PRIVACY POLICY AND DATA PROCESSING

Berlitz El Salvador Privacy Notice

This document constitutes the Privacy Notice for the purposes of the provisions of the regulation of protection of personal and sensitive data in El Salvador, according to various special laws such as: Law of Access to Public Information, Law of Electronic Signature, Special Law against Computer and Related Crimes, Law of Electronic Commerce, other regulations related to the treatment and protection of personal data that may apply, which establishes that the right to honor, personal and family privacy and self-image is guaranteed.

This Privacy Notice applies to personal information collected about the Holder by BERLITZ in its capacity as Responsible. This Privacy Notice has the following terms and conditions:

1. DEFINED TERMS. For the purposes of this Privacy Notice, the following terms shall have the following meanings, with the understanding that unless otherwise defined in this Privacy Notice, the terms used in this Privacy Notice and not defined herein shall have the meaning attributed to them in the LFPDP:

"Personal Data" Any information concerning an identified or identifiable natural person.

"ARCO Rights" Means the rights of access, rectification, cancellation and, opposition that in accordance with the provisions of the LFPDP and subject to the exceptions set forth therein and in this Privacy Notice, each Data Subject has, in relation to the Personal Data collected by the Controller and/or its Processors, and which are described below:

"Right of Access" It is the right of the Data Subject to know about the Personal Data related to his/her person held by the Data Controller in question or its Processors, as well as to whom they have been shared and for what purpose.

"Right to Rectification" Each Data Subject has the right to have his or her Personal Data rectified when they are inaccurate or incomplete.

"Right of Cancellation" Each Data Subject has the right to request at any time that his or her Personal Data be deleted, which will occur once the blocking period has elapsed. The blocking implies the identification and conservation of the Personal Data, once the purpose for which it was collected is fulfilled, and has the purpose of determining the possible liabilities in relation to its treatment, until the legal or contractual prescription period of these. During such period, your Personal Data will not be subject to processing, and once this period has elapsed, your Personal Data will be deleted from the corresponding database or file. Once the corresponding data has been cancelled, the Controller will give the Data Subject the corresponding notice. In the event that the Personal Data had been transmitted prior to the date of rectification or cancellation and continue to be processed by third parties, the Controller shall inform the third party in question of such rectification or cancellation request, so that it may also proceed to carry it out.

"Right of Opposition" The Data Subject has at any time the right to request, provided that he/she has a legitimate cause, that the Controller stops processing his/her Personal Data.

"Controller" Means the natural or legal person who decides on the processing of the Personal Data of the Data Subject, in this case BERLITZ.

"Processor" Means the natural or legal person who alone or jointly with others processes Personal Data on behalf of the Controller.

"Data Subject" Means the natural person who is the owner of the Personal Data, or authorized to provide Personal Data of a third party in accordance with the applicable laws, who provides such Personal Data to the Controller.

2. CONSENT OF THE OWNER. For the purposes of the provisions of the LFPDP, the Data Subject declares (i) that this Privacy Notice has been made known to him/her by the Controller, (ii) to have read, understood and agreed to the terms set forth in this Privacy Notice, and therefore grants his/her consent regarding the processing of his/her Personal Data for the purposes of the LFPDP and other applicable legislation. In the event that the Personal Data collected includes sensitive or financial Personal Data, by signing the corresponding contract, either in printed format, or using electronic means and its corresponding processes for the formation of consent, for example, but not limited to, by providing Personal Data through the dialog windows, or the visualization and on-screen display of terms and conditions, acts will be carried out that constitute the express consent of the holder in terms of the LFPDP and other applicable legislation and (iii) that he/she grants his/her consent for BERLITZ or its Agents to transfer Personal Data to national or foreign third parties, in the understanding that the treatment that such third parties give to his/her Personal Data must be in accordance with the provisions of this Privacy Notice.

In the event that the Data Subject does not object to the terms of this Privacy Notice within the following 30 days in which it was made available to him/her, its content shall be deemed agreed and consented to. The consent of the Data Subject may be revoked at any time by the Data Subject without retroactive effect, under the terms and in accordance with the procedures established below for such purpose under this Privacy Notice.

