Data Protection Policy

CROSSBORDER MERCHANT CONSORTIUM, committed to transparency in the treatment of personal data, hereby presents its data protection policy. Our aim is to inform you about the conditions under which we process personal data in strict compliance with the Organic Law on Data Protection and the responsibility we have to the data subjects.

GLOSSARY OF TERMS USED

PURPOSES OF PROCESSING AND PERSONAL DATA

EMPLOYEES:

IDENTIFICATION:

Identification Number (Identification)
Full Name
Home Address
Personal Email Address
Conventional Phone Number
Personal Cell Phone Number
Date of Birth
Nationality
Marital Status
Level of Education
Profession

FINANCIAL:

Bank Account

EMPLOYMENT:

Occupational Health and Safety
Performance Evaluations
Training
References

SENSITIVE:

Medical Information
Dependents
Special Abilities

SUPPLIERS:

IDENTIFICATION:

RUC (Tax Identification Number)
Email Address
Cell Phone Number

FINANCIAL:

Bank Account

VIDEO SURVEILLANCE:

DATA RETENTION PERIOD

Once the purpose has been fulfilled, personal data will be stored in accordance with the legal deadlines provided for in the applicable regulations. In the absence of any applicable regulations, the maximum retention periods are:

LEGAL BASIS FOR PROCESSING

All processing of personal data is carried out in strict compliance with the Organic Law on Data Protection and based on:
Consent of the data subject for the processing of their personal data for one or more specific purposes.
Processing is necessary for the execution of pre-contractual measures at the request of the data subject or for the fulfillment of contractual obligations pursued by the data controller, data processor, or a legally authorized third party.

SOURCE OF PERSONAL DATA

Personal data is collected from authorized and legally enabled sources, such as employment web platforms, curriculum vitae sent to the human talent email address as a result of recruitment processes from various physical and digital media publications.

EFFECT OF PROVIDING ERRONEOUS OR INACCURATE PERSONAL DATA

Refusal to provide data or providing inaccurate data may result in the purpose for which they are collected not being fully or partially fulfilled.

TRANSFER OR COMMUNICATION OF PERSONAL DATA

Personal data is partially transferred to:

IESS – Ecuadorian Institute of Social Security, employee contribution information.
SRI – Internal Revenue Service, information on income tax paid by employees and suppliers.
CNE – National Electoral Council, information required during electoral elections.
MSP – Ministry of Public Health, information required for public health campaigns.
SUT – Single Work System, information required for the registration, legalization, and completion of employment contracts.

CROSSBORDER MERCHANT CONSORTIUM AS DATA CONTROLLER

CROSSBORDER MERCHANT CONSORTIUM is the data controller, responsible for collecting, storing, and processing personal data in accordance with the Organic Law on Data Protection of Ecuador.
You can contact us at:
Email: privacidad@crossborder.com.ec

DATA SUBJECT RIGHTS

To exercise any of your rights, you or your legal representative may submit a request (download the form here) to exercise your rights at any time and free of charge. To do so, you must send your request to CROSSBORDER MERCHANT CONSORTIUM at:

Email: privacidad@crossborder.com.ec

Please note that you will need to verify your identity as the data subject or legal representative of the data subject to proceed with the process.

The Data Protection Officer of CROSSBORDER MERCHANT CONSORTIUM will get in touch with you to inform you of the outcome of your request or, if necessary, request additional information to validate your identity or clarify the processing for which you are making the request.

PROCEDURE TO REVOKE CONSENT

You or your legal representative may request the revocation of your consent to the processing of personal data at any time and free of charge. To do so, please contact us using the following method to initiate the process:

Email: privacidad@crossborder.com.ec

Please note that you will need to verify your identity as the data subject or legal representative of the data subject to proceed with the process.

The Data Protection Officer of CROSSBORDER MERCHANT CONSORTIUM will get in touch with you to inform you of the outcome of your request or, if necessary, request additional information to validate your identity or clarify the processing for which you are making the request.

SECURITY MEASURES

To protect the personal data under its responsibility, CROSSBORDER MERCHANT CONSORTIUM has implemented a personal data protection management system that, based on an adequate risk management, adopts control measures to maintain personal data at an acceptable level of protection, reasonably preventing any negative consequences for data subjects.

DATA PROCESSOR AGREEMENT

When CROSSBORDER MERCHANT CONSORTIUM enters into agreements for the data processor to process personal data, it ensures that this is done in strict compliance with the Organic Law on Data Protection.

NOTIFICATIONS AND CHANGES TO THE POLICY

CROSSBORDER MERCHANT CONSORTIUM will notify the updated policy and its changes through available channels.