Privacy Policy

1. General

1.1. Purpose

DONUT CREAM LLC (hereinafter "DONUT CREAM" or the "COMPANY") informs Data users of the Personal Data (as such terms are defined below) that are processed in any way by DONUT of this information processing and privacy policy (the "Policy"), in compliance with the regulations governing the matter and any regulation that replaces or modifies them. The main purpose of this Policy is to inform the Data Controllers of their rights, the procedures and mechanisms provided by DONUT to make them effective; to inform who are the persons or authorized persons within the Company to deal with inquiries, questions, claims and complaints, and to inform them of the scope and purpose of the Processing (as such term is defined below) to which the Personal Data will be subjected in case the Data Controller grants express, prior and informed authorization. 

1.2. Scope

This Policy applies to all Data Subjects and users of Personal Data that are processed in any way by DONUT. 

1.3. Definitions

Expressions used in capital letters in this Policy shall have the meaning given to them herein, or the meaning given to them by the Law or applicable case law, as such Law or case law may be amended from time to time. Any difference that exists between the terms defined herein and those set forth in the law, those set forth in the law shall be preferred.

a. Authorization: It is the prior, express and informed consent of the Data Subject to carry out the Processing of his/her Personal Data.

b. Database: It is the organized set of Personal Data that are subject to Processing, electronic or not, whatever the modality of its formation, storage, organization and access.

c. Financial Data: It is all Personal Data referring to the birth, execution and extinction of monetary obligations, regardless of the nature of the contract that gives rise to them, whose Processing is governed by the rules governing the matter for this type of information, complementing, modifying or adding to it.

d. Personal Data: Is any information, linked or that can be associated to one or several determined or determinable natural or legal persons. Personal information is information about an identifiable individual, as defined by applicable law. It does not include aggregate information that does not permit identification, nor does it include business contact information such as name, title, business address and business telephone number.

e. Public Data: It is the personal data qualified as such according to the mandates of the Law and, consequently, it is that which is not semi-private, private or sensitive. Due to its nature, public data may be contained, among others, in public records, public documents, official gazettes and bulletins, court rulings and other documents that are not subject to confidentiality.

f. Sensitive Data: Personal data that affects the privacy of the Data Subject or whose improper use may generate discrimination, such as those that reveal union affiliations, racial or ethnic origin, political orientation, religious, moral or philosophical convictions, membership in unions, social organizations, human rights organizations or that promote the interests of any political party, as well as data relating to health, sex life, and biometric data.

g. Data Processor: The natural or legal person, public or private, who by himself or in association with others, performs the Processing of Personal Data on behalf of the Data Controller.

h. Data Controller: The natural or legal person, public or private, who by himself or in association with others, decides on the Database and/or the Processing of Personal Data.

i. Data Subject: The natural person whose Personal Data is subject to Processing, as a result of the relationship between the Data Subject and DONUT. 

j. Transfer: It takes place when the person responsible and/or in charge of the Processing of Personal Data, sends the information of the Personal Data to a recipient, who in turn is responsible for the processing.

k. Transmission: Processing of Personal Data that involves the communication to a third party of the same within or outside the territory where DONUT carries out its business activities, when such communication is aimed at the performance of a Processing by the Processor on behalf of and for the account of the Controller, in order to fulfill the purposes of the latter.

l. Processing: It is any operation and systematic procedure, electronic or not, that allows the collection, preservation, ordering, storage, modification, relationship, use, circulation, evaluation, blocking, destruction and in general, the processing of Personal Data, as well as its Transfer and/or Transmission to third parties through communications, consultations, interconnections, assignments, data messages.

2. Policies

We strive to protect your privacy. This privacy statement will help you understand what we may do with any personal information we collect from you. By providing us with your information, you agree to our Privacy Statement. If you do not agree to this statement, please do not provide us with your personal information. This privacy statement is incorporated into and is part of the Terms and Conditions that govern your general use of the site. We will use your information for the purposes set forth below. You will have the opportunity to unsubscribe each time we contact you.

2.1. Principles

DONUT in the development of its business activities will collect, use, store, transmit, transfer and generally process the Personal Data of the Data Controllers, in accordance with the purposes set forth in this Policy. In all Processing of Personal Data carried out by the Company, those responsible, Agents and/or third parties to whom Personal Data is transferred, shall comply with the principles and rules established in the Law and in this Policy, in order to guarantee the right to habeas data of the Data Subjects and comply with the obligations of the Law and the internal guidelines of DONUT.

