Privacy Notice

1. Purpose

This privacy notice on personal data processing (hereinafter, the Privacy Notice), is aimed at informing how Cirion, whose ID details as well as the domicile for service of process may be verified according to the country where you are located (see Annex 1), conducts the processing of the personal data it collects in its capacity as controller through its webpage www.ciriontechnologies.com (hereinafter, the “Webpage”) . This data is collected by navigating and using the Webpage, filling virtual forms, and through different spaces on the Webpage for entering personal data virtually. Additionally, this Privacy Notice shall apply to other data collection channels when so informed thereby to the personal data subjects.

For these purposes, “Subject” shall refer to the person whose data is collected and processed pursuant to the terms of the Privacy Notice. Only personal data for which due consent has been obtained is processed, or data subject to other permissive conditions for their processing, as established in the appliable country’s legislation.

2. Statement on Cirion Customer Personal Data

Some data protection laws distinguish between the activities a business conducts on behalf of another business or person (sometimes referred to as a processor, third party or service provider), and those activities that a business conducts on behalf of itself (sometimes referred to as a controller or business). This Privacy Notice covers only those activities that Cirion engages in as a controller of your personal data, including when you engage with our website, or interact with us. It does not cover those activities Cirion engages in as a processor to its customers.

Cirion provides digital infrastructure and technology solutions to business to business and wholesale businesses (hereinafter, the Services). This means we may store or have access to limited personal data on behalf of our customers. Where we process personal data as a processor, we do so in accordance with our customers’ instructions, and this Privacy Notice does not apply.

3. Regulatory Framework

This Privacy Notice is governed by the applicable country or state legislation, in particular, when reference is made to “your country’s jurisdiction,” the “applicable regulation,” or “your country’s current legislation”, it shall be understood as the regulation listed as Annex 2 to this Privacy Notice applicable to you based on the location from which you are interacting with us.

4. Retention Period

Personal data shall be retained as long as necessary to fulfill the purpose for which it was collected and (if applicable) while the Subject has not revoked their consent, pursuant to your country’s applicable legislation.

Upon fulfillment of said purpose, your personal data may continue to be processed by us for the reasons indicated below:

  • If there exists a statutory or contractual obligation on their retention.
  • If necessary for research purposes, for auditing purposes, and/or for the regular exercise of our rights in judicial, administrative, or arbitration proceedings.

5. Personal Database

The personal data provided by the Subject shall be stored, pursuant to your legislation’s requirements, in a personal database owned by Cirion, duly registered in the Registry of your country (where applicable).

6. Collected Data and Purposes

Cirion collects personal data from three different sources as described below.

a. Collected Directly

Cirion collects personal data directly from the Subject when they interact with us for the following purposes:

  • To respond to your inquiries: to request a meeting with our experts, to be contacted to receive information about Cirion’s services, and to receive quotations, and, where applicable, for Cirion’s service provision, we may collect personal data of an identifying nature and contact personal data, such as first and last name, country, company, corporate e-mail, job title, telephone number and reason for your inquiry.
  • Marketing: to contact you advertising the products and/or services offered by Cirion we may collect e-mail and your marketing preferences.
  • To Communicate with you: with the valid consent of the Subject, which may be revoked at any time, Cirion may contact you via e-mail to send you notifications, surveys, and information about events and solutions.
  • Transactions: to process payments.
  • Security and video surveillance: to maintain physical security inside the facilities and guarantee the operation of services.

b. Collected Automatically

  • Cirion collects certain usage data, or visitor data, automatically when using the website.
  • Usage data may include information such as your device’s Internet Protocol (“IP) Address, browser type, browser version, device location, mobile operating system, the pages that you visited on our websites, the time and date of your visit, time spent on the page, and other diagnostic data.
  • Cirion uses usage data to optimize your experience on our websites, to improve our services, to detect, prevent and respond to suspicious activities and for marketing activities.

