PRIVACY POLICY AND DATA PROCESSING

Berlitz Nicaragua Privacy Notice

This document constitutes the Privacy Notice for the purposes of the provisions of the regulation of protection of personal and sensitive data in Nicaragua, according to various special laws such as: Law No. 787 of March 21, on the protection of personal data (published in La Gaceta No. 61 of March 29, 2012), as the Regulation of that Law, by Decree No. 36-2012 of October 17 (published in La Gaceta No. 200 of October 19, 2012), and other rules relating to the processing and protection of personal data. This Privacy Notice applies to the personal information collected about the Data Subject by BERLITZ in its capacity as Responsible Party. This Privacy Notice has the following terms and conditions:

1. DEFINED TERMS. For the purposes of this Privacy Notice, the following terms shall have the following meanings, in the understanding that unless otherwise defined in this Privacy Notice, the terms used in this Privacy Notice and not defined herein shall have the meaning attributed to them in the data protection law:

"Personal Data" Any information concerning an identified or identifiable natural person. Article 3 of Law No. 787 defines personal data as any information about a natural or legal person that identifies him or her or makes him or her identifiable. It also refers to computerized personal data as personal data processed through electronic or automated means and, as sensitive personal data, any information revealing racial, ethnic origin, political affiliation, religious, philosophical or moral creed, trade union, health or sex life, criminal record or administrative offenses, financial economic, as well as credit and financial information and any other information that may be grounds for discrimination.

"ARCO Rights" Means the rights of access, rectification, cancellation and, opposition that in accordance with the provisions of the data protection law and subject to the exceptions established therein and in this Privacy Notice, each Data Subject has, in relation to the Personal Data collected by the Controller and/or its Processors, and which are described below:

"Right of Access" It is the right of the Data Subject to know about the Personal Data related to his/her person held by the Data Controller in question or its Processors, as well as to whom they have been shared and for what purpose, in accordance with the provisions of article 17 of the Law.

"Right to Rectification" Each Data Subject has the right to have his or her Personal Data rectified when they are inaccurate or incomplete. In relation to the request, article 29 of the Regulation establishes that it "must indicate to which personal data it refers, as well as the correction to be made, and must be accompanied by the documentation supporting the origin of the request. The data controller may offer mechanisms to facilitate the exercise of this right for the benefit of the data subject.

"Right of Cancellation" Each Data Subject has the right to request at any time that his or her Personal Data be deleted, which will occur once the blocking period has elapsed. The blocking implies the identification and conservation of the Personal Data, once the purpose for which it was collected is fulfilled, and has the purpose of determining the possible liabilities in relation to its treatment, until the legal or contractual prescription period of these. During such period, your Personal Data will not be subject to processing, and once this period has elapsed, your Personal Data will be deleted from the corresponding database or file. Once the corresponding data has been cancelled, the Controller will give the Data Subject the corresponding notice. In the event that the Personal Data had been transmitted prior to the date of rectification or cancellation and continue to be processed by third parties, the Controller shall inform the third party in question of such rectification or cancellation request, so that it may also proceed to carry it out. In this sense, as established in the Regulation, "the data owner may at any time request the data controller to cancel the personal data when they are no longer necessary or relevant for the purpose for which they were processed or when he/she considers that they are not being processed in accordance with the regulations."

"Right of Opposition" The Data Subject has at any time the right to request, provided he/she has a legitimate cause, that the Controller stops processing his/her Personal Data. In relation to this right, Article 34 of the Regulations implementing the Law, provides that "the data owner has the right not to have the processing of his personal data carried out or to cease such processing, when he has not given his consent for its collection because it has been taken from publicly available sources. Even if he/she has given his/her consent, the data subject has the right to object to the processing of his/her data, if he/she proves the existence of well-founded and legitimate reasons relating to a specific personal situation that justify the exercise of this right.

"Controller" Means the natural or legal person who decides on the processing of the Data Subject's Personal Data, in this case BERLITZ.

"Processor" Means the natural or legal person who alone or jointly with others processes Personal Data on behalf of the Controller.

"Data Subject" Means the natural person who is the owner of the Personal Data, or authorized to provide Personal Data of a third party in accordance with the applicable laws, who provides such Personal Data to the Controller.

2. CONSENT OF THE OWNER. As established by the Nicaraguan data protection regulations, the Data Subject declares (i) that this Privacy Notice has been made known to him/her by the Controller, (ii) to have read, understood and agreed to the terms set forth in this Privacy Notice, and therefore grants his/her consent with respect to the processing of his/her Personal Data. In the event that the Personal Data collected includes sensitive or financial Personal Data, by signing the corresponding contract, either in printed format, or using electronic means and its corresponding processes for the formation of consent, for example, but not limited to, by providing Personal Data through dialog boxes, or viewing and browsing on screen terms and conditions, acts will be carried out that constitute the express consent of the holder in terms of the data protection law and other applicable legislation and (iii) that he/she grants his/her consent for BERLITZ or its Agents to transfer Personal Data to national or foreign third parties, in the understanding that the treatment that such third parties give to his/her Personal Data must be in accordance with the provisions of this Privacy Notice.

