a) Data storage: conservation or custody of data in a registry, data bank, or database.
b) Statistical data: data that due to its origin, or as a result of its processing, cannot be associated with an identified or identifiable owner.
c) Data of a personal nature or personal data: data relating to any information concerning natural, identified or identifiable persons.
d) Sensitive data: personal data that refer to the physical or moral characteristics of people or to facts or circumstances of their private life or intimacy, such as personal habits, racial origin, political ideologies and opinions, religious beliefs or convictions, physical or mental health conditions, and sex life.
e) Registry, bank, or database: an organized set of personal data, which may be automated or not, regardless of the manner or modality of its creation or organization, that allows data to be linked, and for any type of data processing to be carried out.
f) Person in charge of the registry, data bank, or database: the natural or legal person in charge of decisions related to the processing of data of a personal nature, also known as the person in charge of processing personal data.
g) Data owner: natural person to whom personal data pertain.
h) Data processing: any operation or series of operations or technical procedures, whether automated or not, that make it possible to collect, store, record, organize, elaborate, select, extract, compare, interconnect, decouple, communicate, assign, transfer, transmit or cancel data of a personal nature, or use them in any other way.

The processing of users' personal data will be subject to the following principles:
a) Lawfulness, loyalty and transparency principle: the consent of the user will be required at all times provided that he/she is fully informed of the purposes for which personal data is being collected.
b) Purpose limitation principle: personal data will be collected for specified, explicit, and legitimate purposes.
c) Data minimization principle: personal data collected will be only those strictly necessary in relation to the purposes for which they are processed.
d) Accuracy principle: Personal data must be accurate and will always be up-to-date.
e) Storage limitation principle: personal data will only be maintained so as to allow user identification for the time necessary for the purposes of their processing.
f) Integrity and confidentiality principle: personal data will be processed in a way that guarantees its security and confidentiality.
g) Accountability principle: the person in charge of processing will be responsible for ensuring that the above principles are complied with.

The person responsible for the processing of personal data collected through the VALIDRISK website is KOFF & GUERRERO CONSULTANTS S.A., Unique Tax Role No. 76.076.303-9, represented by MANUEL REYES FUENTES, National Identity Card No. 7.508.415-3, hereafter, the person in charge of processing.

The contact information of the person in charge of processing are:

• E-mail: contact@ValidRisk.com

• Address: Avenida Presidente Kennedy 5735, Oficina 1501, Las Condes, Santiago - Chile

• Phone number: +56 222 036 494

The personal data obtained by VALIDRISK through the forms found on its pages will be incorporated and processed in our databases in order to facilitate, expedite and fulfill the obligations of VALIDRISK o its users, either for the maintenance of the relationship established in the forms filled out by the users, or to respond to a user request or query.

Specifically, user data will be obtained by VALIDRISK through the following action(s): When registering to use ValidRisk licenses.

The data categories processed in VALIDRISK are solely identifying data. Under no circumstances are sensitive categories such as the health status of individuals or their political opinions or religious beliefs processed.

Sensitive data cannot be processed, except when authorized by law, when there is consent from the owner of such data, or when such data is necessary for determining or granting health benefits that correspond to the data owners.

The processing of personal data may only be carried out when authorized by law or when the owner has expressly consented to it.

VALIDRISK undertakes to obtain the express, wriNen and verifiable consent of the user regarding the personal data of which he or she is the owner, in order to process such data for one or more specific purposes, duly informed.

The eventual disclosure of stored and processed data to the public will also be reported.

Authorization is not required for the processing of personal data coming from or collected from sources accessible to the public when they are of an economic, financial, banking, or commercial nature, are contained in lists relating to a category of people that are limited to providing background information such as the individual's membership in that group, his/her profession or occupation, educational qualifications, address, and date of birth, or are necessary for direct response commercial communications, marketing, or the sale of goods or services.

Neither will such authorization be required for the processing of personal data carried out by private legal entities for the exclusive use of themselves, their associates, and affiliated entities, for statistical, pricing, or other purposes of general benefit to them.

Personal data must be used only for the purposes for which they were collected unless they come from or have been collected from sources accessible to the public.

Sensitive data cannot be processed, except when authorized by law, when the owner has provided consent, or when it is necessary for determining or granting health benefits to data owners.

The user has the right to withdraw his or her consent at any time. It will be as easy to withdraw as to give consent. As a general rule, withdrawal of consent will not restrict the use of the website.

Whenever the user must or may provide their data through forms in order to make inquiries, request information, or for other purposes related to the contents of the website, he/she will be informed if the completion of any of these forms is mandatory due to being essential for the correct development of the operation undertaken.

Personal data will only be retained for the minimum time necessary for the purposes of its processing and, in any case, only for the following period: for the current licensing period or until the user or customer requests its deletion, or until the user requests its erasure.

At the time the personal data is obtained, the user will be informed of the period during which the personal data will be stored or, when this is not possible, the criteria used to determine this period.

The personal data of users will not be shared, sold, transferred, leased, marketed or transmiNed in any way to third parties, except as required by law.