For more information on how Cirion uses Cookies and other tracking technologies, and how to manage your preferences, see Use of Cookies on the Webpage.

c. Collected from Third Parties

Where permitted, Cirion may collect personal data from third parties, duly authorized to transmit it    in order to connect with the Subject, direct marketing, commercial referrals, among others.

These purposes are necessary for the legal relationship between Cirion and the Subject, and if the Subject does not provide this data, or provides erroneous or inaccurate data, Cirion will not be able to fulfill this purpose.

Cirion reserves the right to make any type of automated decisions regarding their personal data, pursuant to your country’s current legislation.

7. Transfer, Transmission, and Recipients

a. Transfers for a Business Purpose

Cirion uses service providers for the following business purposes:

  • Business Transactions – if Cirion is involved in a merger, acquisition, or asset sale, Subjects’ personal data may be transferred to third parties involved in the transaction. If personal data is transferred and becomes subject to a different privacy notice, Cirion will provide notice to Subjects prior to the transaction.
  • Law Enforcement – where required by law, Cirion may disclose personal data to law enforcement or to public authorities.
  • To Comply with Legal Requirements – Cirion may disclose Subjects’ personal data if it is necessary to comply with its legal requirements; to protect and defend Cirion’s rights or property; to prevent or investigate possible wrongdoing; to protect the safety of others or the public; or to protect Cirion against legal liability.
  • Fulfill Transactions – In order to fulfill a transaction, Cirion may disclose billing information with third parties to process payments on our behalf.
  • Security – to protect the security of our systems, Cirion may use service providers to assist in monitoring and protecting against unauthorized or unlawful access to its systems.

b. Consent to Data Transfer

By accepting this Privacy Notice, the Subject authorizes their personal data to be shared with service providers, who may be located in countries other than the Subject’s country and that enable the fulfillment of the purposes described in this Privacy Notice, or with third parties with whom Cirion has an obligation regarding information transfer.

If you do not want your personal data to be transferred, please send an e-mail to: data.privacy@ciriontechnologies.com. The admissibility of the objections to data transfer shall be assessed on a case-by-case basis.

In order to safeguard your privacy, we use contracts to guarantee that the third parties receiving your personal data in our name provide the same level of protection as we do.

Whenever there is an international transfer of personal data under our responsibility, we make sure that said transfer is made only to countries that offer a similar level of protection to the one provided by the laws of the territories where we operate, or that these transfers have been authorized by the subject and/or their data protection authorities, pursuant to your country’s legislation.

8. Security Measures

Cirion adopts the necessary security measures to guarantee the protection of the Subject’s information in order to avoid unauthorized or illegal alteration, loss, destruction, damage, processing, disclosure thereof, and/or access thereto, taking into consideration the nature of the information and the risks the data is exposed to. To protect the Subject’s personal data, measures have been put in place, which at least imply the following:

  • Control and registration of accesses and privileges, as well as verification thereof from time to time.
  • Record of events, logical interactions.
  • User identification and authentication through password use and management.
  • Information copies and backups in a controlled and authorized manner.
  • Security in personal data processing environments.

9. Confidentiality

Cirion agrees not to disclose or share the personal data provided by the Subject without their consent, except for the following cases:

  • When necessary for the purpose for which the information was collected.
  • When the Information subject is duly notified before the disclosure or at the time of collection of the Information, and their previous and express consent is obtained.
  • When consent is not a requirement pursuant to your country’s legislation.
  • When the Information is required by public entities within their area of competence and in the exercise of their duties and powers.
  • When the Information is requested by virtue of court orders or legal provisions.
  • When it comes to access to Information by auditors, lawyers, and other professionals in exercise of their duties, who are subject to keep professional secrecy.
  • In any other cases provided for and authorized by your country’s legislation.

If otherwise stated by your country’s jurisdiction in regard to these events, Cirion shall comply with the provisions set forth in said legislation.

10. Use of Cookies on the Webpage

Cookies are small text files from websites that are stored in your computer, smartphone, tablet, or any other Internet access device, in order to collect some specific information on your navigation experience and your preferences. Cookies cannot damage your computer or device, and they are very useful as they help us identify and resolve errors.

