i

Data privacy policy

Please notice this document is a translation of the original Policy in Spanish. For any official application or referral to this policy the Spanish document will prevail.

DATA PRIVACY POLICY ACADEMIA COTOPAXI

Under the Constitution of the Republic of Ecuador, considering the fundamental right on data protection and privacy of personal data processing, ACADEMIA COTOPAXI (hereinafter, simply “ACADEMIA COTOPAXI”) has developed this Privacy Policy on Data Protection (hereinafter “Policy”) in order to determine and detail the levels of protection of any personal data, when it is collected, analyze, processed, communicated, transferred, updated, filed, retained, modified or deleted, in strict compliance with the principles, rights and obligations determined in the regulations. The purpose of this policy is to comply with the legal provisions of Ecuador, particularly to comply with the provisions of the Organic Law for the Data Protection published in the Official Supplement 459, on May 26, 2021, through which the general provisions that regulate the matter (hereinafter, “LOPDP”).

ACADEMIA COTOPAXI is committed to treat information in a lawful, transparent, and timely manner; limited to what is necessary for relevant purposes.

1. IDENTIFICATION OF THE RESPONSIBLE TO PROCESS PERSONAL DATA

ACADEMIA COTOPAXI, in its capacity as the responsible of processing personal data, is located at: De Las Higuerillas E16-102 and Alondras in the city of Quito, Ecuador.

2. TERMS AND DEFINITIONS
“LOPDP” Organic Law on Protection of Personal Data published in the Official Gazette Supplement 459 of May 26, 2021
“Responsible of personal data“ ACADEMIA COTOPAXI that determines the purpose and means for the processing of personal data.
“Titular“ Natural person whose data is processed.
“Data Protection Officer” The Data Protection Officer (if applicable) or Data Protection Officer identified/appointed by ACADEMIA COTOPAXI and acting under its instructions.
“Processing Activity” Any operation or set of operations carried out on Personal Data or sets of Personal Data.
“Incidence on data protection” Violation of Personal Data (security breach) such as the accidental or illegal destruction, loss or alteration of information.
“Personal information” Data that identifies or makes identifiable a natural person, directly or indirectly.
“Credit Data” Data that integrate the economic behavior of natural persons, to analyze their financial capacity.
“Sensitive data” Data related to: ethnicity, gender identity, cultural identity, religion, ideology, political affiliation, background check, immigration status, sexual orientation, health, biometric data, genetic data, and those whose improper treatment may allow discrimination, attempt or may violate fundamental rights and freedoms.
“Processor of personal data” Any natural or legal person, public authority, agency or other institution that provides its services to ACADEMIA COTOPAXI in relation to the processing of personal data.
“Client” Any person, whether natural or legal, who obtains a service by ACADEMIA COTOPAXI.
“Candidate” Natural person who sends his/her resume, either directly or through a third party, and other data related to his profession or trade in order to be used in the selection processes managed by ACADEMIA COTOPAXI.
“Collaborator” Natural person who provides a service to ACADEMIA COTOPAXI with an employment contract.
3. SCOPE

ACADEMIA COTOPAXI communicates its data treatment policy to the members of the administrative team and those it represents, Suppliers, Visitors, Parents and Students. The Educational Community that includes administrative staff and teachers and Applicants. The data is collected to provide the services and/or products offered by ACADEMIA COTOPAXI; the policy is intended to communicate the purpose of data collection, use, and in which cases the information is shared and how is protected, as well as the rights that assist the holders of the information and the procedures implemented by ACADEMIA COTOPAXI.

4. PERSONAL DATA THAT IS PROCESSED

The personal data that is processed by ACADEMIA COTOPAXI may come from the following modalities and sources:

MODALITIES
  • Data provided by the owner: The owner provides: identification data (name, surname, ID, telephone number, image, email, address, etc.) sensitive data (health data, genetic data, credit data, biometric data, geolocation data, background check, information regarding disabilities, data of minors) among others.
  • Data generated as a contractual consequence: The personal data of the holder is obtained in accordance with the development, maintenance or start of the relationship between the stakeholder and ACADEMIA COTOPAXI.
  • Inferred data:  The Institution, by carrying out profiles with the prior consent of the owner, collects personal data.
  • Data from third parties: Third parties from the public or private sector, public information or public access sources (information from public records, official newspapers and bulletins, telephone directories, lists of people belonging to professional groups, credit information systems, social networks, etc.).
SOURCES

Users Website and social networks:

  • Through forms: available vacancies, online application process, appointment scheduling for a face-to-face or virtual tour, “contact us” located on the school web pages (Academia Cotopaxi, The One Institute, Imagine), as well as through social networks such as Facebook, Instagram and others.
  • Through the applications for institutional and educational use of ACADEMIA COTOPAXI.
  • Electronic means of payment
  • Registration of interested request on behalf of the interested party.

