Privacy and data processing policy
MIC. COMERCIALIZADORA MIC PANAMÁ SPA
This policy applies to all corporate product and service provision processes, as well as data processing processes, in which personal and identifiable information of users and beneficiaries, as well as company personnel, is handled and processed.
This policy must be known and complied with by all permanent and contract employees, freelance personnel, and all natural or legal persons who provide services and who, as a result, access or handle personal data of users, beneficiaries, employees, and those related to MOVIES.
This policy applies to all equipment, means or devices, whether physical or technological, as well as digital repositories in which personal data or sensitive data is stored.
The implementation of this policy guarantees a corporate regulatory framework for the processing of personal data for Chile, across all our sites and business systems.
1. Definitions
a) Information Asset: This is the information itself, in its multiple formats (paper, digital, text, image, audio, video, etc.), as well as all relevant elements in the production, processing, issuance, storage, communication, visualization, and retrieval of valuable information for the Ministry of Social Development and Family.
b) Personal data: In accordance with Law No. 19.628, these are "data relating to any information concerning natural persons, identified or identifiable".
c) Sensitive data: In accordance with Law No. 19.628, these are "personal data that refer to the physical or moral characteristics of individuals or to facts or circumstances of their private life or intimacy, such as personal habits, racial origin, ideologies and political opinions, religious beliefs or convictions, physical or mental health conditions, and sexual life".
d) Owner or manager of the Information Asset (or Information Owner): Executive, or employee designated as responsible for the protection of the information under their charge. They have and can change the characteristics in the classification of information elements.
e) User: a natural person whose personal data is processed within the framework of the company's functions and services.
f) Incident: an unwanted or unexpected information security event or series of events that has a significant probability of compromising business operations and threatening information security.
g) Data storage: conservation or custody of data in a record, bank, or database.
h) Statistical data: data that, in its origin or as a result of its processing, cannot be associated with an identified or identifiable owner.
i) Record, bank or database: an organized set of personal data, whether automated or not, and whatever the form or modality of its creation or organization, that allows relating data to each other, as well as performing all types of data processing.
j) Data subject: natural person to whom the personal data refers.
k) Data processing: any operation or complex of operations or technical procedures, automated or not, that allow collecting, storing, recording, organizing, elaborating, selecting, extracting, confronting, interconnecting, dissociating, communicating, assigning, transferring, transmitting or canceling personal data, or using them in any other form."
2. Principles applicable to the processing of personal data
The processing of users' personal data will be subject to the following principles:
a. Principle of lawfulness, fairness and transparency: the user's consent will be required at all times, after providing completely transparent information about the purposes for which the personal data is collected.
b. Principle of purpose limitation: personal data will be collected for specified, explicit and legitimate purposes.
c. Principle of data minimization: the personal data collected will be strictly necessary in relation to the purposes for which they are processed.
d. Principle of accuracy: personal data must be accurate and will always be updated.
e. Principle of storage limitation: personal data will only be kept in a way that allows the identification of the user for the time necessary for the purposes of their processing.
f. Principle of integrity and confidentiality: personal data will be processed in a way that guarantees its security and confidentiality.
g. Principle of proactive responsibility: the data controller will be responsible for ensuring that the above principles are met.
3. Normative References
a) The Political Constitution of the Republic, in its article 19 number 4°, assures all persons "The respect and protection of the private life and honor of the person and their family, and likewise, the protection of their personal data. The treatment and protection of these data will be carried out in the manner and conditions determined by law".
b) Law No. 19.628, on the protection of private life, in its article 1, states: "The processing of personal data in records or databases by public bodies or by individuals will be subject to the provisions of this law..."
c) Law No. 21.430, on Guarantees and Comprehensive Protection of the Rights of Children and Adolescents, in the second paragraph of its article 33, states that children and adolescents have the right to the protection of their personal data, as well as to prevent its processing or transfer, as established in current legislation.
