AI-First Engineering Partner
Legal Document

Privacy Policy

How esinergia collects, uses, protects, and shares your personal data on this site and through any digital interaction with our team.

1. Introduction and scope

This policy describes how esinergia processes the personal data of those who interact with esinergia.co, complete contact or subscription forms, apply to job openings, or establish a commercial relationship with our team.

It applies to all personal data collected through esinergia.co, through the operational channels of the esinergia team (email, forms, events), and through digital platforms that esinergia operates for clients when that operation falls under esinergia's direct responsibility.

It does not apply to personal data that esinergia's clients collect through their own digital platforms. In that case, responsibility for processing rests with the client, and esinergia operates under contract as a data processor, not a data controller.

 

2. Identification of the data controller

The company responsible for processing personal data collected through esinergia.co is esinergia SAS, a Colombian corporation with principal domicile in Bogotá, Colombia.

The esinergia group operates additionally through the following legal entities in other jurisdictions:

  • esinergia SPA, Chile.
  • esinergia LLC, United States.

These entities operate as group subsidiaries and share operational standards, security controls, and contractual discipline with esinergia SAS.

The full tax identification details of each entity are documented in section 13.

 

3. Personal data we process

We collect the following categories of personal data:

  • Professional contact data: name, role, company, corporate email, and phone number when you provide them in forms or exchanges with our team.
  • Professional identification data: experience, education, and references provided by candidates in selection processes.
  • Transactional data: information exchanged within contractual relationships with clients (emails, meeting minutes, confidentiality agreements, and operational project documentation).
  • Technical data: IP address, device identifier, browser type, language, operating system, and navigation patterns on esinergia.co collected through cookies and analytics tools.

We do not process sensitive data through esinergia.co. If sensitive data is shared voluntarily by email or direct channel, we process it with explicit consent and under reinforced controls.

 

4. Purposes of processing

We process your personal data for the following purposes:

  • To attend to commercial and technical requests initiated from the contact form or from emails directed to esinergia addresses.
  • To send technical editorial content (Insights) to those who voluntarily subscribe, with an unsubscribe option in each delivery.
  • To operate technical selection and recruitment processes for candidates applying to esinergia openings.
  • To fulfill contractual obligations with active enterprise clients, including the exchange of operational, contractual, and technical project documentation.
  • To analyze use of esinergia.co to improve content, accessibility, and technical performance, without associating analytics with individual identities.

Processing of personal data collected through esinergia.co is based on:

  • Prior, express, and informed consent of the data subject for the sending of editorial communications and Insights subscriptions.
  • Performance of a contract when the data is collected to attend to a commercial request, execute a proposal, or fulfill obligations under a valid agreement.
  • Legitimate interest of esinergia in operating the site, analyzing technical performance of platforms, and maintaining security controls.
  • Compliance with applicable legal obligations, including Law 1581 of 2012 and Decree 1377 of 2013 of Colombia, the General Data Protection Regulation (GDPR) of the European Union when applicable, and equivalent regulations in the jurisdictions where the group operates.

 

6. Retention periods

We retain your personal data for the time necessary to fulfill the purposes for which it was collected:

  • Commercial contact data: during the lifetime of the relationship or commercial conversation and up to two years after the last active exchange.
  • Editorial data (Insights subscriptions): until the data subject exercises the right to unsubscribe.
  • Candidate data: up to twelve months after the close of the selection process, unless express authorization is given for longer retention.
  • Client contractual data: during the term of the contract and for additional terms required by Colombian law or by the applicable jurisdiction for fiscal, accounting, and legal defense purposes.
  • Technical site data: up to twenty-four months in aggregated and anonymized form for performance analysis.

