Personal Data Processing Policy | Datasketch
Logo Datasketch

Personal Data Processing Policy

Available in:

Last updated 2021-04-09

DATASKETCH is a platform that seeks to democratize access to information for decision making. Thus, DATASKETCH is a platform that offers technological solutions for the use, analysis, visualization, exploitation, organization, cleaning and publication or communication to the public of data through graphic tools or with informative, journalistic or academic purposes, among others, in order to allow for the best use of the information by those who seek to analyze it.

On the other hand, DATASKETCH carries out academic research activities and/or data journalism, in order to democratize access to information of public interest, thus providing its clients (hereinafter, the “Client” or “Clients”) a wide range of services based on the use of data.

In this Policy you will be able to find out about:

  1. About us

  2. What type of information is going to be processed?

  3. Who will process the data?

  4. For which purposes?

  5. With whom is the data going to be shared?

  6. For how long will the information be kept?

  7. What are your rights as a Data Subject?

  8. What is the procedure, through what channels and before whom should you exercise your rights?

  9. What are the security measures that protect the information?

  10. Veracity of the information and infringement of legal or contractual duties or parameters, or of the rights of third parties

  11. For how long will this policy be in force?

About Us

DATASKETCH is a commercial establishment identified with registration number 3'297.102, owned by the company RANDOM MONKEY SAS identified with NIT 900.854.504 - 1, with registered offices on Calle 71 # 10 – 47, Bogotá, Colombia, whose corporate purpose includes data processing and hosting, specialized design activities, and other related activities.

What type of information is going to be processed?

DATASKETCH collects information through various means: (i) direct collection from publicly accessible websites, (ii) collection derived from the delivery of information that its Clients want to analyze, and (iii) collection through the conduction of surveys. In these cases, DATASKETCH may access public, semi-private or private information, as well as sensitive personal data or personal data pertaining to minors.

For this reason, it has implemented various measures for the collection of personal data through each of these channels, such as: i) searching legitimate information sources; ii) contractual clauses with its Clients to guarantee that the processing of the information collected by DATASKETCH has previously been consented by Data Subjects and managed by Clients themselves or by third parties; iii) clarity at all times regarding the decision of Clients on whether or not to share information with third parties; and, iv) implementation of information security measures.

Who will process the data?

The information will be used by DATASKETCH for the development of its corporate purpose and for the purposes indicated in the following section and will be shared with DATASKETCH’s Clients, employees and/or suppliers, according to the need to validate it, or to share it with legitimate third parties, as well as depending on the consent granted to DATASKETCH by the Data Subject, when required.

For which purposes?

DATASKETCH will use the data for the following purposes:

  1. Fulfill the obligations derived from the contractual relationship between DATASKETCH and the Client, employee, or supplier;

  2. Access the information of the Client or supplier available in public databases with the purpose of using it as an element of analysis, as well as carrying out the respective reports;

  3. Carry out procedures before public authorities or private persons, for which the information of the Client, employee, or supplier is relevant;

  4. Support internal or external audit processes and verify compliance with DATASKETCH’s internal policies;

  5. Send communications by post mail, email, mobile device, or any other analog and/or digital means of communication with cultural, commercial, advertising or promotional information about the products and/or services, events, promotions and/or campaigns carried out by DATASKETCH;

  6. Send communications by post mail, email, mobile device, or through any other analog and/or digital means of communication with information regarding the existing contractual relationship between DATASKETCH and the Client, employee or supplier;

  7. Transfer or transmit, as the case may be, the personal data of Clients, employees or suppliers to DATASKETCH’s allies and suppliers whenever necessary to carry out DATASKETCH’s corporate purpose;

  8. Comply with the legal obligations and reports before the public and private entities that require it;

  9. Use the information provided by the Client, employee or supplier, or collected by DATASKETCH, for the purpose of analyzing it and in order to obtain qualitative, statistical, academic, commercial and/or any other conclusions, depending on the nature of the information;