5. Collection and registration of personal data and purpose of its processing.
Personal data obtained either through physical or digital means will be incorporated and processed in our databases in order to facilitate, streamline, and fulfill commitments with our users and customers.
6. Category of personal data.
The categories of data processed are exclusively identifying data. In no case are categories of sensitive personal data processed, such as the health status of individuals or their political opinions or religious beliefs.
Sensitive data cannot be processed, except when authorized by law, with the consent of the data subject, or when such data is necessary for the determination or granting of health benefits corresponding to the data subjects.
7. Use of data.
Personal data should only be used for the purposes for which it was collected, unless it originates from or was collected from publicly accessible sources. Sensitive data cannot be processed, except when authorized by law, with the consent of the data subject, or when such data is necessary for the determination or granting of health benefits corresponding to the data subjects.
The user or client will have the right to withdraw their consent at any time. It will be as easy to withdraw consent as to give it.
In cases where the user/client must or can provide their data through forms to make inquiries, request information or for reasons related to the content of the website or others, they will be informed if the completion of any of them is mandatory because they are essential for the correct development of the operation performed.
8. Personal data retention period
Personal data will only be retained for the minimum time necessary for the purposes of its processing and, in any case, only for the following period: , or until the user requests its deletion.
At the time personal data is obtained, the user will be informed about the period during which the personal data will be stored or, when that is not possible, the criteria used to determine this period.
9. Recipients of personal data
The personal data of users or clients may be shared with third parties, for which purpose it must be recorded in this privacy policy, updating it, if applicable, with the identification of the recipient, the reason and purpose of the data transmission to them, and the type of data transmitted.
The recipient may only use the personal data transmitted to them for the purposes that motivated the transmission.
Should the data controller intend to transfer personal data to a third country or international organization, at the time the personal data is obtained, users will be informed about the third country or international organization to which the data is intended to be transferred, unless such transmission is in compliance with Chilean legal regulations and/or current treaties and conventions.
10. Personal data of minors
Only persons over 14 years of age may lawfully give their consent for the processing of their personal data.
If the person is under 14 years of age, the consent of the parents or legal representatives or whoever is in charge of the personal care of the child will be necessary, unless expressly authorized or mandated by law.
Sensitive data of adolescents under 16 years of age may only be processed with the express consent of their parents or legal representatives or whoever is in charge of the minor's personal care, unless expressly authorized or mandated by law.
11. Secrecy and security of personal data.
The necessary technical and organizational measures will be adopted, according to the appropriate security level for the risk of the collected data, to guarantee the security of personal data and prevent the destruction, accidental or unlawful loss or alteration of personal data transmitted, stored or otherwise processed, or unauthorized communication or access to such data.
The company's website will have an SSL (Secure Socket Layer) certificate, which ensures that personal data is transmitted securely and confidentially, as this transmission between the server and the user, and in feedback, is completely encrypted.
However, since the impregnability of the internet cannot be guaranteed, nor the total absence of hackers or others who fraudulently access personal data, the data controller undertakes to notify users, without undue delay, of any personal data security breach that is likely to entail a high risk to the rights and freedoms of natural persons. A personal data security breach is understood as any security breach that causes accidental or unlawful destruction, loss or alteration of personal data transmitted, stored or otherwise processed, or unauthorized communication of or access to such data.
12. Rights derived from the processing of personal data
The user and/or client may, therefore, exercise the following rights before the data controller:
a) Right of access: this is the right of users to obtain confirmation as to whether or not their personal data is being processed and, if so, to obtain information about their specific personal data and the processing that has been or is being carried out, as well as, among others, information available on the origin of said data and the recipients of communications made or planned thereof.
b) Right to rectification: this is the right of users/clients to have their personal data modified if it is inaccurate or, taking into account the purposes of the processing, incomplete.
