ARCA: PRIVACY POLICY

ARCA: PRIVACY POLICY


alt

In agreement with the Argentine National Constitution, the Personal Data Protection Act 25.326 (PDPA) (Ley de Protección de los Datos Personales) was executed in 2000 to help protect the privacy of personal data, and to give individuals access to any information stored in public and private databases and registries.

The Argentine Agency of Access to Public Information (Agencia de Acceso a la Información Pública, AAIP) within the Chief of Ministries' Cabinet is responsible for enforcing this law.

The PDPA aligns with the European legislative model for protecting data privacy, and Argentina was the first country in Latin America to achieve an 'adequacy' qualification for data transfers from the EU.

In 2016, the AAIP issued a new regulation, Provision 60-E/2016 (Spanish), governing cross-border transfers of personal data. Under the rule, it approved model forms (partly based on the data transfer model in the EU) for such transfers to data controllers and data processors.

ARCA, Relocation Services LLC (ARCA) contractually commits through the ArgentinaResidency.com website that our in-scope business cloud services have implemented technical and organizational security safeguards that can help our customers comply with the Argentine Personal Data Protection Act (PDPA) 25.326. ARCA also makes a data-transfer agreement available to help with compliance with Provision 60-E/2016, which regulates the cross-border transfer of personal data in a way that it complies with the PDPA in Argentina.

The technical and organizational security measures implemented in the business cloud services would also support other rules in the PDPA such as the prohibition of any secondary use of a data subject's personal data and the prohibition against the transfer of personal data to countries that do not offer an adequate level of protection.

Our data-transfer agreement is an amendment (Amendment ID M314) to the data processing terms in our Online Services Terms. It adds important commitments, including that our firm notifies the customer of any legally binding request to disclose personal data; will submit its data processing facilities to audit at the customer's request either by the customer or an independent third party; and will get prior written consent for the use of subcontractors.