1. LEGAL BASIS AND SCOPE OF APPLICATION

1.1 Scope

This document applies to all personal data or any other type of information used or stored in the databases and files of ANIPROTEIN, hereinafter referred to as “ANIPROTEIN.” It respects the criteria for obtaining, collecting, using, processing, handling, sharing, transferring, and transmitting personal data. It also establishes the responsibilities of ANIPROTEIN employees in the management and processing of personal data stored in its databases and files.

2. RECIPIENTS

This policy applies to all physical and digital databases that contain personal data and are subject to processing by ANIPROTEIN, acting as the data controller. It ensures that sufficient information is available regarding the various purposes for which personal data is processed, as well as the rights of data subjects with respect to ANIPROTEIN’s handling of their personal information.

3. DEFINITIONS

3.1. Authorization – Prior, express, and informed consent of the Data Subject for processing personal data.

3.2. Database – An organized set of personal data subject to processing.

3.3. Personal Data – Any information linked or that can be associated with one or more identified or identifiable natural persons.

3.4. Public Data – Data not classified as semi-private, private, or sensitive. Examples include a person’s civil status, profession, or status as a public servant.

3.5. Semi-private Data – Information that is not intimate, reserved, or public and whose access may concern not only the data subject but also certain groups or society at large (e.g., financial, credit, or commercial data).

3.6. Private Data – Personal data that, due to its intimate nature, concerns only the data subject and requires prior, informed, and express authorization for processing.

3.7. Sensitive Data – Data that affects the privacy of the data subject or can lead to discrimination, such as racial or ethnic origin, political opinions, religious beliefs, union membership, health data, sexual life, and biometric data.

3.8. Data Processor – A natural or legal person, public or private, who processes personal data on behalf of the data controller.

3.9. Data Controller – A natural or legal person, public or private, who determines the purpose and means of the processing of personal data.

3.10. Database Administrator – The person responsible for ensuring proper implementation of data policies within specific databases and executing guidelines set by the Data Controller and the Data Protection Officer.

3.11. Data Protection Officer (DPO) – The individual responsible for coordinating the implementation of the legal framework for data protection and handling requests from data subjects.

3.12. Data Subject – The natural person whose personal data is processed.
3.13. Processing – Any operation or set of operations performed on personal data, such as collection, storage, use, circulation, or deletion.

3.14. Privacy Notice – A written or verbal communication from the data controller to the data subject, informing them about the processing of their personal data, including applicable policies and purposes.

3.15. Transfer – The act of moving information between locations through various channels, such as uploading, downloading, or peer-to-peer sharing.

3.16. Transmission – The communication of personal data within or outside national territory for processing on behalf of the data controller.

4. DATA PROTECTION PRINCIPLES

The following principles must be harmoniously and comprehensively applied in the development, interpretation, and application of the law:

4.1. Legality – Data processing must adhere to applicable legal provisions.

4.2. Purpose – Data must be processed for legitimate and previously informed purposes.

4.3. Freedom – Data may only be processed with the prior, express, and informed consent of the data subject.

4.4. Accuracy and Quality – Information must be truthful, complete, accurate, up to date, and verifiable.

4.5. Transparency – The data subject has the right to request and obtain information regarding the processing of their data at any time.

4.6. Restricted Access and Circulation – Data may only be accessed and processed by authorized persons or as permitted by law.

4.7. Security – Data must be protected against unauthorized or fraudulent access, loss, or alteration through appropriate technical, human, and administrative measures.

4.8. Confidentiality – Anyone involved in data processing must maintain confidentiality, even after their relationship with ANIPROTEIN ends.

5. POLICY AUTHORIZATION

Processing of personal data requires the prior and informed consent of the data subject. By accepting this policy, the data subject consents to the processing of their data by ANIPROTEIN in accordance with its terms.

Authorization is not required in the following cases:

• When requested by public or administrative entities under legal authority or by court order
• When the data is public in nature
• In cases of medical or health emergencies
• For data processing authorized by law for historical, statistical, or scientific purposes

6. DATA CONTROLLER CONTACT INFORMATION

ANIPROTEIN is the Data Controller and can be contacted at:

• Email: [email protected]
• Phone: +57 (601) 7044524

7. PURPOSES OF DATA PROCESSING

ANIPROTEIN processes data for legitimate purposes in accordance with the law, including:

• Use of data solely for its legitimate business activities
• Access to website services and downloads
• Storing data in its information systems and databases
• Transferring or transmitting data as needed for operations
• Sharing data with third parties under contractual agreements
• Performing administrative and security activities

8. RIGHTS OF DATA SUBJECTS

The data subject may exercise the following rights:

8.1. Right to Information and Access – To be informed of the origin, use, and purpose of their data.

8.2. Right to File Complaints:

• Correction of inaccurate or incomplete data
• Deletion of inappropriate or excessive data
• Revocation of authorization
• Reporting of legal breaches

8.3. Right to Request Authorization Proof

8.4. Right to File Complaints with Authorities after internal remedies are exhausted

8.5. Right to Revoke Consent and Request Data Deletion

9. DATA COLLECTION AUTHORIZATION

ANIPROTEIN will request authorization from the data subject at the time of data collection, indicating the purpose and retaining proof of consent.

10. PROCESSING OF MINORS’ DATA

In accordance with the law, ANIPROTEIN is not authorized to process minors’ data, except when:

• It serves the best interests of the child
• It respects the child’s fundamental rights

11. DATA SUBJECT SUPPORT

The DPO will address requests from data subjects via:

• Phone: (601) 7044524
• Email: [email protected]

12. PROCEDURES TO EXERCISE RIGHTS

12.1. Access Requests – Free once per calendar month or when policy changes occur
12.2. Complaints and Claims – Must include full identification and justification
Incomplete claims must be corrected within two (2) months, or they will be considered withdrawn.

Resolution times:

• Access: within 10 business days (extendable by 5)
• Complaints: within 15 business days (extendable by 8)

13. SECURITY MEASURES

ANIPROTEIN will implement appropriate security measures and require the same from third-party processors via contractual agreements.

14. INCIDENT MANAGEMENT

Incidents (loss, theft, unauthorized access) must be reported immediately to the DPO. ANIPROTEIN maintains an incident log and informs authorities and data subjects as needed.

15. RISK MANAGEMENT

A risk management system will be in place, assessing technological, human, infrastructure, and process vulnerabilities, aiming to minimize harm from potential incidents.

16. DATA DISCLOSURE TO AUTHORITIES

Any request by an authority will be verified for legality and documented, ensuring the rights of the data subject are protected.

17. INTERNATIONAL DATA TRANSFER

Permitted only if the recipient country ensures adequate protection or under specific legal scenarios (e.g., consent, health, contractual necessity, public interest).

18. INFORMATION SECURITY

ANIPROTEIN maintains policies and technical safeguards to ensure the integrity, confidentiality, and availability of personal data and requires the same of third parties.

19. DOCUMENT MANAGEMENT

Both physical and digital documents containing personal data will be protected. Distribution will be documented and traceable, with responsibility assigned for confidentiality.

20. VALIDITY

ANIPROTEIN will retain data only as long as necessary for its purposes or as legally required. This policy is effective as of January 27, 2025, and remains in force indefinitely.