These principles are:

a. Prior Authorization: All Processing of Personal Data shall be carried out once the prior, express and informed Authorization of the Data Subject has been obtained, unless the Law establishes an exception to this rule. In the event that the Personal Data have already been obtained prior to the issuance of this Data Processing Policy, DONUT will seek the ordinary and alternative means relevant to summon the Data Subjects and obtain their retroactive authorization.

The User shall decide what personal information he/she wants to provide. We will only collect the personal information you choose to provide. Where possible, we will allow you to select how we use this information (for example, by opting in or out of receiving special promotional offers).

You may choose to provide us with personal information if, for example, you contact us with an inquiry; register on the site or complete a survey or other form with your personal information; request information from us; enter a contest; post information in public areas of the site; or take advantage of a promotion. You have the opportunity to decide whether or not to receive communications from us at any time we request information from you. By providing personal information to us, you fully understand and consent to the transfer of such personal information and the collection and processing of such information in other countries or territories. Any such transfer and processing will be in accordance with this privacy statement.

b. Authorized Purpose: Any Personal Data Processing activity must obey the purposes mentioned in this Policy or those mentioned in the Authorization granted by the Personal Data Subject, or in the specific documents where each type or process of Personal Data Processing is regulated. The purpose of the particular Processing of a Personal Data must be informed to the Data Subject at the time of obtaining his/her Authorization. Personal Data may not be processed outside the purposes informed and consented to by the Data Controllers. 

c. Quality of the Personal Data: The Personal Data subject to Processing must be truthful, complete, accurate, updated, verifiable and understandable. When in possession of partial, incomplete, fractioned or misleading Personal Data, DONUT shall refrain from Processing them, or request the holder to complete or correct the information.

d. Delivery of information to the Data Subject: When requested by the Data Subject, DONUT shall deliver the information about the existence of Personal Data concerning the applicant. This delivery of information shall be carried out by the means that the Company has determined to comply with its policy of protection of personal data.

e. Restricted Circulation: Personal Data may only be Processed by those personnel of the Company who have authorization to do so, or those who within their functions are in charge of carrying out such activities. Personal Data may not be given to those who do not have Authorization or who have not been authorized by DONUT to carry out the Processing. 

f. Temporality: DONUT shall not use the information of the holder beyond the reasonable period of time required by the purpose that was informed to the Holder of the Personal Data.

g. Restricted Access / Security: Except for expressly authorized Personal Data, DONUT shall not make Personal Data available for access through the internet or other mass media, unless technical and security measures are established to control access and restrict it only to Authorized persons. 

We take security seriously and take precautions to keep your personal information secure. We have put in place appropriate physical, electronic and managerial procedures to safeguard the information we collect. However, due to the open communication nature of the Internet, we cannot guarantee that communications between you and us, or information stored on our servers, will be free from unauthorized access by third parties.

h. Confidentiality: DONUT shall always carry out the Processing by providing the technical, human and administrative measures necessary to maintain the confidentiality of the Personal Data and to prevent it from being adulterated, modified, consulted, used, accessed, deleted, or known by unauthorized persons, or that the Personal Data is lost. Any new project involving the Processing of Personal Data by DONUT shall refer to this Processing Policy to ensure compliance with this rule. 

i. Confidentiality and Further Processing: Any Personal Data that is not Public Data must be treated by the Controllers as confidential, even if the contractual relationship or the link between the Personal Data Subject and DONUT has ended. Upon termination of such relationship, such Personal Data shall continue to be treated in accordance with this Policy and the Law.

j. Individuality: DONUT shall maintain separately the Databases in which it is the Data Controller from the Databases in which it is the Data Controller.

k. Necessity: Personal Data may only be Processed during the time and to the extent that the purpose of its Processing justifies it.

2.2. Processing of Personal Data 

Personal Data are collected, stored, organized, used, circulated, transmitted, transferred, updated, rectified, deleted, eliminated and managed according to the purpose or purposes of each type of Processing. 

