logo mentu -vb
  • Home
  • About us
  • Products
    • Maths
    • Shaia
  • Contact us
  • Blog
  • EN
    • ES

Personal Data Processing Policy

In order to comply with current legislation on data protection—especially Law 1581 of 2012, Decree 1377 of 2013, and Decree 1074 of 2015 (as well as any other rules that modify, supplement, or develop them)—we hereby inform you of the key aspects related to the collection, use, transmission, and transfer of Personal Data by the company MENTU EDUCACIÓN S.A.S. (hereinafter, “MENTU”), domiciled in Bogotá, at Calle 79B #5-81, telephone number (+57) 320 4550793, identified with Tax ID No. 901.753973-0, and email address: admin@mentu.co, in its role as Data Controller or Data Processor, either by law or by virtue of the authorization granted by you to carry out such processing and handling.

In this Personal Data Processing Policy (the “Policy”), you will find the organizational and legal guidelines under which MENTU carries out data processing, the purposes for such processing, your rights as a data subject, as well as the internal and external procedures for exercising such rights.

Pursuant to Article 15 of the Political Constitution of Colombia and applicable legislation, we have a clear privacy and data protection policy: we do not obtain personal information from third parties who have a commercial, employment, educational cooperation, or legal relationship with MENTU—including yourself, students, parents, teachers, users, employees, or suppliers—unless they have voluntarily provided it through prior, express, and informed consent.

INTRODUCTION

MENTU’s main corporate purpose is to develop new models of learning that complement formal education, based on best pedagogical, educational, technological, and digital practices, with the goal of expanding and facilitating access to education for thousands of people in Latin America, starting in Colombia.

The activities carried out by MENTU in pursuit of its corporate purpose are supportive of education and serve the public interest by benefiting specific population groups:

  • Children and adolescents

  • Educational institutions

  • Teachers

  • Families

In developing its relationships with stakeholders, MENTU receives personal information—public, private, and, in some cases, sensitive in nature. The data managed and processed by MENTU are of a private and/or potentially sensitive nature, and the confidentiality of such information is therefore guaranteed.

DEFINITIONS

For the interpretation of this Policy, please consider the following definitions:

PERSONAL DATA: Any information linked or that can be associated with one or more determined or determinable natural persons.

SENSITIVE DATA: Data that affect the data subject’s privacy or whose misuse could result in discrimination.

DATA PROCESSOR: A natural or legal person, public or private, who processes Personal Data on behalf of the Data Controller.

PERSONAL DATA PROCESSING POLICY or POLICY: Refers to this document, as the Personal Data Processing Policy applied by MENTU in accordance with applicable legal provisions.

SUPPLIER: Any natural or legal person who provides services to MENTU and its community under a contractual or binding relationship.

CLIENT: Any natural or legal person with whom MENTU enters into a service agreement.

DATA CONTROLLER: A natural or legal person, public or private, who, either independently or in association with others, decides on the database and/or Data Processing.

DATA SUBJECT: A natural person whose Personal Data is subject to Processing, whether they are a Client, supplier, employee, teacher, user, or any third party who provides Personal Data to MENTU as a result of a commercial or legal relationship.

TRANSMISSION: The communication of Personal Data by the Controller to the Processor, located within or outside the national territory, for the Processor to carry out data processing on behalf of the Controller.

TRANSFER: The transmission and/or storage of data originally collected in Colombia to another country where they will be processed by a Data Processor under the guidelines expressly established by MENTU in this Policy.

PROCESSING: Any operation or set of operations carried out on Personal Data, such as collection, storage, use, circulation, or deletion.

For terms not included in the above list, please refer to the applicable legislation, especially Law 1581 of 2012 and Decree 1377 of 2013, interpreting them as defined in such regulations.

GUIDING PRINCIPLES APPLICABLE TO THE PROCESSING OF PERSONAL DATA

The processing, management, and protection of Personal Data carried out by MENTU as Controller and/or Processor of the information shall be subject to the following principles, which will be applied and interpreted in a harmonious, systematic, and comprehensive manner in all related activities:

  • Legality: The Processing of Personal Data is a regulated activity that must comply with the rules that govern the matter.

  • Purpose: Data Processing must pursue a legitimate purpose, aligned with the Constitution and the law, and must be clearly, previously, and specifically informed to the data subject.

  • Freedom: Processing may only be carried out with the prior, express, and informed consent of the data subject. Personal Data cannot be collected or disclosed without authorization or a legal mandate.

  • Accuracy: Information subject to Processing must be truthful, complete, accurate, updated, verifiable, and understandable. The Processing of partial, incomplete, fragmented data or data that may lead to error is prohibited.

  • Transparency: The data subject must be guaranteed the right to obtain information from the Controller or Processor at any time and without restrictions, regarding the existence of data concerning them.

  • Restricted Access and Circulation: Personal Data collected or processed by MENTU will only be used within the scope of the stated purposes and authorization granted by the data subject. Such data cannot be accessed, transferred, assigned, or disclosed to third parties without prior authorization. Personal Data, except for public information, cannot be available on the internet or other mass media unless access is technically controllable and limited to authorized parties.

