ValidRisk Privacy Policy
General

This Privacy Policy establishes the terms in which Koff & Guerrero Consultants uses and protects the information that is provided by its users when using its website. This company is committed to the security of its users' data. When we ask you to fill in the fields of personal information with which you can be identified, we do this by ensuring that it will only be used in accordance with the terms of this document. However, this Privacy Policy may change over time or be updated, so we recommend and emphasize that you continually review this page to ensure that you agree with said changes.

1 Privacy and Personal Data Protection Policy

The website WWW.VALIDRISK.COM, hereafter "VALIDRISK," "WWW.VALIDRISK.COM" or "the website," indistinctly, discloses to the people who use it, hereafter "users," this privacy and personal data protection policy.

This privacy and personal data protection policy is part of the General Terms and Conditions of Use of the website WWW.VALIDRISK.COM. For more information, please review the General Terms and Conditions of Use located on the website, which are available at the following link: hNps://ValidRisk.com/Pub/Home/PrivacyPolicy.

Reading the General Terms and Conditions will allow users to learn how VALIDRISK collects, processes, and protects their personal data.

Access to, use of, and continuous presence on the website WWW.VALIDRISK.COM implies acceptance of this privacy policy.

Of particular importance are the enforcement of Law No. 19,628 regarding the Protection of Personal Data and Law No. 19,496 regarding Consumer Rights.

This policy, insofar as it does not contravene Chilean law, is compliant with the European General Data Protection Regulation (GDPR).

1.1 Definitions

a) Data storage: conservation or custody of data in a registry, data bank, or database.
b) Statistical data: data that due to its origin, or as a result of its processing, cannot be associated with an identified or identifiable owner.
c) Data of a personal nature or personal data: data relating to any information concerning natural, identified or identifiable persons.
d) Sensitive data: personal data that refer to the physical or moral characteristics of people or to facts or circumstances of their private life or intimacy, such as personal habits, racial origin, political ideologies and opinions, religious beliefs or convictions, physical or mental health conditions, and sex life.
e) Registry, bank, or database: an organized set of personal data, which may be automated or not, regardless of the manner or modality of its creation or organization, that allows data to be linked, and for any type of data processing to be carried out.
f) Person in charge of the registry, data bank, or database: the natural or legal person in charge of decisions related to the processing of data of a personal nature, also known as the person in charge of processing personal data.
g) Data owner: natural person to whom personal data pertain.
h) Data processing: any operation or series of operations or technical procedures, whether automated or not, that make it possible to collect, store, record, organize, elaborate, select, extract, compare, interconnect, decouple, communicate, assign, transfer, transmit or cancel data of a personal nature, or use them in any other way.

1.2 Principles applicable to the processing of personal data

The processing of users' personal data will be subject to the following principles:
a) Lawfulness, loyalty and transparency principle: the consent of the user will be required at all times provided that he/she is fully informed of the purposes for which personal data is being collected.
b) Purpose limitation principle: personal data will be collected for specified, explicit, and legitimate purposes.
c) Data minimization principle: personal data collected will be only those strictly necessary in relation to the purposes for which they are processed.
d) Accuracy principle: Personal data must be accurate and will always be up-to-date.
e) Storage limitation principle: personal data will only be maintained so as to allow user identification for the time necessary for the purposes of their processing.
f) Integrity and confidentiality principle: personal data will be processed in a way that guarantees its security and confidentiality.
g) Accountability principle: the person in charge of processing will be responsible for ensuring that the above principles are complied with.

1.3 Person in charge of the registry, data bank, or database

The person responsible for the processing of personal data collected through the VALIDRISK website is KOFF & GUERRERO CONSULTANTS S.A., Unique Tax Role No. 76.076.303-9, represented by MANUEL REYES FUENTES, National Identity Card No. 7.508.415-3, hereafter, the person in charge of processing.

The contact information of the person in charge of processing are:

• E-mail: contact@ValidRisk.com


• Address: Avenida Presidente Kennedy 5735, Oficina 1501, Las Condes, Santiago - Chile


• Phone number: +56 222 036 494

1.4 Collection and recording of personal data and the purpose of their processing

The personal data obtained by VALIDRISK through the forms found on its pages will be incorporated and processed in our databases in order to facilitate, expedite and fulfill the obligations of VALIDRISK o its users, either for the maintenance of the relationship established in the forms filled out by the users, or to respond to a user request or query.

Specifically, user data will be obtained by VALIDRISK through the following action(s): When registering to use ValidRisk licenses.

1.5 Personal data category

The data categories processed in VALIDRISK are solely identifying data. Under no circumstances are sensitive categories such as the health status of individuals or their political opinions or religious beliefs processed.

Sensitive data cannot be processed, except when authorized by law, when there is consent from the owner of such data, or when such data is necessary for determining or granting health benefits that correspond to the data owners.

1.6 Legal basis for processing personal data

The processing of personal data may only be carried out when authorized by law or when the owner has expressly consented to it.

