The objective of this policy is to ensure the protection of Personal Data and Sensitive Personal Data held by Distrito Bandido.
This policy applies to all Distrito Bandido personnel and is a permanent management duty. It acts as a general framework for all group companies and applies to any type of personal information held by Distrito Bandido. This includes information collected through our websites, purchasing processes, hiring processes, among others, via printed media, email, through third-party platforms, applications, or social media.
CONCEPTS AND ABBREVIATIONS
Distrito Bandido and any other entities that integrate.
Data Subject: Any individual person.
Personal Data: Any information related to an identified or identifiable individual, expressed in numerical, alphabetical, graphical, photographic, acoustic, or any other form. For example, but not limited to: name, age, date of birth, email address, phone number, credit/debit card number, bank account, among others.
Sensitive Personal Data: Personal data that affects the most intimate sphere of the data subject or whose misuse could lead to discrimination or entail serious risks for the individual. For example, but not limited to: racial or ethnic origin, past, present, and future health information, genetic data, religious, philosophical, and moral beliefs, union membership, political opinions, sexual preferences, non-criminal records, among others.
- Personal Data: Any information related to an identified or identifiable individual, expressed in numerical, alphabetical, graphical, photographic, acoustic, or any other form. For example, but not limited to: name, age, date of birth, email address, phone number, credit/debit card number, bank account, among others.
- Sensitive Personal Data: Personal data that affects the most intimate sphere of the data subject or whose misuse could lead to discrimination or entail serious risks for the individual. For example, but not limited to: racial or ethnic origin, past, present, and future health information, genetic data, religious, philosophical, and moral beliefs, union membership, political opinions, sexual preferences, non-criminal records, among others.
Use of Personal Information
The personal information shared with Distrito Bandido is treated only for the purposes for which it was collected and authorized. For example, but not limited to: contact, e-commerce purchases, hiring, customer registration, supplier registration, service provider registration, among others.
Who We Share Personal Information With?
As a general rule, Distrito Bandido does NOT share or sell personal information with anyone outside the group. However, there are some third parties with whom we might share this information, such as:
- Business partners
- Judicial or government authorities
- Third-party service providers
- Courier service
If Distrito Bandido were to share any type of information with a third party, it would make its best efforts to ensure that they keep your information secure, take all steps to protect it from misuse, and only use it in accordance with this policy and data protection regulations.
As the responsible party for personal data, Distrito Bandido is committed to observing the principles of legality, consent, information, quality, purpose, loyalty, proportionality, and responsibility. To prevent data from being used for purposes other than those for which it was provided, safeguarding other rights and freedoms, the protection measures are as follows:
Perimeter: Use of surveillance cameras, secure doors, fire and theft alarms.
Hardware: Backup of information on magnetic media, redundant servers, Firewalls for incoming traffic filtering, MPLS (for dedicated links with other business units).
Software: Antivirus, critical updates, antispyware, DMZ, Digital Certificates, AD (for centralized permissions), WPA (for encrypted connections), VPN (for remote connections).
At Distrito Bandido, personal data automatically receives sufficient and necessary protection to safeguard it, using the highest standards of administrative, technical, physical, and legal protection available, to prevent damage, loss, alteration, destruction, unauthorized use, access, or treatment.
Distrito Bandido safeguards the information collected physically through locked drawers, with restricted access to authorized personnel, through:
Users: by managing permissions scaled to systems and applying policies for information handling.
Programming errors: which can be exploited by hackers, therefore corrections and updates to applications are performed with high priority.
Malicious software: all our equipment has updated antivirus and real-time analysis, as well as the application of critical updates to the operating system.
Intrusions: We have a network of Firewalls to filter all incoming content and deny unauthorized ones.
However, despite the indications in the previous paragraph and the fact that Distrito Bandido is committed to doing its best to care for and protect your personal data, you should be aware of the permanent risk that any website and/or other means is exposed to, regarding intrusions, destruction, extraction, manipulation, among others, of information that can be carried out by unauthorized third parties, and neither Distrito Bandido nor any physical or moral entity has an absolute guarantee to prevent such actions. Therefore, Distrito Bandido disclaims any responsibility for actions undertaken by such third parties that are beyond the reach of Distrito Bandido.
It is the Right that the Data Subject has to Access, Rectify, Cancel, or Oppose their Personal Data or sensitive personal data.
Right of Access
Data subjects have the right to access their personal information held by third parties, in order to know what it is and its status, i.e., if it is correct and up to date, or to know the purpose of its use.
Right of Rectification
Data subjects have the right to rectify their personal information when it is incomplete or inaccurate. In other words, you can request that whoever uses your personal data correct it when it is incorrect or outdated.
Right of Cancellation
Data subjects may request the cancellation, i.e., the elimination of their personal data when they consider that they are not being used or processed in accordance with the obligations and duties of the controller, as contained in the Law and its Regulations.
Right of Opposition
Data subjects have the right to oppose the use of their personal information or demand its cessation. A clear example of this right is to express your opposition to the processing of your personal data for commercial or advertising purposes.
WAYS TO EXERCISE ARCO RIGHTS
The Data Subject of Personal Data and Sensitive Personal Data must submit the “ARCO Rights Request” form found on the website https://bandidostudio.com/, attaching a copy of the valid official identification (INE, passport, or military ID) of the Data Subject, and deliver it signed and in original to the offices of Distrito Bandido or via certified mail, who is responsible for the treatment of this data.
RESPONSIBLE FOR THE PROTECTION OF PERSONAL DATA
The person responsible for the protection of personal data corresponds to the Administrative area, with the email address email@example.com.