cedia logo
cedia logo

Privacy Policy

PRIVACY POLICY

Your privacy is important to us. We are careful and respectful with your data. For more information, please read our Privacy Policy.

We request your consent for the following purposes:

  • You authorize the sending of commercial communications about products and benefits related to those you have requested, by any means, including electronic, even after the business relationship has ended. You may revoke this consent at any time.
  • You authorize the sending of commercial communications unrelated to the products or benefits you previously contracted, by any means, including electronic, even after the commercial relationship has ended. You may revoke this consent at any time.

At CEDIA we process the information you provide to respond to your request regarding the benefits we offer and the products we supply. The data provided will be kept while contact is maintained and will be deleted once the request is resolved. The data will not be transferred to third parties except where there is a legal obligation to do so. You may exercise your rights of access, rectification, and updating of inaccurate data, or, where applicable, request the erasure or deletion, restriction or suspension of the processing of your data, or object to the processing of your data. Likewise, where applicable, you have the right to data portability, as well as the right to free and public consultation of CEDIAplease contact us by email protecciondedatos@cedia.org.eccedia,.

  • Name or business name: Ecuadorian Corporation for the Development of Research and Academia - CEDIA  
  • Ruc: 0992284269001  
  • Phone: (+593) 74079300 
  • Address: Gonzalo Cordero Dávila 2-122 and José Fajardo, Cuenca – Ecuador.  
  • Legal Representative: Juan Pablo Carvallo Vega.  
  • info@cedia.org.eccedia: email   

At CEDIA, we recognize the protection of personal data as a fundamental right, guaranteed by the Constitution of the Republic of Ecuador and regulated by the Organic Law on the Protection of Personal Data, its regulations, and other applicable legislation. We are committed to processing personal data lawfully, fairly, transparently, proportionally, and securely, guaranteeing at all times respect for the rights of data subjects. 

In compliance with the principle of transparency, CEDIA informs the holders of personal data, in a clear, accessible and timely manner: 

  • The identity and contact details of the responsible party 
  • Contact details of the Data Protection Officer 
  • The purposes of processing personal data 
  • The basis of legitimacy that supports it 
  • The categories or types of personal data processed 
  • The recipients or possible transfers of personal data 
  • The information retention period 
  • The rights that the owner of personal data has 
  • The mechanisms or channels enabled to exercise your rights. 

This information is made available through this policy and specific notices where appropriate. 

CEDIA, in compliance with the Organic Law on the Protection of Personal Data and its applicable regulations, has appointed a Personal Data Protection Officer, responsible for supervising compliance with obligations related to the processing of personal data and serving as a point of contact for data subjects and the supervisory authority. 

's Data Protection Officer CEDIA, you can do so via the following email dpd@cedia.org.eccediaaddress  

Personal data will be processed only for legitimate, specific, explicit and informed purposes, such as: 

  • Manage and handle requests, requirements or petitions made through the contact channels enabled by the organization 
  • Manage, operate, administer and support all institutional services, including academic, administrative, technological, design and production services. 
  • Management of procurement processes, supplier relations and control, including the formalization and monitoring of agreements, alliances and inter-institutional cooperation 
  • Manage human talent processes, such as applications, selection, hiring and administration of the employment and pre-contractual relationship 
  • Development and execution of research projects  
  • Manage participation in face-to-face or virtual events, programs, sessions and activities, including registration, coordination and certification. 
  • Management of institutional communications, informational communications and, where appropriate, commercial communications regarding products, services or benefits 
  • Implement security, continuity and compliance processes, including access controls, auditing, incident management and applicable legal obligations. 

Accessing this website may involve the use of cookies. Cookies are small pieces of information that are stored in the user's browser, allowing the server to record information that can be used on subsequent visits. The stored information allows a specific user to be identified and records information about their preferences, pages visited, etc. If you do not wish to allow the installation of cookies on your computer, you should configure your browser accordingly. For additional information about cookies, please see our Cookie Policy. 

