Privacy Policy

Privacy Policy

Welcome to INLAZE. These Privacy Policy govern the use of our website and services. Please read them carefully before using our site. By accessing and using this site, you agree to these Privacy Policy.

The company Enlax Labs LLC, hereinafter “THE COMPANY,” guarantees the protection of fundamental rights such as Habeas Data, privacy, intimacy, good name, and personal image. To this end, all actions will be governed by the principles of good faith, legality, informational self-determination, freedom, and transparency.


Any individual who, in the exercise of any activity, including financial, commercial, or labor-related activities, whether permanent or occasional, may provide any type of personal information or data to the company, may, as the data controller, access, update, and correct it.

These policies are developed and applied in accordance with Articles 15 and 17 of the Political Constitution of Colombia, Law 1581 of 2012, and the regulatory decrees 1727 of 2009, 2952 of 2010, 1377 of 2013, 886 of 2014, and 1081 of 2015, as well as the Constitutional Court rulings C-1011 of 2008 and C-748 of 2011.

3.1. Authorization:
Prior, express, and informed consent from the data subject to carry out the processing of personal data.

3.2. Database:
An organized set of personal data subject to processing.

3.3. Personal Data:
Any information linked or that can be associated with one or more identified or identifiable natural persons.

3.4. Data Processor:
A natural or legal person, public or private, who, alone or in association with others, processes personal data on behalf of the data controller.

3.5. Data Controller:
A natural or legal person, public or private, who, alone or in association with others, decides on the database and/or the processing of the data.

3.6. Data Subject:
A natural person whose personal data is subject to processing.

3.7. Processing:
Any operation or set of operations on personal data, such as collection, storage, use, circulation, or deletion.

4.1. Principle of Legality:
In the use, capture, collection, and processing of personal data, the right of the Data Subject to obtain information from THE COMPANY, at any time and without restrictions, regarding the existence of any type of personal data of interest or ownership, must be guaranteed.

4.2. Principle of Freedom:
The use, capture, collection, and processing of personal data can only be carried out with the prior, express, and informed consent of the Data Subject. Personal data may not be obtained or disclosed without prior authorization or in the absence of a legal, statutory, or judicial mandate that waives consent.

4.3. Principle of Purpose:
The use, capture, collection, and processing of personal data accessed and collected by THE COMPANY or its providers shall be subject to and serve a legitimate purpose, which must be communicated to the respective data subject.

4.4. Principle of Accuracy and Quality:
Information subject to processing must be truthful, complete, accurate, up-to-date, verifiable, and understandable. Partial, incomplete, fragmented, or misleading data processing is prohibited.

4.5. Principle of Transparency:
Data Subjects shall have the right to obtain information from THE COMPANY, at any time and without restrictions, regarding the existence of any personal data of interest or ownership.

4.6. Principle of Restricted Access and Circulation:
Personal data, except for public information, shall not be made available on the Internet or other mass media unless access is technically controlled to ensure restricted knowledge only for Data Subjects or authorized third parties. THE COMPANY shall comply with this obligation through its website.

4.7. Principle of Security:
Personal data and information used, captured, collected, and processed by THE COMPANY shall be protected to the extent allowed by technical resources and minimum standards through technological protection measures, protocols, and all necessary administrative measures to safeguard electronic records and repositories against alteration, modification, loss, consultation, and any unauthorized access or use.

4.8. Principle of Confidentiality:
All persons who manage, handle, update, or have access to any information contained in databases commit to preserving it strictly in accordance with accounting, technical, and operational standards. Current and future personnel involved in database management must sign an additional document or include such obligation in their employment or service contract. This obligation persists even after the termination of their relationship with the company.

5.1. General Purpose:
The processing of personal data of employees, partners, allies, clients, suppliers, contractors, and other stakeholders by THE COMPANY will be limited to collection, storage, use, and deletion for accounting, financial, commercial, marketing, legal purposes, execution of business collaboration agreements with partners, clients, or associates, acquisition of goods and services necessary for operations, administrative management of company facilities, and other operational activities, including ensuring the rights of associated individuals. Personal data circulation will aim to facilitate contact with allied companies or individuals for purposes expressly requested and authorized by the data subjects, as well as compliance with administrative or judicial orders from national or international authorities.

5.1.1. Linking data subjects, with prior consent, to marketing programs, product, and service offers, including promotions, events, and campaigns associated with our corporate purpose.

5.1.2. Engaging data subjects, with prior consent, in continuous improvement processes, requesting their support for service evaluation, suggestions, or improvement opportunities.

5.1.3. Contacting companies, partners, or their representatives to coordinate activities related to our corporate purpose.

