BERKEN IP Data Protection Policy
I. Legal framework
At BERKEN IP S.R.L (hereinafter, BERKEN) we consider the following regulations as legal framework for the data protection policy:
- Section 43 of the Argentine National Constitution.
- Act 25.326 for the protection of personal data.
- Decree-law 1558/2001 as regulation of the personal data protection act.
- Resolution 47/2018 of the Agency of Access to Public Data (“AAIP”), on security measures recommended for the processing of data and conservation of Personal Data in computerized and non-computerized means.
- All complementary regulations other than the aforementioned rules.
II. Terms and conditions of use
BERKEN policies and proceedings are aimed at protecting such information provided BERKEN, being BERKEN’s intention to exclusively receive such information or Personal Data (pursuant to the definition hereunder) that is provided voluntarily, limited to essential use, and that those who provide data shall not disclose under any circumstance Sensitive Data (pursuant to the definition hereunder).
This information may be obtained, among others, through any of the following channels or means: (i) commercial or professional relationship; (ii) rendering of services; (iii) employment relationship; (iv) application to selection processes; (v) attendance to training, seminars or courses; (vi) delivery of emails requesting necessary information for any of the aforementioned relationships or services; and (vii) BERKEN website.
It is acknowledged that BERKEN may also access other data regarding the data Owners (pursuant to the definition hereunder) from information available at public/private consulting databases (e.g., databases of the National Registry of Persons (“RENAPER”), the Federal Administration of Public Revenue (“AFIP”), the Central Bank of Argentina, credit reports (Veraz), etc., and any others that due to their nature may be relevant with regard to the commercial or professional relationship between BERKEN and the data Owner.
BERKEN shall not gather, create and/or manage data files, registries, bases or banks (pursuant to the definition hereunder) that store information regarding Personal Data, except for the purposes of contacting their owners, meet legal or contractual obligations under the responsibility of BERKEN or sending pertinent information or invitations to the activities carried out by BERKEN in pursuance of its business purpose.
Pursuant to Act 25.326, the below-mentioned terms are interpreted as follows:
Personal data: Information of any kind referring to natural or legal persons, whether determined or determinable.
Sensitive data: Personal data that denote a racial and ethnical origin, political opinions, religious, philosophical or moral convictions, union affiliation, income, and information regarding health or sex life.
Data file, registry, base or bank: Used indistinctly, they denote the organized set of personal data that are subject to processing, whether electronic or not, whichever their form of creation, storage, organization or access.
Data processing: Systematic operations and proceedings, whether electronic or not, that allow for the gathering, conservation, ordering, storage, alteration, association, evaluation, blocking, destruction, and processing in general of personal data, as well as their assignment to third parties through communications, consulting, interconnections or transfers.
Data owner: All natural or legal person with legal domicile, delegations or branches within the country, whose data are subject to the processing set forth in Act 25.326.
IV. Consent and/or authorization to obtain data
BERKEN shall not carry out the processing of the data and/or Sensitive Data without the consent of their owner, which shall be given in writing or by other means that allow for comparison, according to the circumstances, bearing in mind that, for the purposes of enforcing the formal requirements, and/or those regarding claim of ownership of rights, and/or tax or employment registration before organizations or entities, public or private, before which BERKEN acts or shall be bound for the provision of its services or in compliance of legal obligations, it results essential to disclose the Personal Data required by the pertinent organization or entity at its own discretion. For all such cases, BERKEN is presumed to be authorized and have consent to disclose the necessary Personal Data in as far as same are required to it or it results necessary to disclose them to such effect.
For any other use other than the established in the above paragraph, BERKEN shall only disclose or process the data or Personal Data, prior authorization by the pertinent owner.
V. Exceptions to prior express authorization from the owner of the personal data
At BERKEN, the authorization shall not be needed when
- The data are obtained from unrestricted public-access sources;
- The data are gathered for the purposes of exercising the functions of the Government powers or by virtue of a legal obligation;
- The data involve lists of details that are limited to name, identity document, tax or retirement identification, job, date of birth and domicile;
- The data derive from a contractual, scientific or professional relationship of the data Owner, and they are deemed necessary for its development or fulfillment;
- The data regard operations carried out by financial entities and the information they receive from their clients, pursuant to the regulations set forth in section 39 of Act 21.526.
VI. Content of the information provided to the owner of the personal data
At BERKEN we provide clear information, free from coding and accompanied by an explanation of all terms used, in a language accessible for the common knowledge of the population.
At BERKEN, we provide broad information, pertaining to all the record belonging to the owner, even when the requirement only applies to one aspect of the Personal Data. In no case shall the report disclose data belonging to third parties, even when they are linked to the interested party.
VII. Clients, suppliers and personnel commitment
Clients and suppliers that hire the services provided by BERKEN, as well as its personnel, shall act as a whole in compliance with these policies and the Personal Data protection Act No. 25.326, as well as any other complementary laws or its future substitutes.
Moreover, BERKEN, its suppliers and clients shall adapt their acting to the recommendations contained in Order 47/2018 of the AAIP for the processing and conservation of Personal Data in computerized and non-computerized means.
BERKEN shall put all of its efforts in keeping the safety of the personal information of its clients, suppliers and employees, taking into account the internal practical, technical and organizational measures necessary to guarantee the safety, integrity and confidentiality of the data, in the attempt to carefully avoid the unauthorized access, destruction, use, alteration or disclosure of the data, pursuant to section 9 of Act 25.326, its complementary laws, and particularly pursuant to the recommendations set forth in Order 47/2018 of the AAIP, which establishes the different security measures for the processing and conservation of Personal Data contained in private data banks.
BERKEN shall put all of its efforts in avoiding the unauthorized access to the personal data of its clients, suppliers and employees. BERKEN’s Technology and Systems area is in charge of the enforcement of the regulations regarding the safety of the information, through policies, regulations, manuals and proceedings approved for such purpose.
VIII. Continuous control and improvement
BERKEN carries out internal controls with the purpose of ensuring the compliance of these policies, and suggesting possible changes to improve the mechanisms of data gathering, safety and processing of Personal Data.
This present policy shall enter into force since its date of publication at BERKEN’s webpage.