Privacy Policy

We have developed the following Privacy and Personal Data Protection Policy to protect your online security.

1. Purpose of the General Privacy and Personal Data Protection Policy

Protecting the privacy of donors, volunteers, suppliers, employees and/or associates is important for all the actions of the Foundation in Argentina, as well as for the security of their information. Any information that the Foundation receives from its donors, volunteers, suppliers, employees and/or associates will be duly safeguarded, in such a way that it may not be communicated, modified or publicly disclosed, except under the conditions described in, and in the cases established or authorized by the legislation in force. Consequently, the Foundation uses all the technical means available and establishes all the necessary legal safeguards to ensure the protection of personal data and to guarantee their privacy.

The Foundation will act honestly and in good faith, based on the principles of trust, transparency and fairness, and ensure the required level of security under the applicable legislation.

The Foundation’s relationships with its donors, volunteers, suppliers and employees and/or associates will be built on and characterized by cordiality, balance and harmony in compliance with the letter and spirit of this Policy.

Confidentiality will be safeguarded in accordance with the Privacy and Personal Data Protection Policy (hereinafter the Privacy Policy) of the Foundation. The purpose of this Policy is to define the treatment that the Foundation will give to the personal data and information of its donors, volunteers, suppliers, employees and/or associates in order to comply with the provisions of the legislation in force.

2. Definitions used in the General Privacy and Personal Data Protection Policy (in accordance with Law 25326, Article 2)

The terms used in this Policy as well as the applicable regulations shall be construed and interpreted in accordance with the provisions in Article 2 of Law 25326:

Personal Data: Any information of whatever nature that relates to an identified or identifiable individual or legal entity.

Sensitive Data: Personal data revealing racial or ethnic origin, political opinions, religious or philosophical or moral beliefs, or trade union membership, and health data or data concerning a natural person’s sex life.
File, Record, Database or Data Bank: Means, indistinctly, the organized set of personal data that is processed or treated electronically or otherwise, irrespective of the modality of its generation, storage condition, organization or access.

Data Processing: Systematic operations and procedures, electronic or otherwise, including collecting, preserving, arranging, storing, modifying, relating, assessing, blocking, destroying, and in general, processing personal data, as well as assigning or transmitting it to third parties through or by any means of communication, interconnection and transfer or queries.

File, Record, Database or Data bank Manager: Any individual or legal person, whether public or private, who owns a file, record, database or data bank (the Foundation).

Computerized Data: Personal information processed and stored in an electronic or automated format.

Data Owner: Any individual or legal entity with legal domicile or subsidiaries or branches in the country, whose data is subject to the processing referred to in this law.

Data User: Any person, whether public or private, who performs data processing at its discretion, either in its own files, records or databases or by connecting to them.

Data Dissociation: Processing or treating personal data in such a way that the information obtained cannot be related to any certain or ascertainable person.

Data Collection for Advertising Purposes: Collection of addresses, distribution of documents, direct advertising or selling and other similar activities, by means of which data-driven profiles are established for promotional, marketing or advertising purposes; or consumer habits can be defined; provided, the documents are accessible to the public or have been submitted by the owners themselves, or obtained with their consent.

3. Personal Data Collection, Validation, Management and Destruction

The Foundation will collect information from its donors, volunteers, suppliers, employees and/or associates from contracts and/or membership or registration forms. In compliance with the provisions set out in Articles 2, 7 and 8 of Law 25326, the Foundation will not request information that is incompatible with its business purpose, or that directly or indirectly reveals sensitive data (such as data revealing racial or ethnic origin, political ideology, opinions, religious or moral beliefs, union membership, or information concerning a subject’s health or sex life), except for data strictly necessary for the preparation of employee/associate files or donor registers, and volunteer and/or supplier databases.

Certain data must be submitted to the Foundation on a mandatory basis. Personal data is collected for the purpose of customizing the official website and any other website related to the Foundation, to obtain statistics, as well as to communicate actions and improve the communication with donors, volunteers, and the public at large.