Notwithstanding any provision of this Privacy Notice, the Data Subject acknowledges that his/her consent shall not be required for the processing of Personal Data by the Controller or third parties in any of the cases set forth in the LFPDP.

3. PURPOSE OF THE PRIVACY NOTICE; PURPOSE OF THE PERSONAL DATA. The purpose of this Privacy Notice is to establish the terms and conditions under which BERLITZ (or the Responsible Party designated by BERLITZ) (i) will receive and protect the Personal Data of the Data Subject, in order to protect its privacy and its right to informational self-determination, in compliance with the provisions of the LFPDP; (ii) will use the Personal Data of the Data Subject, and (iii) will transfer the Personal Data to third parties, as the case may be.

The Controller will collect and process the Personal Data of the Data Subject, i.e., that information that can reasonably identify him/her, through the receipt of documents, whether in printed and/or digital format. The following are examples, by way of example but not limitation, of information that the Controller may collect: name and surname; date of birth; address, whether home, work, or fiscal; email address, personal or work; identification key in social networks; telephone number, home or work; cell phone number; credit card number, debit card or bank accounts; and consumption and navigation preferences when using the telecommunications services we provide, as well as others of a similar nature. The collection of Personal Data may be carried out when the Data Subject visits the points of sale of the Controller or authorized distributors, when he/she communicates by telephone with the Controller or with its Representatives (including customer service centers), or by direct delivery to the Controller or through the use of emails and/or short text messages (SMS), or through the use of its Web sites, by voluntarily providing information through the dialog windows enabled in the sites, or through the use of automatic data capture tools. These tools allow you to collect information sent by your browser to these Web sites, such as the type of browser you use, the user's language, access times, and the IP address of the Web sites you used to access the Responsible or Entrusted sites. Among the documentation that may be collected by BERLITZ for the verification of the identity of the Data Subject is the electoral card; the military service identity card; the Transportation and Public Works department identity card; proof of address - water rights payment slip, property tax payment slip, or electricity supply service payment slip; the special credit report issued by a Credit Information Society.

The Controller may also collect Personal Data from publicly available sources and from other sources available in the market to which the Data Subject may have given consent to share his or her personal information or which has provided anonymous demographic information associated with a given geographic area.

The Personal Data of the Data Subject are collected and processed by the Controller or its Agents for the purpose of allowing the Data Subject to carry out the following activities with the Controller:

  1. Request, purchase, change, or return products and/or services, offered by BERLITZ, whether these are provided by said company or through third parties;
  2. Request, contract, change or cancel services offered by BERLITZ, whether these are provided by said company or through third parties;
  3. To make online payments;
  4. To request an invoice;
  5. Request a quote, information or free samples of products and services;
  6. Request delivery, repair or fulfillment of product warranty;
  7. Request the provision of services or the fulfillment of service warranty;
  8. Contact Customer Service;
  9. Receive advertising in print or through electronic media, including communications for online marketing purposes, or telemarketing about products and services;
  10. Create personal profiles;
  11. Participate in surveys;
  12. Use the different services of their corresponding Websites, including downloading content and formats;
  13. Notify the Responsible Party about problems with their sites;
  14. Participate in online chats and/or discussion forums about the products and services;
  15. Participate in surveys, trivia, contests, raffles, games and sweepstakes;
  16. Share your comments or suggestions about the products and services;
  17. Process payments; and
  18. Any other activity of analogous nature to those described in the previously mentioned paragraphs.

Also, the Controller, directly or through its Agents, may use your Personal Data for the following purposes:

  1. to conduct studies on the demographic data, interests and behavior of its clients, consumers, suppliers, and those third parties with whom it deals;
  2. To carry out market and consumer studies in order to acquire and offer personalized products and services, as well as advertising and content more appropriate to the needs of its customers, consumers, suppliers and other third parties with whom it deals;
  3. To elaborate internal statistics that indicate the services and products most appreciated by the different segments of its clients, consumers, suppliers and other users of the telecommunications services provided by the Responsible Party;
  4. Formalize the transactional process with its clients, consumers, suppliers and other third parties with whom it deals;
  5. Manage the process of requisition, evaluation and awarding of suppliers and other third parties with whom it deals;
  6. If applicable, verify the credit and/or payment capacity of the Holder, which may be carried out through credit information companies;
  7. Verify the commercial transactions carried out by the Holder with the Controller;
  8. Maintain a record of the operations and information reviewed in the different sections of the telecommunications services provided by the Controller and collected through automatic data capture tools;
  9. Send to the Data Subject the notification of offers, notices and/or promotional messages, which will be sent to him/her, unless the Data Subject expressly states his/her will not to receive such offers. Occasionally, such offers may contain information from the Controller's suppliers or other third parties.

