This Privacy Policy aims to clearly and transparently inform how the Bosques Verificados platform, managed by the Asociación Cultural para el Desarrollo Integral (ACDI), CUIT No. 30-65509319-9, processes personal data of individuals interacting with the system.
GENERAL PROVISIONS
ACDI, as data controller, undertakes to ensure the protection of personal data in accordance with Argentine Law No. 25,326 on Personal Data Protection, its regulatory framework, and applicable international standards, including best practices related to environmental traceability and regulatory frameworks such as Regulation (EU) 2023/1115 (EUDR).
Personal data processing will be carried out in accordance with the principles of lawfulness, fairness, transparency, purpose limitation, data minimization, security and confidentiality, ensuring responsible and proportionate use of information.
DEFINITIONS
For the purposes of this Policy:
- Personal Data: Any information relating to an identified or identifiable natural or legal person.
- Sensitive Data: Personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or data concerning health or sexual life.
- Data for Promotional Purposes: Data used for institutional communication, project dissemination, or reporting, provided that it does not involve commercial profiling or affect data subjects' rights.
- Data Processing: Any operation performed on personal data, including collection, storage, organization, use, analysis, disclosure or deletion.
DATA COLLECTED AND RETENTION PERIOD
Within the operation of the Platform, personal data may be collected and processed from users, company representatives, and individuals whose data is included in uploaded documentation.
Such data may include identification information, contact details, login credentials, technical usage logs, and data related to forestry activities, including geospatial information where it may directly or indirectly identify a person.
Personal data will be retained for as long as necessary to fulfill the purposes of processing and to comply with applicable legal obligations. Certain records may be retained for extended periods or indefinitely where required to ensure supply chain traceability, comply with regulatory requirements, conduct audits, or preserve technical evidence.
Where appropriate, anonymization or data dissociation mechanisms may be applied.
PURPOSE OF PROCESSING
Personal data is processed to enable access to and use of the Platform, manage user accounts, record and organize traceability information, perform technical validations, ensure system security, facilitate audits and verification processes, and comply with legal obligations or requests from competent authorities.
Additionally, non-sensitive data may be used for institutional communication, reporting, and project-related dissemination purposes, provided that such use is carried out in aggregated or anonymized form and does not allow the identification of any individual, in accordance with the applicable Confidentiality Agreement (NDA).
Processing is based on the performance of contractual obligations, compliance with legal requirements, and ACDI's legitimate interests in ensuring system integrity, traceability, and security. Where applicable, processing may also rely on the data subject's consent.
CONFIDENTIALITY
All processed information shall be considered confidential. ACDI and all persons involved in data processing are bound by a duty of confidentiality, which shall remain in force even after the termination of the relationship with the Platform.
This obligation is consistent with and reinforced by the applicable Confidentiality Agreement (NDA).
ACCESS AND DISCLOSURE
Access to data is restricted to authorized users within the Platform. However, access may be granted to public authorities, project-related entities, auditors, or international cooperation bodies when necessary for verification, regulatory compliance, or project execution.
ACDI may engage third-party service providers acting as data processors, who must act strictly under ACDI's instructions and ensure appropriate security measures.
INTERNATIONAL DATA TRANSFERS
Personal data may be transferred and stored in jurisdictions outside Argentina, including the European Union. Such transfers shall be carried out in accordance with applicable data protection standards and, where required, appropriate safeguards shall be implemented to ensure an adequate level of protection.
INFORMATION SECURITY
While ACDI implements reasonable technical and organizational measures to protect personal data, no system can be guaranteed to be completely secure.
DATA SUBJECT RIGHTS
Data subjects may exercise their rights of access, rectification, update, erasure, and objection in accordance with applicable law.
Requests may be submitted through the contact channels indicated in the Legal Notice.
USER RESPONSIBILITY
Users represent and warrant that they have a lawful basis for uploading personal data and that they have complied with all applicable data protection obligations, including providing adequate notice to data subjects where required.
COOKIES
The use of cookies is governed by the Cookies Policy, which forms an integral part of this framework.
POLICY BREACH
Any incident or concern related to this Policy should be reported through the designated communication channels.
LEGAL INTEGRATION
This Policy is integrated with the Terms and Conditions, Legal Notice, Adhesion Agreement, and Confidentiality Agreement.
MODIFICATIONS
ACDI may modify this Policy to reflect legal, technical or operational changes.