Privacy Policy
LEGAL FRAMEWORK
- Article 43 of the Argentine National Constitution.
- Law 25.326 on the protection of personal data.
- Decree 1558/2001 regulating the personal data protection law.
- DNPDP Provision 11/2006 on security measures for the processing and storage of personal data.
- All those rules complementary to those indicated above.
General
Behap Global 's policies and procedures are based on the aforementioned legal framework, whose purpose is the protection of the information entrusted to Behap Global, being Behap Global' s intention to collect only that information that has been voluntarily provided.
This information may be obtained, among others, through any of the following channels or means: (i) commercial or professional relationship; (ii) performance of services; (iii) employment relationship; (iv) application to selection processes; (v) attendance to trainings, seminars or courses; (vi) sending emails requesting information; and (vii) Behap Global's website. Behap Global does not collect or form and/or manage files, banks or records that store information related to personal data, except to contact the owners, comply with legal or contractual obligations of Behap Global or to send information of interest or invitations to the activities carried out by Behap Global in compliance with its corporate purpose.
dEFINITIONS
For the purposes of Law 25.326 it is understood by:
Personal data: Information of any kind relating to individuals or legal entities, determined or determinable.
Sensitive data: Personal data revealing racial and ethnic origin, political opinions, religious, philosophical or moral convictions, union membership, income and information concerning health or sex life.
File, register, database or data bank: Indistinctly, they designate the organized set of personal data that are subject to treatment or processing, electronic or not, whatever the modality of its formation, storage, organization or access.
Data processing: Systematic operations and procedures, electronic or not, that allow the collection, conservation, arrangement, storage, modification, relation, evaluation, blocking, destruction, and in general the processing of personal data, as well as its transfer to third parties through communications, consultations, interconnections or transfers.
Responsible for the file, registry, database or data bank: A natural person or a public or private legal entity that is the owner of a file, registry, database or database.
Computerized data: Personal data subject to electronic or automated treatment or processing.
Data owner: Any natural person or legal entity with legal domicile or delegations or branches in the country, whose data are subject to the processing referred to in Law 25.326.
Data user: Any person, public or private, who carries out at his own discretion the processing of data, either in his own files, registers or data banks or through connection with them.
Data dissociation: Any processing of personal data in such a way that the information obtained cannot be associated to a specific or determinable person.
BASIC PRINCIPLES OF HABEAS DATA
General
Personal data is understood as all information of any kind referring to individuals or legal entities, whether determined or determinable.
Sensitive data is understood as personal data whose improper use may affect the privacy of the owner of such data or generate discrimination, among others, personal data revealing racial and ethnic origin, political opinions, religious, philosophical or moral convictions, union membership, income and information concerning health or sex life.
Provision of sensitive data
No person may be compelled to provide sensitive data.
Sensitive data may only be collected and processed when there are reasons of general interest authorized by law. They may also be processed for statistical or scientific purposes when their owners cannot be identified.
The creation of files, banks or registries that store information that directly or indirectly reveals sensitive data is prohibited, except with the consent of the owners.
Data relating to criminal records or offenses may only be processed by the competent public authorities, within the framework of the respective laws and regulations.
Data collection and storage
The personal data collected for the purposes of processing must be adequate, relevant and not excessive in relation to the scope and purpose for which they were obtained.
The collection of data may not be done by unfair, fraudulent means or in a manner contrary to the provisions of the law.
The processed data may not be used for purposes other than or incompatible with those for which they were collected.
Data that is totally or partially inaccurate or incomplete must be deleted and replaced or, if necessary, completed by the person responsible for the file or database when he/she becomes aware of the inaccuracy or incompleteness of the information in question.
The data must be stored in such a way as to allow the exercise of the holder's right of access.
Data must be destroyed when they are no longer necessary or relevant to the purposes for which they were collected.
Consent and/or authorization to obtain the data
The processing of personal and/or sensitive data is unlawful when the owner has not given his free, express and informed consent, which must be in writing, or by another means that allows it to be equated, according to the circumstances. The aforementioned consent, together with other statements, must be expressly and prominently displayed, with prior notification to the data subject.
Behap Global requires prior authorization from its customers, suppliers and employees for the processing of personal data provided to Behap Global within the framework of the contractual relationship reached with them.
Exceptions to the prior and express authorization of the data subject
Authorization will not be required when:
- The data are obtained from sources of unrestricted public access;
- Are collected for the exercise of functions proper to the powers of the State or by virtue of a legal obligation;
- It is a list whose data is limited to name, national identity card, tax or social security identification, occupation, date of birth and address;
- Derive from a contractual, scientific or professional relationship of the owner of the data, and are necessary for its development or fulfillment;
- The transactions carried out by financial institutions and the information received from their customers in accordance with the provisions of Article 39 of Law 21,526.
PROCESSING OF PERSONAL DATA
Behap Global uses the personal data it collects for lawful purposes, seeking continuous improvement in the activities it carries out and in the relationship it maintains with its customers, suppliers, employees, control bodies and other third parties.
