PRIVACY AND DATA PROTECTION POLICY
Control Union Services S.A.C. (hereinafter Control Union Services or the Company) is committed to compliance with current legal regulations. In this regard, the Company establishes this Information Management and Data Protection Policy, which must be followed by all shareholders, directors, managers, legal representatives, attorneys-in-fact, temporary or indefinite workers, interns and volunteers of the Company (hereinafter “Company Employees”), as well as its customers and suppliers, in order to prevent any type of violation of the provisions of the Personal Data Protection Law (Law No. 29733) and its respective Regulations.
This document applies to all employees of the Company. The Board of Directors and the General Management of the Company, together with the heads of each area are responsible for ensuring that all Company employees under their supervision and authority comply with local laws and this Policy.
-
Objective
The objective of this Policy is to establish the general and specific guidelines to be followed by all members of the Company to ensure the proper treatment, the confidentiality of information, as well as the security of personal data of our various stakeholders and authorized third parties with whom we interact, in accordance with the values and principles established by the Company.
2. Scope
This policy is mandatory for all directors, officers and employees of the Company, as well as for any business partner representing the Company and/or supplier that is contracted or commissioned for the specific processing of data.
By virtue of the nature of the provision of certification and inspection services, among other services provided by the Company, Control Union Services may request your personal data, which may consist of: name, address, email, telephone number and others deemed necessary for the fulfillment of the stated purpose. At no time will you be asked to provide sensitive data. Neither will you be asked for financial or patrimonial data, in which case, your express consent will be required, observing in any case the exceptions indicated in the Law and its Regulations.
In view of the foregoing, the Company shall be responsible for the use given to your personal data, for requesting them, as well as for their protection, and for such purpose implements technical, administrative and physical security measures determined in the Regulations of the Law, which allow protecting your personal data against any damage, partial or total loss, modification, alteration, handling, destruction or unauthorized use, access, treatment or safekeeping, whether in digital or physical file.
3. LEGAL BASIS
Law N° 29733 - Data Protection Law.
Supreme Decree N° 003-2013-JUS - Regulation of the Data Protection Law.
Legislative Decree N° 1353 - Legislative Decree that creates the National Authority of Transparency and Access to Public Information, Strengthens the Regime of Protection of Personal Data and the Regulation of the Management of Interests.
General Data Protection Regulation of the European Community.
4. DEFINITIONS
Authorization: Prior, express, free and informed consent issued by the holder of personal data for the Company to carry out the processing of their data.
Database or Data Bank: Set of personal data stored by the Company that is subject to processing.
Data: Any type of code that represents concrete information about facts, elements, among others, that allows describing, studying, analyzing or knowing them, regardless of its storage form.
Personal Data: Any information about a natural person that identifies him/her or makes him/her identifiable through means that can be reasonably used, such as, for example, name, date of birth, identity card number, address, e-mail address, telephone number, among others.
Sensitive data: Personal data referring to a person's racial or ethnic origin, economic income, health-related data, political, religious, philosophical or moral opinions or convictions, mental state, trade union membership, and other information that may reasonably be used, such as, for example, name, date of birth, identity card number, address, e-mail address, telephone number, among others.
Data subject: Natural person whose data or information is subject to processing by the Company.
Processing of personal data: Any operation or technical procedure, automated or not, that allows the collection, recording, organization, storage, conservation, elaboration, modification, extraction, consultation, use, blocking, suppression, communication by transfer or diffusion or any other form of processing that facilitates the access, correlation or interconnection of personal data.
Cookies: It is a small simple file that is sent along with the pages of this website and that your browser stores on the hard drive of your computer or other device. The information stored in it may be returned to our servers or to the servers of the relevant third parties during a subsequent visit.
form and mechanisms for granting consent
If Personal Data is requested, it will be duly registered in the Company's Database and will be given as long as the authorization and consent is given in accordance with the national regulations in force.
The Authorization may be recorded in a physical or electronic document, data message, form, website or also verbally or by telephone or in any other format that allows guaranteeing its subsequent consultation or through a suitable technical or technological mechanism by means of which it may be unequivocally concluded that, if the consent is not obtained, the Company will not be able to provide the Personal Data.