5.1.4. Coordinating the delivery of goods provided by our company in any capacity, within the framework of business collaboration agreements or as part of gifts or souvenirs.

5.1.5. Controlling access to company offices and establishing security measures, including CCTV monitoring zones.

5.1.6. Generating evidence of participation in training, communication, consultancy, meetings, videoconferences, or other activities where THE COMPANY provides services or establishes civil, labor, or commercial relationships. Collecting information required by partners or clients within the framework of these relationships.

5.1.7. Responding timely to inquiries, petitions, complaints, and claims made by data subjects or administrative/judicial authorities, transmitting data to authorities as required by law, always maintaining professional secrecy.

5.1.8. Contacting individuals associated with the company (employees, family members, shareholders, clients, suppliers, creditors, and debtors) when strictly necessary.

5.1.9. Informing data subjects about changes in product and service conditions, events, promotions, or other relevant information due to the established collaboration.

5.1.10. Using collected information to support internal company operations (finance, purchases, invoicing, collections, sales, logistics, judicial or administrative processes, assistance in company services, etc.), indicating that the data subject authorizes the use of exchanged electronic communications as legal evidence.

5.1.11. Ensuring shareholders’ rights and obligations, including dividend payments, notifications, corrections, and other corporate obligations.

5.1.12. Any other activity necessary to fulfill THE COMPANY’s corporate purpose.

5.1.13. Contacting, requesting information, or notifying candidates in personnel or contractor selection processes.

5.1.14. Conducting human resources activities such as payroll, salary and benefit payments, social security affiliations, reporting occupational accidents and illnesses, accident investigations, wellness, occupational health and safety activities, disciplinary actions, and providing discretionary benefits (travel, accommodation, training program enrollment, etc.).

5.2. Information for Partners:
Personal data processing for partners will aim solely to maintain business, civil, and administrative relationships with partners, relating to the collaboration between the partner and the company.

5.2.1. Security and Access: Identity verification, passwords, account management, platform changes, suspicious access reports, and technical information for safe and efficient use of the platform.

5.2.2. Services: Account statements, payment information, contact requests, documentation requests, and other operational information.

5.2.3. Commercial: Promotions, offers, marketing, advertising, and other communications of interest to partners, including feedback and relationship strengthening.

5.3. Cookies:
The website may store or retrieve information via browser cookies for service optimization, technical navigation conditions, and user preferences, solely for providing a better browsing experience. First-party and third-party cookies will not store personal, sensitive, or private user data. Consent is implied upon accessing the website; users may block cookies at their discretion, understanding it may affect service availability. The cookies used include:

COOKIE Uso
Hotjar Detección de la primera sesión de vista de página de un usuario, detección en muestreo de datos, asociación de id de usuario, relacionamiento del usuario con cada visita.
Google Analytics Analítica de datos sobre uso del sitio web, comportamiento de los usuarios, análisis de data de tráfico
Cloudflare Seguridad y rendimiento de la página web

5.4. Consent for Use of Communication Channels:
Upon registering and providing required phone number and email, users authorize communication for:

5.4.1. Phone verification and password reset via SMS or WhatsApp.

5.4.2. Email registration confirmation.

5.4.3. Operational notifications regarding accounts, passwords, platform changes, and service updates.

5.4.4. Commercial notifications (optional) via SMS, WhatsApp, or email for promotions, services, and marketing. Users may revoke consent at any time.

Processing shall respect the prevailing rights of minors. Processing of minors’ personal data is prohibited except for publicly available information.

7.1
Guarantee the Data Subject, at all times, the full and effective exercise of their Habeas Data rights.

7.2
Request and retain a copy of the corresponding authorization granted by the Data Subject.

7.3
Properly inform the Data Subject about the purpose of data collection and the rights to which they are entitled by virtue of the authorization granted.

7.4
Maintain the information under necessary security conditions to prevent its alteration, loss, consultation, use, or unauthorized or fraudulent access.

7.5
Ensure that the information provided to the Data Processor is truthful, complete, accurate, up-to-date, verifiable, and understandable.

7.6
Update the information, promptly communicating to the Data Processor all changes regarding the data previously provided, and adopt all necessary measures to ensure that the information supplied remains current.

7.7
Rectify the information when it is incorrect and communicate the necessary changes to the Data Processor.

7.8
Provide the Data Processor, as applicable, only with data whose processing has been previously authorized.

7.9
Process all inquiries and complaints submitted.

7.10
Inform the Data Processor when certain information is under dispute by the Data Subject, once the claim has been submitted and the respective process has not yet concluded.

7.11
Provide information to the Data Subject upon request regarding the use given to their data.

7.12
Inform the data protection authority when violations of security codes occur or when there are risks in the management of Data Subjects’ information.