c) Right to erasure ("the right to be forgotten"): this is the right of users, provided that current legislation does not establish otherwise, to obtain the erasure of their personal data when it is no longer necessary for the purposes for which it was collected or processed; when the user has withdrawn their consent to the processing and there is no other legitimate reason to continue with it; when personal data has been processed unlawfully; or when personal data must be erased in compliance with a legal obligation.
d) Right to restriction of processing: this is the right of users/clients to limit the processing of their personal data under certain circumstances.
e) Right to data portability: in case of automated processing, the user will have the right to receive their personal data in a structured, commonly used and machine-readable format, and to transmit it to another data controller.
f) Right to object: this is the right of users or clients to prevent the processing of their personal data or to cease its processing.
g) Right not to be subject to a decision based solely on automated processing, including profiling, unless current legislation provides otherwise.
h) Communication: The user may exercise their rights by written communication addressed to the data controller, in accordance with the provisions of Article 16 of Law No. 19.628.
13. Links to third-party websites.
Our websites may include hyperlinks or links that allow access to third-party web pages. The owners of these websites will have their own privacy and data protection policies, being responsible, in each case, for their own databases and their own privacy practices.
14. Complaints before the supervisory authority
If the user considers that there is a problem or infringement of current regulations in the way their personal data is being processed, they will have the right to take the actions they deem pertinent before the Courts of Justice.
15. Cookie Policy
Access to our websites may involve the use of cookies. Cookies are small amounts of information stored in the browser used by each user—on the different devices they may use to navigate—so that the server remembers certain information that will later be read only by the server that implemented it. Cookies facilitate navigation, make it more user-friendly, and do not harm the browsing device.
Information collected through cookies may include the date and time of website visits, pages visited, time spent on the website, and sites visited just before and after it. However, no cookie allows this to contact the user's phone number or any other personal contact method. No cookie can extract information from the user's hard drive or steal personal information. The only way for a user's private information to become part of the cookie file is for the user to personally provide that information to the server.
Cookies that identify a person are considered personal data. Therefore, the Privacy Policy described above will apply to them. In this regard, for their use, the user's consent will be necessary. This consent will be communicated, based on an authentic choice, offered through an affirmative and positive affirmation, before initial processing, removable and documented.
16. Social media cookies.
Our digital portals may incorporate social media "plugins" that allow access to them from the website. For this reason, social media cookies may be stored in the user's browser. The owners of said social media have their own data protection and cookie policies, being themselves, in each case, responsible for their own files or databases and their own privacy practices. The user must refer to them for information about said cookies and, where appropriate, the processing of their personal data. For informational purposes only, the links to some of the social media where these privacy and/or cookie policies can be consulted are indicated below:
· Facebook Cookies Policy
· Twitter Privacy Policy
· Instagram Help on Cookies
· YouTube Community Guidelines
· Google Privacy Policy
· LinkedIn Privacy Policy
· Pinterest Privacy Policy
· TikTok Privacy Policy"**
17. Disable, reject, and delete cookies.
The user can disable, reject, and delete cookies -totally or partially- installed on their device by configuring their browser (e.g., Chrome, Firefox, Safari). In this regard, the procedures for rejecting and deleting cookies may differ from one internet browser to another. Therefore, the user must refer to the instructions provided by the browser they are using. In the event that they reject the use of cookies
-totally or partially-, they may continue to use the website, although it is possible that the use of some of its features may be limited.
ACCEPTANCE AND CHANGES TO THIS PRIVACY POLICY
It is necessary for the user and/or client to have read and agree with the conditions on the protection of personal data contained in this privacy and cookie policy, accepting the processing of their personal data so that the responsible party can proceed with it in accordance with what is specified, the indicated terms, and the described purposes. The use of our digital portals implies acceptance of this privacy and cookie policy.
We reserve the right to modify our privacy and cookie policy according to our discretion or motivated by legislative or jurisprudential changes. Changes will be notified to the user.
It is recommended to consult this page periodically to be aware of the latest changes.