In the event that the Data Subject does not object to the terms of this Privacy Notice within the following 30 days in which it was made available to him/her, its content shall be deemed agreed and consented to. The consent of the Data Subject may be revoked at any time by the Data Subject without retroactive effect, under the terms and in accordance with the procedures set forth below under this Privacy Notice.

Notwithstanding any provision of this Privacy Notice, the Data Subject acknowledges that his or her consent shall not be required for the processing of Personal Data by the Controller or third parties in any of the cases set forth in the data protection law.

PURPOSE OF THE PRIVACY NOTICE; PURPOSE OF THE PERSONAL DATA. The purpose of this Privacy Notice is to establish the terms and conditions under which BERLITZ (or the Responsible Party designated by BERLITZ) (i) will receive and protect the Personal Data of the Data Subject, in order to protect his privacy and his right to informational self-determination, in compliance with the provisions of the data protection law; (ii) will use the Personal Data of the Data Subject, and (iii) will transfer the Personal Data to third parties, as the case may be.

The Controller will collect and process the Personal Data of the Data Subject, i.e., that information that can reasonably identify him/her, through the receipt of documents, whether in printed and/or digital format. The following are examples, by way of example but not limitation, of information that the Controller may collect: name and surname; date of birth; address, whether home, work, or fiscal; email address, personal or work; identification key in social networks; telephone number, home or work; cell phone number; credit card number, debit card or bank accounts; and consumption and navigation preferences when using the telecommunications services we provide, as well as others of a similar nature. The collection of Personal Data may be carried out when the Data Subject visits the points of sale of the Controller or authorized distributors, when he/she communicates by telephone with the Controller or with its Representatives (including customer service centers), or by direct delivery to the Controller or through the use of emails and/or short text messages (SMS), or through the use of its Web sites, by voluntarily providing information through the dialog windows enabled in the sites, or through the use of automatic data capture tools. Such tools allow it to collect information sent by your browser to such Web sites, such as the type of browser you use, user language, access times, and the IP address of Web sites you used to access the Responsible or Entrusted sites.

The Controller may also collect Personal Data from publicly available sources and from other sources available on the market to which the Data Subject may have given consent to share his or her personal information or that have provided him or her with anonymous demographic information associated with a particular geographic area.

The Personal Data of the Data Subject are collected and processed by the Controller or its Agents for the purpose of allowing the Data Subject to carry out the following activities with the Controller:

  1. Request, purchase, change, or return products and/or services, offered by BERLITZ, whether these are provided by said company or through third parties;
  2. Request, contract, change or cancel services offered by BERLITZ, whether they are provided by said company or through third parties;
  3. To make online payments;
  4. To request an invoice;
  5. Request a quote, information or free samples of products and services;
  6. To request the provision of services or the fulfillment of service warranty;
  7. Contact Customer Service;
  8. Receive advertising in print or through electronic media, including communications for online marketing purposes, or telemarketing about products and services;
  9. Create personal profiles;
  10. Participate in surveys;
  11. Use the different services of their corresponding Websites including downloading content and formats;
  12. Notify the Responsible Party about problems with their sites;
    13. Participate in online chats and/or discussion forums about the products and services;
  13. Participate in surveys, trivia, contests, raffles, games and sweepstakes;
  14. Share your comments or suggestions about the products and services;
  15. Process payments; and
  16. Any other activity of analogous nature to those described in the previously mentioned paragraphs.

Likewise, the Controller, directly or through its Agents, may use your Personal Data for the following purposes:

  1. To conduct studies on the demographic data, interests and behavior of its clients, consumers, suppliers, and those third parties with whom it deals;
  2. To carry out market and consumer studies in order to acquire and offer personalized products and services, as well as advertising and content more appropriate to the needs of its clients, consumers, suppliers and other third parties with whom it deals;
  3. To elaborate internal statistics that indicate the services and products most appreciated by the different segments of its clients, consumers, suppliers and other users of the telecommunications services provided by the Responsible Party;
  4. Formalize the transactional process with its clients, consumers, suppliers and other third parties with whom it deals;
  5. Manage the process of requisition, evaluation and awarding of suppliers and other third parties with whom it deals;
  6. If applicable, verify the credit and/or payment capacity of the Holder, which may be carried out through credit information companies;
  8. Verify the commercial transactions carried out by the Holder with the Responsible;
  10. Maintain a record of the operations and information reviewed in the different sections of the telecommunications services provided by the Controller and collected through automatic data capture tools;
  11. Send to the Data Subject the notification of offers, notices and/or promotional messages, which will be sent to him/her, unless the Data Subject expressly states his/her will not to receive such offers. Occasionally, such offers may contain information from the Controller's suppliers or other third parties.

