CAF´s Privacy Policy

1. Identity and contact details of the responsible

The Development Bank of Latin America (“CAF”, or “we”) is a development bank made up of 19 Latin American and Caribbean countries, as well as Spain, Portugal and 13 Latin American private banks, constituted in accordance with its Agreement Constitutive. CAF has offices in the different countries that make it up and its headquarters are located on Luis Roche Avenue, Torre CAF, Altamira, Caracas. To obtain more information about CAF, the website and its operations, you can refer to the sections of “Who we are”, “What we do” o “Contact” to support your inquiries.

This Personal Data Protection and Processing Policy (“Privacy Policy or Policy”) is communicated in compliance with REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of April 27, 2016 regarding the protection of natural persons with regard to the processing of personal data and the free circulation of these data and which repeals Directive 95/46/EC (General Data Protection Regulation, hereinafter "GDPR"), establishes the guidelines and protection of personal data practices and includes the processing through the use of cookies from the CAF website, generally indicated by the URL "www.caf.com" and its lower level domains (the "website" or the "web page" ).

Please read this Privacy Policy carefully as it will help you make informed decisions about sharing your personal data with us. Likewise, it is reported that this Privacy Policy is consistent with our policies and practices with respect to the personal data we process.

 

2. Contact details of the Personal Data Protection Officer (DPO)

 

CAF's Personal Data Protection Officer (“DPO”) can be contacted by email: privacidad@caf.com

 

3. What information we collect?

The subjects of the processing to whom this Privacy Policy is addressed are: (a) Users of the website, (b) Job candidates and employees, and (c) Suppliers, Clients or Allies.

  • Website Users:
    • Information received through forms, subscription, registration, such as:
      • Names and surnames
      • Email
      • Social media account
      • Telephone numbers
      • Identification document
      • City and country of residence
      • Organization to which it belongs
      • Position in the organization
      • Sector to which it belongs (public, private or civil)
    • Anonymous data related to the behavior of the user during the visit to the web page, be it through cookies, pixels or similar technologies. Among others, we could recompile the time of the visit and the contents visited.
    • Anonymous data related to access tools and your interaction with the website, such as IP address, browser and device characteristics, language preferences or referrer URLs and other technical information.

 

  • Job Candidates or Employees:
  • Academic and professional data, such as Curriculum, Professional Title and Professional ID Number.
  • Family members and reference persons in case you are a CAF employee. In such cases, in accordance with the corresponding forms, you will declare that you have the consent of your relatives and reference persons, to share your personal data.
  • Health data, considered as sensitive personal data, when such information is required to comply with CAF's obligations towards its employees and, if required, to job candidates.
  • Financial or patrimonial, when they are required for the follow-up of a labor benefit or the fulfillment of a contract.

 

  • Providers, Customers or Allies:
    • Personal data corresponding to the natural person, if applicable, such as the legal representative, such as first and last names, email.
  • Financial or patrimonial data, when required to monitor compliance with a contract.

 

4. How do we use this information?

The personal data described in the previous point are used for the following purposes: 

  • Website Users
    • For the management of forms, subscription and/or records.
    • To optimize the relevance of the contents.
    • To contact users or data holders, in response to the requests they have made to CAF.
    • To disseminate CAF activities, its projects and calls.
    • To identify if the contents are pertinent and relevant according to your interests, as well as to identify improvements in our communication channels in terms of user experience and design.
    • The data related to the access tools is used both to identify improvements in the performance of our website, and to guarantee the operation of our site, its security and that of your information. 

 

  • Job Candidates or Employees:

Likewise, CAF may collect information by virtue of the existence of a labor relationship with internal and external employees. In this case, the processing of the information will have the following purposes: 

  • Manage the registration process and, where appropriate, integrate the corresponding employment file.
  • Conduct the management of human resources and activities related to the activities to be carried out.
  • Make the payments of the corresponding considerations and manage the payroll.
  • Hiring insurance for CAF employees and their families. And where appropriate, contact the designated beneficiaries.
  • Grant benefits or additional benefits to those contemplated in the employment contract.
  • Provide internal medical services.
  • Comply with the obligations derived from the contractual relationship.

The communications through which we will collect your data are mainly through emails, postal mail messages, telephone calls, forms, written contracts and the dissemination of advertisements on digital platforms.

The processing of your personal data will be conducted in accordance with the principles of legality, loyalty, transparency, purpose limitation, data minimization, accuracy, conservation limitation, integrity, confidentiality and responsibility; provided for in CAF's internal regulations in accordance with the provisions of the GDPR.

 

  • Providers, Customers or Allies:
    • To maintain the relationship with CAF's interested parties (for example, suppliers, clients or allies) in order to conduct the activities and obligations that are carried out jointly.
    • Presentation of service proposals to clients.
    • Compliance with legal relationships that are generated.

 

 

5. Legal basis and legitimate interest

The legal basis of our processing rests on a contractual relationship with the holders of personal data, for example, with our employees, clients, suppliers or allies.

On the other hand, we consider that the processing of personal data is also based on legitimate interest since, for example, the users of our website demonstrate their willingness to obtain our services by browsing our site or by filling out the registration forms. or contact, for the sake of a provision of our services in favor of the interested parties.

 

6. Will your information be shared with anyone?

 

CAF will not sell, distribute or lease this information to third parties, except in accordance with this Privacy Policy. Likewise, it is reported that no transfers of personal data will be made, except in those cases in which they are strictly necessary to conduct CAF's activities and functions, in accordance with the following assumptions.

  • When required by authorities by virtue of a law, in order to comply with the corresponding regulations. For example, in response to a court order, subpoena, or request by an enforcement agency for an applicable rule.
  • When the transfer is required to companies or institutions with which a contract is entered into.
  • When the relationship with clients arises, in order to provide them with services in accordance with CAF's objectives.