  • Security: MENTU will adopt physical, technical, and administrative security measures necessary to safeguard records and prevent their alteration, loss, leakage, unauthorized access, or fraud.

  • Confidentiality: All persons involved in the Processing of non-public Personal Data are obligated to maintain its confidentiality, even after ending their relationship with any activity involving data processing.

  • Temporality: Once the purpose for which the data were collected is fulfilled, MENTU must cease its use unless retention is required by law.

  • Special Protection of Sensitive Data: MENTU will not collect or process sensitive data unless it has the data subject’s express authorization or in legally permitted cases. Sensitive data that may be collected will receive special protection.

PURPOSE AND USE OF DATA PROCESSING

MENTU, acting as Controller and/or Processor, will collect, store, process, use, and transmit Personal Data strictly in accordance with the guidelines established by Law 1581 of 2012 and Decree 1377 of 2013, for the following purposes, as applicable:

Personal Data will be used for:

  • Execution of agreements, contracts, and commercial or civil partnerships entered into by MENTU.

  • Registration and profile creation to use the MENTU platform under any modality chosen by the teacher or Client.

  • Payment of contractual obligations.

  • Responding to requests from governmental or judicial entities.

  • Support for internal/external audit processes.

  • Sending/receiving messages for commercial, informational, academic, pedagogical, or student development purposes.

  • Registration of information in MENTU’s database for administrative staff, teachers, students, and parents/guardians, as applicable.

  • Recording supplier information in MENTU’s database.

  • Registration of individuals interested in donation or investment agreements in MENTU’s database.

  • Contacting employees, suppliers, teachers, parents, legal guardians, and students regarding contractual, commercial, or legal relationships.

  • Fulfilling obligations as Controller and/or Processor of Personal Data.

  • Security purposes, fraud prevention, and prevention of data breaches.

  • Providing users with licenses and access to the Mentu platform.

  • Informing users about new services offered by MENTU.

  • Efficient communication between MENTU and data subjects to fulfill its corporate purpose.

  • Compliance with obligations to users, Clients, contractors, suppliers, employees, and when legally required by judicial or administrative authorities.

  • Managing and sharing information with third-party Processors and governmental educational entities when necessary.

  • Accounting and tax purposes, including payroll and invoicing.

  • Managing user-generated data to improve platform functionality as an educational tool.

  • Producing internal statistics, studies, and personalization of services.

  • Understanding students’ demographic and socioeconomic context to analyze how it affects platform interaction and usability. Sensitive data collected may include: name, age, grade, school, socioeconomic level, digital skills, voice, parents' educational background, and student behavior and performance on the platform.

We also inform you that, as a supplier, contractor, Client (parent/student), or teacher, your Personal Data is collected solely for identifying your role, profession, trade, or status in an educational cooperation relationship. Some of this data is public and does not require prior authorization, while other personal or sensitive data is subject to the consent you provide to MENTU. In any case, even for public data, you retain your rights as a Data Subject.

If you provide us with Personal Data, it will only be used for the purposes described herein. We will not sell, license, or disclose it outside of MENTU unless:
(i) you expressly authorize us to do so;
(ii) it is necessary to allow our contractors or agents to provide services;
(iii) it is required to provide our educational services;
(iv) it relates to a merger, acquisition, or corporate restructuring;
(v) it is required or permitted by law.

To fulfill these purposes, your Personal Data may be disclosed to human resources personnel, processors, consultants, contractors, teachers, and other relevant individuals.

MENTU may outsource certain functions to third parties for data processing. In such cases, we require those third parties to implement appropriate security measures, prohibit them from using the data for their own purposes, and restrict disclosure to unauthorized parties.

MENTU may also transmit or receive Personal Data to or from other national or international companies and contractors for security, efficiency, legal, or service improvement purposes. We require that these companies apply personal data protection standards at least equivalent to those described in this Policy. For international data transmission, a data transmission agreement will be signed, as required by Decree 1377/13.

Additionally, once the need for Processing ceases, the data may be deleted from MENTU’s databases or archived securely, to be disclosed only when legally required.

Collected Data

Identification data for the registration process, such as name, email, date of birth, institution, city, and contact information. We also collect information about user behavior within the application to improve our product, as well as course descriptions and special considerations for the class.

There may also be indirect data collection of information not explicitly requested but necessary for the context of intelligent assistants, as shared by the user.

All the data is stored using robust encryption measures and with limited access.

WARNING:The user agrees not to disclose personal or sensitive information about third parties without proper authorization or a formal agreement that allows acting as a data processor. The user assumes full responsibility for submitting any data without the required consent.

