Privacy Policy

Cereales Andinos ("us", "we", or "our") operates http://www.cerealesandinos.com (the "Site"). This page informs you of our policies regarding the collection, use and disclosure of Personal Information we receive from users of the Site.

We use your Personal Information only for providing and improving the Site. By using the Site, you agree to the collection and use of information in accordance with this policy.

Last updated: 2nd June 2018 

Information we collect 

We collect information directly from individuals, from third-parties, and through communications you have with our company. Most personal data we collect is directly provided by those people in a digital or physical form. Other data is collected by recording interactions with our website, social media, communication channels or customer support. 

Contact Data: 
When you register on our website to request information or download information, or to subscribe to one of our newsletters or fill in one of our contact forms, you voluntarily give us certain information. This typically includes your name, company name, email address, country and sometimes your phone number, postal address, VAT number (when an invoice or delivery is required).

Communications:
When you communicate with us (via email, phone, through our website or otherwise), we may maintain a record of your communication. The mailing lists page, allows users to review and manage their subscriptions.

Accounts:
As part of the extended services we’ve launched a customer portal where address and contacts, invoices, quotations, orders, tasks, helpdesk tickets, purchases, subscriptions, delivery orders, payments as well as communications around these documents can be seen and as part of the login process of the account, it also collects a personal password. We do not have access to this password and don’t record it. We can reset it or change it if required.

We  never record or store credit card information from our customers, and always rely on trusted third-party PCI-DSS-compliant payment processors for credit card processing, including for recurring payment processing.  

Browser Data:
When you visit our website and access our online services, we detect and store your browser language and geolocation, in order to customize your experience according to your country and preferred language. Our servers also passively record a summary of the information sent by your browser, for statistical, security and legal purposes: your IP address, the time and date of your visit, your browser version and platform, and the web page that referred you to our website. 

Data Controller:
Cereales Andinos Cerandina Cia. Ltda. is the data controller for any personal information collected through our website Platform as we are the owners of the database and all information we use in it.

Cereales Andinos Cerandina Cia. Ltda. is also the data controller for any personal information collected through interaction with Google Services (mainly Google Drive) as we are the owners of the data stored and the interactions between it. 

Data Processors: 
Our website is part of our ERP and is hosted in the servers of www.odoo.sh, we use their Cloud Services as the base for all our business processes including, inventory, accounting, sales and many others so they act as the Data Processor who stores sensitive data for us. 

Some of our communication is also done through drive.google.com and we use their Cloud Services for most of our business documentation which we sometimes share for viewing or collaboration between third parties including customers. They also act as the Data Processor who stores sensitive data for us. 

How we use this information

Account & Contact Data:
We use your contact information in order to provide our products and services, to answer your requests, and for billing and account management reasons. We may also use this information for marketing and communication purposes (our marketing messages always come with a way for you to opt-out at any time). We also use this data in aggregated/anonymised form in order to analyze service trends. We do not sell your personal data – such as your name and contact information – to third parties to use for their own marketing purposes. We use the information we collect for our legitimate interests which include the following:

If you have registered to participate in an event published on our website, we may transfer your name, email address, phone number and company name to our local organizer and to the sponsors of the event, for both direct marketing purposes and in order to facilitate the preparations and booking for the event. 

Automatically Collected Information About Your Activity.
We use cookies, log files, pixel tags, local storage objects, and other tracking technologies to automatically collect information about your activities, such as your searches, page views, date and time of your visit, and other information about your use of the website. 

Customer Documentation:
Some customers that interact frequently with the company have folders in Google Drive dedicated to them. These folders serve as a repository of documents, business or market information and iit’s access is informed and requires login ton a google account for anyone outside our company, generally the customer and their representatives, and we will always ask the customer for approval before sharing (visible to those with link) this folder with any third party. 

Provide our Services:
To provide you information about the services we offer, respond to your inquiries, provide troubleshooting, and for other customer service purposes.

Personalization:
To tailor the content and information that we may send or display for location customization and personalized help and instructions, and to otherwise personalize your experiences while using our services.

Marketing and Promotions:
 For marketing and promotional purposes, such as to send you news and newsletters, special offers, and promotions, or to otherwise contact you about products or information we think may interest you, including information about third party products and services.

Analytics:
To gather metrics to better understand how users access and use our web; to evaluate and improve the content we show and to develop new products and services.

Comply with Law:
To comply with legal obligations, as part of our general business operations, and for other business administration purposes.

Prevent Misuse:
Where we believe necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person or violations of our Terms of Service or this Privacy Policy.

Accessing your data

Account & Contact Data: We give access to the customer portal on a per use basis. If you have access to the customer portal you can update personal data you have previously provided to us. You can do so at any time by connecting to your personal account on our website. If you wish to change information or permanently delete your account or personal information for a legitimate purpose, please email our Helpdesk to request so. We will take all reasonable steps to permanently delete your personal information, except when we are required to keep it for legal reasons (typically, for administration, billing and tax reporting reasons). 


Job Application Data:   You may contact us at any time to request access, updates or deletion of your application information. The easiest way to do it is to reply to the last message you exchanged with our Human Resource personnel. 


Emails and Communications. When you become a customer or sign up for information, as part of our service, you will receive information containing content that we believe may match your interests as well a one asking to join a periodic newsletter (optional). You can manage your email and notice preferences here: www.cerealesandinos.com/groups. If you opt-out of receiving emails we think may interest you, we may still send you transactional emails about your account, purchases or any services you have requested or received from us.


Data Retention

Account & Contact Data: we will only retain such data as long as necessary for the purpose for which it was collected, as laid out in this policy, including any legal retention period, or as long as necessary to carry out a legitimate and reasonable promotion of our products and services. 


