12/1/2022

Country Name: Peru

DPO.Peru@ahf.org
Avenida Arequipa 3410
San Isidro - Lima 27
Lima - Perú

Privacy/Data Use and Protection Notice


This Notice contains important information about your personal rights to privacy. Please read it carefully to understand how we use your personal data. The provision of only your personal data to us is voluntary. However, without providing us with your personal data, your use of our services or your interaction with us may be impaired.


  1. Introduction


    1. As used in this Notice, AHF means the entity indicated in the applicable country supplement. In this notice, AHF is also referred to as ‘we’, ‘us’ and ‘our’.


    2. We use the term “data protection law” in this notice to mean the law indicated in the applicable country supplement.


    3. Under local data protection law, we are a ‘controller’. This means that we may collect personal data about you when you engage with us and we determine how that personal data is used. In this Notice, we set out how we process personal data and your rights and options regarding the way we use your personal data (including through our website). This Notice applies where we are acting as a controller with respect to your personal data.


    4. We are committed to protecting your privacy. At all times we aim to respect any personal data you share with us, or that we receive from other organisations, and keep it safe.


    5. How to contact the Data Privacy Office:


      Send mail or email, or call, or fax the contacts listed in the applicable country supplement.


    6. This notice was last revised on February 10, 2022.


  2. We collect personal data about you:


    1. When you give it to us directly


      For example, personal data that you submit through our website, when you donate to us or that you give to us when you communicate with us by web request, email, phone, letter or social media.


    2. When we obtain it indirectly


      For example, your personal data may be shared with us by third parties including, for example, our business partners; sub-contractors in technical, payment and delivery services. To the extent we have not done so already, we will notify you when we receive personal data about you from them and tell you how and why we intend to use that personal data.


    3. When it is available publicly


      Your personal data may be available to us from external publicly available sources. For example, depending on your privacy settings for social media services, we may access information from those accounts or services (for example when you choose to interact with us through platforms such as Facebook, LinkedIn or Twitter).

    4. When you visit our website


      When you visit our website, we automatically collect the following types of personal data:


      1. Technical information, including the internet protocol (IP) address used to connect your device to the internet, browser type and version, time zone setting, browser plug-in types and versions and operating systems and platforms.


      2. Information about your visit to the websites, including the uniform resource locator (URL) clickstream to, through and from the website (including date and time), services you viewed or searched for, page response times, download errors, length of visits to certain pages, referral sources, page interaction information (such as scrolling and clicks) and methods used to browse away from the page. The source of the usage data is our analytics tracking system.


    5. We may combine your personal data from these different sources for the purposes set out in this Notice.


  3. What personal data do we use?


    1. We may collect, store and otherwise process the following kinds of personal data:


      1. your name and contact details, including email address and, where applicable, social media identity;


      2. Account data (e.g. My AHF App), which may include your name, email address, and location;


      3. information contained in or relating to any communication that you send to us ("correspondence data") including the communication content and metadata associated with the communication and metadata generated by our website associated with communications made using the website contact forms;


      4. your date of birth and gender;


      5. your financial information, such as bank details and/ or credit/ debit card details, account holder name, sort code and account number;


      6. information about your computer/ mobile device and your visits to and use of this website, including, for example, your IP address and, if you provide it to us, your geographical location;


      7. information about our services which you use/ which we consider may be of interest to you; and/or


      8. any other personal data which you choose to share with us as per clause 2 of this Notice.


    2. Please do not supply any other person's personal data to us, unless we prompt you to do so.


  4. Do we process special categories of data?

    1. Data protection law recognises certain categories of personal data as sensitive and therefore requiring more protection, for example information about your health, ethnicity and political opinions.


    2. In certain situations, we may collect and/or use these special categories of data (for example, health information such as HIV status if you disclose this to us directly such as through email. We will only process these special categories of data if there is a valid reason for doing so and where the data protection law allows us to do so.