The Webpage uses its own cookies and third-party cookies, which may be classified as follows and for the following purposes:

  • Preference cookies: These cookies enable the webpage to remember information that changes the way it behaves or looks, such as your preferred language or the region that you are located in.
  • Statistical cookies: These cookies help website owners understand how visitors interact with webpages by collecting and providing information anonymously.
  • Marketing cookies:  These cookies are used for tracking webpage visitors. They are aimed at displaying relevant adds that are appealing to the individual user, and therefore, more valuable for editors and third-party advertisers.
  • Targeting cookies: These cookies are established by our advertising partners. These companies may use a profile of your interest and display relevant adds in other websites. They exclusively identify your browser and your Internet device.
  • Performance cookies: These allow for counting visits and traffic sources in order to measure and improve our website performance. They help us know which webpages are the most and the least popular and see how visitors navigate the website. All the information collected by these cookies is aggregated.
  • Functional cookies: These cookies enable the website to offer improved functionality and customization. They may be established by Cirion or by third-party service providers whose services we have added to our webpages.
  • Necessary cookies: These cookies help us build a usable webpage by activating basic features like webpage navigation and access to webpage safe areas. The webpage cannot work properly without these cookies.

You may accept or reject the use of cookies that are not necessary through the message regarding cookies displayed when you visit the Webpage for the first time. If you accept third-party cookies, you can delete them, if you wish to do so, directly through the cookie management options of your browser.

Additionally, you may allow, block, or delete the cookies installed in your computer or device through the cookie settings of the browser installed in your computer or device.

However, please note that the use of cookies enables us to provide you with a better experience concerning the use of our services. If you change the cookie settings, your navigation experience may not be optimal.

Do Not Track Signals. Some web browsers allow you to turn on Do Not Track (“DNT”), which sends signals to websites you visit, telling those sites that you do not want your online activities to be tracked. Our websites currently are not designed to respond to DNT signals received from web browsers.

11. Exercise of Rights

You may have certain rights under applicable data protection laws, depending on the country from which you are interacting with us.  

a. LATAM Rights

The Subject may exercise the right of processing confirmation, access to, rectification, correction of incomplete, inaccurate, or outdated data, opposition, cancellation, anonymization, blocking or deletion of unnecessary or excessive data, revocation, portability, information on the processing, suppression, deletion, updating, inclusion, annulation, limitation of the processing, the right not to be subject to decisions made only based on automated assessments, the right of  limitation of use, disclosure of personal data, and further rights enshrined in the applicable law, through a request that may be addressed to the following e-mail address: data.privacy@ciriontechnologies.com. Additionally, Subjects may exercise their rights in person at the addresses set out in Annex No. 1 to this Privacy Notice.

b. Additional Rights for California Residents

The California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (hereinafter “CCPA”), requires that we disclose the privacy rights applicable to California residents regarding their personal data (or Personal Information). We have defined the rights applicable to California Residents below:

Access and Know:

You may have the right to know the categories of Personal Information collected about you, the purposes for Processing your Personal Information, and to know whether your Personal Information is disclosed / Sold and to whom. You may also have the right to access certain pieces of your Personal Information and to receive a copy of your information.

Data Portability:

You may have the right to request the transfer of your Personal Information to you or to a third party. We will provide to you, or a third party you have chosen, your Personal Information in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for Us to use or where we used the information to perform a contract with you.

Deletion: 

You also may request that we erase your information. You also have the right to ask us to delete or remove your Personal Information where you have successfully exercised your right to object to Processing  (see below), where we may have processed your information unlawfully or where we are required to erase your Personal Information to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Limit Use and Disclosure of Sensitive Personal Information:

You may have the right to direct Company to limit our use of your sensitive Personal Information to that use which is necessary to perform the services, and which is reasonably expected by the average consumer requesting the services. For the avoidance of doubt, “Sensitive Personal Information” as used in this Privacy Policy shall have the same meaning as “sensitive personal information” under the California Consumer Privacy Act of 2018 as amended (CCPA).

