Acredita LLC. and its subsidiaries around the world (hereinafter “Acreditta”) help organizations digitally certify their students, professionals and other organizations. 

The entity accessing the Acreditta software (the “Organization”) is an Acreditta customer that collects and processes your personal data. 

Definitions:

For the purposes of this policy and in accordance with current regulations regarding the protection of personal data, the following definitions will be taken into account:

• User: It is the natural or legal person who has an interest in the use of personal information.

• Authorization: Prior, express and informed consent of the Holder to carry out the Processing of personal data.

• Notice of Privacy: Verbal or written communication generated by the Controller, addressed to the Owner for the processing of their personal data, through which they are informed about the existence of the information processing policies that will be applicable to them, the way to access them and the purposes of the treatment that is intended to be given to personal data.

• Database: Organized set of personal data that is subject to treatment.

• Personal data: Any information linked or that may be associated with one or more specific or determinable natural persons.

• Treatment Manager: Natural or legal person, public or private, that by itself or in association with others, performs the Processing of personal data on behalf of the Data Controller.

• Responsible for the Treatment: Natural or legal person, public or private, that by itself or in association with others, decides on the database and / or the Treatment of the data.

• Treatment: Any operation or set of operations on personal data, such as the collection, storage, use, circulation or deletion.

• Transfer: the transfer of data takes place when the person responsible and/or in charge of the processing of personal data, located in Colombia, sends the information or personal data to a recipient, who in turn is responsible for the treatment and is located inside or outside the country.

This privacy policy governs Acreditta's processing of personal data that you and/or the Organization enter into Acreditta's software application (the “Software”) for certification or user administration purposes.

Data collection

Acreditta does not collect your personal data directly. 

Acreditta processes the data that you and/or the Organization enter into the Software for certification, reporting or administration purposes. Such data may include, but is not limited to, email addresses and certification information.

Use of data

Acreditta will process the data only in accordance with the agreement between Acreditta and the Organization, including, among other purposes, the provision of technical or functional support and the security guarantee of the Software. If you have any questions about the use of your personal data, please contact the Organization.

Contact and inquiries 

The Organization is responsible for data processing. A “controller” determines the purposes for which personal data is processed and the means used. A “processor” processes personal data always on behalf of the controller. All queries regarding your personal data should be directed to the Organization.

Use, disclosure and sharing of personal data. 

1. Aggregated statistics

We may aggregate and anonymize data into non-personal statistics about user behavior, such as general patterns or demographic reports that do not describe or identify individual users.

2. Disclosures required by law 

We may disclose your personal data if required to do so by law or court order or if we believe it is necessary to: (a) comply with the law applicable to Acreditta or our partners; (b) comply with a court order or decree, or comply with legal process involving us or our affiliates; or (c) protect and defend our rights and property, the Websites, and the users of the Websites. In such cases Acreditta will notify the Organization of said request and the data provided.

3. Transfer and processing of personal data worldwide (applicable unless otherwise agreed in writing between you or the Organization and Acreditta)

Acreditta may use your data for the purposes described in this document and in accordance with the agreement between Acreditta and the Organization. Your data may be processed and transferred within and to the United States and other countries and territories mentioned here, whose privacy laws may differ from those in your country of residence, and which may offer different levels of protection for your personal data. . Regardless of the laws in force in these countries, we will treat the privacy of your data in accordance with this Privacy Policy and the agreement between Acreditta and the Organization.

4. Your access and correction rights

You have the right to submit and correct your personal data by contacting your Organization.

Third Party Websites  

From this Website, you may visit other websites or link to other websites, which may be operated by us or unaffiliated third parties. Those websites may collect personal data about you and, because this Privacy Policy does not cover the data practices of those other websites, you should read the privacy policies of those other websites to find out how they treat your data. personal.

Privacy of minors 

The platform is not authorized for Users under twelve years of age. We do not knowingly collect personal data from children under twelve years of age on our Websites. If we learn that we have inadvertently received personal data from a minor visitor on the Platform, we will delete the information from our records.