  5. Why do we use your personal data?


    1. Your personal data, however provided to us, will be used for the purposes specified in this Notice. In particular, we may use your personal data:


      1. to provide you with services, products or information you have requested;


      2. to provide further information about our work, services, activities or products (where necessary, and only where you have provided your consent to receive such information (where the law requires us to obtain your consent) – such as when you sign up to receive our email newsletter and/or notifications;


      3. Your account data may be processed for the purposes of operating our website, providing our services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you;


      4. communicating with you and to answer your questions/requests;


      5. record-keeping;


      6. to manage relationships with our networks, stakeholders and those who engage with our services and publications;


      7. to further our organisational aims in general;


      8. to analyse and improve our work, services, activities, products or information (including our website), or for our internal records;


      9. to report on the impact and effectiveness of our work;


      10. to run/ administer our websites, keep them safe and secure and ensure that content is presented in the most effective manner for you and for your device;


      11. to register and administer your participation in events;


      12. to process your application for a job or volunteer role with us when you apply through our job vacancies page;


      13. for training and/ or quality control;


      14. to audit and/ or administer our accounts;

      15. to satisfy legal obligations which are binding on us, for example in relation to regulatory, government and/ or law enforcement bodies with whom we may work (for example requirements relating to the payment of tax or anti-money laundering);


      16. for the prevention of fraud or misuse of services; and/or


      17. for the establishment, defence and/ or enforcement of legal claims.


  6. Communications for marketing


    1. We may use your contact details to provide you with information about our work, events, services and/or publications which we consider may be of interest to you.


    2. Where we do this via email, SMS or telephone, we will not do so without your prior consent (unless allowed to do so via applicable law).


    3. Where you have provided us with your consent previously but do not wish to be contacted by us about our projects and/or services in the future, please let us know by writing or emailing the Data Privacy Office (see Section 1.4).


    4. You can opt out of receiving emails from us at any time by clicking the unsubscribe link at the bottom of any email correspondence.


  7. Our legal bases for processing


    The data protection law requires us to rely on one or more lawful bases to use your personal data. We consider the grounds listed below to be relevant:


    1. Where you have provided your consent for us to use your personal data in a certain way (for example, to use your personal data to send you direct marketing by email and we may ask for your explicit consent to collect special categories of your personal data).


    2. Where necessary so that we can comply with a legal obligation to which we are subject (for example, where we are obliged to share your personal data with regulatory bodies which govern our work and services).


    3. Where necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering a contract (for example, if you apply to work for/ volunteer with us).


    4. Where it is in your/someone else’s vital interests (for example, if we became aware that there is a medical emergency).


    5. Where there is a legitimate interest in us doing so (for example, processing data about your use of our website and services, our legitimate interests in monitoring and improving our website and services, or using data contained in or relating to any communication you send us, as well as our legitimate interests in the proper administration of our website, business and in our communications with users).


      1. The data protection law allows us to collect and process your personal data if it is reasonably necessary to achieve our or others’ legitimate interests (as long as that processing is fair, balanced and does not unduly impact your rights).

      2. When we process your personal data to achieve such legitimate interests, we consider and balance any potential impact on you (both positive and negative), and your rights under data protection law. We will not use your personal data for activities where our interests are overridden by the impact on you, for example where use would be excessively intrusive (unless, for instance, we are otherwise required or permitted to by law).


  8. Sharing your personal data with others


    1. We do not share, sell or rent your personal data to third parties for marketing purposes. However, in general we may disclose your personal data to selected third parties in order to achieve the purposes set out in this Notice. Non-exhaustively, those parties may include:


      1. Members of our group – we may disclose your personal data to any member of our group of Foundations (this means our subsidiaries, our ultimate Foundation and all its subsidiaries) insofar as reasonably necessary for the purposes, and on the legal bases, set out in this Notice. Information about our group can be found on our website.


      2. We may disclose your personal data to professional advisers insofar as reasonably necessary for the purposes of obtaining professional advice, or the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.