The consent authorization procedure guarantees that the Data Subject has been informed that his/her personal information will be collected and used for specific and known purposes in accordance with this Policy, as well as the right to request access, updating, rectification and deletion of his/her Personal Data at any time, through the mechanisms made available by the Company.
5. RESPONSIBILITIES
All persons included in the scope of this Policy have the individual responsibility to comply with the guidelines and commitments set forth herein, as well as to seek guidance if necessary.
Responsible and contact information: Guillermo Godiño Correa
Address: Av. Petit Thouars 4653 6th Floor, Office 603 - Miraflores, Miraflores. 603 - Miraflores, Lima, Peru
Email: info.peru@controlunion.com
Telephone: +511 7190400
6. RIGHTS OF THE OWNERS
If personal data is processed, the Company will respect and abide by the rights of data owners, implementing mechanisms so that the data owner can exercise them:
Right of access and information
Upon any request from a holder of personal data, he/she shall:
To be given access:
To obtain free of charge all information pertaining to their personal data that is the subject of the Company's processing.
The detail and reasons that generated the need to collect this information, the manner in which it was collected, at whose request it was collected, and the transfers of such information that have been made or are planned to be made.
The deadline for attention to this right is 20 calendar days.
Inform:
The purpose of the processing of your data.
Who has access or may be recipients of such information.
The details of the data collected from the holder.
Transfers of personal data.
Time of conservation of the data.
The term for the attention of this right is 8 calendar days.
Right of rectification, updating and inclusion
Personal data will be rectified, updated or included in greater detail when there is an omission, error or falsehood in the data.
Any rectification of personal data must be justified through supporting documentation.
The rectification of the information will be denied when there is any legal or material impediment to do so.
The term for the attention of these rights is 10 calendar days.
Right of Cancellation or Suppression
Data will be deleted when: (i) they are no longer necessary; (ii) the purpose for which they were collected has been exhausted; (iii) the owner requests cancellation; or, (iv) the term established for their processing has expired.
The term for the attention of this right is 10 calendar days.
Right Right to object
If consent has not been given, the holder of personal data may object to its processing when there are well-founded and legitimate reasons relating to a specific personal situation. This request may be denied when there is due contractual or legal justification for keeping this information in the databases.
The deadline for the attention of this right is 10 calendar days.
7. CONDITIONS OF USE OF THE WEB SITE
The use of the Company's website implies full acceptance by the user of all the general conditions of use of the website in force at each time the user accesses it, so if the user does not agree with any of the conditions set forth herein, he/she should not use this Website. The Company reserves the right to modify at any time these general conditions of use of the Website, as well as any other general or specific conditions, regulations of use, instructions or notices that may be applicable.
Likewise, the Company reserves the right to suspend, interrupt or cease operating the Website at any time. When you visit our website for the first time, we will show you a pop-up window with an explanation about cookies. As soon as you click on “Save preferences”, you consent to our use of the categories of cookies and plug-ins that you selected in the pop-up window, such as is described in this Cookie Policy. You can disable the use of cookies through your browser, but please note that our website may no longer function properly.
You can use your Internet browser to delete cookies automatically or manually. You can also specify that certain cookies may not be placed. Another option is to change your Internet browser settings so that you will receive a message each time a cookie is placed. For more information on these options, please refer to the instructions in the Help section of your browser.
Please note that our website may not function properly if all cookies are disabled. If you delete cookies from your browser, they will be placed again after your consent when you revisit our website.
The information contained in this site is for educational and informational purposes only, and any use other than for profit, reproduction, editing or modification, without prior express permission of the copyright holder will be prosecuted and sanctioned by the respective copyright holder or author.
Disciplinary Actions
Any employee who violates this policy, in addition to the civil, labor and/or criminal liabilities contemplated in the Peruvian legislation, will face disciplinary actions established in the following documents:
a) Code of Conduct
b) Internal Work Regulations
a) Code of Conduct
b) Internal Labor Regulations.
Likewise, with respect to non-compliance by suppliers or third parties, the Company will apply the corresponding penalties or consequences in accordance with the Law or the respective contract, such as, for example, the termination of the contract.
If you have knowledge or suspicion of a possible breach of this Policy, you must report it immediately through the different reporting channels that exist. All reports will be treated confidentially and the reporting person will be granted anonymity upon request. The Company will not take any retaliatory action against reporting employees, unless it is done in bad faith and with the intent to cause harm to a co-worker.