  • Personal data will be processed according to the institutional classification scheme, and will be kept only for the time necessary to guarantee the legitimacy of the purpose of its processing. 
  • Once the data retention period is complete, the data must be securely deleted. 
  • Information for sending commercial communications: The personal data provided by the owners of personal data of CEDIA for the sending of commercial communications will continue to be kept until the consent is revoked, all without prejudice to their right of deletion or objection.  

CEDIA may share personal data only when: 

  • It is necessary for the fulfillment of the stated purposes 
  • There is a legal obligation emanating from the competent authority  
  • The consent of the data subject is obtained 

In all cases, it will be ensured that third-party recipients comply with the obligations established in matters of personal data protection. 

CEDIA will only transfer personal data internationally when permitted by applicable law and when adequate safeguards are in place to protect the rights of data subjects. Where appropriate, CEDIA will verify that the destination country, territory, or organization has an adequate level of protection or, failing that, that there are sufficient legal mechanisms and measures in place to legitimize the transfer. 

The owner of the personal data may exercise the following rights established in the current LOPDP: 

  • Information: the right to be informed clearly and transparently about the purposes of the processing, its legal basis, types of processing, retention period, recipients of transfers and the mechanisms to exercise the rights and freedoms that you have. 
  • Access: the right to know and obtain free access from the controller to all your personal data and detailed information about the processing carried out, without needing to present any justification. 
  • Rectification and updating: right to obtain from the responsible party the correction of personal data that is inaccurate or incomplete, for which the holder will present the relevant justifications. 
  • Deletion: This is the right to have the data controller delete the data when the processing does not comply with legal principles, the data is no longer necessary for the initial purpose, the retention period expires, or the data subject revokes their consent. 
  • Objection: the data subject has the right to object to or refuse the processing of data when:  
    1. It does not affect the fundamental rights and freedoms of third parties, it is permitted by law, and it is not public information, information of public interest, or information whose processing is mandated by law. 
    2. The processing of personal data for direct marketing purposes; the data subject shall have the right to object at any time to the processing of personal data concerning him or her, including profiling; in which case the personal data shall no longer be processed for such purposes. 
    3. When consent for processing is not necessary due to the existence of a legitimate interest, and is justified in a specific personal situation of the data subject, provided that a law does not provide otherwise
  • Portability: the right to receive your personal data in a compatible, structured, commonly used and machine-readable format, or to have it transmitted directly to another controller, provided that the processing is automated and based on consent or a contract 
  • Suspension of processing: the right to pause the processing of data while its accuracy is being verified, when the processing is unlawful and the data subject prefers restriction rather than deletion, or when the data subject needs them for the defense of claims, even if the controller no longer requires them. 
  • Right not to be subject to decisions based solely on automated assessments: This is the right not to be subject to decisions resulting from automated processes (including profiling) that produce legal effects or affect your rights. The data subject may request a reasoned explanation, submit comments, and challenge the decision. 

The data subject may exercise their rights through the following channels: 

Application requirements 

The application must contain: 

  • Identification of the owner or legal representative, which will contain: identification document, names and surnames, email address and/or cell phone number, city and home address 
  • Identification of the right you wish to exercise 
  • Request, description, documents and clear and precise information of the personal data for which you seek to exercise the right 
  • Signature of the applicant or legal representative 
  • Applications will be processed within the time limits established by the LOPDP. 
  • Exercising your rights is free of charge 
  • Should additional information be required, CEDIA will promptly notify the requesting party 

If the holder believes that their request has not been adequately addressed, they may proceed in accordance with the provisions of the RLOPDP 

The personal data processed by CEDIA comes primarily from the data subject, who provides it directly within the framework of their relationship with the institution. This data may also originate from contractual, institutional, academic, administrative, technical, or service-related relationships that CEDIA maintains with its member institutions, partners, suppliers, users, and other stakeholders 

All CEDIA staff are required to: 

  • Comply with current data protection regulations 
  • Apply internal policies and procedures 
  • To guarantee the security of personal data in the performance of their duties. 

CEDIA promotes a culture of proactive responsibility, implementing controls, audits, and continuous improvement processes. 

CEDIA acts as the data controller when it determines, on its own initiative, the purposes and means of processing, including data obtained from public sources or provided directly by users. In these cases, CEDIA guarantees compliance with current data protection regulations, applying the principles of lawfulness, fairness, transparency, minimization, and security. 

