ARANDA SOFTWARE CORPORATION and its global subsidiaries (hereinafter “ARANDA”), in compliance with current regulations on personal data protection and information security applicable in the various jurisdictions where it operates, establishes the following terms and conditions governing the processing of information in its relationships with its suppliers:
ARANDA has adopted policies on personal data processing and information security that comply with applicable international standards, ensuring an adequate level of protection regardless of jurisdiction. These policies are available at: Privacy Policy, ISMS Policy, PTEE Policy.
By accepting a Purchase Order from ARANDA, the SUPPLIER hereby declares that:
a) It has a privacy policy that complies with the applicable regulations in its country of origin and is consistent with the laws of the jurisdiction where the ARANDA subsidiary that issued the Purchase Order is located.
b) It has implemented and maintains information security measures in accordance with the international standard ISO 27001:2022, ensuring confidentiality based on the type of information and personal data to which it may have access.
(c) You hereby expressly authorize ARANDA to access, collect, process, share, and exchange information regarding your commercial behavior and credit history with authorized credit bureaus. This authorization may be revoked by written notice, without prejudice to any legal or contractual obligations.
d) You understand that these terms and conditions constitute a binding agreement that forms an integral part of your business relationship with ARANDA.
Acceptance of an ARANDA Purchase Order through any of the following means: (i) handwritten or electronic signature, (ii) written confirmation, (iii) an email of acceptance, (iv) issuance of an invoice related to the Purchase Order, (v) commencement of performance or provision of the contracted service, (vi) any mechanism for sending a data message in accordance with applicable e-commerce legislation in the SUPPLIER’s jurisdiction, or (vii) any unequivocal act demonstrating the intention to comply with the request in the Purchase Order, constitutes an unequivocal expression of the SUPPLIER’s consent for all purposes described in this document. This consent is given freely, in advance, with full knowledge of the facts, specifically, and unequivocally, and is revocable under the terms permitted by law. Acceptance made through any of these mechanisms shall have full legal validity and effect in the domicile or jurisdiction of the SUPPLIER, and its evidentiary and contractual validity is expressly recognized in accordance with applicable e-commerce regulations.
ARANDA ensures that all international data transfers are conducted in full compliance with applicable laws, guaranteeing adequate levels of protection. To this end, ARANDA has implemented Binding Corporate Rules (BCRs), which constitute an internal code of conduct that is mandatory for all its subsidiaries and authorized third parties in any jurisdiction, establishing principles, safeguards, and effective mechanisms to ensure the protection of personal data.
These Binding Corporate Rules:
(a) They establish uniform data protection standards across all of ARANDA’s global operations.
(b) They guarantee enforceable rights for data subjects and effective complaint mechanisms.
c) They include measures for accountability, auditing, and ongoing training.
(d) These provisions apply to all data processing carried out on behalf of ARANDA or its subsidiaries, regardless of geographic location.
In addition, ARANDA may implement other protective measures, such as standard contractual clauses or other legally valid mechanisms, as required by each jurisdiction.
If, in connection with the fulfillment of a Purchase Order, the SUPPLIER has access to personal data of data subjects associated with ARANDA, the SUPPLIER agrees to:
a) Process such data solely for the purpose of fulfilling the contractual agreement. b) Implement appropriate security measures in accordance with the type of data. c) Not disclose or transfer such information to third parties without prior authorization from ARANDA. d) Return or delete the data once the contractual relationship has ended. e) Ensure that data subjects can exercise their rights.
This transfer does not involve a transfer of ownership of the personal data.
The PROVIDER acknowledges that, in accordance with applicable laws, they have the right to access, update, correct, and request the deletion of their personal data, as well as to revoke the consent given for the processing of such data, where appropriate. To exercise these rights, they may contact ARANDA through the channels set forth in its Privacy Policy.
The SUPPLIER authorizes ARANDA to receive, process, compile, and submit information related to the ownership of contracted services, beneficial owners, shareholding structure, contact information, account activity, and balances to national or foreign authorities, in compliance with tax evasion prevention regulations or anti-money laundering (AML) regulations, such as FATCA and the OECD’s CRS (Common Reporting Standard), or similar future regulations.
ARANDA undertakes to comply with all obligations set forth in the applicable regulations regarding personal data protection and privacy in force in each jurisdiction where it operates, including but not limited to regulations in Latin America and North America. The parties acknowledge that this document constitutes a binding agreement for the proper processing and protection of personal data.
