Privacy Policy

This website and its contents are protected by the laws of protection of International and Intellectual Property of Colombia and, either as an individual work and / or as a compilation. The User cannot delete or modify in any way the information related to those rights included on the Web. All rights are reserved in favor of CBRE Colombia SAS (hereinafter “CBRE”) or the owner thereof.

Confidentiality Policy

For the use of certain services, CBRE may request certain User data. CBRE will process these data in accordance with the provisions of the following policy.

Data Privacy Policy

CBRE Group, Inc. (hereinafter “CBRE”) is a multinational company dedicated to providing specialized services for the management and administration of real estate. CBRE has a presence in Colombia through its subsidiary CBRE COLOMBIA S.A.S. (hereinafter “CBRE Colombia”). For the purpose of this Data Privacy Policy (hereinafter the "Policy"), CBRE Colombia holds the status of Data Controller, in accordance with the definition of literal e) of Article 3 of Law 1581 of 2012.

CBRE Colombia Contact Information:

Address: Bogotá, D.C.
Email: [email protected]
Address: Carrera 7 No. 75 - 51 Oficina 601
Telephone: (57) (1) 5185279


CBRE Colombia is committed to respecting and protecting the privacy of individuals and keeping Personal Information secure by complying with applicable data protection, privacy, information security laws and regulations. This Policy describes CBRE Colombia's methods regarding the necessary collection, use, disclosure and protection of personal data for purposes related to the business derived from the Company's corporate purpose and economic activities. CBRE Colombia will protect personal information and ensure that such information remains secure and available to its holders.


This policy applies to all personal data processed by CBRE Colombia and the managers designated by it, as well as to all CBRE Colombia lines of business and departments.


1. Personal Information. All information or data (regardless of format) that (i) identifies or can be used to identify, contact or locate an individual, or (ii) that relates to an individual, whose identity may be directly or indirectly inferred , including any information that is linked to that person, regardless of any attribute or marital status of said individual.

2. Sensitive Personal Information. A subset of personal information that due to its nature has been classified as such by law, contract or by this Policy. Sensitive Personal Information requires additional privacy protections and enhanced safeguards (as defined in the following numeral). Examples of Sensitive Personal Information are: (i) individual medical records (including protected health information) and biometric information; (ii) data obtained from an information agency (including employee background reports, credit reports, and credit accounts); (iii) data revealing race, ethnicity, national origin, religion, union affiliation, political orientation, data related to health, sexual life or sexual orientation and criminal history or criminal charges, and; (iv) any other personal information designated by CBRE as sensitive personal information.

3. Enhanced Safeguard. The implementation of physical, technical and administrative measures against the risk of involuntary or unauthorized disclosure of Sensitive Personal Information, which are stricter than the generally required safeguards, since accidental or unauthorized disclosure of Sensitive Personal Information can create a risk of substantial harm to the person (for example, identity theft or financial fraud).

4. Privacy Officer. The person in charge of supervising the CBRE Colombia Privacy Program, designated by the Head of Ethics and Compliance.


In accordance with Law 1581 of 2012 and Decree 1377 of 2013 that regulates it, the Holders of Personal Data have the following rights:
to. Know, update and rectify your personal data in the CBRE Colombia database.

b. Request proof of the authorization that was granted to CBRE Colombia to process your personal information.
c. Be informed by CBRE Colombia, regarding the use that has been given to your personal data in case you expressly require it.
d. Submit complaints to the Superintendency of Industry and Commerce for violations of the provisions of this law 1581 of 2012 and the other regulations that modify, add or complement it.
Revoke the authorization and / or request the deletion of the data when the treatment that CBRE Colombia has given to them does not respect the principles, rights and constitutional and legal guarantees, after checking said acts before the Superintendency of Industry and Commerce.
F. Free access to your personal data in the CBRE Colombia databases.
g. Be informed of substantial changes made in this Information Processing Policy, such as and without limitation: changes in the identification of the Data Controller and in the purpose of the Treatment of personal data of customers, suppliers and CBRE Colombia workers.
h. Receive a new authorization request for Information Processing when the changes that CBRE Colombia makes to the Privacy Policy modify the purpose of Information Processing.

i. Attention to requests to the Privacy Officer (updates, rectifications, suppression of Information and revocation of authorization), queries and complaints regarding the Treatment of Information:

Annie Rosas Marken
Email: [email protected]
Telephone: (57) (1) 5185279
Address: Carrera 7 No. 75-51 Oficina 601, Bogotá, D.C.
Attention hours: Monday to Friday 8:00 AM - 5:00 PM


Any query related to the Treatment of Personal Data of the Holders of Personal Data must be sent by email to the Privacy Officer previously referenced. CBRE Colombia will resolve the request and / or consultation within ten (10) business days following the date on which it was received. In the event that it is not possible to attend the query within the aforementioned period, CBRE Colombia will inform the client of the reasons for said situation along with the date on which the query will be answered, a period that may not exceed five (5) days. business days after the first term referenced above.

