Factura Logo

Privacy Policy

This Privacy Policy describes how we collect, use, store, share and protect personal data provided by users of this website and the services we offer. We are committed to maintaining the privacy and security of your personal information and comply with applicable data protection laws, including, but not limited to, the General Data Protection Regulation (GDPR) and other relevant data protection laws. This policy applies to all data subjects, including website visitors, customers and others who interact with our services.

By using this website, you agree to the terms of this Privacy Policy. If you do not agree, we ask that you refrain from using our services or providing any personal information.

If you have any questions or concerns about this policy, please contact us by email at: informacion@gs1cr.org

1. Data Controller

The entity responsible for determining the purposes and means of processing the personal data you provide when using this website and its services is:

GS1 Costa Rica
Location:Santo Domingo de Heredia, from the Cemetery 200 meters East and 300 meters North, in front of the San Martín Chapel
Email: informacion@gs1cr.org
Website: www.gs1cr.org

We are committed to ensuring that your personal information is processed securely and in accordance with this Privacy Policy and applicable laws.

2.Key Definitions

To help you better understand this Privacy Policy, the following key terms are used:
Data Controller: The entity (organization or individual) that determines the purposes and means of processing personal data.
Personal Data: Any information relating to an identified or identifiable natural person, including, but not limited to, name, address, email, IP address or other identifying information.
Data Subject: The person whose personal information is being collected, processed or stored.
Processing: Any operation or set of operations performed on personal data, including collection, recording, organisation, storage, modification, retrieval, use, disclosure or deletion.
Data Processor: A third party that processes personal data on behalf of the Data Controller.
Third Parties: Organizations, individuals or entities that are not part of our organization, but may be involved in processing data on our behalf.

3. Purposes and Legal Basis for Data Processing

We collect and process your personal data for various purposes, depending on how you interact with our website and services. We only process your personal data where there is a valid legal basis for doing so.

a) Data Collection and Registration

Personal data may be collected from users through forms, subscriptions, communication channels or when you access certain features of our website. The types of personal data we collect include, but are not limited to:

Identification details: Name, email address, telephone number and postal address.

Login and account information: Username, password, and authentication data.

Usage Data: Information about how you interact with our website and services, such as IP address, browser type, pages visited, and time spent on each page.

Communication data: Records of queries, complaints or requests sent via email, contact forms or customer service channels.

Payment information: If applicable, payment details such as credit card information or payment transaction details to process payments related to our services.

b)Legal Basis for Processing

The legal basis for processing your personal data varies depending on the context in which the data is collected:

User consent: We may process your personal data based on your explicit consent (for example, subscribing to newsletters, accepting marketing communications).

Performance of a contract: Processing may be necessary to fulfill a contract in which you have participated, such as providing services you have requested or managing your account.

Legitimate interests: We may process your data to pursue our legitimate business interests, such as improving our website, marketing or customer service, provided that such interests do not override your privacy rights.

Legal obligation: In some cases, we may process your personal data to comply with legal or regulatory requirements, such as financial accounting or responding to legitimate government requests.

4. Data Sharing and Transfers

We are committed to protecting your privacy and ensuring that your personal information is handled responsibly. However, in certain situations, we may need to share your personal data with third parties to facilitate our services or comply with legal obligations

a) Data Sharing with Third Parties

We may share your personal data with:

Service Providers: Companies or individuals that provide services on our behalf, such as payment processing, email marketing, hosting services, or customer support. These third parties are only authorized to use your data in accordance with our instructions and must follow strict data protection regulations.

Partners: Other organizations with which we collaborate to offer joint services or marketing efforts.

Subcontractors: Contractors who help us perform specific tasks or functions that require the processing of personal data.

We do not sell or rent your personal data to third parties for marketing purposes without your explicit consent.

b) International Transfers.

In some cases, your personal data may be transferred to third party processors located in countries outside your jurisdiction or outside the European Economic Area (EEA). If we transfer your data to a country without adequate data protection laws, we will ensure that appropriate safeguards are implemented, such as the use of Standard Contractual Clauses (SCCs) or other legal mechanisms to protect your data.

5. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected or to comply with legal, regulatory or contractual obligations. Once the retention period has expired, we securely delete or anonymize the data.

Examples of retention periods include:

Contact Information: Retained for the duration of your relationship with us and a reasonable period thereafter for tracking purposes.

Transaction records: Retained for a period required by law, typically for tax or accounting reasons (for example, 6 to 10 years

Marketing data: Retained until you withdraw your consent or request deletion.

If you would like more specific details about our retention practices for particular types of data, please contact us.

6. Rights of Data Subjects

As a data subject, you have certain rights under data protection laws in relation to the personal information we hold about you. These rights include:

Right of access: You can request a copy of the personal data we hold about you and verify that we are processing it lawfully.

Right to rectification: You have the right to request corrections to your personal data if it is inaccurate or incomplete.

Right to deletion ("Right to be forgotten"): You can request the deletion of your personal data in certain circumstances, such as if the data is no longer necessary for the purposes for which it was collected.

Right to restrict processing: In specific situations, you can ask us to suspend the processing of your personal data (for example, if you dispute the accuracy of the data).

Right to data portability: You have the right to request a structured, commonly used and machine-readable copy of your data and to transfer it to another controller.

Right to object: You can object to the processing of your personal data based on legitimate interests or for direct marketing purposes.

Right to withdraw consent: Where processing is based on consent, you have the right to withdraw your consent at any time, which will not affect the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, please contact us at informacion@gs1cr.org.

7. Security Measures

We prioritize the security of your personal data and employ various security measures to protect it against unauthorized access, loss, alteration or disclosure. These measures include:

Data encryption: Personal data is encrypted both during transmission and at rest to prevent unauthorized access

Access controls: Access to personal data is limited to authorized personnel who require it to perform their functions.

Regular security reviews: We conduct regular security audits and assessments to ensure our systems and processes are secure.

Incident response: In the event of a data breach, we have an incident response plan to mitigate the impact and notify authorities and those affected, where appropriate.

8. Changes to this Privacy Policy

We reserve the right to modify this Privacy Policy at any time. Modifications will become effective when the updated policy is posted on our website. You are encouraged to periodically review this policy to stay informed of our privacy practices. The date of the last revision will be indicated at the top of this policy.

9. Contact Information

If you have any questions or wish to exercise your rights, please contact us at:

GS1 Costa Rica
Email: informacion@gs1cr.org
Location:Santo Domingo de Heredia, from the Cemetery 200 meters East and 300 meters North, in front of the San Martín Chapel