BERLITZ requires sharing your Personal Data with service providers for database administration and management; automated processing of Personal Data and its storage; authentication and validation of e-mails; recruitment of personnel; auditing services, and other services of a similar nature to those described.

Collection of data when browsing BERLITZ websites and web pages.

Among the automatic data capture tools used by BERLITZ on its websites and web pages are cookies, Web beacons, and links in e-mails.

Use of Cookies - The correct functioning of BERLITZ's sites and those of its suppliers requires the enabling of "cookies" in your Internet browser. Cookies are small data files transferred by the Web site to your computer's hard drive when you browse the site. Cookies can be either session or persistent. Session cookies do not stay on your computer after you log out of your browser, while persistent cookies stay on computers until they are deleted or expire. In most browsers cookies are automatically accepted by virtue of their default settings, you can adjust your browser preferences to accept or reject cookies. Disabling cookies may disable various functions of BERLITZ websites from displaying properly. In case you prefer to delete the cookie information sent by BERLITZ you can delete the file(s) at the end of each browser session. Relevant information can be consulted on the sites of the major Internet browsers.

Use of Web beacons (also known as Internet tags, pixel tags and clear GIFs) - BERLITZ may use Web beacons, alone or in combination with cookies, on its Web sites and in its HTML-formatted e-mails to collect information about your use of the Web sites and your interaction with the e-mail. The Web beacon is an electronic image, called a single pixel (1x1) or GIF that can recognize information that is processed on your computer, such as cookies, the time and date the site and its sections are viewed. Links in BERLITZ e-mails The e-mails that include links allow BERLITZ to know whether you have activated the link and visited the destination web page, and this information may be included in your profile. BERLITZ emails may include links designed to direct you to relevant sections of Web sites by redirecting you through BERLITZ's servers. The re-direction system allows BERLITZ to modify the URL of such links if necessary, and also allows BERLITZ to determine the effectiveness of its online marketing campaigns. The Personal Data BERLITZ obtains from its commercial sources may be used in conjunction with the Personal Data it collects through its websites. For example, BERLITZ may compare disassociated geographic information acquired from commercial sources with the IP address collected by automatic data capture tools in order to provide you with information or promotions relevant to your geographic area.

Protection of minors: BERLITZ encourages parents and/or guardians to take an active role in their children's online activities. In the event that BERLITZ believes that Personal Data has been provided by a minor in violation of this Privacy Notice, BERLITZ will promptly delete such Personal Data. If you become aware that such Personal Data has been provided by a minor under the age of 18, please send an e-mail to the address: info@berlitz.sv.

4. DATA TRANSFERS.

For purposes of the provisions of this Section 4, but subject to the provisions of the last paragraph thereof, the Controller informs the Data Subject that in order to deliver products, services and solutions to its customers, consumers, employees, suppliers and other users of its services, the Controller and/or its Agents have entered or will enter into various commercial agreements with suppliers of products and services, both in national territory and abroad, to provide, among other services, those of: telecommunications and e-mail; administration and management of databases; automated processing of Personal Data and its storage; call center for customer service; authentication and validation of e-mails; telemarketing; credit card terminals; electronic invoicing; marketing; transportation and installation of products; administration of payroll and social security benefits; recruitment of personnel; auditing services and others of a similar nature. The Data Subject's authorization granted pursuant to this Section 4 entitles the Controller and/or its Agents to transmit Personal Data of the Data Subject to such suppliers, in the understanding that such suppliers are obliged, by virtue of the corresponding contract, to maintain the confidentiality of the Personal Data provided by the Controller and/or its Agents and to comply with this Privacy Notice. It may also transfer your Personal Data to other third parties that support it in order to comply with the contracts or legal relationships it has with the Data Subject.