BERLITZ requires sharing your Personal Data with service providers for administration and management of databases; automated processing of Personal Data and its storage; authentication and validation of e-mails; recruitment of personnel; auditing services, and other services of a similar nature to those described.

Collection of data when browsing BERLITZ websites and web pages.

Among the automatic data capture tools used by BERLITZ on its websites and web pages are cookies, Web beacons, and links in e-mails.

Use of Cookies - The correct functioning of BERLITZ's sites and those of its suppliers requires the enabling of "cookies" in your Internet browser. Cookies are small data files transferred by the Web site to your computer's hard drive when you browse the site. Cookies can be either session or persistent. Session cookies do not stay on your computer after you log out of your browser, while persistent cookies stay on computers until they are deleted or expire. In most browsers cookies are automatically accepted by virtue of their default settings, you can adjust your browser preferences to accept or reject cookies. Disabling cookies may disable various functions of BERLITZ websites from displaying properly. In case you prefer to delete the cookie information sent by BERLITZ you can delete the file(s) at the end of each browser session. Relevant information can be consulted on the sites of the major Internet browsers.

Use of Web beacons (also known as Internet tags, pixel tags and clear GIFs) - BERLITZ may use Web beacons, alone or in combination with cookies, on its Web sites and in its HTML-formatted e-mails to collect information about your use of the Web sites and your interaction with the e-mail. The Web beacon is an electronic image, called a single pixel (1x1) or GIF that can recognize information that is processed on your computer, such as cookies, the time and date the site and its sections are viewed. Links in BERLITZ e-mails The e-mails that include links allow BERLITZ to know whether you have activated the link and visited the destination web page, and this information may be included in your profile. If you prefer that BERLITZ not collect information about your interaction with such links, you may choose to modify the format of BERLITZ communications (for example, that the message is received in text format rather than HTML format) or you may disregard the link and not access its content. BERLITZ emails may include links designed to direct you to relevant sections of Web sites by redirecting you through BERLITZ's servers. The re-direction system allows BERLITZ to modify the URL of such links if necessary, and also allows BERLITZ to determine the effectiveness of its online marketing campaigns. The Personal Data BERLITZ obtains from its commercial sources may be used in conjunction with the Personal Data it collects through its websites. For example, BERLITZ may compare disassociated geographic information acquired from commercial sources with the IP address collected by automatic data capture tools in order to provide you with information or promotions relevant to your geographic area.

Protection of minors: BERLITZ encourages parents and/or guardians to take an active role in their children's online activities. In the event that BERLITZ believes that Personal Data has been provided by a minor in violation of this Privacy Notice, BERLITZ will promptly delete such Personal Data. If you become aware that such Personal Data has been provided by a minor under the age of 18, please send an e-mail to the address: info@berlitz.com.ni.

4. DATA TRANSFERS. Having read, understood and agreed to the terms set forth in this Privacy Notice, the Data Subject hereby gives his/her consent for the Controller or any Responsible Party to transfer Personal Data to national or foreign third parties, in the understanding that the treatment that such third parties give to the Personal Data of the Data Subject shall be in accordance with the provisions of this Privacy Notice. For purposes of the provisions of this Section 4, but subject to the provisions of the last paragraph thereof, the Controller informs the Data Subject that in order to deliver products, services and solutions to its customers, consumers, employees, suppliers and other users of its services, the Controller and/or its Agents have entered or will enter into various commercial agreements with suppliers of products and services, both in national territory and abroad, to provide, among other services, those of: telecommunications and e-mail; administration and management of databases; automated processing of Personal Data and its storage; call center for customer service; authentication and validation of e-mails; telemarketing; credit card terminals; electronic invoicing; marketing; transportation and installation of products; administration of payroll and social security benefits; recruitment of personnel; auditing services and others of a similar nature. The Data Subject's authorization granted pursuant to this Section 4 entitles the Controller and/or its Agents to transmit Personal Data of the Data Subject to such suppliers, in the understanding that such suppliers are obliged, by virtue of the corresponding contract, to maintain the confidentiality of the Personal Data provided by the Controller and/or its Agents and to comply with this Privacy Notice. The Controller and/or its Agents may transfer the Personal Data collected from the Data Subject to any other company of the same business group to which the Controller belongs and that operate with the same internal processes and policies, whether they are located in the national territory or abroad for their treatment with the same purposes described in this Privacy Notice. It may also transfer your Personal Data to other third parties that support it in order to comply with the contracts or legal relationships it has with the Data Subject.