In compliance with the provisions in Law 25326, its regulatory decree and DNPDP Regulation 10/2008, we inform that the personal data provided when filling out the membership forms will be saved and stored in the database of the Foundation, whose offices are located at Manuel Belgrano 1077, San Isidro, Province of Buenos Aires.

By filling out the form, you expressly authorize the Foundation to process, assign and/or transfer the data, and in general, you authorize the sending of correspondence and relationship-building via e-mail or other similar mechanism between the Foundation and the person sending their data. If at any time you wish to exercise the rights of access, rectification or cancellation provided for in the Argentine Personal Data Protection Act, you may direct a request by means of a registered letter (warning letter or Carta Documento) or written notice given in person and providing valid proof of identity. It should be noted that any person may access such data free of charge at intervals of no less than six months, unless you demonstrate legitimate interest in accordance with the provisions in Article 14(3) of Law 25326.

The National Directorate for Personal Data Protection, the governmental agency responsible for enforcing Law No. 25326, has the authority to handle complaints and claims filed for non-compliance with the regulations in force regarding personal data protection.

The Foundation will use the information of donors, volunteers, suppliers, employees and/or associates as follows: (1) with respect to employees and/or associates, to make the registrations with the health insurance companies and with the relevant registries for the deposit of remunerations and in any other cases that may arise out of any contract and/or professional relationship with the data owner, and that are deemed necessary for the fulfillment or execution thereof; (2) with respect to suppliers, to keep a register with essential contact and billing information for the services provided by them; and (3) with respect to donors and volunteers, for promotional, communication, marketing and fundraising purposes.

If the Foundation decides to send unsolicited direct advertising messages that the donors, volunteers, suppliers, employees and/or associates have not consented to receiving, the Foundation will offer them the possibility to file an opt-out or to request to be removed or blocked from such specific database.

If the database is assigned or used for a purpose other than the purpose for which it was originally intended, the Foundation will obtain the free, express and informed consent of donors, volunteers, suppliers, employees and/or associates.

In the event of merger and/or dissolution, the Foundation may disclose or transfer the information of donors, volunteers, suppliers, employees and/or associates to the continuing or surviving Foundation or Institution.

If the personal data collected becomes no longer useful or the purpose for which it was collected has been fulfilled, the data must be destroyed in accordance with the Secure Disposal of Information Procedure.

4. Confidencialidad de los datos personales (art. 10 Ley 25.326)

En cumplimiento con el Art. 10 de la Ley 25.326, La Fundación no venderá, alquilará o compartirá la información personal de donantes, voluntarios, proveedores, empleados y/o colaboradores excepto en las formas establecidas en esta política.

Para dar cumplimiento a lo antes descripto, todos los empleados y/o colaboradores y proveedores de La Fundación, al momento de ingresar y/o prestar servicios a la organización deberán firmar un Acuerdo de Confidencialidad, por medio del cual se comprometen a mantener el mismo nivel de Confidencialidad y Privacidad de los datos que mantiene La Fundación.

La Fundación podrá contratar a terceros para llevar a cabo ciertas tareas tales como envío de correos postales y electrónicos y análisis estadístico de datos, entre otras. Dichos terceros sólo contarán con el acceso a la Información necesaria para cumplir con sus tareas y funciones, no pudiendo utilizarla para otros fines. (Ver punto 7: Prestaciones de servicios de tratamiento de datos por terceras partes).

La Fundación hará todo lo que esté a su alcance para proteger la privacidad de la información. Pero eventualmente, puede suceder que en virtud de órdenes judiciales o de regulaciones legales, se vea obligado a revelar información a las autoridades o terceras partes.

5. Security of Personal Data, Application of Rule 11/06

The Foundation takes and maintains appropriate measures to properly safeguard the personal data provided by donors, suppliers, employees and/or associates, implementing the internal technical and organizational measures necessary to ensure the security and confidentiality of the data, and trying by all means to prevent unauthorized access to data.

However, given the current state of technology, the Foundation cannot guarantee that unauthorized access will not occur.

