Privacy Policy

Effective Date:

Last Updated:

1. Our Commitment to Your Privacy (Introduction and Scope)

At Atmostfear Entertainment S.A.S., our relationship with our audience is built on a foundation of trust. This Privacy Policy is a cornerstone of that trust, providing a transparent and comprehensive account of how we collect, use, and protect your information. This document is not merely a legal formality; it is an active component of our commitment to you and our journalistic and educational integrity.

We recognize and respect the fundamental right to habeas data, as enshrined in Article 15 of the Political Constitution of Colombia and developed by Statutory Law 1581 of 2012 and its regulatory decrees. This Policy details our unwavering commitment to protecting your privacy and managing your personal information in a transparent, secure, and lawful manner. It outlines the data we need to operate our Services, the measures we take to protect that data, and the control you have over your information.

1.1. Identification of the Data Controller

For all legal purposes and in accordance with the provisions of Law 1581 of 2012 and Article 13 of Decree 1377 of 2013, the Data Controller for the personal data collected through our services is:

Company Name: Atmostfear Entertainment S.A.S.

Chamber of Commerce Registration: 2405402

Tax Identification Number (NIT): 9006948649

Address: Carrera 18 #58b-13, San Luis, Teusaquillo, Distrito Capital, Bogotá, 111311073 Colombia.

Contact Email (for personal data matters): privacy@atmostfear-entertainment.com

Contact Phone: 0057 (1) 319 4677770

1.2. Scope of the Policy

This Policy applies to all personal data processing carried out by Atmostfear Entertainment S.A.S. It covers information collected from Data Subjects through all our digital services (collectively, the “Services”), including, but not limited to:

  • The website www.atmostfear-entertainment.com and its network of subsites.
  • Subscription to our digital content and newsletters.
  • The purchase and download of our software products (our WordPress theme, Aegis, and our plugin, Aegis Pro) and use of our hosting services.
  • The purchase and shipment of physical products sold through our e-commerce platform.
  • Interaction with our journalistic and academic content, including posting comments or submitting collaborations.
  • Any other service that links to this policy.

This policy does not apply to information collected by third parties on their own websites, even if accessed through links on our website. We recommend you read the privacy policies of such third parties.

2. Key Definitions to Understand Your Rights

To ensure a complete understanding of this Policy and your rights, the key terms used throughout this document are defined below, in accordance with the terminology established in Law 1581 of 2012.

  • Authorization: Your prior, express, and informed consent for Atmostfear Entertainment S.A.S. to carry out the Processing of your personal data. It is crucial to understand that under Colombian law, your silence can never be interpreted as authorization.
  • Database: The organized set of your personal data that is subject to Processing by us, whether in physical or electronic format.
  • Personal Data: Any information that is linked or can be associated with you as a natural person. Examples include your name, national ID number, home address, email address, or phone number.
  • Public Data: Data that is not semi-private, private, or sensitive. Data relating to a person’s civil status, profession or trade, and status as a merchant or public servant are considered public, among others. By its nature, public data can be processed without your prior authorization, but always respecting the principles and guarantees of the law.
  • Sensitive Data: Information that affects your privacy or whose improper use could lead to discrimination. This includes data revealing your racial or ethnic origin, political opinions, religious or philosophical beliefs, membership in unions, social or human rights organizations, as well as data related to your health, sex life, and biometric data. The Processing of sensitive data is, as a general rule, prohibited by law, with few exceptions.
  • Data Processor (Encargado del Tratamiento): The natural or legal person, public or private, who processes personal data on behalf of Atmostfear Entertainment S.A.S. (the Controller). An example is the courier company that uses your address to deliver a product you purchased. The Processor acts under our instructions and is contractually obligated to protect your data.
  • Data Controller (Responsable del Tratamiento): Atmostfear Entertainment S.A.S., which decides on the databases and/or the Processing of the data. We are the ones who define the essential purposes and means for processing your information and are primarily responsible for its protection before you and the supervisory authority.
  • Data Subject (Titular): You, the natural person to whom the personal data being processed belongs.
  • Processing (Tratamiento): Any operation or set of operations we perform on your personal data, such as collection, storage, use, circulation, updating, rectification, or deletion.
  • Transfer (Transferencia): Occurs when Atmostfear Entertainment S.A.S. (Controller) sends your personal data to another Data Controller, who will also make decisions about the use of that information. This operation can be national or international and requires your authorization or a legal basis that permits it.
  • Transmission (Transmisión): Occurs when Atmostfear Entertainment S.A.S. (Controller) shares your personal data with a Data Processor (national or international) for them to perform specific processing on our behalf. In this case, the Processor cannot use the data for its own purposes. This relationship is governed by a data transmission agreement that guarantees the protection of your information.

