{"id":4872,"date":"2025-04-05T18:06:38","date_gmt":"2025-04-05T23:06:38","guid":{"rendered":"https:\/\/xtendo.biz\/en\/?page_id=4872"},"modified":"2026-01-24T23:25:59","modified_gmt":"2026-01-25T04:25:59","slug":"personal-data-protection-policy","status":"publish","type":"page","link":"https:\/\/xtendo.global\/en\/personal-data-protection-policy\/","title":{"rendered":"Personal Data Protection Policy"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-page\" data-elementor-id=\"4872\" class=\"elementor elementor-4872\" data-elementor-post-type=\"page\">\n\t\t\t\t<div class=\"elementor-element elementor-element-5391983 e-flex e-con-boxed elementor-invisible e-con e-parent\" data-id=\"5391983\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;background_background&quot;:&quot;classic&quot;,&quot;jet_parallax_layout_list&quot;:[],&quot;animation&quot;:&quot;fadeIn&quot;}\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-01047a7 elementor-widget__width-initial animated-slow elementor-invisible elementor-widget elementor-widget-jet-headline\" data-id=\"01047a7\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;_animation&quot;:&quot;fadeInLeft&quot;}\" data-widget_type=\"jet-headline.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"jet-headline jet-headline--direction-vertical\"><span class=\"jet-headline__part jet-headline__first\"><span class=\"jet-headline__label\">Personal Data Protection Policy Xtendo Global<\/span><\/span><\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t<div class=\"elementor-element elementor-element-2939beb e-flex e-con-boxed e-con e-parent\" data-id=\"2939beb\" data-element_type=\"container\" data-e-type=\"container\" data-settings=\"{&quot;jet_parallax_layout_list&quot;:[]}\">\n\t\t\t\t\t<div class=\"e-con-inner\">\n\t\t\t\t<div class=\"elementor-element elementor-element-5c1aa06 elementor-widget elementor-widget-text-editor\" data-id=\"5c1aa06\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>\u00a0<\/p><h2><strong>1 \u2013 Introduction<\/strong><\/h2><p>At XTENDO GLOBAL, the protection of personal data is a strategic priority. We recognize that personal information is one of our most valuable assets, and we are committed to handling it responsibly and securely. We integrate the best practices in cybersecurity and Data Loss Prevention (DLP) into our Information Security Management System (ISMS). This policy outlines how we collect, use, store, share, and protect the personal information of our clients, employees, suppliers, and other data subjects, ensuring compliance with applicable legislation and the respect of their rights.<\/p><hr \/><h2><strong>2 \u2013 Purpose<\/strong><\/h2><ul><li><p><strong>Comprehensive Protection:<\/strong> Ensure all personal data is handled with high-security standards, using technical, administrative, and physical controls.<\/p><\/li><li><p><strong>Regulatory Compliance:<\/strong> Guarantee compliance with the data protection legislation applicable in the operating country, as well as internal information security policies.<\/p><\/li><li><p><strong>Transparency and Data Subject Rights:<\/strong> Clearly inform data subjects about the processing of their data and facilitate the exercise of their rights.<\/p><\/li><li><p><strong>Integration with the ISMS:<\/strong> Incorporate controls and security measures in personal data management, such as encryption, access control, incident management, and secure retention and deletion procedures.<\/p><\/li><\/ul><hr \/><h2><strong>3 \u2013 Scope<\/strong><\/h2><p>This policy applies to all information and personal data collected by XTENDO GROUP through:<\/p><ul><li><p>Our website <a href=\"http:\/\/www.xtendo.global\/en\/\">www.xtendo.global\/en\/<\/a> and social media channels.<\/p><\/li><li><p>Contact forms, user registration, service contracting, and recruitment processes.