SURGE Ingeniería Logo
undefined banner 3

Data Protection Policy

In accordance with the provisions of the Constitution of the Republic of Ecuador, the Organic Law for the Protection of Personal Data -LOPDP- in force in the Republic of Ecuador, the present Policy for the Protection of Personal Data is issued in accordance with the following terms:

This Data Protection Policy is published in the web page of SURGE INGENIERÍA (https://www.surge.com.ec})

I. Data Controller - Scope of Application of the Policy

The company SURGE INGENIERÍA CIA. LTDA. (hereinafter SURGE INGENIERÍA), with Ruc 1791839595001, located at PASAJE E13-B, in the city of Quito - Ecuador; who will act as responsible for the processing of personal data that the data owners provide in a legitimate and lawful manner in accordance with Art. 7 of the Organic Law on Protection of Personal Data (hereinafter LOPDP or Law).

The processing of personal data will be carried out by any personal or automated operation, always in respect of the guarantees to specific information on any decision taken.

The processing that SURGE INGENIERÍA will carry out will be in attention to the following activities: collection, compilation, obtaining, registration, organization, structuring, conservation, custody, custody, elaboration, adaptation, modification, elimination, indexing, extraction, consultation, use, possession, distribution, communication; or, any other form of enabling access, collation, interconnection, limitation, suppression, destruction and, in general, any use of personal data within the context of the purpose.

The category of data processed shall be in accordance with the purpose, requiring, among others, the following categories: contact identification data, personal characteristics data, family or social circumstances (in the case of employee processing), employment details (in the case of employee processing), attendance control (in the case of employee processing), financial data or income (in the case of employee processing or customers applying for credit), special data category (in the case of employee processing), among others.

II. Principles of Personal Data Processing

SURGE INGENIERÍA shall apply the principles recognized in the Organic Law on Personal Data Protection for data processing.

III. Purposes of the processing

The purposes of the processing of personal data carried out by SURGE INGENIERÍA, include:

CUSTOMER

  1. Institutional communication: Personal data may be used to maintain communication with data subjects or users of SURGE INGENIERÍA. This includes sending service offering communications, newsletters, as well as any other relevant information to keep data subjects or users informed.
  2. Communication, access or transfers: SURGE INGENIERÍA consolidates information with personal data on platforms on which it virtually stores the information. The purpose will be to use a platform in which the information can be managed and have better availability of the same with the best information security measures with international standards. For this purpose, the communication of data will be carried out by implementing appropriate measures to ensure that such communication, access or transfer of data is in accordance with the applicable Data Protection regulations.

WORKERS OR PROFESSIONAL SERVICE PROVIDERS

  1. Management of the employment relationship: Recruitment and human resources management: We use personal data to carry out the processes of selection, recruitment, assignment of tasks and work activities, as well as to manage the fulfillment of labor and contractual obligations.
  2. Administration of additional benefits: personal data will be used to manage and provide benefits provided by SURGE INGENIERÍA in addition to those determined in the labor standard, such as promotions, discounts on the supply of goods and services, such as: telephone plans, insurance, food, training, among others.
  3. Internal Communication: personal data may be used for internal communication of SURGE INGENIERÍA which could include sending communiqués, news and updates about the company, events or relevant organizational changes.
  4. Safety and Security: personal data will be used to ensure the safety and security of SURGE INGENIERÍA's facilities, assets and systems which could include monitoring access and implementing security measures.
  5. Attendance Registration: attendance control is obtained through biometric fingerprint registration, for the exclusive purpose of verifying presence in the workplace.

SUPPLIERS

  1. Supplier information - The information collected from suppliers will be used for pre-screening, reference checking, supplier selection and qualification, monitoring of service delivery and delivery of the contracted service.
  2. Contracting of products and services: to manage the contracting of products and services, as well as subsequent data that may arise from the relationship with SURGE INGENIERÍA.

IV. Retention time

Personal data will be kept for the time necessary for the management of the specified purposes, being currently the treatment by legal period as follows:

MATTER YEARS OF RETENTION

  1. CIVIL - COLLECTION OF DEBTS OR CIVIL CONTRACTUAL CLAIMS BY ORDINARY ACTION, AND DATA PROCESSORS: 10 + 1 = 11 YEARS
  2. BUSINESS ACTIVITIES - BOOKS OF ACCOUNT AND THEIR SUPPORTS: 6 + 1 = 7 YEARS
  3. TAX - INVOICES, SALES NOTES, DECLARATIONS, ETC.: 7 + 1 = 8 YEARS
  4. LABOR, CLAIMS - LABOR RISKS: 10 + 1 = 11 YEARS FOR LABOR CLAIMS INCLUDING RECALCULATION OF PROFITS AND CLAIMS FOR LABOR RISKS AND OCCUPATIONAL ACCIDENTS IN CIVIL MATTERS
  5. NOTE: An additional year has been added to the period of conservation determined by the norm, since this is the period in which the authority may delay in issuing summons or legal notifications; as well as to exercise the right of defense in any claim according to numeral 2 of Art. 11 of the Regulations to the Law.

