Privacy Policy

1. Controller and Processor of Personal Data

1.1. Data Protection Officer (DPO):

The entity responsible for data protection (DPO) provided through the website www.S99.cl and mobile applications is Corsair_CL, located at Avenida Costanera Sur 2730 - Las Condes - Parque Titanium, Santiago, Metropolitan Region; phone: 56 232022068.

1.2. Data Protection Officer (DPO):

Corsair_CL has appointed a Data Protection Officer (DPO) who can be contacted at the following email address: Info@s99.cl.

In the case of subscribing to multiple services or accessing them, the names of other potential controllers and data processors will be communicated through the App.

2. Types of Personal Data and Processing Methods

2.1. Personal Data:

Corsair_CL will process and handle the personal data you have provided or that has been legitimately obtained ("Personal Data"). The Processor will be Corsair_CL or another related or authorized company by Corsair_CL for this purpose. Specifically, the following personal data may be processed:

• a) Identification data: Data that allows direct identification, such as name, last name, address, identity card, email address, landline and mobile phone number, etc., provided to the Data Processor during communications. We will process this Personal Data when you ask us questions, request information, or send us various communications.
• b) Navigation Data: The computer and telematics systems, and software procedures used to operate the Site acquire, during their normal operation, certain data (e.g., access date and time, pages visited, the name of the Internet Service Provider, and the Internet Protocol or IP address through which you access the Internet, the Internet address from which you connected to our Site, etc.).
• c) Consumption Data: Data related to supply and consumption levels recorded, collected, and processed during the term of the supply contract that may have been signed.
• d) Payment Data: Those provided in the case of purchasing products or services, including identification details.
• e) Contact Data: Contact information, such as phone numbers, landline and/or mobile phone, email address, provided to the Data Processor during subscription or during the term of the supply contract or at any other time. This data allows us to contact you to provide responses to your requests and/or services tailored to your needs.
• f) Data Acquired by Customer Service: Data provided during interactions with Corsair_CL's Customer Service, including recordings of phone calls, if you have given consent for recording, or in cases where recording is done under a legal or regulatory obligation.

2.2. Processing Methods:

We inform you that personal data will be processed manually and/or with the support of computer or telematics means.

3. Purpose and Legal Basis for Processing

3.1. Purpose:

The Processor will process your personal data for the achievement of specific purposes and only on the basis of specific legal grounds provided by applicable privacy and personal data protection law.

3.2. Legal Basis:

Below is a list of the purposes for which your Personal Data is processed by the Controller and the legal basis for legitimizing this processing:

• Purposes of Processing: Enable the use of all features of the Site.
• Legal Basis: Consent of the data subject.
• Purposes of Processing: Processing required by law and/or regulations.
• Legal Basis: Legal obligation.

4. Recipients of Personal Data

4.1. Recipients:

The personal data you provide may be disclosed to:

• a) our employees, collaborators, and suppliers: who have been authorized and instructed to process personal data, within the scope of their duties;
• b) parties and authorities: entitled to access Personal Data by virtue of legal or administrative provisions;
• c) consultants or employees: responsible for maintaining the website;
• d) parties authorized by Corsair_CL: for activities that are necessary or instrumental for the execution of the aforementioned purposes;
• e) entities that, due to legal obligations: must have access to your Personal Data;
• f) public and/or private entities: for whom the communication of Personal Data is necessary for the fulfillment of legal obligations or is in any case necessary for the protection of rights in court.

For these purposes, the data may be disclosed to employees, freelancers, and collaborators appointed for the processing of Personal Data, as well as to the competent authorities.

5. Transfer of Personal Data

5.1. Transfer:

Your personal data may be transferred to countries in the European Union, the United States, and third countries that are party to the Agreement on the European Economic Area and that provide an adequate level of data protection, as assessed by the European Commission, in accordance with the principles of transparency, confidentiality, and processing of personal data as well as compliance with security measures.

5.2. Transfer Security Measures:

Any transfer of data to countries outside the EU or EEA will be carried out in accordance with an adequacy decision by the European Commission or through other suitable guarantees, such as standard contractual clauses adopted by the European Commission.

6. Data Retention Period

6.1. Data Retention Period:

The personal data processed for the purposes indicated will be kept for the time necessary to fulfill these purposes and, in any case, for no longer than ten years after the end of the service relationship and twenty years for the related documents and contracts, unless other laws provide otherwise. After this period, the Personal Data will be destroyed or made anonymous.

7. Rights of Data Subjects

7.1. According to the European Regulation 2016/679 ("GDPR") and National Privacy Laws, you have the following rights:

• a) Right of Access: You have the right to obtain from the Data Controller confirmation of the processing of your Personal Data and, in this case, access to your Personal Data.
• b) Right to Rectification: You have the right to obtain from the Data Controller the rectification of inaccurate Personal Data concerning you without undue delay. Taking into account the purposes of the processing, you have the right to have incomplete Personal Data completed, including by means of providing a supplementary statement.
• c) Right to Erasure (Right to be Forgotten): You have the right to obtain from the Data Controller the erasure of Personal Data concerning you without undue delay, and the Data Controller has the obligation to erase Personal Data without undue delay when specific reasons are met.
• d) Right to Restriction of Processing: You have the right to obtain from the Data Controller restriction of processing where one of the following applies:
  1. the accuracy of the Personal Data is contested by you, for a period enabling the Data Controller to verify the accuracy of the Personal Data;
  2. the processing is unlawful and you oppose the erasure of the Personal Data and request the restriction of their use instead;
  3. the Data Controller no longer needs the Personal Data for the purposes of the processing, but they are required by you for the establishment, exercise, or defense of legal claims;
  4. You have objected to processing pursuant to Article 21(1) of the GDPR pending the verification whether the legitimate grounds of the Data Controller override your grounds.
• e) Right to Data Portability: You have the right to receive the Personal Data concerning you which you have provided to the Data Controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the Data Controller to which the Personal Data have been provided, where:
  1. the processing is based on consent;
  2. the processing is carried out by automated means.

7.2. Exercise of these Rights:

The exercise of these rights can be exercised at any time, by sending a request to the Data Controller by contacting the Data Protection Officer (DPO) at the following email address: Info@s99.cl.

7.3. Response Time:

The Data Controller will respond within one month from the receipt of the request, which period may be extended by two months in the case of complex requests.

7.4. Non-Action Response:

In case the Data Controller does not take action on your request, you will be informed of the reasons for not acting and of the possibility to lodge a complaint with a supervisory authority and to seek a judicial remedy.

7.5. Right to File a Complaint:

You have the right to file a complaint with the competent supervisory authority for the protection of personal data if you consider that your rights regarding the processing of your Personal Data have been violated.