The deliberate distinction between Transfer and Transmission in this policy reflects a deep understanding of the Colombian legal framework. This is not a mere terminological subtlety; it represents two distinct legal scenarios with significant implications for responsibility and control over your data.

When we perform a Transmission to a service provider (a Processor), we maintain control and primary responsibility, and the provider is legally bound to follow our instructions. In contrast, in a Transfer to another Controller, the recipient acquires its own obligations and responsibilities over the data. By clarifying these concepts, we not only demonstrate diligence before the Superintendence of Industry and Commerce but also offer you, the Data Subject, a transparent view of the different mechanisms and levels of control we apply depending on with whom and why we share your information.

3. What Information We Collect and How We Collect It

To offer you our services effectively and in a personalized manner, we collect different types of information. The data collection is directly linked to your interaction with our platform. The Colombian legal framework requires us to be specific about what data is collected and under what circumstances.

For example, the legal basis for processing your shipping address when you buy a book is the necessity to execute a contract, which is different from the legal basis for using an analytics cookie, which requires your explicit consent. By structuring this section around your actions, we provide you with a clear map that connects each type of data with its context and legal justification.

3.1. Information You Provide Directly to Us

We collect the data that you voluntarily and consciously provide when interacting with our services. This includes:

  • Account Creation and Subscriptions: When you register for a user account or subscribe to our content, we request basic identification data such as your full name, email address, and a password to protect your account.
  • Purchases of Products and Services: When you purchase physical products (books, merchandise) or digital goods (subscriptions, our Aegis theme, our Aegis Pro plugin), we collect the necessary information to process the transaction and fulfill our contractual and tax obligations. This includes:
    • Billing Information: Full name, billing address, and identification number (Cédula de Ciudadanía or NIT).
    • Shipping Information: Recipient’s name, full delivery address, and contact phone number.
    • Payment Information: It is crucial to note that Atmostfear Entertainment S.A.S. does not store or have direct access to your sensitive financial information, such as your full credit or debit card number, expiration date, or security code. When you enter this data, it is sent in encrypted form directly to our payment service providers (payment gateways), who have the security certifications (such as PCI DSS) to handle this information. We only receive a transaction confirmation from them.
  • User-Generated Content: We collect the information you choose to publish on our platforms, such as comments on articles, participations in forums, or responses to surveys. You are responsible for the personal information you decide to share in these public spaces.
  • Direct Communications: If you contact our support team, participate in a survey, or interact with us via email or contact forms, we will collect the information you provide in that communication, such as your name, email, and the content of your message.

3.2. Information We Collect Automatically (Usage and Device Data)

When you browse our website or use our services, we automatically collect certain information through standard technologies. This helps us understand how you interact with our platform, improve our services, and ensure security.

  • Browsing and Usage Activity: We record information about your interaction with our services, such as the pages you visit, the articles you read, the time you spend on each page, the links you click, the features you use, and referring and exit pages.
  • Technical and Device Data: We collect technical information about the device and connection you use to access our services, such as your IP (Internet Protocol) address, browser type and version, operating system, unique device identifiers, and language and region settings.
  • Geolocation Data: We may derive your general geographic location (e.g., city, country) from your IP address to provide localized content and understand our audience distribution.
  • Cookies and Similar Technologies: We use cookies (small text files stored in your browser) and other similar tracking technologies (such as pixels or web beacons) to collect usage data and improve your experience. These technologies allow us to remember your preferences (like login status), understand our site’s performance, and personalize content and advertising. In compliance with Colombian regulations, the use of cookies that are not strictly necessary for the site’s operation (such as analytics or marketing cookies) is done only with your prior, express, and informed consent, which we request through a cookie banner upon entering our site. For detailed information about the cookies we use and how you can manage your preferences, please consult our Cookie Policy.

