¿Do your marketing strategy contemplates the gathering, organization and use of personal data of your clients or prospects? ¿Have you wonder if the way you are obtaining and using the data is in compliance with the current regulations?
In Chile, the law that regulates the processing of personal data (Law 19.628) defines it as those “relative to any information concerning natural individuals, identified or identifiable.” As we can see the definition is extremely broad, so for example will be considered personal data the person name or last names, his national identification number, the date of birth, profession or occupation, personal domicile etc.
The same law defines processing of data as “any operation or group of operations or technical procedures, automated or not, that allows to collect, store, record, organize, develop, select, extract, compare, interconnect, dissociate, communicate, assign, transfer, convey or cancel personal data, or use them in any other way.”
Again is a very generic definition. Then to comply with the law the relevant aspect is to have clarity on the right procedures for obtaining these personal data and the limitations contemplated by the law regarding the treatment of the same.
The requisites for using personal data of a person are:
- That the Law allows it or the owner of the data expressly authorize it.
- That authorization is in writing.
- That the authorizing was duly informed about the purpose of storing the data and their possible communication to the public.
It is of absolute relevance for this matter to inform about the Privacy Policy of the company. One purpose is to communicate to the users about what will happen with their data once they register in the different forms on the platform. Also will be the way of complying with the regulations in force.
Now, the use of database by private legal entities will not require the authorization of the owner of the data when is only used internally for statistical or billing purposes.
Some of the limitations in the law are related with processing of sensible data, as race, physical or moral conditions, or sexual orientation. Some other limitations refer to the personal information related to economic, financial, credit and commercial obligations, where special rules apply.
Also, people who work in the processing of data has the legal obligation of keeping secret about the data, even after they have moved to another role or even to a new field of work.
This Law provides procedures for protecting the rights of the owners of the information, who can ask to the responsible of the record to show them the data, which can be changed if they are wrong and even deleted when registered with no legal basis. This protection o rights is known as Habeas Data.
Finally, in any case of improper processing of personal data, the responsible must compensate for the moral and financial damage caused, whether in the case of a natural person or legal entity, private or public. In addition, it will be necessary to proceed with the correction, amendment or deletion of data at the request of the owner or a court order in each case.
Santiago Henriquez C., Lawyer
Picture:Matthew Wiebe (CC0)