The Holder of Personal Data or their successors who consider that their data collected on the occasion of this Policy should be subject to correction, updating or deletion, or when they notice the alleged breach of any of the duties of CBRE Colombia contained in Law 1581 2012, they may file a claim with the Privacy Officer. To process claims, the following procedure will be followed:

1. The claim must be addressed to the Privacy Officer by email.
2. The claim must indicate the address and identification of the Owner of the Personal Data.
3. The claim must contain a description of the facts that give rise to the claim and the documents that support it.
4. In the event that the claim is incomplete, the Privacy Officer will require the claimant within five (5) business days after receipt of the claim, to correct the failures that may arise.
5. Once the request has been made, if two (2) months elapse from the date of the request, without the applicant submitting the required information, it will be understood that he has withdrawn.
6. Claims will be resolved within fifteen (15) business days from the day following the date it was received. In the event that it is not possible to attend to the claim within the period established above, the claimant will be informed of the reasons for said situation along with the date on which the claim will be answered, a period that may not exceed eight (8) business days. after the end of fifteen (15) referenced business days.
The consent granted by the Holder may be revoked at any time, by means of a prior written notice signed before the responsible area, at the aforementioned electronic address, in the terms established by Law 1581 of 2012.


1. The Privacy Officer is responsible for the supervision of this Policy, the company's strategy to deal with the management of operational risks and information privacy and the support of compliance with all laws and regulations of security protection of data, privacy and applicable information.
2. Each line of business and department is responsible for following this Policy in order to address its specific activities related to the collection, use, disclosure and protection of Personal Information.


1. CBRE Colombia may collect Personal Information for purposes related to its business, which may include, among others, providing customer service, managing the services we offer to customers, complying with legal requirements, payment processing, and for the commercialization of our products and services, generally for commercial, administrative and marketing purposes.
2. If required by contract, by CBRE and / or CBRE Colombia policy or by applicable laws or regulations, CBRE and / or CBRE Colombia must obtain consent to collect Sensitive Personal Information.
3. CBRE Colombia may collect Personal Information from publicly available sources, including, but not limited to, web pages and public databases and government sources, and open source news or reports.
4. CBRE Colombia may use and process Personal Information to provide information about products or services, promote or market products or services, and for statistical or research purposes.
5. Any use or processing of Personal Information to generate anonymous, statistical, summarized, aggregated information will be considered a permitted use in accordance with this Policy; provided that such information cannot be used to identify any individual.
6. CBRE Colombia may transmit the Personal Data that it collects and processes on the occasion of this Policy to Managers outside of Colombia, after concluding the corresponding data transmission contract, otherwise it must notify and have the consent of the owner of the Personal Data .
7. CBRE Colombia may transmit and transfer at the international level the Personal Data that it collects and processes from its employees, specifically to the United States of North America through personnel management software such as PeopleSoft.


to. CBRE Colombia may retain Personal Information only for the period necessary to fulfill the purposes related to business, described in this Policy, or as required by applicable laws or regulations. Likewise, said retention of Personal Information must be consistent with the policies of CBRE and CBRE Colombia regarding the storage of business files.


1. CBRE Colombia may disclose Personal Information to outside organizations, including CBRE affiliates, partners or other third parties that provide CBRE with various outsourced business services, including, but not limited to, administrators of employee benefits or card providers. 
When CBRE Colombia discloses Personal Information to a third party, it is authorized to use and disclose Personal Information only if it is necessary to provide its services or if it is required by law.
b. CBRE must take appropriate actions to ensure that the third party protects the Personal Information that CBRE Colombia provides to it, at least under the terms and conditions of this Personal Data Treatment Policy.
c. CBRE Colombia may disclose Personal Information when required by applicable law or regulation, as well as when CBRE Colombia has reason to believe that the disclosure is necessary to protect the rights of CBRE Colombia, protect the safety of individuals or others, investigate fraud or any other criminal activity, or respond to a government request.

2. CBRE Colombia must reasonably ensure that the Personal Information is correct, complete, exact, verifiable and understandable, for the business purposes for which it is being disclosed.


1. CBRE Colombia shall collect, use, maintain and disclose (internally and externally), and destroy Personal Information in a way that reasonably limits the risks of loss, theft, misuse, or unauthorized access.
2. CBRE Colombia will eliminate the Personal Information after the period required for its retention or when it is not necessary for the purposes related to business.


CBRE Colombia presumes the veracity of all the information that is provided by any type of medium by its clients, suppliers and workers. Consequently, CBRE Colombia does not verify, nor does it assume the obligation to verify the identity of the provider, client, user and worker, nor the veracity, validity, sufficiency and authenticity of the data that each of them provides.
Consequently, the clients, suppliers and workers of CBRE Colombia declare and accept that CBRE Colombia does not assume responsibility for damages and / or losses of any nature that may originate from the lack of veracity, validity, sufficiency or authenticity of the information it receives. thereof. The foregoing includes all kinds of damages that may be due without being limited to homonymy or identity theft.


CBRE Colombia reserves the right to make modifications or updates to this Information Processing Policy at any time, taking into account the modification, development and / or regulation of the current regulations on the processing of personal data. Notwithstanding the foregoing, CBRE Colombia will communicate to its customers, suppliers and workers through its website, email or any other means, any modification made to this Information Processing Policy.


Any concern or claim related to this Policy should be presented to the Privacy Officer. The Privacy Officer is responsible for interpreting how to apply any part of this Policy to specific situations.


This Information Processing Policy is effective on the day of its publication, that is, on the eighteenth (18) day of the month of March of the year two thousand twenty (2020).