6. Advertising or Direct Marketing Activities

Pursuant to Article 27 of Law 25326 and Rules 10/08 and 04/09, any form and/or any other document by means of which direct marketing activities are carried out, must abide by the following clauses:

– “The owner of personal data may exercise the right of access to such data free of charge at intervals of no less than six months, unless the holder demonstrates legitimate interest pursuant to the provisions set out in Article 14(3) of Law No. 25326.”

– “The NATIONAL DIRECTORATE FOR PERSONAL DATA PROTECTION, the governmental agency responsible for enforcing Law No. 25326, has the authority to handle complaints and claims filed for non-compliance with the regulations in force regarding personal data protection.”

– “The owner of personal data has the right to exercise the right of removal or total or partial blocking of its name from the database. Furthermore, when unsolicited direct advertising communications are sent without the prior consent of the personal data owner, the communication must include a prominently displayed disclaimer that the message is a marketing communication.”

7. Data Processing Services by Third Parties

Pursuant to Article 25 of Law 25326 and Decree 1558/2001, if personal data is processed by a third party, an agreement must be executed whereby such third party agrees that it shall not apply or use the data for any purpose other than that stated in the service agreement, and that it shall not transfer them to any other person. The agreement must also establish that upon termination of the services to be rendered under the agreement, any personal data processed shall be destroyed, unless express authorization is given when there is a presumption that subsequent orders may be placed, in which case the data may be stored under appropriate security conditions for a period of up to two years.

Such agreements shall include the security levels provided for in Law 25326 and supplementary regulations, as well as the confidentiality and privacy requirements that lessees are required to observe in connection with the information obtained.

Furthermore, such agreements must provide, in particular: (i) that the data processor shall only act on instructions from the data controller; (ii) that the obligations under Article 9 of Law No. 25326 shall also apply to the data processor.

8. Rights of Data Owners and How to Respond to the Exercise of their Rights

Data subjects or owners have the following rights:

Right to Information: Any person may request the enforcing authority information regarding the existence of personal databases, the purpose and the persons ultimately responsible for such databases. The information must be clear, comprehensive and complete.

Right of Access: The data subject or owner may obtain information on its own personal data included in public or private data banks that are intended to provide reports.

The requested information must be provided within 10 (TEN) calendar days after receipt of notice.

If the request is not fulfilled within the required timeframe, an expeditious action for protection of personal data may be initiated. The right of access referred to in this section may only be exercised free of charge at intervals of no less than six months, unless legitimate interest is demonstrated in the particular case.

Right to Correct, Update or Delete data: The person responsible for, or user of a data bank, must proceed to correct, delete or update the personal data within a maximum of 5 (FIVE) working days following receipt of the request. The failure to comply with this obligation within the required timeframe will enable the data subject to initiate expeditious proceedings for data protection.

Any such requests should be submitted to the following email address for appropriate action: info@rewildingargentina.org.

9. Privacy Policy Training, Disclosure and Dissemination

The Foundation will provide training, education and awareness programs to any associates, employees and/or suppliers relating to this Privacy and Personal Data Protection Policy. For the purpose of evidencing such training, every employee and/or supplier attending the training will be required to sign an attendance record that will be kept by the Foundation.

Article 27(3) of Law 25326

The data owner may at any time request the removal or total or partial blocking of its name from the data banks referred to in this article.

Decree 1558/01- Article 27(3)

Any communication that is designed for advertising purposes that is sent by mail, telephone, e-mail, Internet or other remote means, shall clearly and prominently displayed a text indicating the possibility of the data owner to request the removal or total or partial blocking of its name from the database. At the request of the subject, the name of the person in charge or user of the database who provided the information must be given.

The personal data owner or subject may exercise the right of access to such data free of charge at intervals of no less than 6 months, unless the owner demonstrates legitimate interest in accordance with the provisions in Article 14 (3) of Law 25326.

“The National Directorate for Personal Data Protection, the governmental agency responsible for enforcing Law No. 25326, has the authority to handle the complaints and claims filed for non-compliance with the regulations in force regarding personal data protection.”

In order to actually disclose and disseminate this Policy, the Foundation will distribute copies of the policy to all employees and/or suppliers, who must read the terms and conditions therein and sign their names at the bottom of the last page as evidence of having read it and of their compliance with the policy requirements.