<\/p><\/li><li><p>Events, communications, and any interaction with clients, collaborators, contractors, interns, and third parties that interact directly or indirectly with the Group&#8217;s information assets.<\/p><\/li><li><p>All systems, devices, and applications that process, store, or transmit personal information, both internally and in cloud environments.<\/p><\/li><li><p>Any other physical or digital medium used to manage personal data.<\/p><\/li><\/ul><hr \/><h2><strong>4 \u2013 Regulatory Framework<\/strong><\/h2><p><strong>Spain<\/strong><\/p><ul><li><p>General Data Protection Regulation (GDPR)<\/p><\/li><li><p>Organic Law on Personal Data Protection and Guarantee of Digital Rights (LOPDGDD)<\/p><\/li><\/ul><p><strong>France<\/strong><\/p><ul><li><p>GDPR<\/p><\/li><li><p>Loi Informatique et Libert\u00e9s<\/p><\/li><\/ul><p><strong>Germany<\/strong><\/p><ul><li><p>GDPR<\/p><\/li><li><p>Federal Data Protection Act (BDSG)<\/p><\/li><\/ul><p><strong>Portugal<\/strong><\/p><ul><li><p>GDPR<\/p><\/li><li><p>Personal Data Protection Law adapted to the EU regulation<\/p><\/li><\/ul><p><strong>United States<\/strong><\/p><ul><li><p>Mosaic of federal and state laws<\/p><ul><li><p>HIPAA<\/p><\/li><li><p>GLBA<\/p><\/li><li><p>Florida Digital Bill of Rights (FDBR)<\/p><\/li><\/ul><\/li><\/ul><p><strong>Canada<\/strong><\/p><ul><li><p>Personal Information Protection and Electronic Documents Act (PIPEDA)<\/p><\/li><\/ul><p><strong>Brazil<\/strong><\/p><ul><li><p>General Data Protection Law (LGPD)<\/p><\/li><\/ul><p><strong>Guatemala<\/strong><\/p><ul><li><p>Comprehensive Law on Personal Data Protection in the Hands of Third Parties (6103)<\/p><\/li><li><p>Data Protection Law (6105)<\/p><\/li><\/ul><p><strong>Uruguay<\/strong><\/p><ul><li><p>Law No. 18.331<\/p><\/li><li><p>Decree No. 64\/020<\/p><\/li><\/ul><p><strong>Colombia<\/strong><\/p><ul><li><p>Law 1581 of 2012<\/p><\/li><li><p>Decree 1377 of 2013<\/p><\/li><\/ul><p><strong>Argentina<\/strong><\/p><ul><li><p>Law 25.326 on Personal Data Protection<\/p><\/li><\/ul><p><strong>Bolivia<\/strong><\/p><ul><li><p>Law No. 164 of 2011, General Law on Telecommunications, Information and Communication Technologies<\/p><\/li><\/ul><p><strong>Philippines<\/strong><\/p><ul><li><p>Data Privacy Act of 2012<\/p><\/li><\/ul><hr \/><h2><strong>5 \u2013 Principles and Definitions<\/strong><br \/><strong>Principles<\/strong><\/h2><ul><li><p><strong>Lawfulness, Fairness, and Transparency:<\/strong> Data will be processed lawfully, for legitimate purposes, and transparently.<\/p><\/li><li><p><strong>Purpose Limitation:<\/strong> Data will only be used for the specific purposes for which it was collected.<\/p><\/li><li><p><strong>Data Minimization:<\/strong> Only strictly necessary data will be collected.<\/p><\/li><li><p><strong>Accuracy and Updating:<\/strong> Reasonable measures will be taken to keep data accurate and up to date.<\/p><\/li><li><p><strong>Storage Limitation:<\/strong> Data will be retained only as long as necessary to fulfill its purpose.<\/p><\/li><li><p><strong>Integrity and Confidentiality:<\/strong> Technical and organizational measures will be implemented to protect data against unauthorized access, loss, or alteration.<\/p><\/li><\/ul><h3><strong>Definitions<\/strong><\/h3><ul><li><p><strong>Personal Data:<\/strong> Any information related to an identified or identifiable natural person.<\/p><\/li><li><p><strong>Processing:<\/strong> Any operation or set of operations performed on personal data, such as collection, storage, use, transmission, or deletion.<\/p><\/li><li><p><strong>Data Subject:<\/strong> The person to whom the data belongs.<\/p><\/li><li><p><strong>Consent:<\/strong> A free, specific, informed, and unequivocal expression by which the data subject accepts the processing of their data.