      3. suppliers and sub-contractors for the performance of any contract we enter into with them, for example IT service providers such as website hosts, cloud storage providers and mailing clients;


      4. insurers;


      5. financial companies that collect or process payments on our behalf;


      6. social media platforms with your express permission only;


      7. regulatory authorities, such as tax authorities;


      8. advertisers and advertising networks; and/or


      9. analytics and search engine providers.


      10. In addition to the specific disclosures of personal data set out in this section, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person as required by law. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of- court procedure.


    2. In particular, we reserve the right to disclose your personal data to third parties:


      1. if substantially all of our assets are acquired by a third party, personal data held by us may be one of the transferred assets;

      2. if we are under any legal or regulatory duty to do so; and/or


      3. to protect our rights, property or safety, and those of our personnel, users, visitors or others.


  9. International transfers of your personal data


    1. This section provides information about the circumstances in which your personal data may be transferred to a location outside the country or region covered by the data protection law. We will refer to area covered by the data protection law as the protected region.


    2. Given that our work is international, and we have offices and facilities around the world, and because we use agencies and/or suppliers to process personal data on our behalf, it is possible that personal data we collect from you will be transferred to and stored in a location outside the protected region.


    3. Some countries outside the protected region may have a different or lower standard of protection for personal data, including lower security requirements and fewer rights for individuals. Where your personal data is transferred, stored and/or otherwise processed outside protected region, we will take all reasonable steps necessary to ensure that the recipient implements appropriate safeguards (such as by entering into standard contractual clauses or working with entities certified under the data privacy laws) designed to protect your personal data and to ensure that your personal data is treated securely and in accordance with this Notice. If you have any questions about the transfer of your personal data, please contact our Date Privacy Office.


    4. The hosting facilities for our website are located in the USA.


  10. Retaining and deleting personal data


    1. This section sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.


    2. Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.


    3. We will retain your personal data as follows:


      1. For information about our data retention practices, please contact the Data Privacy Office (see Section 1.4).


      2. We may in any case retain your personal data for along as may be necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.


      3. If you request to receive no further contact from us, we will keep some basic information about you on our suppression list in order to comply with your request and avoid sending you unwanted materials in the future.


  11. Security/storage of and access to your personal data

    1. We are committed to keeping your personal data safe and secure and we have appropriate and proportionate security policies and organisational and technical measures in place to help protect your personal data.


    2. Your personal data is only accessible by appropriately trained staff, volunteers and contractors, and stored on secure servers with features enacted to prevent unauthorised access.


  12. Amendments


    1. We may update this notice from time to time by publishing a new version on our website.


    2. You should check this page occasionally to ensure you are happy with any changes to this Notice.


    3. We will notify you of significant changes to this Notice by e-mail where reasonably possible for us to do so. If we do not have your contact details, we will notify you of any changes by posting a notice on the website where reasonably possible


  13. Your rights


    1. In this section 13, we have summarised the rights that you have under data protection law. Some of the rights are complex and may apply only in certain circumstances – for more information, we suggest you contact the Data Privacy Office (see Section 1.4).


    2. Your principal rights under data protection law are:


      1. right of access;


        you can write to us to ask for confirmation of what personal data we hold on you and to request a copy of that personal data. Provided we are satisfied that you are entitled to see the personal data requested and we have successfully confirmed your identity, we will provide you with your personal data subject to any exemptions that apply.


      2. right to rectification;


        if you believe our records of your personal data are inaccurate, you have the right to ask for those records to be updated. You can also ask us to check the personal data we hold about you if you are unsure whether it is accurate/ up to date.


      3. right to erasure;


        at your request we will delete your personal data from our records as far as we are required to do so. In those cases where you ask us to delete your personal data due to our use for marketing, we will suppress further communications to you, rather than delete all of the information.


      4. right to restrict processing;


        you have the right to ask for processing of your personal data to be restricted in certain circumstances, such as if there is disagreement about its accuracy or legitimate usage.