VALIDRISK undertakes to obtain the express, wriNen and verifiable consent of the user regarding the personal data of which he or she is the owner, in order to process such data for one or more specific purposes, duly informed.

The eventual disclosure of stored and processed data to the public will also be reported.

Authorization is not required for the processing of personal data coming from or collected from sources accessible to the public when they are of an economic, financial, banking, or commercial nature, are contained in lists relating to a category of people that are limited to providing background information such as the individual's membership in that group, his/her profession or occupation, educational qualifications, address, and date of birth, or are necessary for direct response commercial communications, marketing, or the sale of goods or services.

Neither will such authorization be required for the processing of personal data carried out by private legal entities for the exclusive use of themselves, their associates, and affiliated entities, for statistical, pricing, or other purposes of general benefit to them.

Personal data must be used only for the purposes for which they were collected unless they come from or have been collected from sources accessible to the public.

Sensitive data cannot be processed, except when authorized by law, when the owner has provided consent, or when it is necessary for determining or granting health benefits to data owners.

The user has the right to withdraw his or her consent at any time. It will be as easy to withdraw as to give consent. As a general rule, withdrawal of consent will not restrict the use of the website.

Whenever the user must or may provide their data through forms in order to make inquiries, request information, or for other purposes related to the contents of the website, he/she will be informed if the completion of any of these forms is mandatory due to being essential for the correct development of the operation undertaken.

1.7 Personal data retention period

Personal data will only be retained for the minimum time necessary for the purposes of its processing and, in any case, only for the following period: for the current licensing period or until the user or customer requests its deletion, or until the user requests its erasure.

At the time the personal data is obtained, the user will be informed of the period during which the personal data will be stored or, when this is not possible, the criteria used to determine this period.

1.8 Personal data recipients

The personal data of users will not be shared, sold, transferred, leased, marketed or transmiNed in any way to third parties, except as required by law.

1.9 Personal data of minors

Only people over the age of 14 will be able to consent to the processing of their personal data in a lawful way by VALIDRISK.

If a person is under the age of 14, the consent of his/her parents, legal representatives, or the person in charge of the child's personal care will be required, unless expressly authorized or mandated by law.

Sensitive data belonging to adolescents under 16 years of age may only be processed with the consent granted by their parents, legal representatives, or the person in charge of the personal care of the minor, unless expressly authorized or mandated by law.

1.10 Secrecy and security of personal data

VALIDRISK undertakes to adopt the necessary technical and organizational measures, according to the level of security appropriate to the risk of the collected data, so as to guarantee the security of personal data and prevent the accidental or unlawful destruction, loss, or alteration of transmiNed, stored, or otherwise processed personal data, as well as to prevent the unauthorized communication or access to such data.

The website WWW.VALIDRISK.COM has an SSL (Secure Socket Layer) certificate, which ensures that personal data is transmiNed securely and confidentially, as this transmission between the server and the user, and vice versa, is fully encrypted.

However, because VALIDRISK cannot guarantee the impregnability of the internet or the total absence of hackers or others who fraudulently access personal data, the person in charge of processing undertakes to inform users, without undue delay, of any breach of personal data security that is likely to imply a high risk to the rights and freedoms of natural persons. A personal data breach is understood as any breach of security that results in the accidental or unlawful destruction, loss or alteration of personal data transmiNed, stored or otherwise processed, or the unauthorized communication of or access to such data.

Personal data will be treated as confidential by the person in charge of processing, who undertakes to inform and to guarantee by means of a legal or contractual obligation that said confidentiality is respected by its employees, associates, and any person to whom he/she makes the information accessible.

1.11 Rights relating to processing of personal data

The user has the following rights over his/her personal data collected by VALIDRISK and may, therefore, exercise these rights vis-à-vis the person in charge of processing:

a) Right of access: the user's right to receive confirmation regarding whether VALIDRISK is processing his/her personal data and, if this is the case, receive information about their specific personal data and the processing that VALIDRISK has conducted or will conduct, as well as, among other information, the information available regarding the origin of such data and the recipients of the disclosures made or expected to be made of such data.
b) Right to rectification: the user's right to have his/her personal data rectified if they prove to be inaccurate or, taking into account the purposes of the processing, incomplete.
c) Right to erasure ("the right to be forgoNen"): the right of users, unless otherwise provided for by law, to have their personal data erased when they are no longer required for the purposes for which they were collected or processed; when the user has withdrawn his/her consent to the processing and there is no other legitimate reason to continue with it; when the personal data have been processed unlawfully; when the personal data must be erased in compliance with a legal obligation.
If the erased or rectified personal data have been previously disclosed to specific or identifiable third parties, the person in charge of processing must notify them as soon as possible of the action taken. If it is not possible to determine to whom it has been disclosed, a notice that may be generally known to those who use the information in the database will be issued.
The rectification, erasure, or blocking of personal data stored under legal obligation may not be requested, outside of situations established by the respective law.
d) Right to restriction of processing: the user's right to limit the processing of his/her personal data. The user has the right to obtain the restriction of processing when he/she contests the accuracy of his/her personal data, the processing is unlawful, the person in charge of processing no longer needs the personal data, but the user needs it to make claims, or when the user has objected to the processing.
e) Right to data portability: in the event that the processing is carried out by automated means, the user will have the right to receive his/her personal data from the person in charge of processing in a structured, commonly used, machine-readable format, and to transmit such data to another person in charge of processing. Whenever technically possible, the person in charge of processing will transmit the data directly to the other person in charge of processing.
f) Right to object: the user's right to stop the processing of his/her personal data or to stop its processing by VALIDRISK.
g) Right to not be the subject of a decision that is only based on automated decision-making, including profiling: the user's right to not be subject to an individualized decision only based on the automated processing of his/her personal data, including profiling, unless otherwise stipulated by legislation in force. The user may exercise his/her rights by means of wriNen communication addressed to the person in charge of processing, as established in Article 16 of Law N° 19.628.