Non-Discrimination / Non-Retaliation:

You may have the right not to receive discriminatory treatment by the Company because you exercise your privacy rights.

Opt Out of the Sale or Sharing:

You may have the right to opt out of the Sale of your Personal Information, to the extent applicable. Company does not engage in the Sale of Personal Information. You may also have the right to request that we do not share your Personal Information with third parties.

Opt Out of Profiling and/or Cross Context Behavioral Advertising:

You may have the right to opt out of the Processing of your Personal Information for the purposes of Cross Context Behavioral Advertising, or Profiling which is used in furtherance of decisions that produce legal or similarly significant effects. “Profiling” means any automated processing of Personal Information to evaluate, analyze, or predict aspects concerning an individual’s economic situation, health, personal preferences, interest, reliability, behavior, location or movements.

Request Correction: 

You may have the right to request correction of the Personal Information that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.

c. Making a Request, Verification, Reviewing Requests, and Appeals

Cirion strives to make Subject requests simple and free. pursuant to the provisions set forth in your country’s legislation. Notwithstanding the foregoing, Cirion may retain some specific information of the Subject requesting cancellation, to be used as evidence in the event of a potential claim. The retention term shall not exceed the statute of limitations of said responsibilities pursuant to law. If any information on the user’s logical interactions with the Webpage cannot be deleted due to technical limitations, this data shall be anonymized so it cannot be used to identify the Subject or to make them identifiable.

12. Personal Data Portability

Upon express request of the Subject, Cirion may return the personal data collected on them, in a compatible, updated, structured, common, interoperable, and mechanical-reading format, preserving its characteristics, or it may deliver it to a person duly appointed by the Subject for said purpose.

Subject’s data portability will not apply for information inferred, created, generated, obtained, or resulting from any analysis or processing conducted by Cirion.

13. Personal Data Protection Delegate

Cirion has appointed an individual responsible for the fulfillment of the personal data protection policies adopted for each one of the jurisdictions where it operates. For more information on this appointment, please visit the company’s website or send an e-mail to data.privacy@ciriontechnologies.com.

14. California Shine the Light Notice

California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits our Subjects who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the following e-mail address: data.privacy@ciriontechnologies.com.

15. Children's Privacy

Cirion’s website is not intended for use by anyone under the age of eighteen (18). In accordance with the Children’s Online Privacy Protection Act (“COPPA“). Cirion does not knowingly request or solicit personal data from anyone under the age of eighteen (18). In the event that we receive actual knowledge that we have collected such personal data without parental consent, we will take steps to permanently delete that information from our personal database.

16. Brazilian General Data Protection Law

Cirion processes personal data in accordance with the guidelines of the Brazilian General Data Protection Law – Law 13,709/2018 (“LGPD”) and other relevant legislation.

In that sense, it is possible to point out that in its processes there are treatments that involve:

  • Personal data (Art. 5, I, LGPD): Information relating to an identified or identifiable natural person. Cirion collects information from its customers at the time of prospecting, contracting, or using services, through service channels or an electronic form available on the website of the company.
  • Sensitive Personal Data (Art. 5, II, LGPD): Data related to racial or ethnic origin, religious belief, political opinion, affiliation to a union or an organization of religious, philosophic or political nature, data related to health or sexual habits, genetic or biometric data, when connected to a natural person. The sensitive personal data collected by Cirion is from our employees, to comply with a legal or regulatory obligation.
  • Children and teenager personal data (Art. 14, LGPD) – The data is collected by Cirion to comply with a legal or regulatory obligation due to benefits extended to the dependents of Cirion employees, as well as the young apprentice program. Cirion does not collect data from minors for other purposes.
  • Personal data publicly available (Art. 7, § 3, LGPD) – data manifestly made public by the Data Subject.
  • Data Subject: a natural person to whom the personal data that are the object of processing refer to.
  • Controller: natural person or legal entity of either public or private law in charge of making the decisions regarding the processing of personal data.