2.2.1. Processing of Sensitive Data

DONUT may request the Sensitive Data that shall be expressly mentioned in each Authorization. In any case, DONUT shall strictly observe the legal limitations to the Processing of Sensitive Data, subjecting to Processing the Sensitive Data only when the Data Subject has granted its Authorization, except in cases where the law does not require such Authorization. When DONUT requests Sensitive Data, it shall inform you what type of Personal Data has this category and shall not condition, in any case, any activity to the delivery of Sensitive Data. 

Sensitive Data will be treated with the greatest possible diligence and with the appropriate security standards. Limited access to Sensitive Data shall be a guiding principle to safeguard the privacy of such Personal Data and, therefore, only authorized personnel shall have access to this type of information.

2.3. Purposes of the Processing 

DONUT shall carry out the Processing of Personal Data for the purposes informed at the time the Personal Data is collected and that are expressly consented. Likewise, the Processors or third parties who have access to the Personal Data by virtue of Law or contract, shall maintain the Processing within the following purposes:

a. Manage all necessary information for the fulfillment of the obligations and services that DONUT executes.

b. To comply with the internal processes of DONUT regarding the administration of suppliers, contractors, allies.

c. To provide its services in accordance with the particular needs of DONUT's clients, in order to fulfill the service contracts entered into.

d. The control and prevention of fraud and money laundering, including, but not limited to the consultation in restrictive lists, and all the necessary information required for SARLAFT.

e. The process of filing, updating of systems, protection and custody of information and DONUT's Databases.

f. Processes within DONUT, for development or operational purposes and/or systems administration. 

g. The transmission and transfer of data to third parties with whom contracts have been entered into for this purpose, for commercial, administrative, marketing and/or operational purposes. In any case, third parties shall be bound by the terms of this Policy.

h. Marketing Communications. We may use your personal information to contact you regarding the products and services of the Company and our subsidiaries, affiliates, parent companies and any of their related businesses.

However, you may choose whether or not to receive such communications when you first provide personal information. You will also have the opportunity to unsubscribe each time we contact you or at a time of your choosing.

i. Marketing Analysis. We may use your information for internal marketing analysis. For example, to assess trends among our consumers or to measure the amount of traffic to our websites. We may also share non-personally identifiable information with others, such as advertisers, in aggregate anonymous form, which means that the information will not contain any personally identifiable information about you. Only with your consent will we share your personally identifiable information with third parties for marketing analysis.

j. Transactional Purposes. We may use your personal information to respond to your inquiries and requests. Similarly, to handle transactions, such as credit card payments, for goods you purchase from us or any of our agents and for the fulfillment of such transactions (e.g., delivery). An authorized vendor may use the personal information you provide to fulfill such requests.

k. Third Party Offers. We may allow carefully selected organizations to send you marketing and promotional information that may be of interest to you. In such circumstances, your personal information may be disclosed to these organizations, which will be subject to confidentiality obligations and use restrictions in accordance with this privacy statement. We will obtain your permission before sending such communications.

l. Public (or Interactive) Areas of the Site. Information you post in, or through, public areas of the Site (e.g., chat rooms, bulletin boards and discussion groups) are generally accessible to others and may be collected and used by others. This may result in unsolicited messages or contact from others. Users are advised to exercise caution when providing personal information about themselves in public (or interactive) areas of this site.

m. Sale and Transfer. In the event of a sale, merger, consolidation, change of control, transfer of substantial assets, reorganization or liquidation, we may transfer, sell or assign to third parties information relating to your relationship with us. This includes, but is not limited to, personally identifiable information provided by you and other information relating to your relationship with us.

n. Data Management and Administration. We may transfer your personal information to third parties, under confidentiality obligations, when outsourcing the performance of any services related to the activities described above (e.g., administration of a marketing campaign).

o. Lawful purposes. We will collect, use or disclose your personal information if permitted or required by law and/or when we believe such action is necessary to protect or defend us or others against error, negligence, breach of contract, theft, fraud and other illegal or harmful activity; to comply with our audit and security requirements; and to audit compliance with our corporate policies, procedures and legal and contractual obligations.

Other purposes determined by those responsible in processes of obtaining Personal Data for its processing, in order to comply with legal and regulatory obligations, as well as DONUT's internal policies.

2.4. Rights of the Personal Data Subject

Upon your request, where we are required to do so by law, we will confirm what personal information we hold about you, update your information, delete your information and/or correct any inaccuracies in your personal information.

