Skip to content
Close
SEARCH
en
dees
CONTACT
en
dees
CONTACT

Privacy, Confidentiality and Personal Data Protection Policy

Table of Contents
Loading...

1. General Commitment

With the aim of fully respecting the interests and expectations of its Clients, SIA INTERACTIVE has a serious commitment to the respect and observance of this Privacy, Confidentiality and Data Protection Policy, regarding the collection, use, storage, protection and disclosure of data, which it extends to its suppliers and other interested parties, in accordance with the specifications set out in the Annex to this policy.



2. Scope and Compliance Obligation

Both SIA INTERACTIVE and its suppliers, representatives, contractors and other interested parties undertake to comply with this Policy, as well as with all applicable regulations.



3. Privacy, Confidentiality and Data Protection Obligations

SIA INTERACTIVE assumes the following responsibilities to ensure the integrity of Personal Information:

  • To guarantee the privacy and confidentiality of the Personal Information provided by its clients through any of the websites, email, sales channels or any other means of communication, in accordance with the applicable regulations on the matter, in the countries where services are provided.
  • To maintain secrecy and confidentiality regarding all information accessed, even after the termination of the contractual relationship.
  • To train staff in safeguarding the privacy of personal data.
  • SIA INTERACTIVE only collects personal information freely and voluntarily provided by the Client, and does not store any other information that has not been provided in this manner.
  • Personal information will be stored, and clients —as the holders of the personal information stored— have the right to exercise the rights of access, rectification, cancellation and/or deletion.


4. Information Security Obligations

  • To properly manage SIA's assets, preventing damage, loss or unauthorized access.
  • To ensure proper management of credentials, access rights and passwords.
  • To follow emergency and incident response plans for security incidents.
  • To maintain a high level of physical security at its premises.
  • To facilitate the verification of implemented security procedures and controls.
  • To authorize independent security audits by SIA INTERACTIVE, its clients or authorized third parties.


5. Non-compliance and Measures

In the event of non-compliance with this Policy, SIA INTERACTIVE may take the necessary measures, including sanctions, suspension or termination of the contractual relationship.

If you have any complaint related to this Policy, you may submit it anonymously through the contact channels available on the website www.siainteractive.com.



6. Update

Document updated on April 20, 2026.



Annex

Definitions

For the purposes of understanding this "Policy", the following terms shall be understood as:

  • Personal Data: Any information linked to or that may be associated with one or more identified or identifiable natural persons, including biometric data. An identifiable person shall be understood as one who can be identified by means of any identifier or by one or more elements characteristic of the physical, physiological, genetic (genetic data), mental, economic, cultural or social identity of that person. A person shall not be considered identifiable when, in order to achieve their identification —whether because the data has been dissociated or anonymized, or simply because identification cannot be achieved by reasonable means— the application of disproportionate or unfeasible measures or timeframes is required.
  • Biometric data: data obtained from specific technical processing relating to the physical, physiological or behavioral characteristics of a human person, allowing or confirming their unique identification.
  • Genetic data: data relating to the inherited or acquired genetic characteristics of a human person which provide information about their physiology or health.
  • Public Data: Information found in public sites, the Commercial Registry, registry of bidders and other registries of a public nature. Data qualified as such under the mandates of law or the Political Constitution shall also be considered public data, as well as that which is not semi-private, private or sensitive. Public data includes, among others, those relating to the civil status of persons, their profession or occupation, their status as a merchant or public servant, and those that can be obtained without any restriction. By their nature, public data may be contained, among others, in public registries, public documents, gazettes and official bulletins.
  • Private data: Data which, due to its intimate or reserved nature, is only relevant to the data subject.
  • Sensitive data: Personal data that affects the intimate sphere of the data subject and has the potential to cause unlawful or arbitrary discrimination, in particular those revealing racial or ethnic origin, political opinions, religious, philosophical or moral convictions, participation or membership in a trade union, human rights, social or political organization, information regarding health, preferences and profiling, biometric data, or sexual life.
  • Database (including data lakes, data pools, etc.): an organized set of data (including in particular personal data) subject to processing, electronic or otherwise, regardless of the form of its creation, storage, organization or access. It may also be referred to as a file, registry, record or data bank.
  • Data Subject: All natural persons are the holders of their personal data. In the case of minors, their legal representatives shall have the authority to authorize or not the processing of their personal data.
  • Data Controller: All natural or legal persons, public or private, who decide on the databases and their processing.
  • Data Processor: All natural or legal persons, public or private, who carry out the processing of personal data on behalf of or by delegation from the controller.
  • Authorization and/or consent: The data subject's expression of will allowing their personal data to be processed, disseminated, delegated or transmitted to third parties. Consent must always be informed and expressly given by the data subject.
  • Processing: Any operation or set of operations on personal data, such as collection, retention, ordering, storage, modification, linking, evaluation, blocking or destruction and, in general, the processing of personal data by the controller or third parties, as well as its transfer through communications, queries, interconnections or transfers.
  • Personal data security incident: an event occurring at any stage of processing that involves the unauthorized loss or destruction, theft, misplacement or unauthorized copying, unauthorized use, access or processing of data, or unauthorized damage, alteration or modification.
  • International transfer: the transmission of personal data outside the national territory.