Cirion declares its commitment to the principle of data quality, ensuring that the personal data collected and processed is accurate, relevant, and specific.  

a. Legal hypotheses applicable to the processing of personal data carried out by Cirion

Cirion supports its data processing operations with the following legal hypotheses: 

  • Compliance with a legal or regulatory obligation: data processing is justified by the obligation to comply with applicable laws.
  • Contract execution or preparation: the processed data is used specifically for the preparation of the contract and throughout the performance of the contract.
  • Regular exercise of rights: the data may be used in judicial, administrative or arbitration proceedings.
  • Consent:the consent provided by the Data Subject is the free, informed, and unequivocal manifestation by which the Data Subject has agreed to the processing of his/her personal data for a specific purpose.
  • Legitimate interest: the legitimate interest of the Controller may base the processing for legitimate purposes, judged on the basis of concrete situations, which include, but are not limited to: (i) Support and promotion of the Controller’s activities; (ii) Protection, in relation to the Data Subject, of the regular exercise of his/her rights or provision of services that benefit him/her, respecting his/her legitimate expectations and fundamental rights and liberties. 

b. Rights of Data Subjects

Upon request to Cirion, as provided for in article 18 of LGPD, Data Subject may exercise the following rights:

  • Confirmation of processing existence – the Data Subject will obtain information on the existence or not of personal data in the Cirion database;
  • Data access – the Data Subject may obtain a report of all the data contained in the Cirion database, with information on the origin, forms of processing and sharing with third parties;
  • Data correction – the Data Subject may request the correction of incomplete, inaccurate, or outdated personal data;
  • Data portability – the standard for portability will still be defined by the National Data Protection Authority (ANPD);
  • Deletion of personal data – the Data Subject may request the deletion of the personal data processed by Cirion, the request for which will be subject to a feasibility assessment, in accordance with the law;
  • Information on sharing – The Data Subject may request specific information about the sharing of data with public and private entities;
  • Anonymizing or blocking – The Data Subject will have the request registered for execution, within the legal deadline. Important: anonymized data is that relating to a Data Subject who cannot be identified, considering the use of reasonable technical means available at the time of its processing;
  • Automated Decision – The Data Subject will receive explanations about automated decisions, such as the use of robots to collect data for the creation of online marketing campaigns, and may request their review;
  • Objection to data processing – The Data Subject may object to certain types of processing and purposes;
  • Revocation of consent – The Data Subject may receive explanations about the consent (confirmation given for the collection and processing of their data) and request its revocation;
    • 1º If the Data Subject withdraws consent for purposes that are fundamental to the regular functioning of this website, some environments and services may be unavailable for the use by the Data Subject.
    • 2º Even if the Data Subject requests the deletion of his/her Personal Data, there are hypotheses in which such data may be kept stored, due to the provisions of article 16 of the LGPD: (i) compliance with a legal or regulatory obligation by the Controller; (ii) study by a research body, ensuring, whenever possible, the anonymization of personal data; and (iii) transfer to a third party, provided that the data processing requirements set forth in the LGPD are respected; or (iv) exclusive use by the Controller, with no access by third parties, and provided that the data is anonymized.

Cirion´s Data Protection Officer will receive the request from the Data Subject via the portal available at www.ciriontechnologies.com or by e-mail to the following address: data.privacy@ciriontechnologies.com, and will take the necessary steps to return within the period provided for by law, up to 15 days after receiving the request.

17. Changes to the Privacy Notice

Cirion may modify, update, or supplement the Privacy Notice at any time. Any modification, update, or addition in regard to this notice shall be immediately communicated through the Webpage, and through any other channels that may be determined, requesting the approval of the new conditions where applicable.

Last update: February, 2024

Annex 1

Who are we in your country?

CountryNameAddressTax ID

Argentina

Cirion Technologies Argentina S.A.

Alférez Pareja 256, Buenos Aires

30-62674717-1

Brasil

Cirion Technologies do Brasil Ltda.

Av. Eid Mansur, 666, Parque São George, Cotia (SP)

72.843.212/0001-41

Brasil

Cirion Technologies Participações e Comercial Ltda.