      5. right to object to processing;


        you have the right to object to processing where we are (i) processing your personal data on the basis of the legitimate interests ground, (ii) using your personal data for direct marketing or (iii) using your personal data for historical or scientific research purposes or statistical purposes.


      6. right to data portability;


        to the extent required by the data protection law, where we are processing your personal data (that you have provided to us) either (i) by relying on your consent or (ii) because such processing is necessary for the performance of a contract to which you are a party or to take steps at your request prior to entering into a contract, and in either case we are processing using automated means (i.e. with no human involvement), you may ask us to provide the personal data to you – or another service provider – in a machine-readable format.


      7. right to withdraw consent; and


        where we rely on your consent to use your personal data, you have the right to withdraw that consent at any time. This includes the right to ask us to stop using (including profiling for direct marketing purposes) or to unsubscribe from our email list at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.


      8. right to complain to a supervisory authority.


        You are entitled to make a complaint about us or the way we have processed your personal data to a supervisory authority responsible for data protection. You may do so in the state of your habitual residence, your place of work or the place of the alleged infringement.


    3. We may ask you for additional information to confirm your identity and for security purposes before disclosing personal data requested to you.


    4. You may exercise any of your rights in relation to your personal data by written notice to the Data Privacy Office (see Section 1.4).


  14. What else should you know about your privacy online?


    1. We do not knowingly collect personal data of children through our website.


    2. You must be at least 18 years old to have our permission to use this site. We do not knowingly collect, use or disclose personal data about visitors that are under 18 years of age.


      DO NOT SUBMIT YOUR INFORMATION THROUGH OUR WEBSITE IF YOU ARE UNDER EIGHTEEN.


      If you are under 18 and need to give us your personal data, please contact the Privacy Office.


    3. You should also be aware that when your personal data is voluntarily disclosed (i.e. your name, e-mail address, etc.) on public areas on our websites or through our social media

      accounts, that information, along with any information disclosed in your communication, can be collected and used by third parties and may result in unsolicited messages from third parties. Such activities are beyond our control and this Notice does not apply to such information. Any submissions to chat rooms or other public areas on this site are accepted with the understanding that they are accessible to all third parties. If you do not want your comments to be viewed by third parties, you are advised not to make any submissions. Ultimately, you are solely responsible for maintaining the secrecy of your password and/or account information. Please be careful and responsible whenever you're online.


  15. How to contact us


    1. You can contact us through the Data Privacy Office (see Section 1.4).

Acknowledgments and Acceptance of Privacy Notice


Authorize the use of your personal information for the marketing, and promotional activities.


In case of not granting consent, AHF will not collect nor process your personal information for the aforementioned purposes.

I accept


I do not accept


The collection and processing of sensitive information as provided in any local supplement and for the stated, explicit and lawful purpose indicated in that supplement.

I Accept


I do not accept



Full name:


Signature:


ID Document:

Local Supplement: Peru


This Local Supplement is applicable to you if you reside in the country indicated above. It contains important information about your personal rights to privacy. Whenever this Local Supplement applies it should be considered to add to the Privacy/Data Use and Protection Notice.


“AHF” means AIDS Healthcare Foundation Peru Sucursal, the Peru branch of the foreign foundation, AIDS Healthcare Foundation.


“Data Protection Law” means Personal Data Protection Law No 29,733 (“PDPL”) of June 2011 and the Supreme Decree No 003-2013-JUS-Regulation of the PDLP of March 2013 (“Regulation”).


“Data Protection Authority” means Directorate for the Protection of personal data, which is part of the General Directorate of Transparency, Access to Public Information and Protection of Personal Data (“NDPA”).


Data Privacy Office contact information:

Address:


Phone:


Email:


Fax:


Local Provisions


PRIVACY NOTICE FOR THE PROCESSING OF PERSONAL DATA OF CONSUMERS


By means of this document, and in accordance with the provisions of the Personal Data Protection Law

- Law No. 29733, and its implementing regulations approved by Supreme Decree No. 003-2013-JUS; AHF complies with the duty of information in accordance with the provisions of article 18 of the Law, in the following terms:


FIRST.- IDENTIFICATION OF THE DATA CONTROLLER.