Security

The security and privacy of personal data are of utmost importance to Acreditta. We apply industry standard and commercially reasonable physical, managerial and technical security measures to protect the integrity and security of your personal data. You can obtain more information by writing to info@acreditta.com

Data security policies:

1) Identity and contact details of the data controller

Acreditta acts solely as data processor. The Organization is responsible for the processing of your personal data and must provide you with appropriate contact details.

2) Data protection officer.

Acreditta has appointed a data protection officer. However, Acreditta acts only as data processor. The Organization is the data controller and must provide you with appropriate contact details.

3) Purposes and legal basis of the treatment. 

Acreditta will process the data only in accordance with the agreement between Acreditta and the Organization, including, among other purposes, the provision of technical or functional support and the security guarantee of the Software. If you have any questions about the use of your personal data, please contact the Organization.

4) Information exchange. 

We may work with third-party vendors to help us deliver our products and services. Third party service providers are not contractually permitted to use or disclose the information except as necessary to provide services on our behalf or to comply with legal requirements.

6) Conservation of data. 

Acreditta will retain your data only as agreed between Acreditta and the Organization, and in accordance with the laws applicable to Acreditta. In the event that you have obtained a credential, we will keep its information current for use independent of the relationship between Acreditta and the Organization and its owner may claim rights of use and removal by authenticating that he is the owner by email and other forms of identification such as DIDs.

7) Rights of the interested party. 

Acreditta acts solely as data processor. The Organization is the data controller and must provide you with appropriate contact details.

8) Automated decisions: 

Acreditta acts solely as data processor and does not make decisions that affect you. The Organization is the controller and must provide you with appropriate information about its decision-making process.

9) Downloading information.

The Organization may establish a policy whereby it periodically downloads its credentials information and stores it in another digital repository in order to preserve the data.

Likewise, in the event that the institution wishes to disassociate itself from the Acreditta Service or if it can no longer support it, the client may previously download this information from the credentials granted and port them to any other platform that is compatible with the 1Edtech Open Badge standard. .

The Acreditta Platform provides reports that can be exported and validated by the Organization's staff.

The parties hereto warrant to each other that the receiving party will use, process and record any Personal Data relating to a Data Subject in accordance with applicable Data Protection Legislation.

The parties hereto will take appropriate technical and organizational measures to adequately protect all Personal Data against accidental loss, destruction or damage, alteration or disclosure.

In the event that the Parties become aware of an actual or reasonably suspected Personal Data Breach, they will be immediately notified and provided with a description of the Personal Data Breach, the categories of data that were the subject of the Personal Data Breach. Personal information. Data Breach and the identity of each affected Data Subject and any other information reasonably requested in relation to the Personal Data Breach.

Features of our technology infrastructure

1. AWS Security Infrastructure 

Acreditta's physical infrastructure is hosted and managed by Amazon Web Services (AWS), which has achieved a wide variety of security certifications and commitments.

2. LacNet Infrastructure

Acreditta uses LACNet, a blockchain infrastructure designed to enable inclusive and scalable projects and solutions on web 3.0.

LacNet provides nodes in the LACNet Mainnet Omega regional network built with Hypderledger Besu technology (based on Ethereum), enabling the development of blockchain solutions and projects in a simple, sustainable and scalable way. See LACNet privacy policy.

3. Open Badges Standard 2.0 and 3.0 

The platform allows at any time to download the digital credentials that have been issued to both the Issuer and the Borrower. These badges are issued under the international Open Badge standard known as

OBV2 y OBV3

PROCEDURE FOR ATTENDING REQUESTS AND QUERIES RELATED TO PERSONAL INFORMATION

The Owner of the personal data or whoever is duly authorized may:

• Formulate requests and queries to know the personal information of the Owner that resides in ACREDITTA
• Request the update, modification, rectification or deletion of the Owner's data, when applicable in accordance with this Policy and the applicable Law.
• Request a copy of the authorization granted by the Owner to ACREDITTA to carry out the Processing of your Personal Data

These consultations can be made free of charge at least once every calendar month and each time there are substantial modifications to the Information Processing Policies that motivate new consultations.

