granted by the Holders in favor of GRUPO NERO SAS for the Treatment of their Personal Data, whatever its means, implies the understanding and full acceptance of all content of this Privacy Policy.

  • It should be noted that if a Holder provides Personal Information to GRUPO NERO SAS through its websites or through any additional, physical or electronic channel, such provision of Personal Information is made completely voluntarily and the Holder grants GRUPO NERO SAS your authorization to use said personal information in accordance with the stipulations of this Privacy Policy.


9. Purposes and uses of the information:

  • On occasion and for the development of its corporate purpose.

  • Sending and receiving messages for commercial purposes.

  • Give treatment to the information acquired by virtue of the existing relationship between the Holders and GRUPÓ NERO SAS, whatever its legal nature (labor, civil, commercial, etc.)

  • Make follow-up calls for visits to restaurants and/or commercial establishments GRUPO NERO SAS

  • Carry out consultation or update actions with internal areas of GRUPO NERO SAS.

  • Contact the owner to offer our services, display advertising or campaigns offered by GRUPO NERO SAS. 

  • Send emails to the holders as part of a news or Newsletter. In each email sent there is the possibility of requesting not to be registered in this email list to stop receiving them.

  • Prevent and detect fraud, as well as other illegal activities.

  • Identify, validate and keep the historical record of accesses and security controls of visitors to the GRUPO NERO SAS facilities and the restaurants and/or commercial establishments under their responsibility.

  • GRUPO NERO SAS has arranged private surveillance cameras inside its facilities with the purpose of providing security to the properties and their visitors.

  • To keep its clients and/or potential clients informed, GRUPO NERO SAS will use the social networks Facebook: petroniococinadeautor and Instagram: @petroniobogota.

  • The Suppliers database seeks to have up-to-date, solid and sufficient information about the people who have the quality of Suppliers or would like to have it.


10.  Rights of the holders of personal information:

  • To know, update and rectify your personal information

  • To request proof of the existence of the authorization granted to GRUPO NERO SAS.

  • To be informed regarding the use that has been given to your personal information

  • The power to revoke the authorization and request the deletion of your data when a treatment is not given in accordance with the authorized.

  • To submit inquiries and claims regarding personal information.

  • Submit complaints to the Superintendence of Industry and Commerce for violations of the provisions of Law 1581 of 2012 and other regulations that modify, add or complement it.

  • Revoke the authorization and/or request the deletion of the data when the Treatment does not respect the constitutional and legal principles, rights and guarantees


11.  Confidentiality of personal information:

  • The personal information provided by the Holders will be used only by GRUPO NERO SAS and authorized third parties for the purposes established in the authorization and in this Privacy Policy. Personal information will not be used for purposes other than those for which it was provided, which is why GRUPO NERO SAS will seek to protect the privacy of personal information and keep it under the necessary security conditions to prevent its adulteration, loss, consultation, use or unauthorized or fraudulent access, as well as respect for the rights of the owners thereof.

  • If for any reason a competent authority requests the disclosure of personal information, GRUPO NERO SAS will notify its Owner of such a situation, except when by virtue of the law the data is requested for judicial or administrative proceedings related to tax obligations, investigation and prosecution. of crimes or update of administrative sanctions, to carry out an action based on the public interest, or deliver tax reports to the State. 

  • This obligation will have an unlimited duration.


12. Duties of the person in charge:

  • Guarantee the Owner, at all times, the full and effective exercise of the right of Habeas Data.

  • Duly inform the Holder about the purpose of the collection and the rights that assist him by virtue of the authorization granted.

  • Guarantee that the information provided to the Treatment Manager is true, complete, exact, updated, verifiable and understandable

  • Update the information, communicating in a timely manner to the Treatment Manager, all the news regarding the data that has previously been provided and adopt the other necessary measures so that the information provided to it is kept up to date.

  • Inform at the request of the Owner about the use given to their data


13.  It is expressly stated that the GRUPO NERO SAS website contains connectors and hyperlinks with different social networks, such as: Facebook, Twitter, Instagram. In this vein, if the owner logs into one of them while visiting the GRUPO NERO SAS websites, the social network may add said information to the owner's profile. 


14. Consultation procedure: The inquiries and requests of the Holders will be attended to within a maximum term of ten (10) business days, counted from the date of receipt thereof. The response to the queries or claims that the owners present may be delivered by any means, physical or electronic.


15. Right to claim: The Holder of personal data when he considers that the information contained or stored in a database is outdated, incomplete, divided or when he notices the alleged breach of any of the duties and principles, may at any time request the correction, update or deletion of the data. The holder may present his claim to the person in charge and/or in charge of the treatment of GRUPO NERO SAS.


16. Right of deletion:  The Owner of personal data has the right to request the deletion of their personal data when a Treatment is carried out on the data that infringes the principles, duties and obligations and in the event that they are no longer required for the purposes that were initially informed.


17. Right to revoke authorization: The owner of personal data can revoke at any time, the authorization that he has made about the Treatment of these, unless there is a legal or contractual impediment, which will be informed in response to this request.


18. Contact: In the event of any doubt or concern about this Privacy Policy or the Treatment and use of Personal Information, please direct your queries, requests, complaints or claims to; in writing to the address Carrera 22 #84-99



19. Changes to the Privacy Policy: GRUPO NERO SAS is fully empowered to modify this Privacy Policy, if so, it will be published on the website and, additionally, the holders of personal information will be informed by electronic or physical means. The granting of authorization will be understood as an express manifestation of acceptance of this Privacy Policy.


twenty.Validity: This Privacy Policy is valid as of the year 2020

company headquarters

bottom of page