3.3. Information We Obtain from Third Parties

On certain occasions, we may receive information about you from third parties, always within the framework of the law and, when necessary, with your authorization.

  • Payment Processors: Our payment processing partners, such as PayPal, Payoneer, and Davivienda (for bank wire transfers), inform us if a transaction was successful or failed, but they do not share your sensitive financial data with us. This information is necessary to confirm your purchase and proceed with the delivery of the product or service.
  • Social Networks: If you choose to link your Atmostfear Entertainment account with a social network (e.g., for login), we will receive certain information from your profile on that network, such as your name and email, in accordance with the permissions you have granted on that platform and with your explicit prior authorization on our site.
  • Publicly Accessible Sources: In accordance with Colombian law, we may collect data that is public in nature, such as that found in public records, directories, or government databases.

4. The Purpose of Processing: What We Use Your Information For

The “principle of purpose,” stipulated in literal b) of article 4 of Law 1581 of 2012, is a cornerstone of data protection in Colombia. It establishes that Processing must serve a legitimate purpose, which must be informed to the Data Subject.

The purposes listed below are not merely operational; they constitute a legal commitment that defines the exact limits within which we can use your information. Any use of your data for a purpose not listed here and not previously informed would be contrary to the law. Therefore, this section is a living document, which is reviewed and updated in line with the evolution of our services to ensure continuous and transparent compliance.

We use the information we collect for the following specific, explicit, and legitimate purposes:

4.1. To Provide and Manage Our Services

This is the primary purpose and is based on the need to execute the contract you enter into with us when using our services.

  • Process your transactions: We use your billing, payment, and shipping information to manage your purchases, process payments, and deliver the physical or digital products you have acquired.
  • Manage your account and subscriptions: We use your registration data to create and maintain your account, authenticate your access, and manage your content subscriptions.
  • Host your website and provide related services: For our hosting clients, we use account information to host your website, manage domains, and provide related services such as backups, restores, and technical support.
  • Provide technical functionality: We use technical and device data to ensure our website and software function correctly on your browser and device.

4.2. For Communication and User Support

Maintaining fluid and effective communication with you is essential to our relationship.

  • Send transactional communications: We will send you emails and notifications that are essential for the service, such as order confirmations, shipping notices, subscription renewal reminders, and notifications about important changes to our Terms and Conditions or this Privacy Policy.
  • Respond to your requests: We use your contact information and the content of your communications to address your inquiries, resolve technical issues, and provide the support you need.
  • Send marketing communications and editorial content: We will send you newsletters, promotions about our products, and content recommendations only if you have given us your prior, express, and informed authorization to do so. Every marketing communication we send will include a clear and simple link for you to revoke your authorization (unsubscribe) at any time.

4.3. For Personalization and Experience Improvement

We constantly seek to improve our services and make them more relevant to you.

  • Analysis and product development: We analyze usage data to understand how our audience engages with our content. This informs our editorial strategy, helps us improve the user interface, and guides the development of new features and journalistic products.
  • Content personalization: We may use your reading and purchase history to recommend articles, products, or services that we believe may be of interest to you, thereby enhancing the relevance of your experience on our platform.

Protecting our platform and complying with the law is a fundamental responsibility.

  • Protecting our services and users: We monitor our services to detect and protect against malicious, deceptive, fraudulent, or illegal activity and to fight spam.
  • Enforcement of our terms: We use the information to enforce our Terms and Conditions and other policies.
  • Compliance with legal obligations: We are subject to Colombian legislation and may need to process your data to comply with requests from competent judicial or administrative authorities, as well as to maintain accounting, tax, and commercial records in accordance with current regulations.

5. Information Sharing: Transfer and Transmission of Data to Third Parties

To operate our multifaceted platform, we need to collaborate with specialized service providers. We do not sell your personal information. We only share your data in the circumstances described below, always under strict security controls and in compliance with Colombian law.

5.1. Transmission to Service Providers (Data Processors)

We hire third-party companies and individuals to perform services on our behalf. These providers act as Data Processors, which means they process your personal data following our explicit instructions and are not authorized to use your information for their own purposes.

