This Privacy Statement is effective as of 1 January 2021.
The objective of the Information and Communications Technology Policy is to establish a governance framework so that the use of technology within the organization meets current and future needs arising from the business strategy, following criteria of innovation, quality, efficiency, scalability, and enterprise architecture. These policies apply to all employees, consultants, or third parties who use any of the technology resources provided by the organization.
The guidelines described in these policies correspond to minimum standards that must be met in relation to the acquisition and use of technology tools, mobile communication services, the use of the internet and email, as well as the company’s data protection policy.
The Technology process declares its commitment to complying with the corporate values of Commitment, Honesty, Loyalty, Respect, and Perseverance in all aspects that make up the framework of Information and Communications Technologies, constantly looking after the interests of the company:
Commitment to ensuring the availability, stability, reliability, and security of the Information and Communication Technologies implemented in the Organization to support timely decision-making.
Honesty as the foundation for the comprehensive management of internal Technology processes and their interaction with other business processes.
Loyalty, demonstrating consistency and transparency in daily work to guarantee the integrity and security of information.
Respect for established rules and policies that guarantee the correct use of Information and Communication Technology resources to achieve organizational objectives.
Perseverance To adequately address present and future needs derived from the business strategy, which support the productivity of employees in different processes.
General Framework
The Information and Communications Technology policy focuses on the correct use and utilization of these resources provided by the organization to achieve corporate objectives, supporting and enhancing the achievement of results in different processes. As a general framework for this policy, guidelines are defined to cover the following three aspects:
This document is part of the Compliance Policy that NOVVOR’s Board of Directors has implemented for all its business units.
The purpose of the Personal Data Protection and Processing Policy is to regulate the processing of personal data that NOVVOR carries out on its customers’ data in order to ensure respect for and protection of the rights and freedoms of the individuals who are the owners of this data, in particular the right to privacy.
Through this policy, NOVVOR recognizes the importance of ensuring the processing of its customers’ data is based on international standards for data protection and processing, which have been incorporated into the bill regulating the protection and processing of personal data currently undergoing constitutional review in the Senate of the Republic.
In this context, this policy provides guidelines for a regulatory and institutional framework that highlights the importance of personal data and, at the same time, establishes the idea that such data should be processed with the exclusive and unequivocal consent of the individuals who own said data or in those cases authorized by law. In this way, NOVVOR will act in accordance with the idea that personal data must be under the control of its owner and that it may be processed legitimately by NOVVOR with the express consent of the data owner, ensuring a minimum standard of quality, information, transparency, and security.
For the purposes of full compliance with internal compliance standards, the processing of data by NOVVOR must strictly adhere to the following principles and requirements:
Principle of lawfulness: NOVVOR may only process personal data with the consent of the data subject or as required by law.
Principle of purpose: Personal data must be collected for specific, explicit, and lawful purposes. The processing of personal data must be limited to the fulfillment of these purposes. Personal data may not be processed for purposes other than those stated at the time of collection, unless the owner gives their consent again to data from publicly accessible sources or unless required by law.
Principle of proportionality: The personal data processed must be limited to that which is necessary in relation to the purposes of the processing. Personal data must be kept only for the period of time necessary to fulfill the purposes of the processing, after which it must be deleted or anonymized. A longer period of time requires legal authorization or consent from the data subject.
Principle of quality: Personal data must be accurate, complete, and up-to-date in relation to the purposes of the processing. Personal data must be kept only for as long as necessary to fulfill the purposes of the processing, after which it must be deleted or anonymized. A longer period of time requires legal authorization or consent from the data subject.
Principle of accountability: Those who process personal data are legally responsible for complying with the principles, duties, and legal obligations.
Principle of security: In the processing of personal data, adequate security standards must be ensured, protecting the data against unauthorized processing, loss, leakage, damage, or destruction, by applying appropriate technical or organizational measures.
Principle of transparency and information: Data processing policies must be permanently accessible, accurate, clear, unambiguous, and free of charge. The controller must take appropriate and timely measures to provide the data subject with access to all information, as well as any other communication relating to the processing carried out.
Principle of confidentiality: The controller and those who have access to the data must maintain secrecy or confidentiality regarding the data. The controller must establish appropriate controls and measures to preserve secrecy. This duty remains even after the relationship with the data subject has ended.