 Technological sources and others:

  • By exchanging emails.
  • Through phone calls.
  • Through forms send by ACADEMIA COTOPAXI.
  • Through invoices for the provision of services.
  • Through WhatsApp.
  • By registering for sports or extracurricular classes offered.
  • By contracting language course services.
  • Through access to platforms or employment data bases.
  • Through the application form.
  • Through transfers with strategic Allies.
  • Through the registration of students to the school.
  • Worker resumes
  • Work contract
  • Security cameras of the school
  • Biometric system to enter the school, prior express authorization.
  • Life and health insurance affiliation forms duly authorized by the holder.
  • Email exchange.
  • Contracts for the provision of services

 

4.1. LINKS & PREFERENCE APP:

Some of the links that our website has are the following:

  1. Privacy Policy
  2. Legal disclaimer section
    Statement: When you browse ACADEMIA COTOPAXI website, you may interact with the pages of: THE ONE INSTITUTE or IMAGINE. In such a case, the Privacy disclaimer of ACADEMIA COTOPAXI is the only one applicable.

 

5. TYPES OF DATA AND IDENTIFICATION OF STAKEHOLDERS

  • Job position candidate data, for example, immigration status in the case of being a foreigner, contact information, CV information, employment history, employment references and training information, certificates of judicial past and police record; among others.
  • Personal data of applicants / interested parties include, basic data (for example, name, surname, address, city, telephone number, email address, nationality, date of birth, passport, voice, by recording telephone communications, image by identity document)
  • Personal data of parents: Includes basic data (for example, first name, last name, home address, city, main street, neighborhood, area, phone number, email address, nationality, credit information, gender, marital status, main occupation, profession, handwritten or electronic signature, voice recording of telephone communications, image, institution/place of work, current position, employment relationship, work address, city, main street, neighborhood, income, dependant relatives, spouse name, spouse ID, spouse place of work, job title, address, telephone, email).
  • Personal data of collaborators: Personal data of the school
  • Student personal data: Includes basic data such as: names, surnames, home address, city, main street, neighborhood, area, telephone number, image, email address, nationality, gender, and special category personal data, these could be health and biometric data.
  • Personal data of suppliers: Data of the supplier, for example, contact information, information contained on emails and other commercial communications, information about bank accounts; data products and services, characteristics of the contracted products and services, contracts, billing, inquiries, requests and claims, among others.
  • Personal data of users of the static web pages, for example, log file data, contact information, location data without identification of the user or person entering the web.
  • Personal data of users of the transactional web pages, for example, user data and password for registration and access to ACADEMIA COTOPAXI Apps.

5.1. Sensitive data

In the case of sensitive data, it is the decision of the owner and/or the legal representative to grant explicit authorization for the processing of the information. In the events of reception of sensitive data, ACADEMIA COTOPAXI guarantees to maintain the security and confidentiality of it.

  • Data related to background check, immigration status, biometric data.
  • Data related to health will be treated with confidentiality and medical secrecy determined by the applicable legislation.
  • Credit data that allows the institution to carry out transactions and payments.
  • Data of minors.
  • Data of people with disabilities.

The data collected will be stored and/or processed in the school databases, whether they are its own, or contracted with third parties, located inside or outside the country that comply with the characteristics of a “safe harbor”, and guarantees all information security measures, available in physical and/or digital media directly at ACADEMIA COTOPAXI offices, and/or at third-party facilities and/or ACADEMIA COTOPAXI providers, storage of personal and special category data authorized by the stakeholders. These databases may be identified according their use by the school Tech department, any request of information may be sent to: itservices@cotopaxi.k12.ec.