V. Rights of the Owners of Personal Data

We inform the holders of personal data about their right to request the revocation of the authorization for the processing of personal data in the cases contemplated in the data protection regulations; as well as the rights of access, information, deletion, rectification, updating, opposition and portability of personal data.

INFORMATION

  1. Access: request information about the personal data we have stored.
  2. Rectification: correct or update your personal data if it is inaccurate or incomplete.
  3. Deletion: request deletion of your personal data when it is no longer necessary for the purposes for which it was collected.
  4. Opposition: object to the processing of your personal data in certain circumstances.
  5. Limitation of processing: request the restriction of the processing of your personal data in certain cases.
  6. Portability: receive your personal data in a structured, commonly used and readable format and transmit it to another data controller where technically feasible.
  7. Revocation of consent: withdraw your consent at any time, without affecting the lawfulness of the processing based on the consent prior to its withdrawal.
  8. File a complaint: file a complaint with the competent data protection authority in Ecuador.
For the exercise of their rights the interested party or holder of the personal data, may have the request filled out, attaching the documents proving their appearance to the email: protecciondedatos@surge.com.ec; for which purpose they must fill out the request form.

VI. Other purposes and further processing

The processing of personal data carried out by SURGE INGENIERÍA, is intended for the proper implementation and fulfillment of contractual obligations in the provision of its services and legal, research and development of new products and services, consequently, the refusal to process personal data or revocation of consent related to the services offered by SURGE INGENIERÍA, could mean that you do not have access to promotions and discounts applicable.

VII. Identity and contact details of the PERSONAL DATA PROTECTION DELEGATE DPO of the Data Controller

In case the holder of the personal data needs to make any communication or exercise his/her rights regarding the processing of his/her personal data, he/she may do so through the following contact:

Contact details of the person and / or area in charge

  1. Alejandra Chimbo Medina - Information and Communication Technologies Coordinator
  2. Physical address: PASAJE E13-B N50-60, in the city of Quito - Ecuador, in the city of Quito - Ecuador
  3. E-mail address: protecciondedatos@surge.com.ec

VIII. Consent and legitimate interest of the treatment

The authorization for the processing of personal data that is carried out according to the norm in the cases of relevant legitimate basis, will be done in a voluntary, prior, explicit, informed and unequivocal manner through an unchecked check box which is located at the bottom of the registration form that is delivered to the owner, prior to the collection of their data.

Likewise, in accordance with the Organic Law for the Protection of Personal Data in Art. 7, other legitimate bases for the lawful use of personal data are established, which are detailed below:

  1. Carried out by the data controller in compliance with a legal obligation.
  2. Carried out by the data controller, by court order, whereby the principles of the present law must be observed.
  3. That the processing of personal data is based on the fulfillment of a mission carried out in the public interest or in the exercise of public powers conferred on the data controller, derived from a competence attributed by a regulation with the rank of law, subject to compliance with international human rights standards applicable to the matter, compliance with the principles of this law and the criteria of legality, proportionality and necessity.
  4. For the execution of pre-contractual measures at the request of the holder or for the fulfillment of contractual obligations pursued by the controller of personal data, processor of personal data or by a legally authorized third party.
  5. To protect vital interests of the data subject or another natural person, such as his or her life, health or integrity.
  6. For the processing of personal data contained in publicly accessible databases.
  7. To satisfy a legitimate interest of the data controller or a third party, provided that the interests or fundamental rights of the data subjects do not prevail under the provisions of this regulation.

IX. Information Security

SURGE INGENIERÍA, shall implement all appropriate and necessary security measures, understood as those accepted by the state of the art, be they organizational, legal, administrative, technical, physical or of any other nature, to protect personal data against any risk, threat, vulnerability, taking into account the nature of the personal data, the scope and context.

SURGE INGENIERÍA has access and privilege policies to increase confidentiality in processing.

In the event of violations of confidentiality, integrity or availability of data, SURGE INGENIERÍA to safeguard the rights and freedoms of the persons concerned and notify the Ecuadorian data authority in accordance with the provisions of Article 43 of the LOPDP.

X. Knowledge of the terms

The present personal data protection policy is of an informative nature; however, in addition, you may accept the processing of personal data by means of consent through an unchecked box, which in case of acceptance by the data owner or user, will constitute an affirmative act that reflects the full and free will of the data owner, so that SURGE INGENIERÍA may store the consent in an auditable file for purposes of justifying full consent before the competent authority and, in general, before any third party.

XI. Modifications to the Policy

This personal data protection policy will be reviewed annually by default and any modifications made will be published on this same web page of SURGE INGENIERÍA https://www.surge.com.ec

DATA PROTECTION POLICY V01.2024

  • title

    cta section bg pattern