NOVVOR enshrines and recognizes the rights of access, rectification, cancellation, and opposition of the owner of the personal data. This set of rights is known as “ARCO rights” and has the particularity of being inalienable, free of charge for the user of this application, and cannot be limited in its exercise in a conventional manner. These rights are as follows:
Access to personal data, the notice, and the generalities of the processing refers to the right of any person to request information about their personal data held by NOVVOR. Here, the owner has the right to be informed about the inclusion of their data in a database, and to all information related to it, such as its origin and recipient, the purpose of storage, and the identification of the persons or entities to whom the data is or will be regularly transmitted.
Rectification of inaccurate or incomplete personal data refers to the request for correction and/or updating of personal data held by NOVVOR. Here, the owner of erroneous, inaccurate, misleading, or incomplete personal data has the right to request that it be modified.
Cancellation of personal data when the principles and duties established in the Personal Data Protection and Processing Policy of Holding Santa Gloria are not complied with. In such a situation, the user may request the cancellation or limitation of the use of personal data that is not for the purposes for which it was collected, provided that this does not interfere with the legal relationship between the owner and NOVVOR. Without prejudice to legal exceptions, the owner may demand that personal data be deleted if its storage has no legal basis or when it has expired.
Objection: prevent the processing of personal data for legitimate and justified reasons, provided that this does not interfere with the legal relationship between the owner and NOVVOR. Here, the owner may object to the processing of their data, or request that it cease when it has been initiated without their consent, except in cases of legal exceptions. In particular, you may object to the use of your personal data for advertising, market research, or opinion polls.
The processing of personal data originating from or collected from publicly accessible sources does not require the consent of the data subject. Nor does the processing of personal data expressly authorized by law for a specific purpose require such consent.
Statistical data does not constitute personal data and, therefore, may be processed without authorization.
On the other hand, when the authority, the supervisory body, the Public Prosecutor’s Office, or a Court of the Republic requires it in compliance with a regulation, the requested personal data must be provided without prior authorization from the owner, taking the relevant precautions.
Cookies
If you leave a comment on our site, you may opt to save your name, email address, and website in cookies. This is for your convenience, so you don’t have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me,” your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g., videos, images, articles, etc.). Embedded content from other websites behaves in exactly the same way as if the visitor had visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
Analytics
Who we share your data with
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can view, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also view and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request that we send you an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Some of our websites use Google Analytics cookies. The information collected by Google Analytics cookies will be transmitted to and stored by Google on servers in the United States in accordance with its privacy practices. For an overview of privacy at Google and how this applies to Google Analytics, visit https://www.google.com/policies/privacy/. You can opt out of Google Analytics tracking by visiting https://tools.google.com/dlpage/gaoptout.
If we modify this Privacy Statement, we will post a revised version with an updated revision date. The privacy link in the footer of every NOVVOR web page will redirect to that new version.
Definitions
Personal data: any information linked to or referring to an identified or identifiable natural person. Any person whose identity can be determined, directly or indirectly, by combining information with other data, in particular by means of an identifier such as an identity card number, shall be considered identifiable. the analysis of elements specific to the physical, physiological, genetic, psychological, economic, cultural, or social identity of that person, excluding those cases in which the effort to identify them is disproportionate.
Sensitive personal data: personal data revealing ethnic or racial origin, political, trade union, or professional affiliation, ideological or philosophical convictions, religious beliefs, data relating to health, human biological profile, biometric data, and information relating to the sex life, sexual orientation, and gender identity of a natural person.
Data processing: any operation or set of operations or technical procedures, whether automated or not, that allows personal data or sets of personal data to be collected, processed, stored, communicated, transmitted, or used in any way.
Publicly accessible source: all personal databases, whether public or private, which may be lawfully accessed or consulted by any person, without legal restrictions or impediments to their access or use.
Anonymization or dissociation process: A procedure whereby personal data cannot be associated with the data subject or allow their identification, either because the link to all information that identifies them has been destroyed or because such association requires an unreasonable effort, understood as the use of a disproportionate amount of time, expense, or work. Anonymized data ceases to be personal data.
Personal database: an organized set of personal data, regardless of the form or method of its creation, storage, organization, and access, which allows the data to be linked together and processed.
Data subject or owner: a natural person, identified or identifiable, to whom the personal data relates or refers.
Consent: any freely given, specific, unambiguous, and informed indication of the data subject’s wishes by which he or she, or the data subject’s legal representative or agent, as applicable, authorizes the processing of personal data concerning him or her.