9.1. Scope and Content of the Privacy Notice:

The Privacy Notice must, at a minimum, include the following information:

9.1.1.
The identity, address, and contact information of the Data Controller.

9.1.2.
The type of processing to which the data will be subjected and the purpose of such processing.

9.1.3.
The general mechanisms established by the Data Controller to allow the Data Subject to be informed of the information processing policy and any substantial changes thereto. In all cases, the Data Subject must be informed on how to access or consult the information processing policy.

10.1.
To access, review, correct, and update their personal data with THE COMPANY, in its capacity as the Data Controller.

10.2.
To request, by any valid means, proof of the authorization granted to THE COMPANY, in its capacity as the Data Controller.

10.3.
To receive information from THE COMPANY, upon request, regarding the use that has been made of their personal data.

10.4.
To appeal to legally constituted authorities, especially the Superintendence of Industry and Commerce, and to file complaints regarding violations of applicable laws and regulations, after first submitting an inquiry or request to the Data Controller.

10.5.
To modify or revoke the authorization and/or request the deletion of personal data when the processing does not respect the applicable constitutional and legal principles, rights, and guarantees.

13.1.
Enable electronic communication channels or other means deemed appropriate.

13.2.
Establish forms, systems, and other simplified methods, which must be communicated in the Privacy Notice.

13.3.
Utilize customer service or complaint-handling channels already in operation. In any case, regardless of the mechanism implemented to handle inquiries, such requests will be addressed within a maximum period of ten (10) business days from the date of receipt. If it is not possible to respond within this period, the interested party will be informed before the expiration of the ten days, explaining the reasons for the delay and indicating the date on which the query will be addressed, which shall in no case exceed five (5) business days following the end of the initial period.

15.1.
The Data Subject or their legal heirs, upon verification of identity, or through electronic means that allow identification.

15.2.
Their representative, upon verification of their authority.

15.2.1.
When a request is submitted by a person other than the Data Subject, proper proof of authority or mandate to act must be provided; if such authority is not demonstrated, the request will be considered not submitted.

15.3.
Requests for correction, update, or deletion must be submitted through the channels enabled by THE COMPANY as indicated in the Privacy Notice and must contain, at a minimum, the following information:

15.4.
The name and address of the Data Subject, or any other means to receive a response.

15.5.
Documents proving the identity of the Data Subject or the authority of their representative.

15.6.
A clear and precise description of the personal data regarding which the Data Subject seeks to exercise any of their rights.

15.7.
Any other elements or documents that facilitate the identification or location of the personal data.

THE COMPANY is obligated to rectify and update, upon request of the Data Subject, any information that the Data Subject considers should be corrected in their personal data. In requests for correction or update, the Data Subject must indicate the changes to be made and provide supporting documentation.


THE COMPANY has full discretion to enable mechanisms that facilitate the exercise of this right, provided they benefit the Data Subject. Consequently, electronic or other suitable means may be implemented.


THE COMPANY may establish forms, systems, and other simplified methods, which must be communicated in the Privacy Notice and made available to interested parties on the website.

The Data Subject has the right, at any time, to request that THE COMPANY delete (erase) their personal data when applicable.

Data Subjects may revoke their consent to the processing of their personal data at any time, provided this is not restricted by legal or contractual provisions. To this end, THE COMPANY must establish simple and free mechanisms that allow the Data Subject to revoke their consent, at least through the same means used to grant it.


It should be noted that there are two ways in which consent may be revoked. The first is a full revocation covering all previously consented purposes, meaning THE COMPANY must cease all processing of the Data Subject’s data. The second is a partial revocation for specific types of processing, such as advertising or market research purposes. In the case of partial revocation, other processing purposes previously authorized and agreed upon by the Data Subject remain unaffected.

In accordance with the principle of security established in current regulations, THE COMPANY will adopt the technical, human, and administrative measures necessary to secure records and prevent their alteration, loss, consultation, use, or unauthorized or fraudulent access.

Depending on the nature of the ongoing or occasional relationships that any Data Subject may have with THE COMPANY, all their information may be transferred abroad, subject to applicable legal requirements. By accepting this policy, the Data Subject expressly authorizes the international transfer of their personal information. Such information may be transferred for all relationships established with THE COMPANY. Notwithstanding the exceptions provided by law, prior, express, and informed consent from the Data Subject is required for such processing, which may be obtained by any means that allows subsequent verification and consultation.

If you believe that THE COMPANY is using your data contrary to what has been authorized or to applicable laws, you may contact us through a formal communication addressed to ENLAX LABS LLC at [email protected] or via phone/WhatsApp at +57 3245918650.

If you have any questions regarding these privacy policy, please contact us at: [email protected]