In accordance with the Law, Personal Data Subjects have the following rights:

a.  Right to update: To know, update and rectify their Personal Data against DONUT or the Data Processors. This right may be exercised against partial, inaccurate, incomplete, incomplete, fractioned, misleading Personal Data, or those whose Processing is expressly prohibited or has not been authorized.

b.  Right of proof: Request proof of the Authorization granted to DONUT, except when expressly excepted as a requirement for the Processing in accordance with the rules that regulate, add, supplement, complement, modify the matter, or when the continuity of the Processing has been presented.

c.  Right to information: To submit requests to DONUT or the Data Processor regarding the use that has been made of their Personal Data, and for them to deliver such information.

d.  Right of consultation and claims: To submit requests, consultation procedures or claims before DONUT in relation to the processing of the Personal Data provided.

e.  Right of revocation: To revoke your Authorization and/or request the deletion of your Personal Data from DONUT's databases, when the competent authorities have definitively determined that in the Processing DONUT or the Data Processor has incurred in conduct contrary to the Law or when there is no legal or contractual obligation to maintain the Personal Data in the Database of the responsible party.

f.  Right of access: Request access and access free of charge to your Personal Data that have been subject to Processing.

g.  Right of knowledge: To know the modifications to the terms of this Policy prior and efficiently to the implementation of the new modifications or, failing that, of the new information processing policy. 

h.  Right of deletion: To request the deletion of their Personal Data from the Databases as long as there is no legal duty or contractual obligation by virtue of which such deletion is not possible.

The Data Controllers may exercise their legal rights and carry out the procedures set forth in this Policy, by presenting their identification document or a copy thereof. Minors may exercise their rights personally, or through their parents or adults who hold parental authority, who must prove it through the relevant documentation. Likewise, the rights of the Holder may be exercised by the representative and/or attorney-in-fact of the Holder with the corresponding accreditation and those who have made a stipulation in favor of or for another.

2.5. Area responsible for handling requests, queries and complaints

DONUT has designated Customer Service Management (Donut Customer Service Mail) as the area in charge of receiving and attending to requests, complaints, claims and queries of all kinds related to Personal Data. The designated Customer Service person will process queries and claims regarding Personal Data in accordance with the Law and this Policy. 

Some of the particular functions of this area in relation to Personal Data are: 

a.  Receive the requests from the Personal Data Owners, process and answer those that are based on the Law or this Policy, such as: requests to update Personal Data; requests to know the Personal Data; requests to delete Personal Data; requests for information on the use given to their Personal Data; requests to update Personal Data; requests for proof of the Authorization granted, when it has been granted according to the Law, among others.

b. To respond to the Personal Data Owners on those requests that do not proceed in accordance with the Law.

c. The Company's Customer Service contact information is as follows:

Address 

Mail: 

Telephone

2.6. Procedures to exercise the rights of the Users:

2.6.1.  Consultations

DONUT shall have mechanisms for the Data Subject, and/or the representatives of minors, to make inquiries regarding the Personal Data of the Data Subject contained in DONUT's Databases. 

These mechanisms may be physical as window procedures, electronic through the Customer Service mail _____________________________ or by telephone on the hotline (___________________, responsible for receiving inquiries, requests, complaints and claims on the phones. 

Whatever the means, DONUT will keep proof of the consultation and its response. Consequently, the following are the steps to be followed for the submission of queries:

a.  Requests must be made in writing.

b.  The request will be analyzed to verify the identification of the Holder. If the request is made by a person other than the Data Controller and it is not accredited that the person is acting on behalf of the Data Controller in accordance with the laws in force, the request will be rejected. For this purpose, the identification document of the Holder or a copy thereof, and the special or general powers of attorney or documents required, as the case may be, may be requested.

c.  If the applicant has the capacity to formulate the consultation, DONUT shall collect all the information about the Holder that is contained in the individual record of that person or that is linked to the identification of the Holder within DONUT's Databases.

d.  The person assigned to deal with the consultation shall provide an answer within fifteen (15) working days from the date on which the request was received by DONUT. 

e.  In any case, the final response to all requests shall not take more than thirty (30) business days from the date on which the initial request was received by DONUT.