Prior to carrying out the data transfer, CAF will take the necessary steps to sign the respective Transfer Agreement, through which specific criteria are established for the processing of personal data.

The sharing of information described above may involve the transfer of your information to third party organizations or third countries, outside the EEA, or from outside the EEA to a location within the EEA. The level of protection of information in countries outside the EEA may be less than that offered within the EEA. We will implement appropriate measures to ensure that your personal data remains protected and secure in accordance with applicable data protection laws.

Likewise, reports or summaries may be generated and shared from the data collected, among others, the most visited pages or the number of registered to an event. Being summaries, these reports cannot be used to track an individual person.

We may also disclose the information to protect the security and operation of CAF and its website or the rights of other users of the website, and to protect us and our members, affiliates, consultants, and suppliers, if we have reason to believe that someone is causing or threatening to cause damage or interference with the rights or property of CAF, as well as to protect against fraud.

CAF may share a user's personal data with a third party, if that user expressly requests it.

 

7. Information about cookies and other tracking technologies

Cookies are small data files that are sent to your browser or related software from a web server and stored on your computer or device. Cookies often include an anonymous unique identifier and track and store your user preferences while using the Website, as well as technical information about your use of the Website.

As previously mentioned, the Website and its sub-sites collect anonymous logs during user visits. This may be done through cookies or similar technologies to retain information about you and your use of the Website.

Another technology we use is pixels, which are pieces of code on our channels that allow us to collect anonymous information about the performance of online advertisements and mass mailings, as well as to channel broadcast messages on other platforms such as social networks or the seekers.

 

8. Conservation of your personal data

We retain your personal data and anonymous information collected through the forms, contracts and the website, for operational, registration and legal purposes. We will retain your personal data about you for the period necessary to fulfill the purposes outlined in this Privacy Policy or our data retention policies, unless an applicable rule requires a longer retention period.

 

9. How do we keep your information secure?

We protect the security and integrity of the personal data we collect by implementing physical, electronic, and managerial procedures to safeguard and protect the information against loss, misuse, unauthorized access or disclosure, alteration, or destruction. However, due to the inherent nature of the Internet as an open global communication vehicle, we cannot guarantee that any information, whether during transmission over the Internet, while stored in our data systems, or maintained by us, is completely safe from intrusion by others, including hackers; however, in case of security violations, we will notify you in the shortest possible time of the existence of a risk to your rights. 

 

10. What if I don't want to share my information?

Filling out records and forms on our page is voluntary, and without doing so, users can browse www.caf.com. Filling out the forms is necessary to receive electronic newsletters, and certain communications from CAF related to events, calls and other activities.

When browsing the CAF page, the anonymous information described above will be collected, which, being anonymous, does not allow specific users to be identified.

If you are registered for an activity or subscribed to a newsletter, we may send you emails regarding your registration or subscription preferences. In any of these messages, the user may choose to withdraw from the list, thereby canceling their subscription and the data collection derived from it. You can also send us an "opt-out" request by email privacidad@caf.com.

 

11. Do we collect information from minors?

The Website is not directed to minors and we do not knowingly collect or maintain personal data about persons under the age of 13.

 

12. Rights under the GDPR

The European Union General Data Protection Regulation ("GDPR") and other applicable data protection laws grant certain rights to data subjects.

Generally speaking, you have, or may have, the right (as further set out in applicable data protection laws) to:

  1. Right to information: You may request details of the information we hold about you and how we process it.
  2. Right of access: You can, at any time, request access to your personal data.
  3. Right to erasure (right to be forgotten): You can request that your personal data be deleted.
  4. Right of rectification: You have the right to rectify inaccurate personal data that concerns you.
  5. Right to Restrict: You can, at any time, limit or restrict the processing of your personal data as long as it does not prevent compliance with applicable laws or our legal relationship.
  6. Right of Portability: You have the right to receive the personal data that you have provided us by electronic means, in a structured, commonly used and machine-readable format, so that you can later transmit it to another data controller.
  7. Opposition right: You will have the right to oppose at any time, the processing of your personal data.
  8. Rights related to automated decisions or profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or that affects you in an equally significant way.

Likewise, you may revoke or withdraw the consent previously provided for the processing of your personal data or oppose such processing.

It is important to note that these rights may not be absolute. For example, if you withdraw your consent to process your personal data, we may continue to process your personal data to the extent required or permitted by law, in particular in connection with the exercise and defense of our rights or our legal and/or regulatory obligations.

You do not have to pay anything to exercise your rights and you may request the exercise of any of the rights listed above, through the contact email privacidad@caf.com, request that will be processed by the responsible authority within CAF. 

 

13. Term to address the exercise of rights under the GDPR

The term to respond to requests for the exercise of rights is one (1) month, from the receipt of your request. Said term may be extended for another two (2) months if necessary, considering the complexity and number of requests. The DPO will inform of any of said extensions within one month from receipt of the request, indicating the reasons for the delay.

 

For more information, please contact the DPO via email privacidad@caf.com.

 

14. Claims before the Control Authority

If you have any questions or concerns regarding our processing of your personal data, please contact us at privacidad@caf.com and we will answer you.

If you are still dissatisfied, you can file a complaint about the way we process your personal data with the competent personal data protection authority. 

 

15. Do we make updates to this Privacy Policy?

Any updates to this Policy will be posted on this page. If the changes are significant, we may also choose to send an email to all our registered users with the further details.

If required by law, we will obtain your consent or give you the opportunity to opt out of any further use of your personal data.

 

16. How can you contact us about this Privacy Policy?

If you have questions or comments about this Privacy Policy, you may contact us at privacidad@caf.com, which we will be happy to answer. 

 

 

Last updated: September 16th, 2024