1. Introduction and Scope of the Policy
ABACAXI INVESTMENT GROUP SASWe are a company dedicated to providing digital and technological services. For the purposes of this policy, we act as the data controller of the personal information you provide to us, and we are fully committed to protecting the privacy and personal data of our clients, employees, suppliers, and any other interested parties. This policy sets forth the principles, procedures, and standards we follow to collect, use, store, protect, and delete personal data, in strict compliance with current data protection laws in Argentina (Law No. 25,326), Brazil (General Data Protection Law – LGPD, Law No. 13,709/2018), Chile (Law No. 19,628), and Peru (Law No. 29,733), as well as other relevant regulations in the countries where we operate, such as the European Union’s General Data Protection Regulation (GDPR), when applicable, and the California Consumer Privacy Act (CCPA).
This policy applies to all personal data we process, whether in digital or physical format, and is mandatory for all employees and collaborators of the company.
2. Fundamental Principles of Data Protection
In ABACAXI INVESTMENT GROUP SAS, we are governed by the following principles:
* Lawfulness, Fairness, and Transparency: Data is collected in a lawful and fair manner. We inform data subjects clearly and transparently about what data we are collecting and why.
* Purpose Limitation: Personal data is collected for specific, explicit, and legitimate purposes. We do not use it in ways that are incompatible with those purposes.
* Data Minimization: We collect only the personal data that is strictly necessary for the stated purpose.
* Accuracy: We keep personal data accurate and up to date. We take measures to rectify or delete inaccurate data.
* Storage Limitation: Data is retained only for as long as necessary to fulfill the purposes for which it was collected.
* Integrity and Confidentiality: We implement technical and organizational security measures to protect personal data against unauthorized or unlawful processing, and against accidental loss, destruction, or damage.
* Proactive Responsibility (Accountability): We are responsible for complying with this policy and with data protection laws. We maintain records of our processing activities to demonstrate this compliance.
3. Collection and Use of Personal Data
We collect personal data through various channels, such as:
* Registration forms on our website or applications.
* Service contracts.
* Communications via email, phone, or chat.
* Cookies and tracking technologies on our website.
* Employee hiring.
The data we may collect includes, but is not limited to:
* First and last name.
* Email address.
* Phone number.
* Mailing address.
* Billing and payment information.
* Data on the use of our services.
Attached CV (file that may contain personal, employment, and academic data).
académicos).
We use this data to:
* Provide and manage our services.
* Process payments and billing.
* Communicate with clients.
* Coordinate meetings.
* Improve user experience and our products.
* Send marketing communications (with prior and explicit consent).
* Evaluate your professional profile.
* Consider your application in current or future selection processes.
* Contact you regarding job opportunities.
Comply with our legal and contractual obligations.
4. Protection of Minors’ Data
The protection of children’s and adolescents’ data is a priority. In all jurisdictions where we operate, the processing of minors’ personal data must be carried out in their best interest.
* Parental/Guardian Consent: We do not collect personal data from children under the age of 13 without verifiable consent from their parents or legal guardians. The age of consent may vary depending on the jurisdiction. For users in Brazil, this limit is 12 years; in Argentina, 14 years; and in Chile, Colombia, and Peru, parental consent is generally required for minors under 18.
* Collection Limitation: We collect the minimum amount of personal data possible from minors.
* Clear Communication: Privacy policies addressed to minors are written in clear, simple, and accessible language.
* Parents’/Guardians’ Rights: Parents or guardians have the right to access, rectify, or request the deletion of their children’s personal data at any time.
If we discover that we have collected personal data from a minor without the proper consent, we will take immediate steps to delete such information from our records.
5. Data Subjects’ Rights (ARCO and Related Rights)
In accordance with Argentine, Brazilian, and other applicable legislation, data subjects have the following rights regarding their personal data:
* Access: The right to request a copy of the personal data we hold about you.
* Rectification: The right to request the correction of inaccurate or incomplete data.
* Cancellation/Erasure (Right to be Forgotten): The right to request the deletion of your personal data.
* Objection: The right to object to the processing of your data for certain purposes.
* Portability: The right to receive your data in a structured, commonly used format, and to transmit it to another data controller.
* Withdrawal of Consent: The right to withdraw your consent to the processing of your data at any time.
To exercise any of these rights, data subjects may submit a request to our Data Protection Officer at the email address [corporate@abacaxigroup.com ]. We will respond to the request within 10 business days in accordance with applicable legislation.
6. International Data Transfer
Since we operate in multiple countries, the transfer of personal data across borders is an essential part of our operations. We ensure that any international data transfer is carried out securely and lawfully, in compliance with the following criteria:
* Countries with Adequate Protection Level: We only transfer data to countries that the Argentine supervisory authority (Dirección Nacional de Protección de Datos Personales), the Brazilian authority (Autoridade Nacional de Proteção de Dados – ANPD), and the Colombian authority (Superintendencia de Industria y Comercio – SIC) consider to have an adequate level of data protection.
* Standard Contractual Clauses: If we transfer data to countries that do not offer an adequate level of protection, we use standard contractual clauses approved by the competent authorities to ensure that the data is handled with the same level of security.
* Explicit Consent: In certain cases, we will request the explicit consent of the data subject to transfer their data.
7. Data Security
We have implemented appropriate technical and organizational security measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include:
* Data encryption in transit and at rest.
* Restricted access controls to information.
* Regular security audits.
* Ongoing staff training on data protection.
* Incident response plans for security breaches.
8. Data Protection Officer (DPO)
We have appointed a Data Protection Officer to oversee compliance with this policy and to serve as the point of contact for supervisory authorities and data subjects.
* Name: Cristian Crifo Baena
* Position: Chief Compliance Officer
* Email: corporate@abacaxigroup.com corporate@abacaxigroup.com
9. Changes to the Policy
We reserve the right to update this data protection policy at any time. Any significant changes will be communicated through our usual channels, such as our website and official social media platforms.
Date of last update: 25/08/2025