 

6. PRINCIPLES AND GOVERNING PROVISIONS THAT ACADEMIA COTOPAXI, EMPLOYEES AND BUSINESS PARTNERS WILL APPLY FOR A PROPER TREATMENT OF PERSONAL DATA

PRINCIPLES
The principles that will rule the processing of personal data in the school will be the following:

  1. Principle of Legality: Personal data must be treated with strict adherence and compliance with the principles, rights and obligations established in the Constitution of Ecuador, international instruments, the Law, its Regulations and other applicable regulations and jurisprudence.
  2. Principle of loyalty: The processing of personal data must be loyal, it must be clear to the owners how their personal data is being collected, used, consulted or processed, as well as the ways in which this data is or will be treated. In no case may personal data be processed through illegal or unloyal means or purposes.
  3. Principle of transparency: The processing of personal data must be transparent, so all information or communication related to this treatment must be accessible, and easy to understand in a simple and clear language. The relationships formed from the processing of personal data must also be transparent.
  4. Principle of purpose: The purposes of the treatment must be determined, explicit, legitimate and communicated to the owner. Personal data may not be processed for purposes other than those for which they were collected, unless one of the causes that enable a new treatment occurs in accordance with the cases of legitimate treatment indicated by law. Processing of personal data for purposes other than those for which it was initially collected, should only be permitted when it is compatible with the purposes of its initial collection. For this, the context in which the data was collected must be considered, the information provided to the owner in that process and, in particular, the reasonable expectations of the owner based on their relationship with the responsible of the treatment regarding their subsequent use.
  5. Principle of relevance and minimization of personal data: Personal data must be pertinent and limited to what is strictly necessary for the fulfillment of the purpose of the treatment.
  6. Principle of proportionality of treatment: The treatment must be adequate, necessary, timely, relevant and not excessive in relation to the purposes for which it was collected, or the nature of the special categories of data.
  7. Principle of confidentiality: The processing of personal data must be based on secrecy, that is, it must not be processed or communicated for a different purpose for which it was collected, unless there is a cause that enable a new treatment in accordance with the cases of legitimate treatment indicated in the law. For this purpose, the responsible of the process must adapt the organizational technical measures to comply with this principle.
  8. Principle of quality and accuracy: The personal data that is subject to treatment must be exact, complete, precise, verifiable, clear; and, if applicable, updated. In such a way that its veracity is not altered. All reasonable steps will be taken to promptly delete or rectify personal data that is inaccurate with respect to the purposes for which it is processed. In case of treatment by a third party, the quality and accuracy will be in hands of the responsible for the processing of that personal data.
  9. Principle of conservation: Personal data will be kept for a time no longer than necessary to fulfill the purpose of its treatment. To ensure that personal data is not kept for longer than necessary, the data responsible will establish deadlines for its deletion or periodic review. The extended conservation of personal data processing will only be carried out for archiving purposes in the public interest, scientific, historical or statistical research purposes, as long as the appropriate and necessary security and protection of personal data is guaranteed.
  10. Principle of personal data security: The responsible or in charge of processing personal data must implement all appropriate and necessary security measures, understood as those accepted by the data protection law, whether organizational, technical or of any other nature, to protect personal data against any risk, threat, vulnerability, considering the nature of the personal data, the scope and the context.
  11. Principle of proactive and demonstrated responsibility: The responsible for the processing of personal data must prove the implementation of mechanisms to protect personal data; that is, compliance with the principles, rights and obligations established in this Law. In addition to what is established in the applicable regulations, it may use standards, best practices, auto schemes and regulation, protection codes, certification systems, personal data protection seals, or any other mechanism that is determined appropriate to the purposes, the nature of the personal data or the risk of treatment. The responsible for the processing of personal data is obliged to report on the treatment to the owner and to the Personal Data Protection Authority. The responsible for the processing of personal data must evaluate and review the mechanisms adopted to comply with the principle of responsibility on a continuous and permanent basis, in order to improve its level of effectiveness in terms of the application of this Law.
  12. Principle of application, favorable to the owner. – In case of doubt about the scope of the provisions of the legal or contractual system, applicable to the protection of personal data, the judicial and administrative officials will interpret and apply them in the most favorable sense to the owner of the data.