TRANSFER OF PERSONAL DATA
Right to information
Any person may request information from the supervisory body regarding the existence of files, registers, databases or personal data banks, their purposes and the identity of those responsible for them.
The registry kept for this purpose shall be open to the public and free of charge.
Right of access
The owner of the data, after proving his identity, has the right to request and obtain information about his personal data included in public or private data banks for the purpose of providing reports.
The responsible party or user must provide the requested information within ten (10) calendar days of having been reliably notified.
Upon expiration of the term without satisfying the request, or if the report is deemed insufficient, the action for the protection of personal data or habeas data provided for in this law shall be expedited.
The right of access referred to in this article may only be exercised free of charge at intervals of not less than six (6) months, unless a legitimate interest to that effect is proven.
The exercise of the right referred to in this point in the case of data of deceased persons shall correspond to their universal successors.
The request referred to in this point does not require specific formulas, provided that it guarantees the identification of the owner of the data. It may be made directly, by the interested party presenting himself before the person responsible for or user of the file, registry, database or data bank, or indirectly, by means of a reliable notification in writing that leaves a record of receipt. Other direct or semi-direct access services may also be used, such as electronic means, telephone lines, receipt of the claim on screen or any other suitable means for such purpose.
In each case, media preferences may be offered in order to know the required response.
The right of access will allow:
- To know whether or not the owner of the data is in the file, registry, database or data bank;
- Know all the information about you that is on file;
- Request information on the sources and means by which your data were obtained;
- Request the purposes for which they were collected;
- To know the intended use of the personal data;
- To know if the file is registered in accordance with the requirements of Law No. 25,326.
Upon expiration of the term to answer, the interested party may exercise the action for the protection of personal data and report the fact to the National Directorate for the Protection of Personal Data for the purposes of the relevant control of this body.
In the case of data of deceased persons, the link must be accredited by means of the corresponding declaration of heirs, or by a reliable document that verifies the universal successor character of the interested party.
RIGHTS OF THE HOLDER OF THE PERSONAL DATA
Personal data collected by Behap Global may be communicated/transferred to (i) any of the members of Behap Global and/or related, affiliated, controlled, controlling, subsidiary, representative or related companies of Behap Global, (ii) third party data processing and treatment service providers and (iii) other third parties that may correspond according to Behap Global' s relationship with the data subject or to the lawful reasons and purposes for which they were collected by Behap Global.
Behap Global requires those who transfer personal data to comply with adequate standards of confidentiality, protection and security, especially when such third parties are located in countries that do not have adequate data protection legislation in accordance with the parameters established by the authorities and regulations of Argentina.
Content of the Information Provided to the Personal Data Subject
The information provided to the holder of the personal data must be clear, uncoded, and accompanied by an explanation in accessible language. The information must be complete, covering the entire record pertaining to the holder, even if the request only includes one aspect of the personal data. Third party data must not be disclosed.
The holder may choose to receive the information in writing, by electronic, telephonic, image, or other appropriate means.
Right of Rectification, Update or Deletion
The holder has the right to rectification, updating, deletion or confidentiality of their personal data in a database. The responsible must perform the necessary actions within five (5) business days from the receipt of the claim or the detection of the error.
Failure to comply with this obligation allows the data subject to initiate actions for the protection of personal data or habeas data according to Law 25.326. In case of transfer of data, the data controller must notify the transferee about the rectification or deletion within five business days.
Deletion will not take place if it would prejudice the rights of third parties or if there is a legal obligation to retain the data. During error checking, the person responsible must block the file or indicate that it is under review.
Personal data must be retained in accordance with the applicable provisions or contractual provisions between the controller and the holder.
Area Responsible for Processing Doubts, Petitions, Complaints and/or Claims
For questions, requests, complaints, claims or requests for rectification, updating or deletion of data, the holder should send a note to the following email addresselectrónico:info@behapacademy.com, or to the following address:
Attn: IT Security Dept.
Behap Global will process such notice within ten (10) days of receipt, using the contact information provided.
The Agency of Access to Public Information, located at Av. Pte Gral Julio A. Roca 710, 2nd floor, Ciudad Autónoma de Buenos Aires, T.E. 011-2821-0047, is the controlling body of Law 25.326 and handles complaints and claims related to the protection of personal data.
Customer, Supplier and Staff Commitment
Customers, suppliers and employees must act in accordance with these policies and the Personal Data Protection Law No. 25,326.
Security Measures for the Processing and Retention of Personal Data
Behap Global, its suppliers and customers must comply with the security levels established by Provisions 11/2006 and 9/2008. The company implements practical, technical and organizational measures to ensure the security of personal information, preventing unauthorized access, destruction, modification or disclosure of data, in accordance with art. 9 of Law 25.326 and the aforementioned provisions.
The Technology and Systems area of the company is responsible for complying with information security regulations through approved policies, standards and procedures.