<\/p><\/li><li><p><strong>Security Incident:<\/strong> Any event that compromises the confidentiality, integrity, or availability of personal data.<\/p><\/li><\/ul><hr \/><h2><strong>6 \u2013 Roles and Responsibilities<\/strong><\/h2><ul><li><p><strong>Senior Management:<\/strong> Approve and oversee the policy and ensure necessary resources are allocated.<\/p><\/li><li><p><strong>ISMS and Data Protection Officer:<\/strong> Coordinate implementation, conduct periodic audits, and manage policy updates.<\/p><\/li><li><p><strong>IT\/Security Team:<\/strong> Implement technical measures (encryption, access control, DLP) and maintain secure infrastructure.<\/p><\/li><li><p><strong>Users:<\/strong> Comply with established guidelines and report any incident or breach.<\/p><\/li><\/ul><hr \/><h2><strong>7 \u2013 Collection and Use of Personal Data<\/strong><br \/><strong>Data Collected<\/strong><\/h2><p>XTENDO GROUP collects personal data in various situations, such as:<\/p><ul><li><p><strong>Website Interaction:<\/strong> Access information, behavior (keywords, pages viewed, location, browser, device).<\/p><\/li><li><p><strong>Contact and Registration Forms:<\/strong> Basic identification data (name, email, company, country, WhatsApp, messages).<\/p><\/li><li><p><strong>Recruitment Processes:<\/strong> Resume information and data collected through LinkedIn or email.<\/p><\/li><li><p><strong>Events and Social Media:<\/strong> Data obtained from public or private interactions, always informing the user of processing.<\/p><\/li><\/ul><h3><strong>Purposes of Processing<\/strong><\/h3><ul><li><p><strong>Improve User Experience:<\/strong> Adapt services and content to user needs.<\/p><\/li><li><p><strong>Service Delivery:<\/strong> Facilitate communication, management, and support of offered services.<\/p><\/li><li><p><strong>Marketing and Advertising:<\/strong> Send promotional messages and offers, where consent has been obtained.<\/p><\/li><li><p><strong>Recruitment Processes:<\/strong> Evaluate applications and support talent acquisition.<\/p><\/li><li><p><strong>Legal Compliance:<\/strong> Retain data in accordance with legal and regulatory obligations.<\/p><\/li><\/ul><hr \/><h2><strong>8 \u2013 Data Security and Protection Measures<\/strong><\/h2><p>As part of our Information Security Policy, the following measures are implemented:<\/p><ul><li><p><strong>Access Control and Authentication:<\/strong> Use of strong authentication and, in critical environments, multi-factor authentication to limit access to personal data.<\/p><\/li><li><p><strong>Encryption:<\/strong> Encryption of personal data in transit (TLS\/SSL) and at rest (AES-256).<\/p><\/li><li><p><strong>DLP and Monitoring Solutions:<\/strong> Deployment of Data Loss Prevention tools and systems to detect and respond to incidents.<\/p><\/li><li><p><strong>Incident Management:<\/strong> Defined procedures for immediate response to security incidents involving personal data.<\/p><\/li><li><p><strong>Secure Retention and Deletion:<\/strong> Establishment of retention periods and secure processes for deletion or anonymization of data after fulfilling its purpose.<\/p><\/li><li><p><strong>Training and Awareness:<\/strong> Ongoing training programs on safe data handling and regulatory compliance.<\/p><\/li><\/ul><hr \/><h2><strong>9 \u2013 Data Subject Rights and Exercise of Rights<\/strong><\/h2><p>XTENDO GROUP guarantees data subjects the following rights:<\/p><ul><li><p><strong>Access:<\/strong> Know and access their personal data.<\/p><\/li><li><p><strong>Rectification:<\/strong> Request correction of inaccurate or incomplete data.<\/p><\/li><li><p><strong>Erasure:<\/strong> Request deletion of data when no longer necessary.<\/p><\/li><li><p><strong>Restriction of Processing:<\/strong> Limit processing in certain circumstances.<\/p><\/li><li><p><strong>Objection:<\/strong> Object to the processing of data.