Your Personal Information may be transferred to, stored and processed in a country other than where it was provided. If we do so, we transfer the information in accordance with the applicable data protection laws of the destination country. We take steps to protect personal information regardless of the country where it is stored or to which it is transferred. We have procedures and controls in place to ensure this protection.

We reserve the right to transfer your Personal Information in the event that we sell or transfer all or part of our business or assets. In the event of such a sale or transfer, we will use our best efforts to encourage the next owner to use the Personal Data in accordance with this Notice. If you do not want your Personal Data to be processed after the transfer, you should contact the new owner.

Notwithstanding the provisions of this Section 4 or elsewhere in this Privacy Notice, the Data Subject acknowledges and agrees that the Controller does not require authorization or confirmation from such Data Subject to make domestic or international transfers of Personal Data in the cases provided for in the LFPDP or in any other case of exception provided for by the same or other applicable legislation.

5. RETENTION AND SECURITY OF PERSONAL DATA. The Controller and/or its Agents shall retain the Personal Data of the Data Subject for the time necessary to process their requests for information, products and/or services, as well as to maintain the accounting, financial and audit records in terms of the LFPDP and the commercial, tax and administrative legislation in force. Notwithstanding the foregoing, BERLITZ does not guarantee that unauthorized third parties cannot access the physical or logical systems of the Data Controllers or the Controller or the electronic documents and files stored in their systems. Consequently, BERLITZ shall in no case be liable for any damages that may arise from such unauthorized access.

6. BERLITZ CONTACT For any communication about our Privacy Notice, please contact us by e-mail at info@berlitz.sv. For purposes, the address of the Responsible Party is the address set forth in this Section 6 of this Privacy Notice.

7. PROCEDURE TO EXERCISE THE ARC RIGHTS. In order to exercise the ARCO Rights, the Data Subject or his/her representative must submit a request for access, rectification, cancellation or opposition with the following information and documentation:

  1. Name of the Holder and address or other means to communicate the response to his/her request;
  2. The documents proving his/her identity (simple copy in printed or electronic format of his/her voter's credential, passport or FM-3) or, if applicable, the legal representation of the Data Subject (simple copy in printed or electronic format of the simple power of attorney with autographic signature of the Data Subject, the representative and their corresponding official identifications - voter's credential, passport or FM-3);
  3. The clear and precise description of the Personal Data with respect to which it seeks to exercise any of the ARCO Rights; and
  4. Any other element or document that facilitates the location of the Personal Data of the Data Subject.

In the case of requests for rectification of Personal Data, the respective Data Subject shall also indicate the modifications to be made and provide the documentation supporting his/her request.

For the reception, registration and attention of requests to exercise your right of access, rectification, cancellation and opposition to your Personal Data, as well as to limit the use or disclosure of your data, and the other rights provided in the LFPDP, please contact us at:

E-mail: info@berlitz.sv

In the case of requests for access to Personal Data, the Controller or its Processors will proceed with its delivery upon accreditation of the identity of the applicant or his legal representative, as the case may be. The aforementioned deadlines may be extended only in terms of the LFPDP.

The delivery of the Personal Data will be free of charge, you will only have to cover the justified shipping costs or the cost of reproduction in copies or other formats For the purposes of requests for cancellation of Personal Data, it will be as provided by this Privacy Notice,

The presentation of a request of opposition to the use of Personal Data by the Data Subject, will give the Controller the power to oppose the use of the Personal Data that the Data Subject has delivered to the opponent.

8. CHANGES TO THE PRIVACY NOTICE. BERLITZ reserves the right to periodically update this Notice to reflect changes in our information practices. It is the responsibility of the Holder to periodically review the content of the Privacy Notice on the website https://www.berlitz.com/es-sv. The Responsible Party will understand that if the contrary is not expressed, it means that the Data Subject has read, understood and agreed to the terms set forth therein, which constitutes his consent to the changes established in such updates regarding the treatment of his Personal Data for the purposes of the LFPDP and other applicable legislation.