Manual for the National Database Registry

Last updated: Mar 5, 2026

The minimum information that must be contained in the National Database Registry (NDR) is the following:

• Entity responsible for and in charge of personal data processing:

  • Name: FLUIDSIGNAL GROUP S.A.S.
  • Address: Street 43, number 9 South - 195 Office 736, Square building, Medellín
  • Email: info@fluidattacks.com
  • Phone number: (604) - 4442637

• Channels for the data subjects to exercise their rights: FLUIDSIGNAL GROUP S.A.S., with a view to well-being, confidentiality, and agility in service, designates the email address info@fluidattacks.com, through which the data subject can exercise their rights to know, update, rectify, and delete their personal data contained in databases and revoke the authorization they have granted for the processing of such data, when possible. These channels must at least foresee the possibility of the data subject exercising their rights through the same means by which their information was collected, leaving a record of the receipt and processing of the respective request.

• Name and purpose of the personal database: The Active Employees Database (i.e., Base de Datos de Empleados Activos) will be the name of the database published by FLUIDSIGNAL GROUP S.A.S. in the National Database Registry, and its purpose is to use the personal data of employees for:

  • Issues relevant to the employment relationship: (EPS, ARL, pension and severance funds, family compensation funds, etc.)
  • Accounting and payroll payment
  • Recruiting and selecting personnel to fill vacancies
  • Processing, confirming, and complying with legal and extralegal employment obligations arising from the employment contract
  • Training and education
  • Occupational health and safety programs
  • Establishing technological and physical access controls to maintain security across the facilities’ and applications’ physical infrastructure
  • Transferring and/or transmitting personal data to entities and/or judicial and/or administrative authorities, when required in relation to its corporate purpose and necessary for the performance of its functions
  • Consult and/or verify information in national and international control lists related to money laundering and terrorist financing, illegal activities, or situations regulated by the Colombian penal code
  • Confirm the employee’s personal information by cross-checking it against public databases, central databases, risk prevention systems, specialized companies, references, and contacts

• Forms of processing: Personal data contained in databases may be processed automatically or manually. Manual databases are files whose information is organized and stored physically, whereas automated databases are stored and managed using computer tools.

• Registration of the personal data processing policy: Registration of the personal data processing policy in the National Database Registry and its proper dissemination among employees.

Other privacy measures

• Data privacy policy 
• Data retention policy 
• Data use policy 
• Email obfuscation 
• Employee time tracking 
• OTR messaging 
• Polygraph tests 
• Project pseudonymization 
• Sensitive data transmission 
• Unsubscribe email 
• Use of cookies 
• Use of OpenAI as a subprocessor