  10. When the data is publicly available, or DATASKETCH has the consent of the Data Subject, carry out investigations or reports and write articles for statistical and/or journalistic purposes and make them available to the public through its website or through any other effective means of communication, for which DATASKETCH will apply the principles of necessity, reasonableness and restricted access and circulation;

  11. Build strategies for visualization, use, organization, cleaning and publication or communication to the public of data on the basis of the information shared by the Client, employee or supplier, or collected by DATASKETCH, and carry out the necessary activities to visualize, take advantage, organize, clean and publish, or communicate this data to the public;

  12. Store the raw data collected by DATASKETCH or shared by the Client, employee, or supplier, and the metadata derived from the latter, to back up the available information, as well as for permanent consultation of DATASKETCH for academic or journalistic purposes and to perform internal control versions on virtual filing platforms, among others.

¿Con quién se van a compartir?

DATASKETCH may share personal data with the Authorities that require it, with other Clients (when the nature of the data allows it or whenever the Data Subject has granted their consent), with cloud service providers, and with DATASKETCH’s allies, which appear on the following section of DATASKETCH’s website

For how long will the information be kept?

The information regarding employees and suppliers will be kept for the time necessary to comply with DATASKETCH’s obligations and duties in accordance with the law and with the agreement executed with each of the latter.

The data collected by DATASKETCH, delivered by the Client, or accessed under Client’s instructions, will be kept: i) for the time established by the agreement with the Client, which will take into account the existence and validity of the consent if required; ii) for the time necessary in order to comply with DATASKETCH’s legal or contractual obligations and duties in relation to the Client; and/or, iii) for the reasonable and necessary time to develop the historical, statistical, or scientific purposes that DATASKETCH carries out with the data.

What are your rights as a Data Subject?

In accordance with the provisions of Law 1581 of 2012, the Data Subjects of the personal data stored in DATASKETCH’s databases are entitled to the following rights:

To access, know, update and rectify your personal data, for which DATASKETCH has established a procedure that determines the channels through which Data Subjects may pose their claims and queries, as well as and the necessary security parameters to fully establish the identity of the Data Subject and to prevent unauthorized or fraudulent access by third parties.

Data Subjects also have the right to request the deletion of their personal data, through the same channels, as long as there is no legal or contractual duty that forbids it.

It is important to note that DATASKETCH is an information channel and that it is possible that unauthorized third parties make use of the information that is uploaded to their platform, or that is part of studies supplied to its Clients. Hence, DATASKETCH has implemented measures both in the terms and conditions of use of the website and through banners and pop-ups warning about the importance of respecting and making legitimate use of the information contained therein and of the prohibition to provide information without the consent of the Data Subject whenever required. In any case, when possible, DATASKETCH will provide the Data Subject with the help necessary to determine to which third party should they address their query or claim.

What is the procedure, through what channels and before whom should you exercise your rights?


Data Subjects or their successors in title may access the personal information of the Data Subject comprised by any database. The company that processes the data (DATASKETCH in its capacity as Controller) or the company that processes the data on behalf of the Controller, as Processor, must provide the Data Subjects with all the personal data that has been included in DATASKETCH’s records.

The query, complaint or claim raised by a Data Subject must be submitted to:, indicating at least the following:

  1. Complete identification (name, address, identification document).

  2. Description of the facts that give rise to the query/claim.

  3. Documents supporting the facts.

  4. Means through which you wish to receive the solution to your query/claim.

  5. The query will be solved within a maximum of ten (10) working days from the date of receipt.

  6. When it is not possible to solve the query within said term, DATASKECTH shall inform the Data Subject of the reasons for the delay and indicate the date on which the query will be solved, which in no case may exceed five (5) working days following the expiration of the first term.