f.  When the Data Subject files a claim, it must contain the following information: (i) Name and identification document number of the Data Subject. (ii) Contact information (physical and/or electronic address and contact telephone numbers). (iii) Documents proving the identity of the Data Subject, or the representation of his or her representative. (iv) A clear and precise description of the Personal Data with respect to which the Data Subject seeks to exercise any of the rights. (v) A description of the facts that give rise to the claim and the objective pursued (updating, correction, revocation, deletion, or compliance with duties). (vi) The documents to be asserted. (vii) Signature, e-mail address, name and identification number of the claimant.

g.  If the claim or additional documentation is incomplete, DONUT shall require the claimant one time within ten (10) days after receipt of the claim to correct the deficiencies. If the claimant does not submit the required documentation and information within thirty (30) days from the date of the initial claim, without the applicant submitting the required information, it will be understood that the claim has been abandoned.

h.  If for any reason the person receiving the claim within DONUT is not competent to resolve it, he/she shall refer it to the designated person within three (3) business days after receiving the claim, and shall inform the claimant of such referral.

i.  The maximum term to address the claim shall be 30 business days from the business day following the date of receipt. When it is not possible to address the claim within such term, the interested party shall be informed of the reasons for the delay and the date on which the claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the first term.

2.6.2 Revocation

The Data Subject may revoke the Authorization for the Processing of his/her Personal Data at any time, as long as it is not prevented by a legal provision or if there is a legal or contractual obligation.

2.7. Information Security 

In development of the principle of security, DONUT has adopted reasonable technical, administrative and human measures to protect the Personal Data of the Data Controllers and prevent adulteration, loss, consultation, use or unauthorized or fraudulent access. Access to personal data is restricted to its Holders and to persons authorized by DONUT in accordance with this Policy. DONUT will not allow access to this information by third parties under conditions different from those announced, except for an express request from the Holder or from the persons legitimized in accordance with national regulations. 

It is important to note that the Internet is a global communication network that involves the transmission of information on a worldwide network. In this sense, although DONUT has the necessary measures for the protection of Personal Data, it is possible that they may be affected by the failures of the Internet.

2.8. Validity

This Policy is effective as of ________________ of 2023. The Personal Data that is stored, used or transmitted will remain in our Database, based on the criteria of temporality and necessity, for as long as necessary for the purposes mentioned in this Policy and the respective Authorization. 

2.9. Modifications

This Policy may be modified by DONUT when required without prior notice, provided that they are non-substantial modifications. Otherwise, they shall be previously communicated to the Holders.

3. Links:

DONUT's main website may contain links or references to websites that we do not control. Please note that our privacy statement does not apply to such sites. We encourage you to read the privacy statements and terms and conditions of all linked or referenced sites you access.

4. Cookies: 

This website may place and access certain cookies on your computer. DONUT uses cookies to enhance your experience of using the website and to improve our product range. The Company has carefully chosen these Cookies and has taken steps to ensure that your privacy is protected and respected at all times.

Before the website places cookies on your computer, you will be presented with a message bar asking for your consent to set these cookies. By giving your consent to the placement of cookies, you are allowing DONUT to provide you with a better experience and service. If you wish, you may refuse consent to the placement of cookies; however, certain features of the website may not function fully or as intended.

You can choose to enable or disable cookies in your Internet browser. By default, most Internet browsers accept cookies, but this can be changed. For details, please refer to the help menu of your Internet browser.

You may choose to delete Cookies at any time; however, you may lose any information that allows you to access the website more quickly and efficiently, including, but not limited to, your personalization settings.

It is recommended that you ensure that your Internet browser is up to date and that you consult the help and guidance provided by the developer of your Internet browser if you are unsure about how to adjust your privacy settings.

5. Liability and Applicable Law:

You may not transfer any of your rights under this privacy policy to any other person. We may transfer our rights under this privacy policy where we reasonably believe that your rights will not be affected.

If any court or competent authority determines that any provision of this privacy policy (or part of any provision) is invalid, illegal or unenforceable, that provision or part of the provision, to the extent required, will be deemed deleted and the validity and enforceability of the other provisions of this privacy policy will not be affected.

Unless otherwise agreed, no delay, act or omission by a party in exercising any right or remedy shall be deemed a waiver of that right or remedy or any other right or remedy. This Agreement shall be governed by and construed in accordance with the law of the United States of America.