Personal data protection policy

  1. SCOPE

    The present "Personal Data Protection Policy" applies to all activities involving the processing of personal data carried out by MICHELL Y CIA S.A. (hereafter "Michell"). It also applies to individuals from whom Michell requires any processing of their personal data, for which the company is responsible.

  2. DEFINITIONS

    "ANPDP": National Authority for Personal Data Protection.

    "Data Bank": The organized set of personal data referring to an identified or identifiable person, which will be subject to processing.

    "Personal Data": Any information about a natural person that identifies or makes them identifiable through means that can be reasonably used. Personal Data includes private data referred to by Law No. 29733 - Personal Data Protection Law (hereafter the Law) and its Regulations.

    "Sensitive Personal Data": Personal data consisting of biometric data that can identify the holder by themselves; data related to racial and ethnic origin; economic income, political, religious, philosophical, or moral opinions or beliefs, union membership, and information related to health or sexual life (article 2, ordinal 5 of the Law).

    "Processor": The natural or legal person, public or private, who by itself or in association with others, carries out the Processing of personal data on behalf of Sanofi. "Holder": The person to whom the Personal Data being processed belongs.

    "Transfer": Any national or international transmission, provision, or communication of personal data to a private legal entity, a public entity, or a natural person other than the personal data holder.

    "Processing": Any operation or technical procedure, automated or not, that allows the collection, registration, organization, storage, preservation, processing, modification, extraction, consultation, use, blocking, deletion, communication by transfer or dissemination, or any other form of processing that facilitates the access, correlation, or interconnection of personal data.

    This Policy shall be reviewed at least every 2 years or earlier if business conditions and the regulatory environment warrant it. Sanofi reserves the right to modify the content of the Policy without prior notice in order to reflect any legislative, technical, technological changes or changes in the pharmaceutical industry. Once the Policy is updated, it will be available for consultation, and Holders will be notified of the changes indicating the date the modifications took effect.

  3. GENERAL INFORMATION

    Michell processes personal data in compliance with Law 29733 – Personal Data Protection Law, its Regulation, approved by Supreme Decree 003-2013-JUS, and its complementary and modifying norms (all these hereafter defined as the "Personal Data Protection Normative").

    The personal data that we process are stored in personal data banks owned by Michell.

  4. OBJECTIVE

    This Policy aims to inform the public about our commitment to personal data protection, as well as the guidelines under which we carry out the processing of the same in the exercise of our commercial activities, the purpose for which we do so, and the procedures for the holders of the same to exercise their ARCO rights (access, rectification, cancellation, and opposition) mentioned in the Personal Data Protection Normative.

  5. PURPOSE OF PROCESSING PERSONAL DATA

    Michell processes personal data of employees, customers, suppliers, and all those who have some relationship with our company, with the purpose of complying with current legislation, executing the legal relationship that the holders of personal data maintain with our company, as well as any other lawful purpose previously informed to the holders of personal data.

  6. GOVERNING PRINCIPLES

    Michell commits to respecting the governing principles established in the Personal Data Protection Normative.