The Data Subject or his successors in title who consider that the information contained in a database should be subject to correction, updating or deletion, or when they notice the alleged breach of any of the duties established by Law 1581 of 2012, may file a claim before the Controller or the Processor of the personal data which will be processed according to the following rules:

  1. The claim will be filed by means of an email addressed to: The Data Subject must provide their identification, the description of the facts that give rise to the claim, their address, and the documents that support the facts. If the claim is incomplete, DATASKETCH will require the Data Subject to complete it within five (5) working days following receipt of the claim. After two (2) months from the date of the request, without the Data Subject submitting the required information, it will be understood that the claim has been withdrawn. In the event that the person who receives the claim is not competent to solve it, he or she will transfer it to the competent person within a maximum of two (2) working days and will inform the Data Subject of the latter.

  2. Once the complete claim is received, a legend that states “claim in process” and the reason that gave rise to the claim will be included in the database within two (2) working days. Said legend must be kept until the claim is solved.

  3. DATASKETCH must solve the claim within fifteen (15) working days from the day following the date of receipt. When it is not possible to solve the claim within said term, DATASKECTH shall inform the Data Subject of the reasons for the delay and indicate the date on which the query will be solved, which in no case may exceed eight (8) working days following the expiration of the first term.

Request for update and/or rectification:

The information that is inaccurate or incomplete will be rectified and updated, at the request of the Data Subject, according to the procedure and the terms indicated above, once the Data Subject or its successors in title inform DATASKETCH of the desired update and/or rectification of the data, and provide the documentation supporting such request.

The Data Subject may withdraw their consent for the processing of their personal data at any time, as long as there is no legal or contractual restriction and whenever:

  1. They find that the data is not being processed in accordance with the principles, duties and obligations provided by applicable law.

  2. They find that the data is no longer necessary or relevant for the purpose for which it was obtained.

  3. The time necessary to fulfill the purposes for which the data was obtained has expired. Such deletion implies the total or partial elimination of personal information, in accordance with the request of the Data Subject and with regard to the records, files, databases or processes that have been carried out with the data. The latter right is not absolute and therefore, the withdrawal of consent or the deletion of personal data may be denied when there is a legal or contractual duty to maintain the personal information in the respective database.

¿Cuáles son las medidas de seguridad que se aplican a los datos?

DATASKETCH cuenta con medidas suficientes para garantizar la integridad, disponibilidad, confidencialidad y seguridad de la información personal recolectada, almacenada y puesta a disposición por sus Clientes, empleados o proveedores.

DATASKETCH vela porque los canales de almacenamiento, tratamiento, envío y uso de la información sean seguros, así como establece en sus contratos con Clientes, empleados y proveedores, las medidas necesarias para hacer extensivo el deber de confidencialidad de la información y con ello procurar la seguridad de esta en todas las etapas del Tratamiento.

DATASKETCH ha implementado medidas y las seguirá desarrollando, para aplicar permanentemente el principio de acceso y circulación restringida de los datos personales a través de medidas tales como el acceso a la plataforma mediante usuario y contraseña, así como sobre la no divulgación de datos personales que no sean de naturaleza pública.

Veracidad de la información e infracción de deberes o parámetros legales o contractuales, o de derechos de terceros

DATASKETCH recolecta información de diversas fuentes públicas tales como páginas web y redes sociales, así como de sus Clientes y la que estos proporcionen sobre terceros, empleados y proveedores.

Salvo en los casos en los que el objeto contractual se refiera a la verificación de la veracidad o actualidad de cierta información, DATASKETCH no será responsable de verificar la veracidad de los datos personales de fuentes públicas o entregada por terceros, incluidos los Clientes, y será obligación del Titular de la información o del Responsable del Tratamiento que la entregue a DATASKETCH en calidad de Encargado, garantizar su veracidad y confiabilidad o referir a las fuentes y la metodología de captura y procesamiento de la información entregada a DATASKETCH.

¿Cuál es el período de vigencia de la presente Política?

Esta Política entró en vigor en febrero 1 de 2021, y estará a disposición de los interesados mediante publicación en la página web o mediante solicitud escrita dirigida al correo

Cualquier cambio en la situación de Tratamiento de los datos que implique un mayor alcance que el actualmente descrito se incluirá en la Política si es sustancial, y, en todo caso, se informará oportunamente dejando constancia de su fecha de adopción y de publicación.