Only people over the age of 14 will be able to consent to the processing of their personal data in a lawful way by VALIDRISK.

If a person is under the age of 14, the consent of his/her parents, legal representatives, or the person in charge of the child's personal care will be required, unless expressly authorized or mandated by law.

Sensitive data belonging to adolescents under 16 years of age may only be processed with the consent granted by their parents, legal representatives, or the person in charge of the personal care of the minor, unless expressly authorized or mandated by law.

VALIDRISK undertakes to adopt the necessary technical and organizational measures, according to the level of security appropriate to the risk of the collected data, so as to guarantee the security of personal data and prevent the accidental or unlawful destruction, loss, or alteration of transmiNed, stored, or otherwise processed personal data, as well as to prevent the unauthorized communication or access to such data.

The website WWW.VALIDRISK.COM has an SSL (Secure Socket Layer) certificate, which ensures that personal data is transmiNed securely and confidentially, as this transmission between the server and the user, and vice versa, is fully encrypted.

However, because VALIDRISK cannot guarantee the impregnability of the internet or the total absence of hackers or others who fraudulently access personal data, the person in charge of processing undertakes to inform users, without undue delay, of any breach of personal data security that is likely to imply a high risk to the rights and freedoms of natural persons. A personal data breach is understood as any breach of security that results in the accidental or unlawful destruction, loss or alteration of personal data transmiNed, stored or otherwise processed, or the unauthorized communication of or access to such data.

Personal data will be treated as confidential by the person in charge of processing, who undertakes to inform and to guarantee by means of a legal or contractual obligation that said confidentiality is respected by its employees, associates, and any person to whom he/she makes the information accessible.

The user has the following rights over his/her personal data collected by VALIDRISK and may, therefore, exercise these rights vis-à-vis the person in charge of processing:

a) Right of access: the user's right to receive confirmation regarding whether VALIDRISK is processing his/her personal data and, if this is the case, receive information about their specific personal data and the processing that VALIDRISK has conducted or will conduct, as well as, among other information, the information available regarding the origin of such data and the recipients of the disclosures made or expected to be made of such data.
b) Right to rectification: the user's right to have his/her personal data rectified if they prove to be inaccurate or, taking into account the purposes of the processing, incomplete.
c) Right to erasure ("the right to be forgoNen"): the right of users, unless otherwise provided for by law, to have their personal data erased when they are no longer required for the purposes for which they were collected or processed; when the user has withdrawn his/her consent to the processing and there is no other legitimate reason to continue with it; when the personal data have been processed unlawfully; when the personal data must be erased in compliance with a legal obligation.
If the erased or rectified personal data have been previously disclosed to specific or identifiable third parties, the person in charge of processing must notify them as soon as possible of the action taken. If it is not possible to determine to whom it has been disclosed, a notice that may be generally known to those who use the information in the database will be issued.
The rectification, erasure, or blocking of personal data stored under legal obligation may not be requested, outside of situations established by the respective law.
d) Right to restriction of processing: the user's right to limit the processing of his/her personal data. The user has the right to obtain the restriction of processing when he/she contests the accuracy of his/her personal data, the processing is unlawful, the person in charge of processing no longer needs the personal data, but the user needs it to make claims, or when the user has objected to the processing.
e) Right to data portability: in the event that the processing is carried out by automated means, the user will have the right to receive his/her personal data from the person in charge of processing in a structured, commonly used, machine-readable format, and to transmit such data to another person in charge of processing. Whenever technically possible, the person in charge of processing will transmit the data directly to the other person in charge of processing.
f) Right to object: the user's right to stop the processing of his/her personal data or to stop its processing by VALIDRISK.
g) Right to not be the subject of a decision that is only based on automated decision-making, including profiling: the user's right to not be subject to an individualized decision only based on the automated processing of his/her personal data, including profiling, unless otherwise stipulated by legislation in force. The user may exercise his/her rights by means of wriNen communication addressed to the person in charge of processing, as established in Article 16 of Law N° 19.628.

If the user believes that there is a problem with or infringement of the regulations in force regarding the way in which his/her personal data is being processed, he/she will have the right to exercise the actions he/she deems appropriate before the Courts of Law.

These are the cookies that are sent to the computer or device of the user and managed exclusively by VALIDRISK to improve the functioning of the website. The information collected is used to improve the quality of the website, its content, and user experience. These cookies make it possible to recognize the user as a recurring visitor of the website and customize its content to offer content that suits their preferences.

The entity or entities in charge of providing cookies may transfer this information to third parties, if required by law or if a third party processes this information for such entities.

The user can fully or partially disable, reject, and delete cookies installed on his/her device by configuring his/her browser (such as Chrome, Firefox, or Safari). In this regard, the procedures for rejecting and deleting cookies may differ from one internet browser to another. Consequently, the user must follow the instructions provided by the internet browser he/she is using. In the event that the user fully or partially rejects the use of cookies, he/she may continue to use the website, although the use of some of its features may be limited.