We maintain data transmission agreements with each of them, which require them to implement appropriate security measures and maintain the confidentiality of the information, in accordance with the stipulations of Colombian law.

The categories of Processors we work with include:

  • Payment Processors: To securely process your payments with credit/debit cards, bank transfers, and other payment methods.
  • Logistics and Shipping Companies: To deliver the physical products you purchase from our store.
  • Web Analytics Platforms: To help us analyze traffic and user behavior on our website.
  • Cloud Hosting and Content Delivery Networks (CDNs): To store our data, operate our website’s infrastructure, and deliver content efficiently and securely worldwide.
  • Email Marketing Tools: To manage and send the newsletters and promotional communications to which you have subscribed.

5.2. International Data Transfers

Some of our service providers, such as our cloud hosting and content delivery partners, are located in countries outside of Colombia, including the United States. Article 26 of the Law 1581 of 2012 prohibits the transfer of personal data to countries that do not provide levels adequate of data protection.

We will only perform an international transfer or transmission of your data if one of the following conditions is met:

  • When the transfer is necessary for the execution of a contract between you and Atmostfear Entertainment (for example, using a United States-based server to host our website or an international payment processor for your purchase).
  • When the recipient country has been declared by the Superintendence of Industry and Commerce (SIC) as a country with an adequate level of data protection.
  • When we have your express and unequivocal authorization for the transfer.
  • When contractual clauses or binding corporate rules are signed that guarantee the protection of your data, in accordance with the regulations of the National Government.

5.3. Transfer to Third Parties (Other Controllers)

In limited circumstances, we may share your information with other Data Controllers:

  • Public Authorities: We will disclose your personal information to public or administrative entities in the exercise of their legal functions or by court order, when we are legally obligated to do so.
  • Corporate Transactions: In the event that Atmostfear Entertainment S.A.S. is involved in a merger, acquisition, reorganization, or sale of assets, your personal information may be transferred as part of that transaction. In such a case, we will notify you before your information is transferred and becomes subject to a different privacy policy.

To offer you maximum transparency, the following table summarizes the main categories of third parties with whom we share data, the types of data involved, and the legal basis for such sharing.

Table 1: Summary of Third Parties and Purpose of Data Sharing

Third-Party Category Examples of Providers Data Shared (Examples) Primary Purpose Legal Basis (Colombia)
Payment Processors PayPal, Payoneer, Davivienda Buyer identification, transaction details (amount, product), contact information To process your payment securely and prevent fraud Execution of Contract / Legal Obligation
Logistics Companies Servientrega, Coordinadora, DHL, USPS, UPS, Royal Mail, FedEx Name, shipping address, phone number, email To deliver the physical products you have purchased Execution of Contract
Analytics Platforms Google Analytics, Microsoft Clarity Pseudonymized ID, IP address (anonymized), browsing behavior To analyze website performance to improve our services Authorization (Express Consent)
Marketing Providers FluentCRM with Amazon SES Name, email To send newsletters and promotional communications Authorization (Express Consent)
Cloud Hosting & CDN Kinsta (Google Cloud), Cloudflare, BunnyCDN All collected data Secure storage, operation of website infrastructure, and global content delivery Execution of Contract / Legitimate Interest

6. Your Rights and the Procedure to Exercise Them (Habeas Data)

Colombian law grants you a robust set of rights over your personal data, collectively known as the right of habeas data. At Atmostfear Entertainment, we have established a clear and accessible procedure for you to exercise these rights effectively.

It is important to note that Colombian law establishes a tiered process. Before you can file a formal complaint with the data protection authority, you must first exhaust the claim procedure directly with us. This requirement, known as a procedural prerequisite, is not an obstacle but a mechanism designed to encourage a direct, swift, and efficient resolution of your requests. By detailing this process, we not only comply with a legal obligation but also provide you with a clear guide to manage your rights and our internal team with a consistent workflow to ensure timely and legally compliant responses.

