LP MISMOSPAY PRIVACY POLICY

Introduction and General Guidelines

This Policy for the Treatment and Protection of Personal Data (the «Policy») of the companies that make up the LP MIMOSPAY («LP GROUP» / «Company») establishes the criteria that must be applied for the treatment and protection of Personal Data, such as the collection, storage, use, circulation, elimination and, in general, of all those activities that imply the Treatment of Personal Data.

Likewise, the purpose of this policy is to provide a common understanding of the Company’s data as a critical resource for the business line and to establish the responsibilities that accompany the use of this data and the management by all employees of the LP Group.

Company data is defined as any information that is created, collected and stored by the Company or any office of the Company in support of its functions. Such data may relate to employees, customers, customers of our customers or other members of the Company. This includes both current and former employees, customers, customers of our customers and other members of the Company which may consist of personal, financial, medical or job performance information.

Our customers’ data is one of LP Group’s most valuable resources and represents a significant investment. Sound data management policies, procedures and practices will effectively support informed decision making based on real data that can significantly contribute to furthering the Company’s strategic directions.Our data management policies, procedures and practices are designed to safeguard three vital aspects of data: Integrity, Security and Access. Our data management policies, procedures and practices are designed to safeguard three vital aspects of data: Integrity, Security and Access.

Data integrity includes qualities of accuracy, consistency and timelines. This data is a company resource that can be used by many users and is trustworthy. Data integrity begins with the person or office that creates it, and it is the responsibility of the IT department and every office in the Group to ensure that it exists.Data security encompasses more than electronic security. While some aspects of security can be of security may be assured by technology, security also encompasses a measure of trust. As a business-critical company resource, data must be safeguarded at all levels against damage, loss, and corruption and security breaches, and all users share this responsibility.

Access to institutional data is granted internally when there is a demonstrated legitimate business or research need for the data and externally when disclosure of such data would not violate obligations, privacy legislation or legal contracts. Whenever possible, data should be collected at the source and made available to all members of the Company who have a legitimate business need for the data for commercial purposes.

  1. Definitions

     

These terms correspond to generalities and guidelines regarding the protection of personal data, which should be interpreted in accordance with the regulations governing each country belonging to LP GROUP.

Personal data: This is any information linked or that can be associated to a specific person, such as name or identification number, or that can make it determinable, such as physical features.

Public data: This is one of the existing types of personal data. Public data includes, among others, data relating to the marital status of individuals, their profession or trade, and their status as a merchant or public servant. By their nature, public data may be contained, among others, in public records, public documents, official gazettes and bulletins and duly executed court rulings that are not subject to reserve.

Semi-private data: Data that are not of an intimate, reserved or public nature and whose knowledge or disclosure may be of interest not only to the owner but also to a certain sector or society in general. Financial and credit data from commercial or service activities are some examples.

Private data: It is the data that due to its intimate or reserved nature is only relevant to the holder. The tastes or preferences of individuals, for example, correspond to private data.

Sensitive data: It is information of a personal nature that reveals, for example, but not limited to: racial or ethnic origin, political preferences, religious convictions or beliefs, sexual orientation, self-determination in its different spheres, exercise of the right to privacy, and the exercise of the right to freedom of expression unionization, political affiliations, membership in social groups, information on the person’s health status, biometric data, among others.

Authorization: It is the consent conferred to any person so that the companies or persons responsible for the processing of information, can use their personal data.

Database: Organized set of personal data that are subject to processing and use.

Data processor: The natural or legal person who carries out the processing of personal data, based on a delegation made by the data controller, receiving instructions about the way in which the data should be managed.

Data controller: The natural or legal person, public or private, who decides on the purpose of the databases and/or the use of the data.

Data subject: The natural person whose personal data is the object of processing.

Processing: Any operation or set of operations on personal data, such as collection, storage, use, circulation or suppression.

Privacy notice: It is one of the verbal or written communication options granted by law to inform the owners of the information, the existence and ways to access the information processing policies and the purpose of its collection and use.

Data protection officer: Person responsible for supervising and controlling that the measures on the treatment of personal data implemented by the company, are fully complied with. in turn, becomes responsible for the treatment of such data.

Data transmission: Processing of personal data that involves the communication of such data within or outside the territory of each country when the purpose of the processing is to be carried out by the Data Processor on behalf of the Controller.

Transfer of data: Refers to the transfer by the person responsible or directly in charge of the processing of personal data of the information or personal data, to another person or public or private entity; which in turn, is responsible for the processing of the data; which may be located within or outside of each country.

B. General Principles

– Principle of legality in matters of data processing.
The processing referred to in the law is a regulated activity that must be subject to the provisions of the law and other provisions that develop it.

– Principle of purpose
The processing must obey a legitimate purpose in accordance with the laws that regulate it, which must be informed to the Data Subject.

– Principle of freedom
Processing may only be carried out with the prior, express and informed consent of the Data Subject. Personal data may not be obtained or disclosed without prior authorization, or in the absence of a legal mandate that relieves the consent.

– Principle of truthfulness or quality
The information subject to processing must be truthful, complete, accurate, updated, verifiable and understandable. The processing of partial, incomplete, fractioned or misleading data is prohibited.

