PRIVACY POLICY

OF OBRALINK PLATFORM



I. PRIVACY POLICY AND PERSONAL DATA PROTECTION

The OBRALINK web platform, hereinafter "OBRALINK", "WWW.OBRALINK.COM" or "the Plataform" interchangeably, informs people who use it, hereinafter "usersquot, of this privacy policy and personal data protection.

This privacy policy and personal data protection is part of the General Terms and Conditions of Use of the OBRALINK platform. For more information, please review the General Terms and Conditions of Use contained on the platform, which are available at the following link:

Terms and Conditions

Reading it will allow users to understand how OBRALINK collects, processes, and protects their personal data.

Access, use, and permanence on the OBRALINK platform implies acceptance of this privacy policy.

Of particular importance is the application of Law No. 19.628 on Personal Data Protection and Law No. 19.496 on Consumer Rights.

This policy, insofar as it does not contravene Chilean legislation, is adapted to the European Data Protection Regulation (GDPR).



1. Definitions

a. Web platform: a set of graphical interfaces, data, and proprietary software applications included within the service provided by the organization. The applications include web pages, mobile applications, desktop applications, and programming interfaces developed by the company. Their function is to allow the acquisition, processing, connection, and display of data from various sources to different stakeholders. These information sources can include users, hardware, and software. The generally involved stakeholders are users, clients, suppliers, and other applications, whether or not they belong to the organization.

b. Data storage: the conservation or custody of data in a registry, database, or database.

c. Statistical data: data that, at its origin or as a result of its processing, cannot be associated with an identified or identifiable data subject.

d. Personal data: data relating to any information concerning identified or identifiable natural persons.

e. Sensitive data: personal data that refers to the physical or moral characteristics of individuals or to facts or circumstances of their private life or intimacy, such as personal habits, racial origin, political ideologies and opinions, religious beliefs or convictions, physical or mental health status, and sexual life.

f. Registry, database, or database: an organized set of personal data, whether automated or not, and regardless of its creation or organization form or modality, that allows the data to be related to each other, as well as performing any type of data processing.

g. Data controller: the natural or legal person responsible for decisions related to the processing of personal data, also known as the data processing controller.

h. Data subject: the natural person to whom the personal data refers.

i. Data processing: any operation or set of operations or technical procedures, automated or not, that allow the collection, storage, recording, organization, elaboration, selection, extraction, comparison, interconnection, dissociation, communication, assignment, transfer, transmission, or cancellation of personal data, or their use in any other way.


2. Principles applicable to the processing of personal data

The processing of users' personal data will be subject to the following principles:

a. Principle of lawfulness, fairness, and transparency: the user's consent will be required at all times with completely transparent information on the purposes for which the personal data is collected.

b. Principle of purpose limitation: personal data will be collected for specific, explicit, and legitimate purposes.

c. Principle of data minimization: the personal data collected will be only those strictly necessary in relation to the purposes for which they are processed.

d. Principle of accuracy: personal data must be accurate and always updated.

e. Principle of storage limitation: personal data will only be kept in a way that allows the identification of the user for the necessary time for the purposes of their processing.

f. Principle of integrity and confidentiality: personal data will be processed in a way that ensures their security and confidentiality.

g. Principle of proactive responsibility: the data controller will be responsible for ensuring that the above principles are met.



3. Data controller

The data controller of the personal data collected through the OBRALINK platform is SOLUCIONES DE INNOVACIÓN DIGITAL SPA, Tax ID No. 76.982.053-1, represented by EMILIANO ANDRÉS PINTO GOMEZ, national ID No. 15.088.698-8, hereinafter the data controller.

The contact details of the data controller are:

Email: info@obralink.com



4. Collection and registration of personal data and purpose of their processing

The personal data obtained by OBRALINK through the forms provided on its pages will be incorporated and processed in our databases to facilitate, expedite, and fulfill the commitments established between OBRALINK and the users, or to maintain the relationship established in the forms they fill out, or to attend a request or query from them.

Specifically, users' data will be obtained by OBRALINK through the following actions:

When creating an account, which can only be done through direct contact with the company, no personal information entry is allowed on the OBRALINK platform.



5. Categories of personal data

The categories of data processed at OBRALINK are only identifying data. In no case are sensitive personal data processed, such as people's health status or their political opinions or religious beliefs.