CEDIA acts as a data processor when it processes personal data on behalf of third parties, under a contractual relationship that defines the processing instructions provided by the data controller. In these cases, CEDIA processes the data only in accordance with the instructions of the data controller, guaranteeing compliance with and respect for the rights and freedoms established in the Organic on the Protection of Personal Data. The specific conditions applicable to the processing of personal data on behalf of third parties are detailed in the Personal Data Processing Annex (DPA), available as a supplementary document to this Privacy Policy. 

Privacy Policy

PRIVACY POLICY INFORMATION

  • Identity: ECUADORIAN CORPORATION FOR THE DEVELOPMENT OF RESEARCH AND ACADEMY (HEREINAFTER, CEDIA) 
  • Address: Gonzalo Cordero 2-122 and J. Fajardo, Cuenca, Ecuador
  • Phone: (+593) 74079300
  • Email info@cedia.org.eccedia:

The purpose of processing your data is to manage requests submitted through the website, whether via a contact form, any other online form, or an email. Such requests may include, but are not limited to, responding to a request for information, applying for a benefit offered CEDIA, applying for employment, requesting support from the CEDIAteam, requests related to managing resources from CEDIA's competitive grant programs, requests to participate in CEDIA -organized events (whether in-person or virtual), compiling statistics (excluding profiling), and any other interaction with the CEDIA website user aimed at fulfilling the user's needs. All requested data is necessary to process your request.

Similarly, where applicable, the data provided will also be processed to send you commercial information about our products and benefits that may be of interest to you, by mail, email, SMS, or any other equivalent electronic means of communication. If you do not wish to receive this information, you can opt out by not checking the corresponding box on the information or contact form, or by exercising your right to object at the address mentioned above.

Accessing this website may involve the use of cookies. Cookies are small pieces of information that are stored in the user's browser, allowing the server to record information that can be used on subsequent visits. The stored information allows a specific user to be identified and records information about their preferences, pages visited, etc. If you do not wish to allow the installation of cookies on your computer, you should configure your browser accordingly. For additional information about cookies, please see our Cookie Policy.

Information relating to you will be kept for the duration of the business relationship, or the interest for which you are reading this policy (for example, if you have sent a CV, or subscribed to a newsletter) until you request the deletion of your data, for the limitation period of any actions that may arise in relation to any contract you have with CEDIA; as well as for any claim that we may receive from official bodies in compliance with legislative regulations.

The personal data provided for sending commercial communications will continue to be kept until you revoke your consent, without prejudice to your right to erasure or objection.

The legal basis for processing your data is the performance of the contractual relationship to which you are a party, so that the corresponding commercial and contractual relationship can be managed, developed, and monitored, including communication with you for this purpose. All the data we request is mandatory, and failure to provide some of it may prevent us from providing the benefits we offer through our website.

Regarding the sending of commercial communications by electronic means, outside of any contractual relationship but based on a legitimate interest since you are contacting the company, the legal basis is the consent requested from you and freely granted, as well as CEDIA 's legitimate interest in keeping you informed of updates related to our benefits, to improve our services, and to inform you of modifications or changes made to our products and benefits. If we do not obtain your consent, CEDIA undertakes not to process your data for advertising purposes. You may revoke your consent at any time.

CEDIA may only communicate your personal data to those public administrations with competence in the matter and in the case that there is a legal obligation to do so.

However, if at any point in the business relationship it becomes necessary to communicate your data to third parties for new purposes, such communication will be carried out when CEDIA has your prior consent for it and in the legally required manner.

Furthermore, due to the use of corporate tools whose servers are located in the USA and the European Union, personal data is subject to international data transfers. However, this international data transfer is fully secure, as our providers adhere to standard contractual clauses that provide the necessary security guarantees for international data transfers. This international transfer will also be supported by the legal instrument that the Ecuadorian Data Protection Superintendency may establish in the future

If applicable, the data subject has the right of access, that is, the right to know and obtain, free of charge, from CEDIA access to all his personal data, as well as the purposes of the processing, the legal basis thereof, the retention period, among other information, without needing to present any justification.