 

7. Your rights as data subject

As the subject of your personal data, you have the following rights:

  • To know, update, and correct your personal data held by esinergia.
  • To request proof of the authorization granted for the processing of your data.
  • To be informed, upon request, of the use given to your personal data.
  • To file complaints with the competent authority for violations of applicable regulations (the Superintendencia de Industria y Comercio in Colombia, or the equivalent authority in your jurisdiction).
  • To revoke authorization and request the deletion of your data when no legal or contractual duty to retain it exists.
  • To access your personal data that has been processed, free of charge.
  • To request portability of your data in structured format when applicable.

 

8. How to exercise your rights

To exercise any of the rights described in the previous section, write to privacidad@esinergia.co indicating:

  • Full name of the data subject and identification document.
  • The specific right you wish to exercise.
  • Clear description of the request and the data it applies to.
  • Preferred channel to receive a response.

We attend to requests within the terms defined by Law 1581 of 2012: up to ten business days for inquiries and up to fifteen business days for complaints, counted from the day following receipt of the complete request.

The esinergia.co site uses cookies and similar technologies for technical, analytical, and editorial personalization purposes.

  • Strictly necessary cookies. Enable basic site functions (language preference, technical session, load balancing). Do not require explicit consent.
  • Analytical cookies. Collect aggregated information on site use to improve content and technical performance. Do not individually identify the visitor. Require consent.
  • Editorial personalization cookies. Remember visitor preferences (language, card view) to deliver a coherent experience between visits. Require consent.

We do not use third-party advertising cookies or cross-site tracking for commercial purposes on esinergia.co.

You can manage your cookie preferences in the site's consent banner or from your browser settings.

 

10. International transfers

Some personal data is transferred to the subsidiaries of the esinergia group (Chile, United States) when the processing purpose requires it. For example, to attend to a commercial request from a client in a specific jurisdiction.

Subsidiaries operate under the same security standards and contractual discipline as the group. When international transfer falls within the scope of the European Union's General Data Protection Regulation (GDPR) or equivalent regulation, we apply standard contractual clauses and additional controls to protect personal data in transit and at destination.

 

11. Information security

esinergia operates an Information Security Management System (ISMS) under practices compatible with ISO 27001 and ISO 9001. Controls applicable to the processing of personal data include:

  • Encryption in transit (TLS 1.2 or higher) for all digital exchange with esinergia.co.
  • Encryption at rest for sensitive operational data and backups.
  • Access controls with the principle of least privilege and reinforced authentication.
  • Logging and monitoring of relevant security events.
  • Formal incident response procedures and notification to data subjects and authorities when applicable.
  • Confidentiality agreements and processing obligations with every provider or partner that processes personal data on behalf of esinergia.

Evaluation of the formal ISO 27001 certification roadmap is scheduled for Q4 2026.

 

12. Changes to this policy

This policy may be updated to reflect changes in applicable regulation, in our operational practices, or in the structure of the esinergia group.

When a change is substantial, we will publish the new version with its effective date on this same page and, when appropriate, notify the data subjects who have consented to receive editorial communications.

The last updated date always appears in the header of this page.

esinergia is a brand operated by the following legal entities of the group:

  • esinergia SAS, Colombia (principal entity). Tax ID (NIT) 900.324.879-5.
  • esinergia SPA, Chile. Tax ID (RUT) 59.256.330-4.
  • esinergia LLC, United States. EIN 33-3401135.

The contractual relationship with clients and the operation of this site are governed by Colombian law, unless a specific contract designates another applicable jurisdiction.

Any dispute arising from the processing of personal data collected through esinergia.co is submitted to the jurisdiction of the courts of Bogotá, Colombia, unless the parties agree on an alternative resolution mechanism.

 

14. Data Protection Officer contact

For matters related to the processing of personal data, exercise of rights, or complaints, contact:

  • Email: privacidad@esinergia.co
  • Suggested subject: "Data Protection, [type of request]"
  • Response time: up to ten business days for inquiries, up to fifteen business days for complaints, counted from receipt of the complete request.

esinergia maintains an internal log of received, attended, and pending requests as part of ISMS compliance.