6.1. Your Rights as a Data Subject

In accordance with Article 8 of Law 1581 of 2012, you have the following rights:

  • Right of Access: To know and access, free of charge, your personal data that has been subject to Processing.
  • Right to Update and Rectify: To update and rectify your personal data when it is partial, inaccurate, incomplete, fragmented, or misleading.
  • Right to Request Proof of Authorization: To request a copy of the authorization you granted us for the Processing of your data, except in cases where the law does not require it.
  • Right to be Informed: To be informed, upon request, about the use we have given to your personal data.
  • Right to Revoke Authorization and Request Deletion: To revoke the authorization granted and/or request the deletion of your data when the principles, rights, and constitutional and legal guarantees are not respected in the Processing. This revocation or deletion will not proceed when you have a legal or contractual duty to remain in the database.
  • Right to File Complaints: To file complaints with the Superintendence of Industry and Commerce (SIC) for violations of the provisions of the data protection law, once the claim process with us has been exhausted.

6.2. Procedure for Inquiries and Claims

To exercise your rights, we have enabled the following channels, as required by Decree 1377 of 2013:

Step 1: Submit the Request (Inquiry or Claim) to Atmostfear Entertainment

Depending on the nature of your request, the procedure and response times vary:

  • For Inquiries: If your request is an inquiry (e.g., accessing your data or requesting proof of authorization), we will address it within a maximum term of ten (10) business days from the date of its receipt. If it is not possible to address the inquiry within this term, we will inform you of the reasons for the delay and indicate the date on which your inquiry will be addressed, which in no case may exceed five (5) business days following the expiration of the first term.
  • For Claims: If you believe that the information contained in our database should be corrected, updated, or deleted, or if you notice an alleged breach of our duties, you must file a claim. The claim must contain, at a minimum:
    • Your full identification as the Data Subject.
    • A clear description of the facts giving rise to the claim.
    • Your physical or email address for notifications.
    • The documents you wish to use as evidence (if applicable).

If the claim is incomplete, we will request that you correct the deficiencies within five (5) business days following its receipt. If two (2) months pass from the date of the request without you providing the required information, we will understand that you have withdrawn the claim.

Once the complete claim is received, we will include a note in the database that says “claim in process” within a term not exceeding two (2) business days. The maximum term to address your claim will be fifteen (15) business days from the day following the date of its receipt. If it is not possible to address it within that period, we will inform you of the reasons for the delay and the date on which your claim will be addressed, which may not exceed eight (8) business days following the expiration of the first term.

6.3. Procedural Prerequisite for Complaints to the SIC

We remind you that, in accordance with Article 16 of Law 1581 of 2012, you may only file a complaint with the Superintendence of Industry and Commerce once you have exhausted the inquiry or claim process directly with us, the Data Controller.

7. Processing of Special Categories of Data

Atmostfear Entertainment recognizes the sensitivity and the high risk associated with processing certain categories of data. Colombian law imposes particularly strict obligations for the protection of sensitive data and data of minors, and our policy reflects a firm commitment to these safeguards.

7.1. Sensitive Data

We reiterate that sensitive data is that which affects the privacy of the Data Subject or whose improper use can lead to discrimination. Our general policy is not to collect or process sensitive data. We will not ask you for information about your health, political affiliation, religious beliefs, sex life, or ethnic origin.

In the hypothetical case that it becomes strictly necessary to collect any sensitive data for the provision of a future service (e.g., biometric data for an advanced security feature), we commit to:

  1. Obtain your explicit, prior, and informed authorization for such processing.
  2. Inform you clearly that, because it is sensitive data, you are not obligated to authorize its processing.
  3. Unequivocally specify the exclusive purpose for which such data is collected.

7.2. Privacy of Minors (Under 18 Years of Age)

Our Services are intended for a general audience. However, due to the nature of our content, which may include reports on violent aspects of history, the Services are not recommended for minors under 18 years of age.

We do not knowingly collect personal information from individuals under 18. We are fully aware that Article 7 of Law 1581 of 2012 prohibits the Processing of personal data of children and adolescents, except for data that is public in nature, and requires that any such processing respect their prevailing rights.

If we learn that we have inadvertently collected personal information from a minor under 18 without the verifiable consent of a parent or legal guardian, we will take steps to delete that information as soon as possible. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at privacy@atmostfear-entertainment.com.

8. Information Security and Retention

The protection of your information is a priority. We have implemented a comprehensive security program with measures and data retention policies designed to comply with the principles of security and temporality required by Colombian law.