Likewise, if applicable, you will have the right to obtain from CEDIA the rectification and updating of your inaccurate or incomplete data.

On the other hand, and where applicable, the data subject may request the exercise of the right to erasure. To this end, the data subject shall have the right to have CEDIA delete their personal data when:

a) The treatment does not comply with the principles established by law;

b) The processing is not necessary or relevant for the fulfillment of the purpose;

c) The personal data have fulfilled the purpose for which they were collected or processed;

d) The retention period for personal data has expired;

e) The treatment affects fundamental rights or individual freedoms;

f) Revoke the consent given or indicate that it was not given for one or more specific purposes, without the need for any justification; or,

g) There is a legal obligation.

Likewise, with regard to the right to object, the data subject has the right to object to or refuse the processing of their personal data in the following cases:

a) It does not affect the fundamental rights and freedoms of third parties, it is permitted by law and it is not public information, information of public interest or information whose processing is ordered by law.

b) The processing of personal data is for direct marketing purposes; the data subject shall have the right to object at any time to the processing of personal data concerning him or her, including profiling; in which case the personal data shall no longer be processed for such purposes.

c) When consent is not necessary for processing as a result of the existence of a legitimate interest, and it is justified in a specific personal situation of the data subject, provided that a law does not provide otherwise.

The data subject, where applicable, may also exercise the right to data portability . In this case, the data subject has the right to receive their personal data from CEDIAin a compatible, up-to-date, structured, commonly used, interoperable, and machine-readable format, preserving its characteristics; or to transmit it to another data controller. For the right to data portability to apply, at least one of the following conditions must be met:

a) That the data subject has given their consent for the processing of their personal data for one or more specific purposes. The transfer or communication will be made between data controllers when the operation is technically possible; otherwise, the data must be transmitted directly to the data subject.

b) That the treatment is carried out by automated means;

c) That it is a relevant volume of personal data.

d) That the processing is necessary for compliance with obligations and the exercise of rights of the controller or processor of personal data, or of the data subject in the field of labor law and social security.

The data subject may also exercise the right to object to processing, where applicable. The data subject shall have the right to obtain from the controller the suspension of processing of their data when one of the following conditions applies:

a) When the data subject contests the accuracy of the personal data, while the data controller verifies the accuracy thereof;

b) The processing is unlawful and the data subject opposes the erasure of the personal data and requests instead the restriction of its use;

c) The controller no longer needs the personal data for the purposes of the processing, but the data subject needs them for the establishment, exercise or defense of legal claims; and,

d) When the data subject has objected to the processing, while it is being verified whether the legitimate grounds of the controller prevail over those of the data subject.

Where applicable, you have the right not to be subject to a decision based solely or partly on automated assessments, including profiling, which produce legal effects concerning you or which infringe your fundamental rights and freedoms.

Finally, you have the right to consultation National Register of Personal Data Protection CEDIA, in accordance with the provisions of the Law.

When the holders exercise the above rights, they must communicate it by email to the addresscedia.

You may also file a complaint with the Ecuadorian Data Protection Superintendency, especially if you have not obtained satisfaction in the exercise of your rights.

The personal data we process at CEDIA comes from the data subject himself.

Users guarantee and are responsible, in any case, for the truthfulness, accuracy, validity, and authenticity of the Personal Data provided, and undertake to keep it duly updated. Users also guarantee that they are over 15 years of age.

If personal data is provided by individuals other than the data subject, the user must, prior to its inclusion, inform those individuals of the information contained in the preceding paragraphs. In these cases, the user guarantees that the data provided pertains to individuals over 15 years of age and that the information is accurate and truthful. CEDIA will be exempt from any liability for the user's failure to comply with these requirements.

CEDIA has adopted the legally required levels of security for the protection of Personal Data, and has installed all available technical means and measures according to the state of technology to prevent the loss, misuse, alteration, unauthorized access and theft of the Personal Data provided.

The user is assured of the confidentiality and duty of secrecy of CEDIA employees and all those who process the data on its behalf. Notwithstanding the foregoing, the user acknowledges that the security of communications over the internet is not guaranteed.