Application of the Policy

This Policy applies to any record of personal data made in person, by telephone or virtually, for the initiation of a commercial or employment relationship or for connection to any product or service of the company, or to evaluate the quality of services or to support internal or external audit processes.

SIA may at any time request the data necessary for the provision of its services, the acquisition of products from suppliers and interaction with clients, as well as data with legal implications for billing and payment processes, and shall apply this Policy accordingly.



Obtaining Consent

Prior to the collection of data, users will be asked for their express consent so that the company may use such data.

This consent of the data subject (e.g. a user) must be clear, express and informed. This means that it must be obtained in writing, verbally, or through unequivocal conduct of the data subject that reasonably allows the conclusion that the data subject has granted authorization. When supplying information, no user may use the identity or data of another person. At all times, the person must keep in mind that they may only include data corresponding to their own identity, which must be adequate, relevant, current and truthful.

By accepting this privacy policy, it must be expressly stated that data subjects authorize SIA to:

  1. Use the data they provide in any electronic manner, to send them communications and other documents.
  2. Use the information received from them for marketing purposes of products and services.
  3. Share personal data with commercial representatives.
  4. Allow access to information and personal data to auditors or third parties contracted to carry out internal or external audit processes inherent to the commercial activity we develop.
  5. Consult and update personal data, at any time, in order to keep such information up to date.

Once personal data has been provided —voluntarily and freely, through the signing of contracts, completion of forms, by telephone and/or registration on our Web portals, among others— such data shall be processed appropriately, used in accordance with the purpose specified for each of the databases managed by the company, and stored in the relevant database according to the service or product acquired.



Data Collection

Most of the personal data we collect is provided to us by our users when they register and use our services.

Contact data

When you complete one of our contact forms, you provide us with certain information voluntarily. Generally, when you share this information with us, you share your full name, your company name, your email address, and sometimes also your phone number, your address (when you request an invoice or we have to send you a product), the size of your business, your country and what you are interested in achieving with the required solution.

We never record or store our clients' banking information.

https://www.siainteractive.com/en/contact

Application data

When you apply for a job from our website or through an employment agency, we collect your contact information (name, email, phone) and any information you wish to share with us in your cover letter and Resume. For positions with a higher risk of application fraud, we will also collect your ID or Passport number, for the sole purpose of identifying candidates. If we decide to send you a job offer, we will also ask you to provide additional personal information to comply with our legal obligations and personnel management requirements.

We will never ask you to provide information that is not necessary for the recruitment process. In particular, we will never ask for information about your racial or ethnic origin, religious beliefs, trade union membership status or sexual life.

https://www.siainteractive.com/en/hire

Browser data

When you visit our website, our servers passively record a summary of the information your browser sends for statistical, legal and security purposes: your IP address, the date and time of your visit and the page or resource you are accessing, the version of your browser and platform.

We may also use your browser to store and retrieve your current session data with the help of a session cookie (see the Cookies section for more information).

Form protection

Some of our forms may be protected by Google reCAPTCHA. This technology uses heuristic procedures based on the technical characteristics of your browser and device. It may also use Google-specific cookies.