<\/p><\/li><li><p><strong>Portability:<\/strong> Receive their data in a structured and transferable format.<\/p><\/li><li><p><strong>Withdrawal of Consent:<\/strong> Withdraw previously granted consent.<\/p><\/li><\/ul><p>Data subjects can exercise these rights by submitting a written request to: <strong><a href=\"mailto:info@xtendo.global\/en\">info@xtendo.global\/en<\/a><\/strong><\/p><hr \/><h2><strong>10 \u2013 Data Retention and Storage<\/strong><\/h2><ul><li><p><strong>Retention Period:<\/strong> Data will only be stored for the time necessary to fulfill service provision, contractual, and legal obligations. Specific periods will be defined in the Data Inventory and updated regularly.<\/p><\/li><li><p><strong>Secure Deletion:<\/strong> Once the retention period has expired, data will be securely deleted or anonymized following approved procedures.<\/p><\/li><\/ul><hr \/><h2><strong>11 \u2013 Data Transfer<\/strong><\/h2><ul><li><p><strong>International:<\/strong> If data is transferred to other countries, XTENDO GLOBAL will ensure an adequate level of protection in accordance with GDPR and other regulations.<\/p><\/li><li><p><strong>Third Parties:<\/strong> Personal data will not be shared with unauthorized third parties. Transfers are made under contractual agreements that ensure data protection.<\/p><\/li><\/ul><hr \/><h2><strong>12 \u2013 Training and Awareness<\/strong><\/h2><ul><li><p><strong>Regular Training:<\/strong> Training sessions will be held for all employees on secure data handling and regulatory compliance.<\/p><\/li><li><p><strong>Ongoing Updates:<\/strong> Training will be regularly updated to reflect legislative changes and technological advancements.<\/p><\/li><\/ul><hr \/><h2><strong>13 \u2013 Policy Review and Updates<\/strong><\/h2><p>This policy will be reviewed at least annually or when significant changes occur in legislation, technology, or internal processes. Updates will be approved by Senior Management and communicated to all employees.<\/p><hr \/><h2><strong>14 \u2013 Approval and Dissemination<\/strong><\/h2><p>This Personal Data Protection Policy is effective as of the stated date and is mandatory for all employees and collaborators who manage the organization\u2019s data and information.<\/p><p>This policy will be filed in the company&#8217;s official records and shared internally for awareness among all employees and third parties, reinforcing the culture of information security and commitment that characterizes XTENDO GLOBAL.<\/p><hr \/><p><em><strong>Last Update:<\/strong> February 28, 2025<\/em><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Personal Data Protection Policy Xtendo Global \u00a0 1 \u2013 Introduction At XTENDO GLOBAL, the protection of personal data is a strategic priority. We recognize that personal information is one of our most valuable assets, and we are committed to handling it responsibly and securely. We integrate the best practices in cybersecurity and Data Loss Prevention [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"class_list":["post-4872","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/xtendo.global\/en\/wp-json\/wp\/v2\/pages\/4872","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/xtendo.global\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/xtendo.global\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/xtendo.global\/en\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/xtendo.global\/en\/wp-json\/wp\/v2\/comments?post=4872"}],"version-history":[{"count":13,"href":"https:\/\/xtendo.global\/en\/wp-json\/wp\/v2\/pages\/4872\/revisions"}],"predecessor-version":[{"id":6611,"href":"https:\/\/xtendo.global\/en\/wp-json\/wp\/v2\/pages\/4872\/revisions\/6611"}],"wp:attachment":[{"href":"https:\/\/xtendo.global\/en\/wp-json\/wp\/v2\/media?parent=4872"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}