Linkedin Twitter Facebook

This Privacy Statement is effective as of January 01/01/2021.

The objective of the Information and Communication Technologies Policy is to establish a governance framework so that the use of Technologies in the organization can meet the present and future needs derived from the business strategy, following criteria of innovation, quality, efficiency, scalability, and business architecture. These policies are applicable to all collaborators, consultants, or third parties that use any of the Technology resources provided by the organization.

The guidelines described in these policies correspond to minimum standards that must be met related to the acquisition and use of technological tools, the mobile communication service, the use of internet and email, as well as the company's data protection policy.

The Technology process declares its commitment to comply with the corporate values of Commitment, Honesty, Loyalty, Respect and Perseverance in all aspects that make up the Information and Communication Technologies framework, permanently watching over the company's interests:

  1. Commitment to ensure the availability, stability, reliability and security of the Information and Communications Technologies implemented in the Organization to support timely decision making.
  2. Honesty as a foundation for the integral management of internal technology processes and their interaction with other business processes.
  3. Loyalty Showing consistency and transparency in their daily work, to ensure the integrity and security of the information.
  4. Respect for the established rules and policies that guarantee the correct use of the Information and Communications Technology resources for the achievement of the organizational objectives.
  5. Perseverance To adequately meet the present and future needs derived from the business strategy, which support the productivity of employees in the different processes.

General Framework

The Information and Communication Technologies policy is focused on the correct use and exploitation of these resources provided by the organization, for the achievement of corporate objectives, supporting and enhancing the achievement of results in the different processes. The general framework of this policy defines the guidelines to be covered in the following three aspects:

  • With the laws and regulations in force;

  • With the development of projects applying criteria of innovation, quality, efficiency, scalability, and enterprise architecture that meet the information and communications needs of the organization;

  • With the timely delivery of the resources requested by the different processes;

  • With the delivery and access to corporate information in a reliable, secure and timely manner;

  • With the execution of control processes to guarantee the permanent availability of the Information and Communications Technology resources implemented.

  • The inadequate use and/or deterioration of the Information and Communications Technology resources implemented;
  • The violation of security schemes that affect the integrity, reliability and availability of information and communications resources;

This document is part of the Compliance Policy that NEUVOR's Board of Directors has promoted for all its business units.

The Personal Data Protection and Processing Policy aims to regulate the processing of personal data that NEUVOR makes of its customers' data in order to ensure the respect and protection of the rights and freedoms of the persons who are holders of these data, in particular, the right to privacy.

Through this policy, NEUVOR recognizes the importance of ensuring the treatment of customer data, based on international standards of protection and data processing, which have been embodied in the bill that regulates the protection and processing of personal data that is currently in the corresponding constitutional process in the Senate of the Republic.

In this context, this policy provides guidelines for a regulatory and institutional framework that enhances the importance of personal data and, at the same time, establishes the idea that these are processed with the exclusive and unequivocal consent of the natural persons who are the owners of such data or in those cases authorized by law. In this way, NEUVOR will assent in its actions to the idea that personal data must be under the sphere of control of its owner and that these may be legitimately processed by NEUVOR with the express consent of the owner of the data, ensuring a minimum standard of quality, information, transparency and security.

In order to fully comply with the internal compliance standards, the data processing carried out by NEUVOR shall strictly comply with the following principles and requirements:

  • Principle of lawfulness: NEUVOR can only process personal data with the consent of the owner or by law.
  • Purpose principle: Personal data must be collected for specific, explicit and lawful purposes. The processing of personal data must be limited to the fulfillment of these purposes. Personal data may not be processed for purposes other than those informed at the time of collection, unless the owner gives his consent again to data from publicly available sources or as provided by law.
  • Principle of proportionality: The personal data processed should be limited to that which is necessary in relation to the purposes of the processing. Personal data should be kept only for the period of time necessary to fulfill the purposes of the processing, after which they should be erased or anonymized. A longer period of time requires legal authorization or consent of the holder.
  • Quality principle: Personal data must be accurate, complete and up to date, in relation to the purposes of the processing. Personal data should be kept only for the period of time necessary to fulfill the purposes of the processing, after which it should be erased or anonymized. A longer period of time requires legal authorization or consent of the holder.
  • Principle of responsibility: Those who process personal data shall be legally responsible for complying with the principles, duties and legal obligations.
  • Security principle: Adequate security standards must be guaranteed in the processing of personal data, protecting the data against unauthorized processing, loss, leakage, damage or destruction, by applying appropriate technical or organizational measures.
  • Principle of transparency and information: Data processing policies must be permanently accessible, in a precise, clear, unequivocal and free manner. The data controller must adopt adequate and appropriate measures to provide the holder with access to all information, as well as any other communication related to the processing it carries out.
  • Principle of confidentiality: The data controller and those who have access to the data must maintain secrecy or confidentiality of the data. The data controller must establish adequate controls and measures to preserve secrecy. This duty subsists even after the relationship with the owner has ended.

