Privacy Policy | Confiteca

🔒 Commitment to Your Privacy

CONFITECA C.A. is committed to processing information lawfully, transparently, timely, and limited to what is necessary in relation to the relevant purposes.

This policy aims to comply with Ecuador's legal provisions, particularly the Organic Law on Personal Data Protection (hereinafter "LOPDP"), its General Regulation, and complementary regulations.

🏢 Who is responsible for processing your personal data?

CONFITECA C.A., as the data controller, is domiciled in the province of Pichincha, canton Quito, city of Quito, at Panamericana Sur S35-60 Condor Ñan.

📚 What should you know about personal data processing?

Legal Definitions

"LOPDP": Organic Law on Personal Data Protection published in Official Registry Supplement 459 of May 26, 2021.

"Regulation": Regulation of the Organic Law on Personal Data Protection, Executive Decree 904. Official Registry Supplement 435 of November 13, 2023.

"Data Controller": CONFITECA C.A. who determines the purpose and means for personal data processing.

"Data Subject": Natural person whose data is subject to processing.

"Data Protection Officer": The Data Protection Officer (where applicable) identified/appointed by CONFITECA C.A. and acting under its instructions.

"Processing Activity": Any operation or set of operations carried out on Personal Data or sets of Personal Data.

"Data Protection Incident": Personal Data breach (security violation) such as accidental or illegal destruction, loss, or alteration of information.

"Personal Data": Data that identifies or makes a natural person identifiable, directly or indirectly.

Special Category Data

"Special Category Data": The following are considered special categories of personal data:

Sensitive data
Data of children and adolescents
Health data
Data of persons with disabilities and their substitutes, related to the disability
Credit data

"Credit Data": Data comprising the economic behavior of natural or legal persons, to analyze their financial capacity.

"Sensitive Data": Data relating to: ethnicity, gender identity, cultural identity, religion, ideology, political affiliation, criminal record, immigration status, sexual orientation, health, biometric data, genetic data, and data whose improper processing may give rise to discrimination or violate fundamental rights and freedoms.

Processing Actors

"Business Partner": Any natural or legal person, public authority, agency, or other entity that maintains business relationships with CONFITECA C.A.

"Service Provider" or "Data Processor": Any legal person, public or private, agency, or other institution that provides services to CONFITECA C.A. in relation to personal data processing.

"Customer": Any person, whether natural or legal, who obtains a service or good from CONFITECA C.A.

🎯 What is the scope of this policy?

CONFITECA C.A. makes available to members of the Board of Directors, Shareholders, Business Partners, Suppliers, Visitors, Customers, and Prospects, this Personal Data Processing Policy, collected in the provision of services and/or products offered by CONFITECA C.A.; with the purpose of communicating the purpose of data collection, use, cases in which information is shared, and the form of protection, as well as the rights of data subjects and the procedures implemented by CONFITECA C.A. for their exercise.

CONFITECA C.A. guarantees adequate processing of personal data in accordance with the principles and provisions established by law.

📊 What types of personal data will be processed?

The personal data processed by CONFITECA C.A. includes personal data and special category data, through different modalities and sources.

For sensitive data, it is the data subject's prerogative to grant explicit authorization for the processing of such information. In cases of receiving sensitive data, CONFITECA C.A. guarantees to maintain the security and confidentiality thereof.

👤 Customer Personal Data

Includes identifying personal data and special category data, for example: name, surname, ID or unique taxpayer registry, residential address, city, main street, neighborhood, complex name, zone, phone number, email address, nationality, credit information, bank certificate, legal proof of assets, billing information, export information, shipping information, gender, main occupation, profession, voice recordings from telephone communications, image, video, company/workplace, current position, type of contractual relationship, work address, income, assets, net worth, among others.

🤝 Supplier/Business Partner Data

Data of persons or staff members of suppliers, including personal data and special category data, for example: social security affiliation data, contact information, unique taxpayer registry or ID, phone or contact method, information contained in emails and other commercial communications, legal status information, payment terms, population identification, region, address, geolocation data, image, bank account information as well as credit bureau background verification, criminal records, spouse information, references and guarantors, type of business, contracted products and services data, contracts, billing, inquiries, requests, and complaints made, among others.

🎉 Sweepstakes/Contest Participant Data

For example: identifying data, names, surnames, ID number, contact number, email, image, and voice.

⚙️ What are the modalities for personal data processing?

Data provided directly by the data subject: The rights holder provides identifying data (name, surname, ID, phone, email, city, address, etc.)
Data generated as a contractual consequence: The data subject's personal data is obtained according to the development, maintenance, or initiation of the relationship with CONFITECA C.A.
Inferred data: Obtained by the company through profiling with the prior consent of the personal data subject.
Data from third parties: Third parties may belong to the public or private sector, from public information or publicly accessible sources.