8.1. Security Measures

In accordance with the duties established in Law 1581 of 2012, we commit to keeping your information under the necessary security conditions to prevent its alteration, loss, consultation, use, or unauthorized or fraudulent access.

To this end, we have implemented and maintain appropriate technical, human, and administrative security measures. While we cannot publicly detail our security architectures for obvious reasons, these measures include, among others:

  • Technical Measures: Use of encryption for data in transit (HTTPS/SSL protocol), logical access controls, pseudonymization of data where possible, and firewalls.
  • Administrative Measures: Internal data protection policies, confidentiality agreements with employees and contractors, and information security training programs.
  • Physical Measures: Access controls to our facilities and the servers where information is stored.

We adopt a “privacy by design” approach, integrating data protection considerations from the initial stages of development of any new product or service

8.2. Data Retention Period

The processing of your data is not indefinite. We strictly adhere to the “principle of temporality” or “storage limitation,” which means that your personal data will only be collected, stored, and used for the time that is reasonable and necessary to fulfill the purpose for which it was collected.

The existence of this principle implies that Atmostfear Entertainment must have a data lifecycle management process, from its collection to its eventual and secure deletion. This is not a perpetual accumulation of information. By explicitly defining the criteria that determine the retention period, we demonstrate the existence of a mature data governance policy that addresses the complete lifecycle of the information, as required by law.

The criteria we use to determine retention periods are as follows:

  • Duration of the Contractual Relationship: We will retain your personal data as long as you maintain an active account with us, are a subscriber to our services, or as long as it is necessary to provide you with the products you have purchased.
  • Compliance with Legal Obligations: Once the contractual relationship has ended, we must retain certain information for the periods required by Colombian laws. For example, commercial and tax regulations require us to keep records of transactions and billing for a period that can extend up to ten (10) years after the relationship has ended.
  • Handling of Claims and Legal Actions: We will keep the information for the time necessary to defend ourselves against possible claims or to initiate legal actions, respecting the applicable statutes of limitations.

Once the purpose of the processing has been fulfilled and the legal and contractual retention periods have expired, we will proceed with the secure deletion of your personal data from our databases or its anonymization for statistical purposes, in such a way that you cannot be identified.

9. Our Role as a Data Processor for Hosting Services

This policy primarily describes how we act as a Data Controller for the information we collect from you. However, when you use our hosting services to create and manage your own website, our role changes for the data collected on that site.

It is crucial to understand this distinction:

  • You as the Data Controller: When you use our hosting services, you are the Data Controller for all personal data you collect from your website’s visitors and users. You decide what information to collect, for what purpose, and how it is processed.
  • Atmostfear Entertainment as the Data Processor: In this context, we act as a Data Processor. We process the data on your website (which is stored on our servers) on your behalf and according to your instructions, which are defined by your use of our services.

As the Data Controller for your website, you are solely responsible for complying with all applicable data protection laws. This includes your obligation to publish your own privacy policy on your site that clearly explains to your visitors how their data is collected, used, and protected. We provide the platform and tools, but the legal responsibility for the data on your site rests with you.

10. Changes to This Data Processing Policy

The digital environment and the regulatory framework are constantly evolving. Therefore, Atmostfear Entertainment S.A.S. reserves the right to modify this Personal Data Processing Policy at any time to adapt it to new legislation, jurisprudence, as well as industry practices or new internal policies.

In accordance with the provisions of Decree 1377 of 2013, any substantial change in the processing policies will be communicated in a timely manner to the Data Subjects before its implementation. Substantial changes are considered, among others, those that affect the identification of the Data Controller or the purposes of the processing that may affect the authorization granted.

When we make changes, we will notify you through the communication channels we maintain with you, such as a prominent notice on our website or an email to the address you have provided.

The “Last Updated” date at the top of this Policy will always indicate when the last revision was made. We recommend you review this page periodically to stay informed about our privacy practices. Your continued use of our services after notification of the changes will constitute your acceptance of them, within the framework of the law.

11. Governing Law and Jurisdiction

This Privacy Policy and any disputes related to it shall be governed by and construed in accordance with the laws of the Republic of Colombia, without regard to its conflict of law provisions. You agree to submit to the exclusive jurisdiction of the courts located in Bogotá, D.C., Colombia, to resolve any legal matter arising from this policy.