NEUVOR enshrines and recognizes the holder of personal data the rights of access, rectification, cancellation and opposition. This set of rights is known as "ARCO rights" and have the particularity of being unwaivable, free of charge for the user of this application and its exercise cannot be limited in a conventional way. These rights are the following:

  • Access to personal data, to the notice and to the generalities of the treatment, refers to the request that any person has to request information about their personal data in possession of NEUVOR. Here the holder has the right to be informed about the inclusion of his data in a database, and to all the information related to it, such as its origin and recipient, the purpose of storage and the individualization of the persons or bodies to which the data are or will be regularly transmitted.
  • Rectification of inaccurate or incomplete personal data, refers to the request for correction and/or updating of personal data held by NEUVOR. Here the holder of erroneous, inaccurate, misleading or incomplete personal data has the right to request that it be modified.
  • Cancellation of personal data when the principles and duties established in the Policy of protection and treatment of personal data of Holding Santa Gloria are not complied with, in such situation the user may request cancellation or limitation in the use of personal data that are not for the purposes collected, as long as it does not interfere in the legal relationship between the holder and NEUVOR. Without prejudice to the legal exceptions, the holder may demand the deletion of personal data, in case their storage lacks legal basis or when they are out of date.
  • Opposition, to prevent the processing of personal data for legitimate reasons in a justified manner, provided that it does not interfere with the legal relationship between the holder and NEUVOR. Here the holder may oppose the processing of his data, or request that it cease when it has been initiated without his consent, subject to legal exceptions. In particular, he/she may object to the use of his/her personal data for the purposes of advertising, market research or opinion polls.

 

The processing of personal data coming from or collected from sources accessible to the public does not require the consent of the owner. Neither does the processing of personal data expressly authorized by law in relation to a particular purpose require such consent.

  • Statistical data do not constitute personal data and, therefore, their processing can be carried out without the need for authorization.
  • On the other hand, when the authority, the supervisory body, the Public Prosecutor's Office or a Court of the Republic requires it in compliance with a regulation, the personal data requested must be provided without prior authorization from the owner, taking the appropriate safeguards.

Cookies

If you leave a comment on our site you can choose to save your name, email address and website in cookies. This is for your convenience, so you don't have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine whether your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set several cookies to store your login information and screen display options. Login cookies last for two days and display options cookies last for one year. If you select "Remember Me," your login will persist for two weeks. If you log out of your account, your login cookies will be deleted.

If you edit or publish an article, an additional cookie will be stored in your browser. This cookie does not include any personal data and simply indicates the ID of the article you have just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g., videos, images, articles, etc.). Embedded content from other websites behaves in exactly the same way as if the visitor had visited the other website.

These websites may collect data about you, use cookies, incorporate additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged into that website.

Analytics

  • With whom we share your data
  • The time we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so that we can recognize and approve any follow-up comments automatically rather than keeping them in a moderation queue.

For users who register on our website (if any), we also store the personal information they provide in their user profile. All users can view, edit or delete their personal information at any time (except that they cannot change their user name). Website administrators can also view and edit that information.

What rights do you have over your data

If you have an account on this site, or have left comments, you may request that we send you an exported file of the personal data we hold about you, including any data you have provided to us. You may also request that we delete any personal data we hold about you. This does not include any data that we are required to retain for administrative, legal or security reasons.

Some of our websites use Google Analytics cookies. The information collected by Google Analytics cookies will be transmitted to and stored by Google on servers in the United States of America in accordance with its privacy practices. To see an overview of privacy at Google and how this applies to Google Analytics, please visit https://www.google.com/policies/privacy/ . You may opt out of Google Analytics tracking by visiting https://tools.google.com/dlpage/gaoptout .

If we change this Privacy Statement, we will post a revised version with an updated revision date. The privacy link in the footer of each NEUVOR web page will redirect to that new version.

Definitions

  1. Personal data: any information linked to or referring to an identified or identifiable natural person. Any person whose identity can be determined, directly or indirectly, through information combined with other data, in particular through an identifier, such as the identity card number, the analysis of elements of the physical, physiological, genetic, psychological, economic, cultural or social identity of such person, excluding those cases in which the identification effort is disproportionate, shall be considered identifiable.
  2. Sensitive personal data: personal data revealing ethnic or racial origin, political, union or trade union affiliation, ideological or philosophical convictions, religious beliefs, data relating to health, human biological profile, biometric data, and information relating to the sex life, sexual orientation and gender identity of a natural person.
  3. Data processing: any operation or set of operations or technical procedures, whether automated or not, that make it possible to collect, process, store, communicate, transmit or use in any way personal data or sets of personal data.
  4. Public access source: all those personal databases, public or private, whose access or consultation may be lawfully made by any person, without excluding legal restrictions or impediments to their access or use.
    Anonymization or disassociation process: procedure by virtue of which personal data cannot be associated to the owner or allow his identification, because the link with any information that identifies him has been destroyed or because such association requires an unreasonable effort, understood as the use of a disproportionate amount of time, expense or work. Anonymized data ceases to be personal data.
  5. Personal database: organized set of personal data, whatever the form or modality of its creation, storage, organization and access, which allows the data to be related to each other, as well as to carry out the processing thereof.
  6. Data subject or owner: natural person, identified or identifiable, to whom the personal data concern or refer.
  7. Consent: any free, specific, unequivocal and informed expression of will by which the data owner, his legal representative or agent, as the case may be, authorizes the processing of personal data concerning him.
Skip to content