Sensitive data cannot be processed unless authorized by law, there is consent from the data subject, or the data is necessary for the determination or granting of health benefits corresponding to the data subjects.



6. Legal basis for the processing of personal data

The processing of personal data can only be carried out when authorized by law or with the express consent of the data subject.

OBRALINK commits to obtaining the user's express, written, and verifiable consent regarding the personal data for which they are the data subject, for the processing of such data for one or more specific, duly informed purposes.

It will also be informed of the possible public communication of the stored and processed data.

No authorization is required for the processing of personal data that come from or are collected from publicly accessible sources when they are of an economic, financial, banking, or commercial nature, are contained in lists related to a category of people that only indicate background information such as the individual's membership in that group, their profession or activity, educational titles, address, or date of birth, or are necessary for direct response commercial communications or direct marketing or sale of goods or services.

Authorization is also not required for the processing of personal data carried out by private legal entities for their exclusive use, their associates, and the entities to which they are affiliated, for statistical, pricing, or other purposes of general benefit to them.

Personal data must only be used for the purposes for which they were collected unless they come from or have been collected from publicly accessible sources.

Sensitive data cannot be processed unless authorized by law, there is consent from the data subject, or the data is necessary for the determination or granting of health benefits corresponding to the data subjects.

The user has the right to withdraw their consent at any time. It will be as easy to withdraw consent as it is to give it. Withdrawal of consent will condition the use of the platform.

On occasions when the user must or can provide their data through forms to make inquiries, request information, or for reasons related to the platform's content, they will be informed if the completion of any of them is mandatory because they are essential for the proper development of the operation performed.



7. Retention period of personal data

Personal data will only be retained for the minimum necessary time for the purposes of their processing and, in any case, only for the following period: Indefinitely, or until the user requests their deletion.

At the time personal data is obtained, the user will be informed of the period during which the personal data will be retained or, when this is not possible, the criteria used to determine this period.



8. Recipients of personal data

Users' personal data will not be shared, sold, transferred, rented, commercialized, or transmitted in any way to third parties, except in cases required by law.



9. Personal data of minors

Only individuals over 14 years old can give their consent for the lawful processing of their personal data by OBRALINK.

If it concerns a person under 14 years old, the consent of the parents or legal representatives or the person responsible for the personal care of the child will be necessary unless expressly authorized or mandated by law.Sensitive data of adolescents under 16 years old can only be processed with the consent of their parents or legal representatives or the person responsible for the minor's personal care unless expressly authorized or mandated by law.



10. Confidentiality and security of personal data

OBRALINK commits to adopting the necessary technical and organizational measures, according to the appropriate security level for the risk of the collected data, to ensure the security of personal data and prevent the accidental or unlawful destruction, loss, or alteration of personal data transmitted, stored, or otherwise processed, or unauthorized communication or access to such data.

The OBRALINK.COM website has an SSL (Secure Socket Layer) certificate, which ensures that personal data is transmitted securely and confidentially, as this transmission between the server and the user, and in feedback, is fully encrypted or encrypted.

However, since OBRALINK cannot guarantee the invulnerability of the internet or the total absence of hackers or others who may fraudulently access personal data, the data controller commits to informing users without undue delay of any breach of personal data security that is likely to entail a high risk for the rights and freedoms of individuals. A breach of personal data security means any security breach that results in the accidental or unlawful destruction, loss, or alteration of personal data transmitted, stored, or otherwise processed, or unauthorized communication or access to such data.

Personal data will be treated as confidential by the data controller, who commits to informing and guaranteeing through a legal or contractual obligation that this confidentiality is respected by its employees, associates, and anyone to whom the information is made accessible.



11. Rights derived from the processing of personal data

Users have the following rights over OBRALINK and can, therefore, exercise the following rights against the data controller:

a. Right of access: users have the right to obtain confirmation of whether OBRALINK is processing their personal data and, if so, to obtain information about their specific personal data and the processing that OBRALINK has carried out or is carrying out, as well as, among others, the information available on the origin of such data and the recipients of the communications made or planned for the same.

b. Right of rectification: users have the right to have their inaccurate personal data modified or, considering the purposes of the processing, incomplete.

c. Right of deletion "the right to be forgotten": users have the right, provided that the current legislation does not establish otherwise, to obtain the deletion of their personal data when they are no longer necessary for the purposes for which they were collected or processed; when the user has withdrawn their consent for the processing and there is no other legitimate reason to continue with it; when the personal data has been unlawfully processed; when the personal data must be deleted to comply with a legal obligation.

