IMPRUVEX Privacy Statement
Effective Date: September 23, 2024

Impruvex SpA, hereinafter and interchangeably referred to as the Company, is committed to protecting the privacy and security of the personal data we collect and process. This Privacy Policy describes the practices we follow to ensure that personal information is handled responsibly and in compliance with applicable personal data protection legislation, including Law No. 19.628 on the Protection of Private Life, as well as all other legal provisions governing this matter.

DEFINITIONS

Personal Data: Any information that allows the identification of a natural or legal person, directly or indirectly, such as name, RUT (tax ID), address, marital status, domicile, contact details, etc.

Data Subject: The natural or legal person to whom the processed personal data refers.

Processing of Personal Data: Any operation or set of operations performed on personal data, such as collection, storage, use, disclosure, deletion, among others.

GENERAL PRINCIPLES OF THE COMPANY

Lawfulness: Personal data is processed lawfully, fairly, and transparently.

Purpose Limitation: Personal data is collected and processed only for specific, explicit, and legitimate purposes.

Data Minimization: Only personal data necessary for the stated purposes is collected.

Accuracy: Personal data is kept accurate and up to date.

Storage Limitation: Personal data is retained only for as long as necessary for the purposes for which it was collected.

Integrity and Confidentiality: Personal data is processed securely and confidentially, protecting it against unauthorized access, loss, destruction, or accidental damage.

COLLECTION AND USE OF PERSONAL DATA

We collect and use personal data to:

Provide Services: Process and manage the services requested by our clients.

Legal Compliance: Comply with legal and regulatory obligations.

Continuous Improvement: Improve our products and services through data analysis.

All employees and service providers with access to personal data receive frequent training in Records and Information Management, as specified in our privacy protocols for data handling and use.

RECORDS AND INFORMATION MANAGEMENT

Impruvex maintains, manages, and protects customer records and information in accordance with internal policies and applicable legal requirements, including:

Secure Retention: Maintaining electronic backup copies of customer records solely for disaster recovery purposes and for no more than 120 days.

Data Transfer and Destruction: Records are not transferred to third parties without customer authorization. Record destruction is carried out only with written confirmation from the customer.

SHARING OF PERSONAL DATA

The Company does not share personal data with third parties, except in the following cases:

With Customer Consent: When the customer expressly authorizes the transfer.

Legal Obligations: When required to comply with legal obligations or in response to valid legal requests.

PERSONAL DATA SECURITY

We implement a robust Information Security Program, including technical and organizational measures to protect personal data, such as:

Access Controls: Access to personal data is restricted to authorized personnel only.

Data Encryption: Personal data is encrypted during transmission and storage.

Audits and Monitoring: Periodic audits are conducted to ensure compliance with our security policies.

DATA SUBJECT RIGHTS

Data subjects have the right to:

Access: Request access to their personal data.

Rectification: Request correction of inaccurate data.

Deletion: Request deletion of their data, where applicable.

Objection: Object to the processing of their data in certain cases.

To exercise these rights, data subjects may contact us through the channels indicated in the Contact section of this policy.

SECURITY INCIDENT NOTIFICATION

Impruvex notifies its customers within 24 hours of any security incident affecting personal data. We take immediate measures to mitigate the impact of the incident and fully cooperate with any required investigations.

RECORD MAINTENANCE AND AUDIT

Impruvex is committed to maintaining and archiving training documentation and security reports in accordance with the timeframes specified by applicable regulations. Records will be available for audit by the customer or competent authorities, as required.

CHANGES TO THIS POLICY

We reserve the right to modify this Privacy Policy at any time. Any changes will be communicated to data subjects by publishing the updated version on our website.

CONTACT

For any inquiries, complaints, or requests related to this Privacy Policy, data subjects may contact us through:

Email: contacto@impruvex.com

Address: Av. Apoquindo 5950, 20th Floor, Office 114, Las Condes, Santiago, CHILE

We are committed to responding to all requests within a reasonable timeframe and in accordance with applicable laws.