Your Personal Information may be transferred to, stored and processed in a country other than where it was provided. If we do so, we transfer the information in accordance with the applicable data protection laws of the destination country. We take steps to protect personal information regardless of the country where it is stored or to which it is transferred. We have procedures and controls in place to ensure this protection.

We reserve the right to transfer your Personal Information in the event that we sell or transfer all or part of our business or assets. In the event of such a sale or transfer, we will use our best efforts to encourage the next owner to use the Personal Data in accordance with this Notice. If you do not want your Personal Data to be processed after the transfer, you should contact the new owner.

Notwithstanding the provisions of this Section 4 or elsewhere in this Privacy Notice, the Data Subject acknowledges and agrees that the Controller does not require authorization or confirmation from such Data Subject to make domestic or international transfers of Personal Data in the cases provided for in the Data Protection Law or in any other case of exception provided for by the same or other applicable law.

5. RETENTION AND SECURITY OF PERSONAL DATA. The Controller and/or its Agents shall retain the Personal Data of the Data Subject for the time necessary to process their requests for information, products and/or services, as well as to maintain the accounting, financial and audit records in terms of the data protection law and the commercial, tax and administrative legislation in force. The Personal Data of the Data Subject collected by the Responsible Party and/or its Agents shall be protected by adequate administrative, technical and physical security measures against damage, loss, alteration, destruction or unauthorized use, access or treatment, in accordance with the provisions of the data protection law and the administrative regulation derived therefrom. Notwithstanding the foregoing, BERLITZ does not guarantee that unauthorized third parties cannot access the physical or logical systems of the Data Controllers or the Controller or the electronic documents and files stored in their systems. Consequently, BERLITZ shall in no case be liable for any damages that may arise from such unauthorized access.

6. BERLITZ CONTACT For any communication about our Privacy Notice, please contact us by e-mail at info@berlitz.com.ni. For purposes, the address of the Responsible Party is the address set forth in this Section 6 of this Privacy Notice.

7. PROCEDURE TO EXERCISE THE RIGHTS ARC. In relation to the exercise of the ARCO rights, the Regulations implementing the Nicaraguan Law establish that the data owner is entitled to request them, upon presentation of the identity document required under the law of the matter, which proves his personality, enabling the use of electronic instruments by means of which it is possible to identify the data owner, or other authentication mechanisms permitted by other legal provisions, or those previously established by the data controller, exempting the presentation of the identification document described above. Additionally, the representative of the owner of the data may exercise them, upon presentation of sufficient power of attorney and identity document required by law.

You must submit a request for access, rectification, cancellation or opposition with the following information and documentation:

  1. Name of the Holder and address or other means to communicate the response to your request;
  2. Presentation of the required identity document in accordance with the applicable law;
  3. The clear and precise description of the Personal Data with respect to which it seeks to exercise one of the ARCO Rights, and
  4. Any other element or document that facilitates the location of the Personal Data of the Data Subject.

In the case of requests for rectification of Personal Data, the respective Data Subject shall also indicate the modifications to be made and provide the documentation supporting his/her request.

For the reception, registration and attention of the requests to exercise your right of access, rectification, cancellation and opposition to your Personal Data, as well as to limit the use or disclosure of your data, and the other rights provided for in the data protection law, please contact:

E-mail: info@berlitz.com.ni

The Controller or its Agents will respond to the respective Data Subject within a maximum term of twenty working days, counted from the date on which the request for access, rectification, cancellation or opposition was received, the determination adopted, so that, if it is appropriate, the same is made effective within fifteen days from the date on which the response is communicated to the Data Subject. In the case of requests for access to Personal Data, the Controller or its Processors will proceed with its delivery upon accreditation of the identity of the applicant or his legal representative, as the case may be. The aforementioned deadlines may be extended only in terms of the data protection law.

The delivery of the Personal Data will be free of charge, you will only have to cover the justified shipping costs or the cost of reproduction in copies or other formats.

For purposes of requests for cancellation of Personal Data, it will be the provisions of this Privacy Notice.

The presentation of a request of opposition to the use of Personal Data by the Data Subject, will give the Controller the right to oppose the use of the Personal Data that the Data Subject has delivered to the opponent.

8. CHANGES TO THE PRIVACY NOTICE. BERLITZ reserves the right to periodically update this Notice to reflect changes in our information practices. It is the responsibility of the Holder to periodically review the content of the Privacy Notice on the website https://www.berlitz.com/es-ni. The Responsible Party will understand that if the contrary is not expressed, it means that the Data Subject has read, understood and agreed to the terms set forth therein, which constitutes his consent to the changes established in such updates regarding the treatment of his Personal Data for the purposes of the data protection law and other applicable legislation.