PROVISIONS
The personnel of the school that carry out the processing of personal data must verify that the security standards and due consent for the processing of personal information are met, in addition they must respect the following provisions:

  1. The applicant, parent, collaborator or provider who provides false information will be permanently excluded from the network. In addition, ACADEMIA COTOPAXI reserves the right to take any judicial or extrajudicial measures that are warranted.
  2. Only data that is necessary and proportional to the school will be collected with prior, express, and informed authorization from the owner. The foregoing, with the exception of cases in which the Applicable Regulations allow the Treatment of data without requiring authorization.
  3. The representatives of the owners of the data provided must be clear about the purposes for which they authorize the delivery of their data. The authorizations for data processing will contain the purpose, and will be granted through the signing of contracts, privacy notices, informed consents, among others, which in any case will include both the authorization and the purpose of the processing of personal data. We can interchangeably use any mechanism to formalize the user’s willingness to share their personal information, which will meet the minimum legal requirements and the Institution’s compliance standards.

When receiving personal data and sensitive personal data, strict security and confidentiality measures will be used. The school and its Employees have agreed to maintain confidentiality regarding Personal Data and not to reveal any Personal Data to unauthorized third parties (both from ACADEMIA COTOPAXI and outside).

  1. PURPOSE OF THE PROCESSING OF PERSONAL DATA

Purposes of treatment for supplier´s data, as strategic allies to provide services:

  • Evaluate the processor in order to guarantee an adequate level for the treatment of the data required to receive the service.
  • Evaluate the quality and performance of the supplier in compliance with their functions
  • Document and instruct on the proper treatment of shared information.
  • Comply with the established standards in the supplier´s relations.
  • Provide the data collected from suppliers to the control authorities: police, judicial and/or administrative authorities, if it is asked as a legal requirement.
  • Transfer and communicate personal data to countries that comply with adequate levels of data protection, in accordance with security standards.
  • Being subject of a security control to entry the school, through video control and facial recognition systems, when coming to provide a certain service or contractual compliance.

Purposes of personal data processing of Parents, authorized person and applicants:

  • Treat and use the personal data provided by clients or applicants, whether physically or electronically, through contracts, quotes, Websites, applications, application for available vacancies, admission applications, and contact form, among others. With the purpose sending them information about the service purchased or to be purchased through the registered emails or contact number.
  • Provide the data collected to regulatory authorities such as the Ministry of Education or Ministry of Health, Police, judicial and/or administrative authorities, as a legal requirement and/or use or disclose this information.
  • Contact the stakeholder via email to send statements, account statements or invoices in relation to the obligations from the contract between the parties. Also, reports of the academic progress of the students or inform about cases of health emergency through the determined means of contact.
  • Contracts may be signed for life and medical insurance of the student, communicating the personal data of the minor.
  • Collect personal data and even a photograph of their ID and image for the authorization and confirmation of the pickup contacts for the student to leave campus with the approval of the minor’s legal representative.
  • Allow control entities access to information to carry out internal or external audit processes.
  • Keep the personal data of the current stakeholders.
  • Treat personal data and data of a sensitive category for identity verification in compliance with the security systems incorporated in the, such school, as video surveillance and facial recognition systems.
  • Use personal data to exchange information, communications, requests, acceptances and/or any other kind of expression of will.
  • Collect identification information to meet the requirements of parents or applicants, when the user has been contacted through social networks.
  • Personal data of the parents will be processed in order to send information about new services and complementary services such as cafeteria and transportation.
  • The data will be used to contact people who require information, in order to respond to their requirements.
  • Respond to requests for information, help or requests for services.
  • Solve complaints, claims and user requirements, including contacting them to adequately process their requirement.
  • Notify changes to this Privacy Policy.
  • Comply with legally established obligations, as well as verify compliance with contractual obligations. For this, the institution may carry out collection process from pending financial obligations.

 

Purposes of student data processing:

  • Communicate and transfer the personal data of students nationally and internationally with prior authorization from the legal representatives for: the acquisition of international certifications, school material or platforms such as virtual books, access to virtual academic platforms.
  • Treatment of personal data and personal data of a sensitive category such as those of health, to open the student’s medical file, control, and medical evaluation of the student during the course of the school year.
  • Process sensitive personal data regarding the behavior and actions of a person, for the start of a disciplinary process directed by the Disciplinary Committee of the institution.
  • Use the personal data of students to issue diplomas, certifications, qualifications, notification of entry and exit of the country, vaccination notifications.
  • Treatment of the student’s image provided with prior and explicit consent of the legal representative.
  • The personal data received may be processed and communicated to determined third parties for the execution of academic activities, as well as the provision of transportation service and extracurricular activities.
  • Treat personal data and data of a sensitive category for identity verification in compliance with the security systems incorporated in the school, such as video surveillance and facial recognition systems. As a parallel purpose, the institution may evaluate the actions of the student through this, which may be incorporated as evidence in disciplinary proceedings.

