Identificación del Responsable Identity of the Data Controller
This Privacy Policy governs the processing of personal data carried out by Ethia Compliance (hereinafter, "Ethia", "we", or the "Company"), a company incorporated in Chile, dedicated to providing compliance, data protection, legal consulting, and technology services.
This Policy applies to all websites, platforms, and digital services operated by Ethia, including:
- ethiacompliance.com
- midpo.cl
- ethia-lab.com
- ethiapulse.com
- Any other website, product, or digital channel linked to the Company
Alcance Scope
This Policy applies to all individuals who interact with Ethia through:
- Websites and digital platforms
- Contact forms and service requests
- Educational platforms
- Newsletters and digital communications
- Social media and messaging channels
- Contracted services
It applies regardless of whether a contractual relationship exists, and regardless of the geographic location of the data subject.
Principios que Rigen el Tratamiento Principles Governing Data Processing
Ethia processes personal data in accordance with the following principles:
Data protection is an integral part of Ethia's compliance model, managed consistently with information security practices and with the obligations arising from our contractual relationships with clients.
Datos que Recopilamos Data We Collect
Identification and contact data:
- Full name
- Email address
- Phone number
- Country or region
Professional data:
- Company or organization
- Role or position
- Industry sector
Service-related data:
- Information included in queries, forms, or requests
- Documentation submitted in the context of an advisory engagement
- Information required for contract execution
Technical and browsing data:
- IP address
- Device type and browser
- Operating system
- Pages visited and time spent
- Cookies and similar tracking technologies
Communication data:
- Content of messages sent through forms, email, or messaging channels
- History of interactions with the Company
Sensitive data: As a general rule, Ethia does not process sensitive personal data. However, in the course of contracted services we may access such data if required. In those cases, we will comply with the applicable purposes, legal bases, and appropriate technical and organizational measures.
- Contact and service request forms on our websites
- Registration on educational platforms or digital products
- Newsletter or communication subscriptions
- Email, video calls, or other direct communication channels
- Signature of contracts or service agreements
- Social media interactions with our profiles
- Automatic logging technologies (cookies, server logs)
| Source | Description |
|---|---|
| Directly from the data subject | When the user fills out forms, requests information, engages services, or communicates with Ethia |
| Automatically | Through cookies and analytics tools when browsing our websites and platforms |
| From third parties | In limited cases, through third-party platforms that the user interacts with (e.g. social media, scheduling platforms) |
Some data is necessary to provide the service or respond to a request. Where this is the case, it will be clearly indicated in the relevant form. Failure to provide mandatory data may prevent service delivery or the processing of the request.
Optional data allows us to improve the experience or personalize the service, but its absence does not affect the core service.
Finalidades, Bases de Licitud y Períodos de Retención Purposes, Legal Bases and Retention Periods
| Purpose | Legal basis | Description | Retention |
|---|---|---|---|
| Service delivery | Contract performance | Processing necessary to fulfil contracted services | Contract duration + 10 years |
| Commercial management | Legitimate interest / Consent | Handling inquiries, sending proposals, commercial follow-up | 2 years from last contact. Opt-out available at any time. |
| Marketing & newsletters | Consent | Sending informational content, news, events, and educational materials | Until consent is withdrawn |
| Digital & educational platforms | Contract performance | Access management, technical support, and experience improvement | Access duration + 5 years |
| Security & fraud prevention | Legitimate interest / Legal obligation | System protection and detection of unauthorized access | Minimum 5 years from incident detection |
| Legal compliance | Legal obligation | Record-keeping required by law, responding to authorities | As required by applicable law |
| Service improvement | Legitimate interest | Usage analytics, platform improvement, feature development | 2 years (anonymized upon expiry) |
| Use of artificial intelligence | Legitimate interest / Consent | Processing with AI tools for analysis, automation, or content generation | As per the associated primary purpose |
Uso de Inteligencia Artificial Use of Artificial Intelligence
Ethia may use technology tools incorporating artificial intelligence for:
- Analysis of information relevant to service delivery
- Automation of internal processes
- Generation of supporting content or reports
- Improvement of digital platform user experience
The use of these tools is governed by the principle of data minimisation: only information strictly necessary for the specific purpose will be processed. Personal data processing in AI contexts is exceptional in nature, subject to prior assessment, and proportionate to the intended outcome.
This processing is designed to support human decision-making, not replace it. These tools operate under appropriate security and confidentiality measures, and also ensure:
Ethia does not use fully automated decision-making systems that produce significant legal effects without human intervention. Every AI-assisted deliverable is reviewed by a Company professional.
Where AI use may affect the user, the right to request review by an Ethia expert is guaranteed.
We implement controls to ensure that the models used do not generate biases or discriminatory outcomes affecting data subjects' rights.
Categorías de Destinatarios Categories of Recipients
Ethia may disclose personal data to third parties where necessary to fulfil the purposes stated in this Policy. In all cases, disclosure is limited to strictly necessary data and is subject to confidentiality obligations.