If the deleted or rectified personal data has been previously communicated to certain or determinable third parties, the data controller must inform them of the operation carried out as soon as possible. If it is not possible to determine the individuals to whom it has been communicated, a notice will be posted that can be generally known to those who use the information from the database.

Rectification, deletion, or blocking of personal data stored by legal mandate cannot be requested, except in cases provided for in the respective law.

d. Right to restriction of processing: users have the right to limit the processing of their personal data. The user has the right to obtain the restriction of processing when they contest the accuracy of their personal data, the processing is unlawful, the data controller no longer needs the personal data, but the user needs them to make claims, and when the user has objected to the processing.

e. Right to data portability: if the processing is carried out by automated means, the user has the right to receive their personal data from the data controller in a structured, commonly used, and machine-readable format, and to transmit them to another data controller. Whenever technically possible, the data controller will transmit the data directly to the other data controller.

f. Right to object: users have the right to object to the processing of their personal data or to stop the processing by OBRALINK.

g. Right not to be subject to a decision based solely on automated processing, including profiling: users have the right not to be subject to an individualized decision based solely on the automated processing of their personal data, including profiling, unless current legislation provides otherwise.

Users can exercise their rights by written communication addressed to the data controller, as established by article 16 of Law No. 19.628.



12. Complaints to the supervisory authority

If the user believes there is a problem or violation of current regulations in the way their personal data is being processed, they have the right to take the actions they deem appropriate before the Courts of Justice.



II. COOKIE POLICY

Access to this website may involve the use of cookies. Cookies are small amounts of information stored in the browser used by each user - on the different devices they may use to browse - so that the server remembers certain information that only the server that implemented it will read later. Cookies facilitate navigation, make it more user-friendly, and do not damage the browsing device.

The information collected through cookies may include the date and time of visits to the platform, the pages visited, the time spent on the platform, and the sites visited just before and after it. However, no cookie allows it to contact the user's phone number or any other means of personal contact. No cookie can extract information from the user's hard drive or steal personal information. The only way that the user's private information becomes part of the cookie file is if the user personally provides that information to the server.

Cookies that allow identifying a person are considered personal data. Therefore, the Privacy Policy described above will apply to them. In this sense, the user's consent will be required for their use. This consent will be communicated based on an authentic choice, offered through an affirmative and positive statement, before the initial processing, removable and documented.

1. First-party cookies

These are cookies sent to the user's computer or device and managed exclusively by OBRALINK for the better functioning of the platform. The information collected is used to improve the quality of the platform, its content, and the user experience. These cookies allow recognizing the user as a recurring visitor to the platform and adapting the content to offer content that suits their preferences.

The entities responsible for providing cookies may transfer this information to third parties, provided that the law requires it or a third party processes this information for those entities.

2. Disable, reject, and delete cookies

Users can disable, reject, and delete cookies - totally or partially - installed on their device through their browser settings (such as Chrome, Firefox, Safari). In this sense, the procedures for rejecting and deleting cookies may differ from one internet browser to another. Consequently, the user must refer to the instructions provided by the internet browser they are using. If the use of cookies is rejected - totally or partially - the platform can still be used, but some functionalities may be limited.



III. ACCEPTANCE AND CHANGE OF THIS PRIVACY POLICY

It is necessary for the user to have read and agreed with the terms on the protection of personal data contained in this privacy and cookie policy and to accept the processing of their personal data for the data controller to proceed in the manner, during the periods, and for the purposes indicated. Use of the platform implies acceptance of its privacy and cookie policy.

OBRALINK reserves the right to modify its privacy and cookie policy at its discretion or driven by a legislative or jurisprudential change. Changes or updates to this privacy and cookie policy will be brought to the user's attention.

Users are advised to check this page periodically to stay informed of the latest changes or updates.

This privacy and cookie policy was created on August 1, 2023, and is updated to comply with current legislation.