 

Purposes of data processing of collaborators and candidates:

  • Register and process the information of applicant candidates in a selection process, or for future processes.
  • Communicate and transfer personal data nationally, and information for the purpose of preserving it on identified platforms.
  • Contact candidates for hiring a specific position or future selection processes if the school is interested.
  • Verify the veracity and authenticity of the information provided in the resume with the educational entities in which the candidate has completed his/her studies and have held job positions.
  • Share information with suppliers and allies to carry out home visits, admission medical examinations and other activities related to the selection process
  • Comply with labor obligations of ACADEMIA COTOPAXI in its capacity as employer established in labor legislation, the employment contract, the Internal Labor Regulations and Corporate Policies.
  • Likewise, carry out activities inherent to the employment relationship and the ordinary business of ACADEMIA COTOPAXI, as well as a series of training sessions.
  • Carry out control, follow-up, monitoring, surveillance and in general facilitate the security of the facilities, equipment, and personnel of the school.
  • Any other purpose that is necessary for the development of the corporate purpose and the economic activity of ACADEMIA COTOPAXI.
  • Inform the employee about any modification of the contractual relationship. Evaluate the quality and performance of the employee in compliance with their functions derived from the employment contract.
  • Provide information to control entities when it is required for internal and external audits.
  • Assign of work tools for the development of their functions (creation of corporate email accounts), signing of confidentiality and non-disclosure agreements, signing of a manual for proper data processing, proper use of provided devices, among others.
  • Verify personal and employment references during the hiring process.
  • Treatment of information of relatives, for benefits and in case of emergency, contact relatives.

 

  1. CONSENT

ACADEMIA COTOPAXI, in compliance with the legal framework for the protection of personal data, declares that will use adequate and sufficient mechanisms to obtain prior, free, specific, informed and unequivocal authorization and consent from the legal representative to treat personal data in the database existing in ACADEMIA COTOPAXI. The data could be collected through different means: web page, mobile application, or in any other format that allows to guarantee its subsequent consultation.

The owner is clearly, completely and expressly informed about the treatment of his/her personal data, as well as the option to provide sensitive data, and the rights that assist them as the owners. Also, the treatment of the identification, physical address or electronic address and who is responsible for the treatment.

ACADEMIA COTOPAXI, as responsible for the processing of personal data, will keep proof of the authorization granted by the owners, or, proof of the legitimizing basis for the treatment carried out.

The owner will be entitled to withdraw at any time, without retroactive effect, the consent that you have previously given to authorize the processing of your data for a specific purpose.

  1. COMMUNICATIONS OR INTERNATIONAL TRANSFER TO CERTAIN THIRD PARTIES

ACADEMIA COTOPAXI will not sell, exchange, rent or share the personal information, the treatment will be as is established in this Policy.

ACADEMIA COTOPAXI will share information with providers or institutions with whom ACADEMIA COTOPAXI has a collaborative or alliance relationship, which contribute to improving or facilitating operations. ACADEMIA COTOPAXI will ensure that the protection standards are met, by signing contracts or agreements whose purpose is the privacy and confidentiality of the personal data of the owner.

The owner will be empowered to accept that ACADEMIA COTOPAXI disclose or share personal information with third parties that are providers or institutions allied, affiliated or related to ACADEMIA COTOPAXI.

ACADEMIA COTOPAXI will cooperate with the authorities with which it must act, to guarantee compliance with the Law. ACADEMIA COTOPAXI will collaborate with the competent authorities in order to safeguard the integrity and security of the community and the data owners. It may happen with a court order, when permitted by law, or in the case of prevention of money laundering or terrorist financing, ACADEMIA COTOPAXI may disclose personal information to the authorities or third parties without consent of the owner.

ACADEMIA COTOPAXI, through the authorization of the owner, will be empowered to transfer all or part of personal data to any of the companies controlled, controlling and/or linked to ACADEMIA COTOPAXI, under any title and at the time, manner and conditions it deems appropriate. ACADEMIA COTOPAXI will guarantee the privacy and security of the information.