The Owner or whoever is authorized to do so may make inquiries to ACREDITTA about the Owner's personal information through the following mechanisms:

• Orally by contacting the Customer Service Line: +57 320 9815786
• By written means, addressed to the following address: 19291 NE 19TH PL; Miami FL 33179
• Email to address: info@acreditta.com

The query will be answered within a maximum period of ten (10) business days from the date of receipt.

When it is not possible to attend to the query within the aforementioned term, ACREDITTA will inform the interested party, expressing the reasons and indicating the date on which their query will be attended, no later than within five (5) business days following the expiration of the first term.

PROCEDURE FOR ATTENDING COMPLAINTS AND REVOCATION OF THE AUTHORIZATION OF THE PROCESSING OF PERSONAL DATA

Through this procedure the Organization will be able to:

• Revoke Authorization for Data Processing.
• Submit claims when you consider that there is an alleged breach of ACREDITTA's duties related to the Processing of Personal Data, in accordance with the provisions of these Policies or the Personal Data Protection Law.

Revocation of the Owner's Authorization for the Processing of Personal Data.

The organization may revoke the authorization and request the deletion of its data in the following events:

• By unilateral, free and voluntary decision of the Owner of the Personal Data, when there is no legal or contractual obligation that imposes on the Owner the duty to remain in the database; and
• When the constitutional and legal principles, rights and guarantees are not respected, as long as the Superintendency of Industry and Commerce has determined that in the Treatment the Controller or Processor has engaged in conduct contrary to the regulations.

The foregoing, without prejudice to the rules that ACREDITTA must observe regarding document retention to comply with formal obligations. Consequently, ACREDITTA will delete the data or suspend its use when necessary, respecting the rules on documentary conservation that apply to it.

The procedure for handling complaints about the Owner's personal data is as follows:

The organization or whoever is duly authorized to do so may make claims to ACREDITTA in relation to the Processing of their Personal Data, in the following events:

• When you consider that the organization's information contained in a database must be corrected, updated or deleted; either
• When you notice the alleged breach of any of the duties contained in the Data Protection Law.

The formulation of claims must be made through any of the following service channels:

• Orally by contacting the Customer Service Line: +57 320 9815786
• By written means, addressed to the following address: 19291 NE 19TH PL; Miami FL 33179
• Email to the address: info@acreditta.com

The claim presented by the Owner or by the person authorized to do so, must contain at least the following: (i) Identification of the Owner of the Personal Data; (ii) Description of the facts that give rise to the claim; (iii) Contact information and location of the Owner of the Personal Data (Address, telephone, cell phone, email, etc.); and (iv) The documents or evidence that support your claim. If the above information is not available, it will be understood that the claim is not complete.

If the claim is incomplete, ACREDITTA will ask the interested party to correct the deficiencies or send the information or documentation required within five (5) business days following receipt of the claim by ACREDITTA. After two (2) months from the date of the request, without the applicant presenting the required information, it will be understood that the claim has been abandoned and it will be filed.

ACREDITTA has a period of fifteen (15) business days to address the claim, counting from the business day following the date of receipt at ACREDITTA.

When it is not possible to attend to the claim within the aforementioned term, ACREDITTA will inform the interested party of the reasons for the delay and the date on which their claim will be attended to, which may not exceed eight (8) business days following the expiration of the first term. .

Area Responsible for Attending Requests, Queries and Claims

The ACREDITTA Customer Service area is responsible for receiving requests, queries and claims from the Owner of Personal Data related to their rights to know, update, rectify and delete Personal Data and revoke the Authorization. Likewise, the Customer Service area will ensure the timely and adequate response issued by each of the areas of ACREDITTA to the requests, queries and claims of the Data Owners.

VALIDITY OF THE PERSONAL INFORMATION PROCESSING POLICY

This personal information processing policy applies from July 1, 2022 until such time as it is expressly revoked or modified.

Modification: ACREDITTA reserves the right to modify this privacy policy, which will be published with the corresponding update date.