1.12 Complaints to the supervisory authority

If the user believes that there is a problem with or infringement of the regulations in force regarding the way in which his/her personal data is being processed, he/she will have the right to exercise the actions he/she deems appropriate before the Courts of Law.

2 Cookie Policy

Access to this website may involve the use of cookies. Cookies are small pieces of information that are stored on the browser used by each user -on the different devices that may be used to navigateso that the server remembers certain information that will later be read only by the server that implemented it. Cookies facilitate navigation, make it more user-friendly, and do not harm the navigation device.

The information collected through cookies may include the date and time of visits to the website, pages viewed, time spent on the website, and sites visited just before and after it. However, no cookie can be used to contact the user's telephone number or any other means of personal contact. No cookie can extract information from the user's hard drive or steal personal information. The only way for the user's private information to be part of the cookie file is for the user to personally give that information to the server.

Cookies that make it possible to identify a person are considered personal data. Thus, the aforementioned Privacy Policy will apply to these cookies. Accordingly, the use of cookies requires the consent of the user. This consent will be communicated on the basis of an authentic choice, given through affirmative and positive assent prior to initial processing. This choice is documented and can be withdrawn.

2.1 First-party cookies

These are the cookies that are sent to the computer or device of the user and managed exclusively by VALIDRISK to improve the functioning of the website. The information collected is used to improve the quality of the website, its content, and user experience. These cookies make it possible to recognize the user as a recurring visitor of the website and customize its content to offer content that suits their preferences.

The entity or entities in charge of providing cookies may transfer this information to third parties, if required by law or if a third party processes this information for such entities.

2.2 Disable, reject, and delete cookies

The user can fully or partially disable, reject, and delete cookies installed on his/her device by configuring his/her browser (such as Chrome, Firefox, or Safari). In this regard, the procedures for rejecting and deleting cookies may differ from one internet browser to another. Consequently, the user must follow the instructions provided by the internet browser he/she is using. In the event that the user fully or partially rejects the use of cookies, he/she may continue to use the website, although the use of some of its features may be limited.

3 Acceptance and Change of this Privacy Policy

The user must read and agree to the conditions regarding the protection of personal data contained in this privacy and cookie policy and accept the processing of his/her personal data so that the person in charge of processing can proceed in the indicated manner, for the indicated periods of time, and for the indicated purposes. Use of the website implies acceptance of its privacy and cookie policy.

VALIDRISK reserves the right to modify its privacy and cookie policy at its own discretion, or in response to a legislative or jurisprudential change. Changes or updates to this privacy and cookie policy will be disclosed to the user. The user is advised to check this page periodically to keep up to date on the latest changes or updates.

This privacy and cookie policy was created on May 5, 2023 and has been updated to comply with current legislation.

List of cookies at www.validrisk.com
Cookie Name Description Provider Category Expiration
.AspNetCore.Antiforgery.# It helps to avoid attack on the type of Petition Falsification in cross-sites (CSRF). validrisk.com Required Session
_grecaptcha This cookie is used to distinguish between human and boots. This is effective for the web with The object of preparing valid reports on the use of its website. validrisk.com Required Persistent
_GRECAPTCHA This cookie is used to distinguish between human and boots. This is effective for the web with The object of preparing valid reports on the use of its website. google.com Required 179 Days
ARRAffinity Used to distribute the traffic to the website on several servers to optimize the times of answer. validrisk.com Required Session
ARRAffinitySameSite Used to distribute the traffic to the website on several servers to optimize the times of answer. validrisk.com Required Session
rc::a This cookie is used to distinguish between human and boots. This is effective for the web with The object of preparing valid reports on the use of its website. google.com Required Session
rc::b This cookie is used to distinguish between human and boots. This is effective for the web with The object of preparing valid reports on the use of its website. google.com Required Session
rc::c This cookie is used to distinguish between human and boots. This is effective for the web with The object of preparing valid reports on the use of its website. google.com Required Session
TiPMix It records which group of servers is serving the visitor. This is used in conjunction with load balancing to optimize the user experience. validrisk.com Required 1 Day
x-ms-routing-name It records which group of servers is serving the visitor. This is used in conjunction with load balancing to optimize the user experience. validrisk.com Required 1 Day