⚠️ Any customer, collaborator, or supplier who provides false data will be permanently excluded from our network; additionally, CONFITECA C.A. reserves the right to take any warranted judicial or extrajudicial measures.

📍 Where is personal data collected from?

In the field: through information gathering at the point of sale
Information provided to the company
Social networks
Other technological means: emails, phone calls, event forms, purchase invoices, WhatsApp, rights exercise forms, strategic partners
Cookies: Access to the website may involve the use of proprietary or third-party cookies to facilitate navigation, remember access, and learn about browsing habits.

🎯 Why do we process personal data?

Purposes with Business Partners

Marketing activities for CONFITECA C.A. and its subsidiaries' products and services.
Registration, enrollment, or subscription in the system and/or databases.
Video surveillance systems for security and control reasons.
Supplier evaluation to guarantee an adequate level of processing.
Supplier quality and performance evaluation.
Document and instruct on proper handling of information assets.
Transfer personal data to countries with adequate protection levels.
Consolidate commercial networks and product offerings in the national market.
Conclude international commercial negotiations and relationships.
Control and process audits for quality control.
Loyalty, promotional, and discount plans and networks.
Service level surveys and sending advertising material.

Purposes with Customers and Prospects

Sending information about acquired or desired products and/or services.
Contact to address specific requirements.
Fulfillment of orders, purchase orders, waybills.
Participation in sweepstakes, contests, events, and social programs.
Addressing complaints through the quality control area.
Addressing complaints and requirements through social networks.
Compliance with legal obligations before the Tax Authority.
Data verification and credit bureau status.
Provide data to control authorities when legally required.
Credit evaluation of the customer or prospect.
Marketing with strategic allies.
Surveys, studies, and personal data confirmation.
Collections management directly or through authorized third parties.
Sending news about loyalty campaigns or service improvement.
Sending statements, account statements, or invoices.
Advertising and information about new products.
Notification of Privacy Policy changes.

Purposes for Sweepstakes and Contests

Identifying and validating the winning participant.
Delivering the prize to the participant.
Activities and notifications arising from participation.
Credit data for prize delivery and deposit.
Use of image to record prize delivery.
Sending advertising.
Surveys, sweepstakes, contests, and other promotions.

🔄 When may data be transferred or communicated?

CONFITECA C.A. will not sell, exchange, rent, or share the data subject's personal information except in the ways established in this Policy.

CONFITECA C.A. will share information with service providers or companies with which it has a collaboration or alliance relationship, ensuring that protection standards are met through privacy and confidentiality contracts or agreements.

CONFITECA C.A. will cooperate with competent authorities to safeguard the integrity and security of the community. It may disclose personal information to authorities or third parties by virtue of court orders, when permitted by law, or in case of prevention of money laundering or terrorism financing.

🛡️ What are the information security levels?

CONFITECA C.A. will comply with all applicable technical and organizational measures, including:

Servers with the best security standards
Use of firewalls and antivirus
Access control
Continuous password changes
Locked files

Only those teams or collaborators who need to know the information may access it. CONFITECA C.A. is not responsible for illegal interception or violation of its systems by unauthorized persons.

⚖️ What are your rights and how can you exercise them?

The data subject is entitled to exercise their rights of:

✅ Access
✅ Rectification and updating
✅ Anonymization/encryption
✅ Opposition
✅ Portability
✅ Suspension of processing
✅ Not to be subject to automated decisions

⏱️ Timeframes: CONFITECA C.A. will respond to inquiries within a maximum of 15 days. It may request clarifications within 5 days. The data subject has 10 days to respond.

The communication will be processed through a written request including:

Identification of the Data Subject or representative (full names, ID/passport, address for notifications).
Clear description of the personal data regarding which rights are sought.
Clear explanation of your request.
Identification of the right or rights you wish to exercise.
Documents proving identity and legal representation.

📧 What are the contact channels?

The data subject may perform any of the above-described actions by contacting CONFITECA C.A.:

📧 Email

tusdatos@confiteca.com.ec

🔄 May CONFITECA C.A. make modifications to this policy?

CONFITECA C.A. reserves the right to modify this Privacy Policy, keeping it updated in its communication channels. The data subject will be notified if the modifications require specific acceptance.

📅 What is the validity of this policy?

This Policy shall take effect from March 2024. Personal data that is collected, stored, used, or transmitted will remain in CONFITECA's databases for as long as necessary to fulfill the purposes set forth in this document or for the Company to comply with its legal duties.

However, the information will be reviewed each year to verify the accuracy of the data and the purpose of continuing its processing.