– Principle of transparency
The right of the Data Subject to obtain from the Data Controller or the Data Processor, at any time and without restrictions, information about the existence of data concerning him/her, must be guaranteed in the Processing.

– Principle of restricted access and circulation
Processing is subject to the limits that derive from the nature of the personal data, from the provisions of the laws that regulate it. Processing may only be carried out by persons authorized by the Data Controller and/or by the persons provided for in the laws that regulate it.

– Principle of security
The information subject to Processing by the Responsible or Responsible party referred to in the laws that regulate it, shall be handled with the technical, human and administrative measures that are necessary to provide security to the records avoiding their adulteration, loss, consultation, use or unauthorized or fraudulent access.

– Principle of confidentiality
All persons involved in the processing of personal data that are not of a public nature are obliged to guarantee the confidentiality of the information, even after the end of their relationship with any of the tasks involved in the processing, and may only provide or communicate personal data when it corresponds to the development of the activities authorized by law and under the terms of this.

C.General provisions set forth in the GDRP for the protection of personal data

The GDRP (General Data Protection Regulation) develops the right to know, update and rectify the information collected in databases and the other rights, freedoms and guarantees (right to privacy and right to information, respectively.) 

GDPR” means Regulation 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processingof personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

Considering the way a database is stored, a distinction can be made between automated databases and manual databases or archives. Automated databases are those that are stored and managed with the help of computer tools. Manual databases or archives are those whose information is organized and stored in a physical way, such as and stored in a physical form, such as supplier order forms containing personal information relating to the supplier, such as name, identification, telephone numbers, e-mail addresses, etc.

The guidelines exempt from the protection regime the following: (i) files and databases belonging to the personal or domestic sphere; (ii) those whose purpose is national security and defense, prevention, detection, monitoring and control of money laundering and financing of terrorism, (iii) those whose purpose and contain intelligence and counterintelligence information, (iv) journalistic information and other editorial content, (v) financial and credit information, commercial, services and from third countries and (vi) information on population and housing censuses.

D.Confidentiality Guarantee

At LP MIMOSPAY, all employee and customer information of a personal nature is handled with the utmost confidentiality. Internally, different controls and processes are managed to ensure that all information is handled confidentially.

Comprehensive Data Protection Program

Program Controls

1. Classification of personal data.

 The data that the company processes is defined and classified as follows:

  • General identification data such as: first name, last name, type of identification, identification number, date and place of issue, name, marital status, sex, etc.

  • Specific identification data such as: signature, nationality, electronic signature, other identification documents, place and date of birth, age, etc.

  • Biometric data such as: fingerprints, photographs, videos, etc.

  • Location data related to the private activity of individuals such as: address, telephone, e-mail, etc.

  • Data related to the person’s health in terms of orders and list of complementary tests such as laboratory, imaging, endoscopies, pathological, studies, etc.

  • Data on persons with disabilities.

  • Data related to the person’s work history, work experience, position, dates of entry and retirement, annotations, calls for attention, etc.

  • Data related to the person’s educational level, training and/or academic history, etc.

  • General data related to affiliation and contributions to the social security systems of each country.

  • Personal data of access to information systems such as: users, IP, passwords, profiles, etc.

Guidelines on the use of data and information.

The Company’s data should be used only by those persons duly authorized to access and use specific data by virtue of their position in the Company, and only for the purpose for which they have been authorized. Authorization to access data is not transferable.

Company data may not be accessed or manipulated for personal gain or for a particular interest. Data users must perform all tasks related to the creation, storage, maintenance, use, distribution and disposal of Company data responsibly, promptly and with the greatest possible care.  

Data users must not knowingly falsify data, delete data that should not be deleted or reproduce data that should not be reproduced.

Data users must respect the privacy of individuals to whose records they may have access.

Personal information contained in database files may not be disclosed. Disclosure is understood to include, but is not limited to, verbal references or inferences, correspondence, memoranda, and electronic file sharing.

The Company and all its employees will ensure that users are aware of the application of privacy legislation and compliance with it. The appropriate Department Head will grant access to Company data. Its use is subject to the Company’s policies on intellectual property and ethics, as well as applicable privacy legislation.

If there is reasonable evidence that laws or Company policies are being or have been violated, or that continued access threatens the normal operations or reputation of the Company, the Company may withdraw or restrict access privileges to any employee. Any violation of this policy may be grounds for disciplinary action, up to and including termination of employment and criminal prosecution.   

LP MIMOSPAY shall not be liable for any damages, including any indirect, punitive, or specialdamages (including loss of business, loss of profits, use of data, or other economic benefits,including, without limitation, any indirect, punitive, special damages), whether or not theyarise out of or are in connection with a breach of this Agreement (including breach of warranty) or infringement, even if the possibility of such loss has been previously notified. In addition, if the exclusive relief provided for in this Agreement does not meet its basic purpose, the liability of the LP GROUP for such loss shall be excluded.

 

 

Scroll al inicio

Hello!

Click here to chat with Customer Support on Telegram @LPMimosPAY or send us an email to info@mimospay.com

Verificado por MonsterInsights