Ethia does not sell, rent, or transfer personal data to third parties for commercial purposes. This commitment applies without exception and forms part of the Company's core principles.
| Category of recipient | Reason for disclosure |
|---|---|
| Technology providers | Required to operate websites, platforms, email, CRM, and analytics services |
| Educational platforms | Access management and operation of Ethia's training products |
| Professional collaborators | Lawyers, specialists, or consultants involved in service delivery |
| Communication platforms | Video call, messaging, and scheduling tools used in client relations |
| Authorities and regulatory bodies | When required by law, court order, or competent authority request |
| Strategic partners | In specific, duly justified cases, with the data subject's knowledge where appropriate |
Transferencias Internacionales de Datos International Data Transfers
Given the digital and international nature of Ethia's services, personal data may be stored or processed outside the data subject's country of origin, including on servers located in the United States or other countries.
In such cases, Ethia adopts the contractual and technical measures necessary to ensure a level of protection equivalent to that required by applicable law, including the use of standard contractual clauses or the selection of providers with recognized security certifications.
Marco Jurisdiccional Jurisdictional Framework
Ethia operates from Chile and the United States, providing services to clients across multiple jurisdictions. This Policy is designed to align with internationally recognized data protection standards.
| Scope | Coverage |
|---|---|
| Chile | Primary regulatory framework. Processing in compliance with current Chilean data protection law and information security standards. |
| United States | Ethia does not sell personal data. Users have the right to know what data is collected and to request deletion. For inquiries under US law: privacy@ethiacompliance.com |
| European Union & United Kingdom | For data subjects in the EU or UK, Ethia applies principles equivalent to the GDPR, including legal bases for each processing activity, ARSO+ rights, and the ability to lodge complaints with the competent authority. |
| Other jurisdictions | Ethia will apply the standards of this Policy and address rights requests in accordance with the principles of reciprocity and good faith. |
Cookies y Tecnologías de Seguimiento Cookies and Tracking Technologies
Ethia uses cookies and similar technologies to operate its websites and improve the user experience.
- Essential cookies: necessary for the basic functioning of the site. These cannot be disabled.
- Analytical cookies: used to measure traffic and browsing behaviour. These can be disabled without affecting site functionality.
- Personalisation cookies: remember user preferences. These can be disabled.
Users can manage or reject cookies through their browser settings. Disabling non-essential cookies does not affect access to the site's main content.
For more information, please refer to our Cookie Policy available on the website.
Derechos del Titular Data Subject Rights
Every person whose data is processed by Ethia has the following rights:
These rights may be exercised at any time and will be addressed within a reasonable period.
Cómo Ejercer sus Derechos How to Exercise Your Rights
Ethia has designated an Internal Data Protection Officer responsible for overseeing compliance with this policy and acting as a point of contact with supervisory authorities. To exercise your rights or for any related inquiry, please contact us at the email below, or through our :
Requests should include: full name and identification of the data subject, the right being exercised, a clear description of the request, and contact details for the response.
Ethia will acknowledge receipt and respond within a maximum of 30 business days. In cases of particular complexity, this period may be extended with prior notice to the data subject.
Seguridad de la Información Information Security
Ethia implements technical and organizational measures to ensure the confidentiality, integrity, and availability of the personal data it processes. These measures include, among others:
- Access control to systems and information
- Encryption of data in transit and at rest where applicable
- Backup and recovery procedures
- Periodic risk and vulnerability assessments
- Team training on security and privacy
In the event of a security incident affecting personal data, Ethia will act in accordance with established protocols and will notify affected data subjects where required.
Confidencialidad Confidentiality
All information processed by Ethia — including personal data received in the context of a service relationship — is treated as confidential. This obligation remains in force even after the contractual or commercial relationship with the data subject has ended.
Ethia's staff and collaborators are bound by confidentiality commitments as a condition of their engagement with the Company.
Menores de Edad Minors
Ethia's services are exclusively directed at individuals aged 18 and over. Ethia does not intentionally collect personal data from minors. If data from a minor is detected to have been received without parental consent, it will be deleted immediately.
Adecuaciones Caso a Caso Case-by-Case Adaptations
Ethia acknowledges that regulatory, technological, and operational developments may give rise to specific situations requiring data processing not expressly contemplated in this Policy.
In such cases, Ethia will assess the situation in accordance with the principles set out in Section 3, determine the applicable legal basis, notify the data subject where appropriate, and document the analysis conducted. Any adaptation must be proportionate, justified, and compatible with the purposes originally declared.
Actualizaciones de esta Política Updates to This Policy
Ethia will review this Policy at least every two years, or earlier if regulatory, technological, or business changes so require. The current version will always be the one published on the website, with the date of last update indicated.
For material changes that significantly affect data subjects' rights, Ethia will notify registered users with reasonable advance notice.
Normativa Aplicable Applicable Law
This Policy is governed by current Chilean personal data protection law, without prejudice to any international regulations applicable based on the data subject's location.