Customer databases

When you subscribe to a service at SIA Interactive, any information or content you submit or upload to your database belongs to you and you are responsible for its control.

Often, this data includes personal information such as your images, videos, among others. We only collect this information on your behalf and you will always retain full ownership and control over it.

Service accounts

When you register for our web services, you provide us with certain information voluntarily. Generally, when you share this information with us, you share your name, your company name and your email address.



Personal Information Collected

The information and personal data may include, in whole or in part depending on the needs of each product or service, and shall be itemized, including but not limited to the following data:

  • First and last names.
  • Type and number of identification.
  • Gender (female, male, other).
  • Nationality.
  • Emergency contact.
  • Date and place of birth.
  • Civil status or relationship to minors.
  • Contact data such as landline and mobile phone numbers, addresses, email.
  • Client IP, through cookies.
  • Occupations, job positions.
  • Information required by representatives of the sales and/or customer relations areas in order to handle requests or complaints.

Additionally, for security reasons, we may collect, store, share and cross-check biometric data of our workers, collaborators, clients, suppliers and users, obtained through image, audio or video recording devices located in our facilities, such as administrative offices, warehouses, among others. The general public will be informed of this fact through the publication of notices located at the places of collection of such data.



Cookies

Cookies are small fragments of text that our servers send to your computer or device when you access our services. They are stored in your browser and then sent to our servers so that we can provide contextual content. Without cookies, using the web would be a much more frustrating experience. We use them to support your activities on our website (session).

This is a general description of the cookies that may be stored on your device when you visit our website.



Data Treatment and Processing

SIA is directly responsible for the processing and custody of the Personal Data captured and stored in its databases.



Data Storage

SIA works hard to protect data subjects and its collaborators from unauthorized access, alteration, disclosure or destruction of the information we hold, which includes restricting access to personal information to SIA employees, contractors and agents who strictly need that information to process it. Anyone with such access is subject to strict contractual confidentiality obligations and may be disciplined or dismissed if they fail to comply with these obligations.

SIA reports that it has adopted the technical, legal and administrative measures necessary to guarantee the security of personal data and prevent its alteration, loss, unauthorized processing or access. The personal data captured is stored in a respective database whose security and access policies are available to authorized personnel. However, SIA shall not be responsible for any consequence arising from the improper entry of third parties into the database, illegal manipulations or any technical failure in the operation or preservation of data in the information storage system, which are outside its scope of protection.

Account and contact data

We will only retain such data as long as it remains necessary for the purpose for which we collected it, as explained in this policy, including any legal retention period or as long as it is necessary to be able to promote our products and services in a legitimate and acceptable manner.

Job application data

If we do not hire you, we may retain the information you provided for up to three (3) years in order to contact you again should a new job offer arise, unless you ask us not to. You may request that we delete your personal information earlier, but we will retain a minimal portion of the information, specifically your name, email address and passport or identification number, for a limited period of eighteen (18) months. This retention is strictly necessary to protect the integrity of our hiring process (preventing repeated applications for the same position, fraud testing and defense of our legal rights). If we hire you, we will store your personal information for as long as your employment contract with us is active and during the legal retention period applicable in the country where we hired you.

Browser data

We may retain this data for up to 12 months, unless we need to retain it for legitimate matters related to the security or performance of our services or as required by law. We delete server-side information related to the session 7 days after it ceases to be actively used.

Security and server logs

We retain such logs for a maximum of 12 months, unless we need to retain them for legitimate matters related to the security or performance of our services or as required by law.

Customer database

We only retain this data for as long as necessary to provide you with the services you subscribed to. For databases hosted in the cloud, if you cancel the service, we keep your database deactivated for 3 weeks (the period during which you may change your mind) and then we destroy them.

Security retention period

As part of our Backup Policy, we always seek to retain your data in case of accidental or malicious deletion. As a result, after you request the deletion of any personal information (account and contact data) from our database, after you delete any information from your database (customer database), or if you delete it completely, this information will not be immediately removed from our secure and immutable backup systems. Your personal data may remain stored for up to 12 months, after which time it is automatically destroyed.

We commit to using backup copies of your deleted data only to maintain the integrity of our backups, unless you or the law require otherwise. Likewise, this data may be stored and processed on servers located in data centers, whether owned or contracted with third-party providers, which is authorized by data subjects upon acceptance of this Policy.



