According to what is established in the Definitions section, Sensitive Data are those that affect the privacy of the Data Subject or whose improper use may generate discrimination, such as those that reveal racial or ethnic origin, political orientation, religious or philosophical convictions, membership in trade unions, social organizations, human rights organizations or that promote the interests of any political party or that guarantee the rights and guarantees of opposition political parties, as well as data related to health, sexual life and biometric data.
The Company may only process this type of data in the following cases:
5.1.1. The Data Subject has given his/her explicit authorization to such Processing, except in those cases where by law the granting of such authorization is not required;
5.1.2. The Processing is necessary to safeguard the vital interest of the Data Subject and he/she is physically or legally incapacitated. In these events, the legal representatives must grant their authorization;
5.1.3. The Processing is carried out in the course of legitimate activities and with due guarantees by a foundation, NGO, association or any other non-profit organization, whose purpose is political, philosophical, religious or trade union, provided that they refer exclusively to its members or to persons who maintain regular contacts by reason of their purpose. In these events, the data may not be provided to third parties without the authorization of the Data Controller;
5.1.4. The Processing refers to data that are necessary for the recognition, exercise or defense of a right in a judicial process;
5.1.5. The processing has a historical, statistical or scientific purpose. In this event, the measures leading to the suppression of the identity of the Data Controllers must be adopted.
In any case, and given the nature of this type of data, The Company must comply with the following obligations:
5.1.6. To inform the Data Subject that since it is sensitive data, he/she is not obliged to authorize its processing.
5.1.7. Inform the Data Subject explicitly and in advance, in addition to the general requirements of authorization for the collection of any type of personal data, which of the data to be processed are sensitive and the purpose of the processing, as well as obtain their express consent.
According to what is established in the definitions section, public data are those that are not semi-private, private or sensitive. Public data are considered, among others, data relating to the civil status of persons, their profession or trade, and their status as merchants or public servants. By their nature, public data may be contained, among others, in public records, public documents, official gazettes and bulletins and duly executed court judgments that are not subject to confidentiality.
Whenever data of this nature are involved, The Company may process them in accordance with the legal requirements in force.
Semi-private and Private Data
For the treatment of this type of data, The Company must have the corresponding authorization from the owner of the information, given its nature. This authorization will be made based on the provisions of the Constitution and current regulations, as well as as as determined in paragraph 5.4 of this Policy Manual for the Treatment of Information.
Notwithstanding the exceptions provided by law, the processing requires the prior and informed authorization of the Data Subject, which must be obtained by any means that may be subject to consultation and subsequent verification.
5.4.1. Cases in which the Card Holder’s authorization is not required:
220.127.116.11.Information required by a public or administrative entity in the exercise of its legal functions or by court order;
18.104.22.168. Data of a public nature;
22.214.171.124.Cases of medical or sanitary emergency;
126.96.36.199.Processing of information authorized by law for historical, statistical or scientific purposes;
188.8.131.52.Data related to the Civil Registry of Persons.