  1. CONSERVATION

The personal data of the holders will be kept for the time necessary to fulfill the indicated purposes. When ACADEMIA COTOPAXI no longer needs to use the personal data to fulfill the purposes for which it was compiled, or to comply with contractual or legal obligations, the personal data will be deleted from the system and records. ACADEMIA COTOPAXI will take the necessary measures to proceed with the anonymization of personal data, so that the owner can no longer be identified with them.

  1. IMPACT ASSESSMENT

When a processing activity, and specifically the implementation of a new technology or computer system, will likely result in the processing of personal data and a high risk to individual rights and freedoms, taking into particular account the nature, scope, context and purpose of the proposed treatment activity, an impact assessment on data protection will be prepared prior to the start-up of the treatment activity.

  1. SECURITY MEASURES

ACADEMIA COTOPAXI will comply with all applicable technical and organizational measures regarding security measures for the protection of personal data. Proper standards will be used to protect the confidentiality of information, including, in other measures, in applicable cases: Information encryption, Security profiles, Change control, Backup copies, Incident management, Availability assurance, Physical protection of equipment, Resource monitoring, Software update, among others. ACADEMIA COTOPAXI considers the owner’s personal information as an asset that must be protected from any loss or unauthorized access, to this end ACADEMIA COTOPAXI uses various security techniques to protect such data from unauthorized access from inside or outside of the institution.

Only those teams or employees who need to know will be able to access the information within ACADEMIA COTOPAXI. ACADEMIA COTOPAXI makes sure to implement the rights and administration policies within the institution, and take all necessary steps to ensure that employees and providers keep files confidential.

ACADEMIA COTOPAXI is not responsible for illegal interceptions or violation of its systems or databases by unauthorized people.

  1. RIGHTS

Right of access: You can consult your personal data that is being processed by ACADEMIA COTOPAXI. The owner has the right to know and obtain free of charge, from the data responsible, access to all his/her personal data and information, without the need to present any justification. The person responsible for the processing of personal data must establish reasonable methods that allow the exercise of this right, which must be addressed within the period of fifteen (15) days.

Right of rectification and update: The owner has the right to obtain from the data responsible the rectification and updating of their inaccurate or incomplete personal data. For this purpose, the holder must present the justifications of the case when pertinent. The data responsible must meet the request in a period of fifteen (15) days and within this same period, must inform the recipient of the data, if applicable, about the rectification, in order to update it.

Right of elimination: The owner has the right to ask the delete of their personal data, when: 1) The treatment does not comply with the principles established by law; 2) The treatment is not necessary or pertinent for the fulfillment of the purpose; 3) The personal data have not fulfilled the purpose for which they were collected or processed; 4) The period of conservation of personal data has expired; 5) The treatment affects fundamental rights or individual freedoms; 6) Revoke the consent given or indicate that it has not been granted for one or several specific purposes, without the need for any justification; or, 7) If there is a legal obligation. The person responsible for the processing of personal data will implement methods and techniques aimed at eliminating, making illegible, or leaving the personal data permanently and safely unrecognizable. This obligation must be fulfilled in the period of fifteen (15) days upon receipt of the request by the owner and will be free.

Right of opposition: The owner has the right to oppose or refuse the processing of their personal data, in the following cases: 1) The fundamental rights and freedoms of third parties are not affected, the law allows it and it is not public information, of public interest or whose treatment is mandated by law. 2) The processing of personal data is intended for direct marketing; the interested party will have the right to oppose at any time the processing of their personal data, including profiling; in which case the personal data will no longer be processed for that purpose. 3) When your consent is not necessary for the treatment as a consequence of the concurrence of a legitimate interest, and it is justified in a specific personal situation of the owner, when the law does not indicate otherwise. The data responsible person will stop processing the personal data in these cases, unless it proves legitimate and compelling reasons for the treatment that prevail over the interests, rights and freedoms of the owner, or for the formulation, exercise or defense of claims. This request must be solved within the period of fifteen (15) days.