Job Application Data:   If we do not hire you, we may keep the information you provide for up to 3 years in order to contact you again for any new job proposition that may come up, unless you ask us not to do so. If we hire you, your personal information will be stored for the duration of your employment contract with us, and afterwards, during the applicable legal retention period that applies in the country where we employed you. 


Browser Data: we will only retain this data for a short period of time, generally 6 months, unless we need to archive it in relation with a legitimate concern related to the security or performance of our services, or as required by law. 


Safety Retention Period:

As part of our Security Policy, we always try to preserve your data from accidental or malicious deletion. As a result, after we delete any of your personal information (Account & Contact Data) from our database upon request from you,, it may not be immediately deleted from our backup systems. It could remain stored for up to 6 months, until it is ultimately destroyed. 

We commit not to use those backup copies of your deleted data for any purpose except for maintaining the integrity of our backups, except if you or the law require us to do so.


Transferring Your Data

Our service providers are headquartered in the United States, and have operations, entities and other providers in the United States and throughout the world. As such, we and our service providers may transfer your personal information to, or access it in, jurisdictions (including the United States) that may not provide equivalent levels of data protection as your home jurisdiction. We will take steps to ensure that your personal information receives an adequate level of protection in the jurisdictions in which we process it, including through: putting in place appropriate written data processing terms and/or data transfer agreements, using contractual clauses as approved by the European Commission (the form for the standard contractual clauses can be found here), or following an adequacy decision by the EU Commission.

Children’s Privacy

We do not knowingly collect or solicit personal information from anyone under the age of 13 (or under the age of 14 for anyone living in Spain or South Korea), or knowingly allow such persons to register. If we become aware that we have collected personal information from a child under the relevant age without parental consent, we take steps to delete that information.

Links to Other Websites

Our website and communications may contain links to third-party sites or online services. We are not responsible for the practices of such third parties, whose information practices are subject to their own policies and procedures, not to this Privacy Policy.

Third Party Disclosure

Except as explicitly mentioned above, we do not sell, trade, or otherwise transfer your personal data to third parties. We may share or disclose aggregated or de-identified information, for research purposes, or to discuss trends or statistics with third-parties.

Complaints. You also have the right to lodge a complaint with a supervisory data protection authority.

Cookies

Cookies are small bits of information sent by our servers to your computer or device when you access our services, and unique to you. They are stored in your browser and later sent back to our servers so that we can provide contextual content. We use them to remember your session (so you don't have to login again), your shopping cart, 

They are also used to help us understand your preferences based on previous or current activity on our website (the pages you have visited), your language and country, which enables us to provide you with improved services. We also use cookies to help us compile aggregate data about site traffic and site interaction so that we can offer better site experiences and tools in the future.


We also use third-party services such as Google Analytics, who set and use their own cookies to identify visitors and provide their own contextual services. For more information regarding those third-party providers and their Cookie Policy, please see the relevant references in the Third-Party Service Providers section. 


You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. Each browser is a little different, so look at your browser's Help menu to learn the correct way to modify your cookies, or look at the links below.

Chrome: https://support.google.com/chrome/answer/95647?hl=en

Explorer: https://support.microsoft.com/en-us/products/windows?os=windows-10

Safari: https://support.apple.com/kb/PH21411

Firefox: https://support.mozilla.org/products/firefox/cookies

Opera: http://www.opera.com/help/tutorials/security/cookies/

We do not currently support Do Not Track signals, as there is no industry standard for compliance.

Security

 We realize how important and sensitive your personal data is, and we take a great number of measures to ensure that this information is securely processed, stored and preserved from data loss and unauthorized access. Our technical and organizational security measures are described in details in the Security Policy of our service provider.

Third Party Service Providers

In order to support our operations we rely on several Service Providers. They help us with various services such as payment processing, web audience analysis, cloud hosting, marketing and communication, etc. 

Whenever we share data with these Service Providers, we make sure that they use it in compliance with Data Protection legislation, and that the processing they carry out for us is limited to our specific purpose and covered by a specific data processing contract. 

Here is a list of the Service Providers we are currently using, why we use them, and what kind of data we share with them: 

Service Provider
Purpose
Share Data

Paypal 

(PCI-DSS compliant)

Privacy & Security

Payment processing 

Shared with Paypal: Order details (amount, description, reference), Customer name and email 

Only stored by Paypal: credit card info

(PCI-DSS compliant)Stripe

Privacy & Security


Payment processing 


Shared with Stripe: Order details (amount, description, reference), Customer name and email 

Only stored by Stripe: credit card info

OVH SAS

Privacy & Security


Infrastructure and hosting, DDOS Protection


Hosted by OVH: Production data from Odoo.com and its affiliate services, including our database.

Google LLC

Privacy & Security



Infrastructure and hosting, DDOS Protection


Hosted by Google: Production data from Odoo.com and its affiliate services, including Customer Databases.

Amazon Web Services, Inc.

Privacy & Security


Infrastructure and hosting



Hosted by AWS: The Database Upgrade services, including Customer Databases currently being upgraded.

Google Analytics

Privacy & Security



Anonymous website audience analysis


Shared with Google Analytics: Non-personal browser data, anonymized IP, geolocation info, language (no identifiable information).



Changes To This Privacy Policy

We may update this Privacy Policy from time to time, in order to clarify it, or to comply with legal obligations. The "Last Updated" mention at the top of the policy indicates the last revision, which is also the effective date of those changes. If you continue to use our services after such a change, you agree to our updated policy

Contact Us

If you have any questions about these Terms, please contact us.

José Hernandez s/n e Inga Huaycu
Llano Grande
EC170208 Pichincha
Ecuador