Av. Eid Mansur, 666, Parque São George, Cotia (SP)

03.357.424/0001-04

Brasil

Cirion Technologies e Serviços do Brasil Ltda.

Av. Eid Mansur, 666, Parque São George, Cotia (SP)

03.427.524/0001-51

Brasil

Cirion Technologies Holding Brasil Ltda.

Av. Pedro II, 329, São Cristovão, Rio de Janeiro (RJ)

03.401.849/0001-65

Chile

Cirion Technologies Chile S.A.

Av. Kennedy 5735 oficina 802 Edificio Marriott Torre Poniente, Los Condes, Santiago de Chile

96.896.440-2

Colombia

Cirion Technologies Colombia S.A.S.

185 st. N° 45 – 03, C.C. Santafé, Corporate Tower, 5th floor, City of Bogotá

800.136.835-1

Costa Rica

Cirion Technologies Costa Rica S.R.L.

Provincia de San Jose, Canton Escazú, distrito Guachipelin de la entrada a desnivel de Multiplaza 800mts norte VMG Business Center, Oficina 13

3-102-370195

Ecuador

Cirion Technologies Ecuador S.A.

Calle Juan Diaz Nro. 37-111, Urbanización Iñaquito, Alto Quito, Ecuador

1791252322001 (RUC)

México

Cirion Technologies Mexico II, S. de R.L. de C.V.

Lago Zúrich Nro. 96, Col. Ampliación Granada, Miguel Hidalgo, México DF.

GCM041215ET7

México

Cirion Technologies Mexico, S. de R.L

Lago Zúrich Nro. 96, Col. Ampliación Granada, Miguel Hidalgo, México DF

GCL990526IY8

Panamá

Cirion Technologies Panamá Inc

Avenida Arnulfo Arias y Calle Ramón Levy Balboa, Edificio Nro. 851. Panamá City

94331-1-377666

Perú

Cirion Technologies Peru S.A.

Avenida Manuel Olguín 395, Urb. Los Granados, Santiago de Surco, Lima

20252575457

Puerto Rico

Cirion Technologies Solutions, LLC. (Puerto Rico Branch)

801 Brickel Avenue, Suite 2400, Miami-Florida, 33131

65-0600569

Uruguay

Cirion Technologies Argentina S.A., Sucursal Uruguay.

Juncal, 1392 – Montevideo

214789730017

USA

Cirion Technologies Solutions, LLC

801 Brickell Avenue, Suite 2400, Miami-Florida, 33131

65-0600569

US Virgin Islands

Cirion St. Croix, Inc.

801 Brickell Avenue, Suite 2400, Miami-Florida, 33131

66-0575696

Venezuela

Cirion Technologies S.A.

Calle 7, Zona 1, Manzana B-2 Sector Sur, Edificio Impsat, La Urbina, Caracas

J-30046239-0

Annex 2

Applicable law

CountryApplicable Regulations

Argentina

Law No. 25,326: Law on personal data protection.

Brazil

Law No. 13,709/2018: General law on personal data protection.

Chile

Law No. 19,628: Law on private life protection.

Colombia

Law No. 1581 of 2012: Law on personal data protection and its Regulatory Order No. 1377 of 2013.

Costa Rica

Law No. 8968: Law on protection of the person regarding the processing of their personal data, and its regulations.

Ecuador

Official Register Supplement No. 459: Organic law on personal data protection.

México

Federal law on the protection of personal data held by private companies or individuals.

Panamá

Law No. 81 of 2019: Law on personal data protection, and its regulations.

Perú

Law No. 29733: Law on personal data protection and its regulations, approved by Supreme Order No. 003-2013-JUS.

United States of America (California)

California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act (Cal. Civ. Code 1798.100 et seq.); California Shine the Light Law (Cal. Civ. Code 1798.83); California Online Privacy Protection Act.

Uruguay

Law No. 18,331: Law on personal data protection and “habeas data” action; Regulatory Order No. 414/009; Law No. 19,670; and Regulatory Order No. 64/020.

Venezuela

Constitution of the Bolivarian Republic of Venezuela.