Right to portability: The owner has the right to receive from the person responsible for the treatment of his/her personal data in a compatible, updated, structured, common, interoperable and mechanical reading format, preserving its characteristics; or to transmit them to other data responsibles. The owner may request that the data responsible transfers or communicates their personal data to another data responsible, if it is technically possible and without the responsible being able to claim any impediment in order to slow down access, transmission or reuse of data by the owner or another data responsible. After completing the data transfer, the person in charge, will proceed to delete the information, unless the owner orders its conservation.

Right to suspension of the treatment: The owner may have the right to request the suspension of data processing, when any of the following conditions are met: 1) When the owner questions the accuracy of the personal data, while the responsible verifies the accuracy of the same. 2) The treatment is unlawful and the interested party opposes the deletion of the personal data and instead requests the limitation of its use; 3) The person in charge no longer needs the personal data for the purposes of the treatment, but the interested party needs them for the formulation, exercise or defense of claims; 4) When the interested party has opposed the treatment, while it is verified if the legitimate reasons of the person in charge prevail over those of the interested party. When the owner questions the accuracy of the personal data, while the data responsible verifies their accuracy, it must be placed in the database, where the information is recorded. The data responsible may process personal data, which have been subject to the exercise of right by the owner, only in the following cases: for the formulation, exercise or defense of claims; in order to protect the rights of another natural or legal person or for reasons of important public interest.

Right not to be subject to a decision based solely or partially on automated assessments. – The owner has the right not to be subjected to a decision based solely or partially on evaluations that are the product of automated processes, including profiling, that may produce legal effects or that violate fundamental rights and freedoms.

  1. ACCESS CHANNELS

The holder may carry out any of the actions described above, by contacting ACADEMIA COTOPAXI through a form of exercise of rights in ACADEMIA COTOPAXI. Alternatively, as the owner of personal data you could communicate your request directly to the following email: dataprotection@cotopaxi.k12.ec .Response to any request will take 15 business days from the day the corresponding request was received, in accordance with the provisions of the Organic Law on Protection of Personal Data.

  1. PROCEDURE TO EXERCISE THE RIGHTS ON PERSONAL DATA RIGHTS

All requests or petitions to exercise personal data rights must be directed to the data protection area of ACADEMIA COTOPAXI with the subject line – Personal Data Protection.

The data subject may exercise their rights over their personal data at any time, and ACADEMIA COTOPAXI must respond to the request within a maximum period of fifteen (15) days from the date of receipt. ACADEMIA COTOPAXI may request clarification or additional information from the data owne, within five (5) days after receiving the request. Consequently, the data subject will have a period of ten (10) days, starting from the day following the notification, to clarify or complete the information.

In the event that the data subject clarifies or completes the information within the granted period, the request will be processed by ACADEMIA COTOPAXI within the corresponding timeframe. Requests that are not addressed may be filed and notified to the data subject. This will not prevent the submission of a new request by the data subject.

Data subjects may rectify, know, and update their data at any time, among other rights, regarding partial, inaccurate, incomplete, fragmented data that may lead to errors, or those expressly prohibited or unauthorized for processing. Likewise, the data subject or their representative may request the correction or update of their data.

The communication will be processed through a written request that includes the following information:

i) Identification of the data owner or its representative (full names, identity number or passport number, home or email address for notifications). The data of the represented party will also be included.
ii) Clear and precise description of personal data regarding which the person needs to exercise its rights,, and any elements facilitating the location of personal data in the institution..
iii) Clear and precise explanation of the request.
iv) Identification of the right or rights you wish to exercise.
v) Include documents that prove identity and legal representation.

MODIFICATION

ACADEMIA COTOPAXI may modify this Policy and/or the practices for sending emails. In the event that ACADEMIA COTOPAXI modifies the Policy, it will notify the owner by publishing an updated version of the Policy in this section or by sending an email or advertising on the main web page or other sections to keep the owner updated on the changes. The owner must decide whether or not to accept the changes to the Policy. In the event that the owner does not accept the new terms and conditions of the Policy, the relation between the owner and ACADEMIA COTOPAXI will be dissolved and the personal information of the owner will not be used in any other way than which was informed at the time of be collected

  1. TERM

This Policy will be effective starting August 2023. Personal Data that is stored, used or transmitted will remain in the ACADEMIA COTOPAXI databases for as long as necessary to comply with the purposes set forth in this document or to ensure   the Institution can fulfill its legal duties.

However, the information will be reviewed every year to verify the veracity of the data and the purpose of continuing with its treatment.