International Data Transfer

SIA will take the corresponding measures to prevent the transfer, storage and processing of personal data outside the borders of the jurisdiction competent in matters of personal data in the country, province, state, municipality, and other competent authorities of the place where the data subject's data is obtained, where such authorities require their approval, under specific requirements, or the prior consent of the data subject.

Customer databases are hosted in the Azure cloud hosting region on the east coast of the USA and may request a region change (subject to availability).

In addition to the production copy, SIA undertakes to maintain redundant backup copies of each database, stored separately in data centers that are geographically far enough apart to ensure security despite incidents in one region or country.

International personnel

In some cases, staff members from SIA SA's affiliates in other countries may access the personal data mentioned in this Privacy Policy. Such access will always be carried out for the same purposes and with the same privacy and security precautions as if it were our local staff, so all the guarantees we offer remain applicable. SIA uses European Union Standard Contractual Clauses to bind affiliates so that we can offer sufficient assurance of data protection for the limited and temporary data transfers that occur for such access.



Purpose and Use of Data

The information collected is used to process, confirm, fulfill and provide SIA's services or products, directly and/or with the participation of other companies, its affiliates, or third parties, as well as to promote and advertise our activities, products and services, for internal administrative and/or commercial purposes such as market research, audits, accounting reports, statistical analysis, billing, and offerings.

Account and contact information

We use your contact information to provide you with our services, fulfill your requests, bill and manage your account. We may also use this information to communicate with you and for marketing purposes, but all messages you receive for that purpose will include an option to unsubscribe. We also use this data in aggregate and anonymous form to analyze service trends.

If you registered for one of the events we publish on our website, we may transfer your name, email address, phone number and company name to the organizer and sponsors of the event, both for marketing and for everything related to the event.

If you have shown interest in SIA Interactive's services or have requested that one of SIA Interactive's service providers contact you, then we will also send your name, email address, phone number and company name to one of our official Partners in your country or region so that they may contact you and provide you with their local advice and services.

Job application data

We only process this information during our recruitment process in order to evaluate and follow up on your application, also to draft your contract if we decide to make you an offer. You may contact us at any time to request that we delete your information.

Browser data

This data is recorded automatically and used anonymously to remember trusted user devices. We may also use Google reCAPTCHA for security purposes to prevent abuse of our services. In that case, we only process the anonymous score that reCAPTCHA determines based on your browser and device.

We only link this data to your personal data when required by law or for security purposes in case you have violated our Acceptable Use Policy.

Customer database

We only collect and process this data on your behalf to provide you with the services you subscribed to and based on the instructions you explicitly provided when registering or configuring your SIA Interactive service.

Our customer support staff and engineers may access information in a limited and reasonable manner to resolve any issues with our services, if you explicitly request it for support purposes, if required by law, or to ensure the security of our services in case you violate our Acceptable Use Policy in order to keep our services secure.

We rely on various service providers to support our operations, who handle various services such as data processing, web audience analysis, cloud hosting, marketing and communication, among others.

Whenever we share information with these Service Providers, we ensure that they comply with Data Protection legislation and that the process they perform on our behalf is limited to our specific purpose and is covered by a specific data processing contract.

By accepting this Policy, the data subjects of the data collected authorize SIA to carry out the processing of such data, partially or totally, including the collection, storage, recording, use, circulation, processing, deletion, transmission and/or transfer to third parties, for the execution of activities related to the company's corporate purpose. The company may provide a series of data to the company's external accounting and legal service providers. As a general rule, the information refers to identity and contact data.

For security reasons, we collect, store, share and cross-check biometric data of our workers, collaborators, clients, suppliers and users, obtained through image, audio or video recording devices located in our facilities, such as administrative offices, among others.