LIMITATION ON THE USE OF PERSONAL DATA: In the event that THE SUPPLIER, in connection with the performance of this Purchase Order, has access to personal data of data subjects associated with ARANDA, it undertakes to: (i) process such data exclusively for the fulfillment of the contractual purpose, (ii) apply appropriate security measures in accordance with the type of data, (iii) not disclose or transfer such information to third parties without prior authorization from ARANDA, (iv) return or delete the data once the contractual relationship has ended, and (v) ensure the exercise of the data subjects’ rights. This transmission does not imply a transfer of ownership of the personal data.
The SUPPLIER authorizes ARANDA to receive, process, compile, and transmit information regarding the ownership of the products and services contracted and those to be contracted in the future, the beneficial owners thereof, their shareholding structure (if a legal entity), contact information, transaction history, and account balances, and any other required information, to national or foreign authorities, in compliance with national or foreign regulations regarding the prevention of tax evasion, money laundering, and terrorist financing.
The PROVIDER acknowledges that, in accordance with applicable laws, they have the right to access, update, correct, and request the deletion of their personal data, as well as to revoke the consent given for the processing of such data, where appropriate. To exercise these rights, they may contact ARANDA through the channels set forth in its Privacy Policy.
The SUPPLIER hereby declares under oath that:
(a) Neither he nor his shareholders, partners, legal representatives, members of the board of directors, officers, or their relatives within the second degree of consanguinity, second degree of affinity, or first degree of civil relationship are included on any restrictive, binding, or sanctions lists issued by domestic or foreign authorities, such as the list maintained by the Office of Foreign Assets Control (OFAC) or the United Nations Security Council list
The United States, or other lists related to predicate offenses such as money laundering, terrorist financing, corruption, or related crimes.
(b) Is not currently under investigation or facing criminal proceedings for money laundering, terrorist financing, corruption, transnational bribery, or any other related offense.
(c) The resources, funds, assets, and transactions that constitute or arise from its economic activity have a lawful origin and destination, and do not stem from unlawful activities as defined in the Penal Code or any regulation that modifies, adds to, or supplements it.
(d) Complies with the laws and regulations regarding the prevention and control of money laundering and terrorist financing in force in its jurisdiction.
e) You are required to update annually the information requested by ARANDA for the purpose of monitoring and preventing money laundering and terrorist financing, and to notify ARANDA of any changes to the information provided.
The SUPPLIER acknowledges and agrees that:
(f) ARANDA is authorized to conduct any checks it deems appropriate in national and international databases or public lists related to individuals under investigation for money laundering and terrorist financing.
(g) Any inaccuracy in the information provided or any breach of these representations shall constitute sufficient grounds for the unilateral and immediate termination of any commercial or contractual relationship, without giving rise to any compensation in favor of the SUPPLIER.
(h) Authorizes ARANDA to report to the competent authorities any transactions it deems suspicious, unusual, or attempted that are related to money laundering, terrorist financing, or other associated crimes.
These terms and conditions shall be governed by the laws of the country where the ARANDA subsidiary issuing the Purchase Order is domiciled. Any dispute shall be resolved preferably through conciliation, without prejudice to legal action before the competent authorities.
These terms and conditions:
(a) They are binding upon the parties upon any of the acts of acceptance referred to in Section 3.
(b) They shall remain in effect for as long as a business relationship exists between the parties and for an additional period of five (5) years for regulatory compliance purposes, or for the period specified by applicable laws.
(c) They are deemed to be automatically incorporated into all Purchase Orders issued by ARANDA, without the need for an express reference in each one.
(d) These terms shall prevail over any conflicting provisions in other documents of the SUPPLIER, unless the parties have specifically agreed otherwise in writing.
ARANDA reserves the right to:
(a) Request evidence from the SUPPLIER of compliance with the obligations set forth in these terms and conditions.
(b) Conduct, either directly or through authorized third parties, audits related to compliance with data protection and information security provisions, upon reasonable prior notice to the SUPPLIER.
(c) Require the correction of identified non-compliances, setting reasonable deadlines based on their nature and severity.
Regarding updates to these Terms and Conditions:
(a) ARANDA reserves the right to modify, update, or supplement these Terms and Conditions at any time, in accordance with regulatory, commercial, technical, or other changes that may require such action.
b) The updates will take effect on the date indicated in the new version published on the ARANDA website or through any other means ARANDA may provide for that purpose.
c) ARANDA will notify the SUPPLIER of any material changes to these Terms and Conditions by sending an email to the registered contact email address at least ten (10) calendar days prior to their effective date.
(d) The SUPPLIER may object to the amendments within ten (10) calendar days of receiving notice. Failure to object within that period, or the continuation of the business relationship after the changes take effect, shall constitute tacit acceptance of the changes.
e) The most recent version of these Terms and Conditions will always be available for review on the website: www.arandasoft.com. Each version will clearly indicate the date of its last update.