Menu
GRIO S.A with RUC 20602769136 (from now on, “The Company”) with address at Av. Circunvalación Golf Los Incas 134, Santiago de Surco makes its Privacy Policy available to Web Users who visit the website www.gr-am.com, under Law 29733, Personal Data Protection Law (from now on, “LPDP”), its Regulations, approved by Supreme Decree 003-2013-JUS (from now on, “Regulations”), and its supplementary regulations and related.
This Privacy Policy explains the types of personal data we collect, the purposes of their treatment, the conservation period in our private data bank, the security measures implemented, and the procedure provided for web users to exercise their rights as owners of personal data.
What personal data do we collect?
The Company collects from Web Users their names and surnames, company, and email. This information will be stored in our Personal Data Bank “Users of the website” registered in the National Registry for the Protection of Personal Data for a period of 02 years or until the owner of the personal data requests The Company, through the exercise of the right of cancellation, to revoke their consent to process their information.
The Company explicitly states that it does not share or sell personal information to third parties without the user’s consent, except when legally required or for essential business operations. The information collected will only be used for the purposes described below, and will not be transferred, sold, or shared for marketing purposes without prior authorization.
The Company makes it known that although security measures are in place, no system is completely secure, and it is impossible to prevent the loss, misuse, alteration, unauthorized access, theft, or destruction of personal data or confidential information provided.
For what purposes do we use your data?
The personal data that Web Users provide us through the web platform will be used for the following purposes:
Who can access your data?
To comply with the purposes above, The Company may share personal data strictly for the purpose of conducting essential business operations and only with third parties necessary to fulfill those purposes. These third parties will not use your personal information for other purposes without consent, and appropriate security measures will be applied to protect your data in compliance with LPDP and its Regulations.
The third-party recipients to whom personal data may be transferred are the following:
International transfer of personal data:
This information will be permanently updated in this Privacy Policy (web), being available when you need to find out about these third parties.
How can you exercise the rights granted to you over your data?
As the owner of their data, Web Users have the right to access their data in possession of The Company, know the characteristics of its treatment, rectify them if they are inaccurate or incomplete, and request that they be deleted or canceled when considering them unnecessary for the previously stated purposes, or oppose their treatment for specific purposes.
Web Users may, at any time, revoke the expressly granted consent and limit the use or disclosure of their data.
In this sense, The Company recognizes and guarantees the exercise of the right to information and the rights of access, rectification, cancellation, and opposition (“ARCO” rights) that web users, as data holders, are entitled to. To exercise these rights, the personal data owner must address their request to The Company at the following email address: contacto@gr-am.com.
The request must contain at least the following: (i) full name of the data owner; (ii) specific request, clear description of the personal data related to the exercise of the right to information and ARCO rights, and an express statement of the right intended to be exercised; (iii) documents supporting the request; (iv) email where The Company will make the corresponding communications; and (v) date and signature.
The personal data owner must prove their identity by presenting a copy of their ID or equivalent document. If the request is made by a legal representative, they must attach a copy of their ID and the document accrediting their representation.
The response period for the right to information request is eight (8) business days; for the rights of rectification, cancellation, and opposition, it is ten (10) business days; and for the right of access, it is twenty (20) business days. These deadlines may be extended once, for an equal period, provided the circumstances justify it. The extension and its justification must be communicated to the personal data owner within the original deadline.
The cancellation of personal data will not proceed when they must be kept by The Company for historical, statistical, or scientific reasons, in accordance with applicable regulations, due to contractual relations with the data owner, or by order of the competent authority.
If the right to information and/or ARCO rights are not met within the established period or are denied, web users may file a claim with the National Authority for the Protection of Personal Data at the Ministry of Justice and Human Rights: Calle Scipion Llona 350, Miraflores, Lima, Peru.
Opt-out of communications
Web Users may opt out of receiving communications, including text messages, at any time by following the opt-out instructions provided in the communications received or by contacting us at contacto@gr-am.com. The Company will process these requests promptly and in compliance with applicable laws.
How does The Company protect user data?
The Company implements appropriate technical and organizational security measures to protect the personal data of Web Users against unauthorized access, loss, misuse, alteration, or disclosure. These measures include, but are not limited to, encryption of sensitive information, secure storage systems, access control policies, and regular monitoring of our systems for potential vulnerabilities. Although we strive to protect your personal data, no system can be entirely secure, and we cannot guarantee absolute security against all risks.
Can we process the personal data of minors?
The Company recognizes the possibility that web Users may be over fourteen (14) but under eighteen (18) years of age and, in this circumstance, the processing of personal data may be carried out with their consent, provided that the information has been provided to such users in understandable language. In cases where the law requires the intervention of parental authority or guardianship, that will be adhered to.
Can this Privacy Policy be modified or updated?
Due to the continuous improvement of our processes, The Company may modify and/or update this Privacy Policy to adapt it to regulatory changes, implement best practices, improve service quality, or communicate new alternatives. Users are encouraged to regularly check these terms to stay informed about any changes and how they may affect their data.
Av. Circunvalación Golf los Incas 134
Torre 2 Piso 13
Lima – Perú
15023