Rights of Personal Data Subjects

Data subjects as such have the right —and their right must be guaranteed— to know, update, delete and rectify their personal data with respect to those who are responsible for and in charge of the collection, treatment and processing of their personal data:

  • a) Right of Access to Data: the right to know what data is stored and to be informed about the use of the data. This involves accessing free of charge their personal and other legal, health, and other data held in the company's databases. This right may be exercised, among others, in relation to partial, inaccurate, incomplete, fragmented, misleading data, or data whose processing is expressly prohibited or has not been authorized by its data subject.
  • b) Free Consent: the right to request proof of the consent obtained by the controller and to revoke consent, without this entailing greater detriment.
  • c) Right to request the update and rectification of the data subject's personal data arising from SIA's database that is not truthful, is incomplete, or is misleading, or whose lack of updating leads to these results.
  • d) Right to be forgotten and to deletion of their data by requesting that their personal data be removed from SIA's databases. In some cases, due to the technology to be implemented (e.g. Blockchain, Artificial Intelligence, etc.), this presents a unique challenge that must be analyzed on a case-by-case basis in order to justify preventive measures against any controversy with the data subject and at the same time provide the most efficient and reasonable solution by virtue of the measures to be taken regarding the cybersecurity of other personal data and other possible factors that may apply.
  • e) Right to complain to SIA for misuse of their data.

Account and contact data

You have the right to access and update the personal data you have previously provided us with; you only need to log in to your account on any SIA Interactive service. If you want to permanently delete your account or your information, contact our Customer Support to make your request. We will take all necessary measures to permanently delete your personal information, except when we must store it for legal reasons (generally administrative, billing or tax declaration purposes).

Customer database

Your owner/administrator credentials allow you to manage any of the data collected in your databases hosted on SIA Interactive services at any time, that is, you can also modify or delete any stored personal data.

You can export a complete backup copy of your database through our control panel at any time in order to transfer it or to manage your own backups and archives. You are responsible for processing this data in compliance with all privacy regulations.

In addition, you can request the complete deletion of your database through our ticketing system. We know how important and confidential your personal information is, so we have several measures in place to ensure that it is processed, stored and kept secure to prevent it from being lost or accessed without authorization. Our technical, administrative and organizational security measures are described in our Security Policy.



Questions, Complaints, Claims and Rectifications (PQRS)

The responsibility and management of personal data is the responsibility of SIA.



Exceptions

By full legal provision, this policy does not apply in relation to databases or files maintained:

  • a) In an exclusively personal or domestic environment.
  • b) For the purpose of national security and defense.
  • c) For the purpose of prevention, detection, monitoring and control of money laundering and the financing of terrorism.
  • d) Intelligence and counterintelligence data.
  • e) That contain journalistic data and files and other editorial content.
  • f) Data subject to specific regulations and laws (such as clinical and health data, sensitive data, and financial – credit data, among others that, by specific regulation on the matter, are excepted, restricted, limited, or whose obtaining, storage, collection, processing and/or treatment is subject to stricter criteria due to the very nature or purpose of use of the personal data in question).
  • g) Confidential or secret data whose disclosure could harm the rights of third parties subject to Confidentiality Agreements, confidentiality clauses, among others.
  • h) Data of a public nature, since these will be governed by the principle of publicity that is proper to them and by the rules and principles enshrined in the special rules that regulate them.

The data subject may, at any time, exercise their rights of knowledge, access, rectification, update, revocation and deletion of their personal data, provided that there is no legal or contractual mandate authorizing the company to continue with the processing directly.

SIA reserves the right to update or modify this policy at any time and without prior notice, for which it recommends that the user review it regularly to ensure that they have read the most recent version. In any case, it is the user's responsibility to read it. Any modification will enter into force and have effect from its publication.

SIA has databases that will contain information that you provide, which is collected for administrative, commercial, marketing, control and other purposes carried out in the development of our corporate purpose.

By entering our facilities or providing us with information subject to the Privacy, Confidentiality and Personal Data Protection Policy, you unequivocally authorize SIA to process such data, and in any case the company may transfer your personal data to third parties, affiliates or subsidiaries, in accordance with its corporate purpose and in the development thereof. In such cases, we inform you that SIA will adopt the necessary measures so that the persons who have access to your personal data comply with the Personal Data Processing Policy as well as the principles established by law.

In the event that sensitive personal data is collected, the data subject may refuse to authorize its Processing. The administrative and IT area will be responsible for handling the requests, complaints and claims made by the data subject in exercise of the rights contemplated in this Policy as data subject rights.