RIGHTS OF THE DATA SUBJECT

In accordance with Article 8 of Law 1581 of 2012, the rights you have as the Data Subject in relation to your Personal Data are:

  • To know, update, and rectify your Personal Data in relation to MENTU as the Data Controller or Data Processor. This right may be exercised, among others, in the case of partial, inaccurate, incomplete, misleading, or unauthorized data, or data whose Processing is expressly prohibited;

  • To request proof of the authorization granted to MENTU as the Data Controller, except when expressly exempted as a requirement for Processing;

  • To be informed by MENTU, as the Data Controller, or by the Data Processor, upon request, about the use that has been made of your Personal Data;

  • To file complaints with the Superintendence of Industry and Commerce for violations of the provisions of this law and other regulations that modify, add to, or supplement it;

  • To revoke the authorization and/or request the deletion of the data when the Processing does not respect constitutional and legal principles, rights, and guarantees;

  • To request the deletion of your personal information whenever you deem it necessary;

  • To access your Personal Data that has been subject to Processing, free of charge.

Within this Policy, you will find the procedure through which MENTU guarantees the exercise of all your rights.

PROCEDURE FOR THE EXERCISE OF YOUR RIGHTS AS A DATA SUBJECT

If you have questions about this Policy, or any concerns or complaints regarding the administration of the Policy, please contact us through any of the following means:

MENTU EDUCACIÓN S.A.S.
Phone: +57 320 4550793
Email: admin@mentu.co

In the case of filing a complaint, request for rectification, update, inquiry, access, or data removal, you must contact the Personal Data Protection Officer at: oficial.datospersonales@mentu.co

Please note that once you notify the responsible department within MENTU—depending on which department your request is addressed to—it will proceed with the handling of your inquiry, request, or complaint.

Your request or petition regarding your Personal Data must be addressed within a maximum period of fifteen (15) business days from the receipt of the request or petition. To properly and completely evaluate your request, petition, or complaint, we ask that you include the requester’s identity, identification number, address for notifications/responses, and any supporting documents you wish to submit.

If your request or petition lacks the necessary data and facts that allow MENTU to address it properly and completely, you will be asked within five (5) days of receipt to correct the deficiencies. If five (5) days pass from the date of the request and you, as the requester, have not corrected the issues as required, MENTU will interpret this as a withdrawal of your request.

SECURITY MEASURES

MENTU, in the course of the Processing of the Personal Data it collects or is responsible for, as the case may be, will adopt all physical, technological, and administrative security measures it deems appropriate based on the nature of the data, which will be applied in all relevant areas.

MENTU, in compliance with Statutory Law 1581 of 2012 and the requirements established by the Superintendence of Industry and Commerce, will report to the latter any security incidents that may have caused loss, theft, unauthorized access, or fraudulent modification, as well as the measures taken in response.

Here you can check our Security Information Policy https://mentu.co/en/security-policy

PROVISION OF PERSONAL DATA TO ADMINISTRATIVE AND JUDICIAL AUTHORITIES

In the event that authorities with administrative or judicial powers request access to or delivery of Personal Data contained in MENTU's databases, the request will be internally evaluated, and if it meets all legal requirements, it will be documented and added to MENTU’s internal records, in compliance with the applicable regulations.

MODIFICATION OF THIS POLICY

This Policy may be modified at any time. Therefore, we recommend checking it regularly on our website: https://mentu.co/en/data-processing-authorization. Nevertheless, MENTU will notify, in accordance with the law, of any substantial changes not only through the aforementioned link, but will also make efforts to inform users through platform communications, email, and other means.

THIRD-PARTY CONTENT

The MENTU platform may link to third-party websites or offer content that is not owned by MENTU, over which MENTU has no control. Such content will be governed by the data protection and privacy policies of those third parties. MENTU is not responsible for the data protection and privacy policies of any third party.

SENSITIVE DATA

Through this Policy, I acknowledge and accept that MENTU may process information for the purposes established herein, which, by its nature, may be considered sensitive data. I understand that, as the Data Subject, I have the right to choose whether to provide or respond to questions regarding sensitive data when it is requested for collection and Processing. Therefore, through this document, I have been informed that I have the right not to answer questions related to such data and/or to decide whether to provide the requested information. No activity may be conditioned upon the provision of sensitive Personal Data.

CHILDREN'S AND ADOLESCENTS' DATA

Through this Policy, I acknowledge and accept that MENTU will carry out the Processing of information, as Processor or Controller, for the purposes established herein, of children and adolescents, subject to the following legal requirements: i) that it responds to and respects the best interests of children and adolescents; ii) that it ensures respect for their fundamental rights; iii) that, once the above are fulfilled, the legal representative of the child or adolescent will grant the authorization, after the minor exercises their right to be heard, with their opinion being considered based on their maturity, autonomy, and ability to understand the matter.

Through this document, I have been informed that I have the right not to answer questions related to such data and/or to decide whether to provide the requested information.

EFFECTIVE DATE

This Personal Data Processing Policy, under the responsibility of MENTU, acting as Controller and/or Processor of third-party information, has been approved and will be in effect as of February 19, 2025.

See our privacy notice: https://mentu.co/en/privacy-notice

 
footer-img
At Mentu, we believe that quality education is a universal right. Technology, far from being an obstacle, is our ally to make it accessible to everyone.
  • Home
  • About us
  • Products
    • Maths
    • Shaia
  • Contact us
  • Blog

created with ♥︎ by Mentu.