Contact Us

Privacy Policy

PRIVACY AND PERSONAL DATA PROTECTION POLICY. INCEPTIA S.R.L.

Regulatory Framework

This Policy is issued in compliance with Personal Data Protection Law No. 25,326, Regulatory Decree No. 1558/2001, the provisions of the Argentine Data Protection Authority (Agencia de Acceso a la Información Pública – AAIP), and in alignment with the Information Security Management System (ISMS) in accordance with ISO/IEC 27001.

Objective

To establish the principles and guidelines for the lawful, secure, and responsible processing of personal data processed by Inceptia S.R.L., guaranteeing the rights of data subjects and ensuring the confidentiality, integrity, and availability of information.

Scope

This Policy applies to all personal data processed by the organization, including data of clients, employees, suppliers, and third parties. It covers automated and non-automated databases, systems, platforms, and services managed by the company, as well as all personnel and third parties with access to personal information.

Definitions

  • Personal Data: Information of any kind relating to identified or identifiable natural or legal persons.
  • Sensitive Data: Data revealing racial or ethnic origin, political opinions, religious, philosophical, or moral beliefs, trade union membership, or information concerning health or sexual life.
  • Data Subject: Natural or legal person to whom the personal data relates.
  • Database Controller: Inceptia S.R.L.

Applicable Principles

Inceptia guarantees that the processing of personal data shall be carried out in accordance with the following principles:

  • Lawfulness: Data shall be collected and processed based on a valid legal basis and, where applicable, with the data subject’s consent.
  • Purpose: Data shall be used exclusively for the purposes informed at the time of its collection.
  • Data Quality: Data shall be adequate, relevant, and not excessive in relation to the purpose for which it was obtained.
  • Security: Appropriate technical and organizational measures shall be implemented to protect data against unauthorized access, loss, alteration, or improper disclosure.
  • Confidentiality: All personnel involved in the processing of personal data are bound by the duty of professional secrecy, even after the termination of their relationship with the organization.

Data Subject Rights

In accordance with Sections 14 and 16 of Law No. 25,326, data subjects may exercise the following rights:

  • Right of Access to their personal data.
  • Right to Rectification and Update.
  • Right to Erasure, where applicable.
  • Right to Confidentiality.

Requests must be submitted through the formal channels established by the organization and shall be responded to within the legally established timeframes.

Data Transfers

Personal data shall not be transferred to third countries or international organizations that do not provide adequate levels of protection, unless there is the data subject’s express consent, a legal obligation, or a contract that guarantees adequate protection.

Security Measures

Within the framework of the ISMS, the organization implements measures such as role-based access control, access logging and monitoring, encryption where applicable, security incident management, periodic risk assessments, backup and data recovery mechanisms, and continuous staff training in security and privacy matters.

Data Retention

Personal data shall be retained while a contractual relationship exists, a legal obligation applies, or a purpose justifying its processing remains. Once such period has expired, the data shall be securely deleted or anonymized.

Incident Management

Upon detection of an incident affecting personal data, the internal incident management procedure shall be activated, its impact shall be assessed, and the necessary corrective and preventive measures shall be adopted.

Responsibilities

The Management of Inceptia S.R.L. holds ultimate responsibility for compliance with this Policy. The Security and Compliance area shall oversee its implementation, and all personnel must comply with the established provisions.

Review

This Policy shall be reviewed at least once a year or whenever regulatory, technological, or organizational changes so require.