AHF is the data controller and will process and store the personal information in the databank called "CONSUMER", which is located at Av. Republica de Panama No. 5756, Miraflores, province and department of Lima.


SECOND.- MANDATORY PERSONAL DATA.


The consumer is aware that the data is provided to AHF so that AHF may provide the services requested by the patients and clients. Personal information will be used to maintain records of all AHF patients duly updated for the provision of AHF’s services.


In the event that AHF requires to process additional information for other purposes of those set forth in this document, AHF shall inform the consumer about the processing activities in advance, indicating whether said purposes are mandatory or optional, as well as the conditions of the processing and the possible transfers, as appropriate. AHF will comply with requesting the prior consent in those cases where the Law makes it mandatory.


THIRD.- RETENTION PERIOD.


The retention period is 5 years counted from the last provision of our services. AHF could retain the information for an additional purpose due to a legal requirement made by an administrative or judicial authority, or to exercise the right of defence before any legal process, or as required for its internal operation..


The personal data, during the period that they are kept by AHF, will be considered and treated as confidential information.


FOURTH.- TRANSFER OF PERSONAL DATA


To fulfill the purposes described above, the personal data may be transferred locally or internationally, according to the following detail:


  • National transfers: Tax Administration, legal and accountant advisors, audit companies.


  • International transfers: to AIDS Healthcare Foundation, California, USA.


FIFTH. – DATA SUBJECT’S RIGHTS


To make a request for information, access, rectification, cancellation or opposition of your personal information or to obtain additional information about this privacy notice, contact the email [*]. If you consider that you have not been adequately attended, you can file a claim with the National Authority for the Protection of Personal Data.


SIXTH. – SECURITY MEASURES.


The consumer is aware that AHF guarantees that the processing of their personal data will comply with the necessary security measures in order to avoid any alteration, loss and / or unauthorized treatment.


SEVENTH. – CONSENT / RIGHT OF INFORMATION.


By means of this notice, the consumer has been informed that the processing of his/her personal information is used for the preparation, celebration and execution of a contractual relationship, therefore, the consent is subject to the provisions of paragraph 5 of article 14 of the Personal Data Protection Law.


Likewise, regarding the international transfers of personal information, the consumer declares to have been properly informed of the purposes of the transfer, as well as the identification of the entities receiving the information. Such transfers are exempt of consent in accordance with the provisions of article 19 of the Personal Data Protection Regulation.


The consumer expressly states that he/she has been duly informed about the conditions of the processing of his/her personal data, for which they sign this document as a sign of agreement.


NINTH. – CONSENT FOR ADDITIONAL PURPOSES


AHF may require to collect and process personal information for the following purposes:


  1. to provide you with information about our work, events, services and/or publications which we consider may be of interest to you.


  2. Where we do this via email, SMS or telephone, we will not do so without your prior consent (unless allowed to do so via applicable law).


  3. You can opt out of receiving emails from us at any time by clicking the unsubscribe link at the bottom of any email correspondence, or exercising your right of cancellation or opposition to the processing of personal information.

TENTH: SENSITIVE DATA


AHF may collect and/or use these special categories of data (for example, health information such as HIV status for the purpose of providing medical care and related services to the subject patients. The collection of sensitive data for the aforementioned data is subject to strict technical, legal and organizational security measures, in order to protect the confidentiality of the information.


[NOTE: this special category of processing must also detail the data retention period, local and cross- border flows of transfer as well as the other requirements stated in the general privacy notice].


In order to comply with the local regulation for the processing of sensitive information, you must expressly authorize us to collect and process your sensitive information. By local requirements you must also handwritten or electronically sign this privacy notice.

2022 - Powered by AHF