ARANDA SOFTWARE CORPORATION and its global subsidiaries (hereinafter "ARANDA"), in compliance with current regulations on personal data protection and information security applicable in the various jurisdictions where it operates, establishes the following terms and conditions governing the processing of information in relations with its suppliers:
ARANDA has adopted personal data processing and information security policies that comply with applicable international standards, ensuring an adequate level of protection regardless of jurisdiction. These policies are available in: Privacy Policy, ISMS Policy, PTEE Policy.
By accepting a Purchase Order from ARANDA, SUPPLIER represents that:
a) It has a privacy policy adequate to the applicable regulations in its country of origin, in accordance with the legislation of the domicile of the ARANDA subsidiary issuing the Purchase Order.
b) Has implemented and maintains information security measures in accordance with the international standard ISO 27001:2022, guaranteeing confidentiality according to the type of information and personal data to which it may have access.
c) You expressly authorize ARANDA to consult, collect, process, share and exchange information about your commercial behavior and credit history with authorized information centers. This authorization is revocable by written communication, without prejudice to legal and contractual obligations.
d) You understand that these terms and conditions constitute a binding agreement that forms an integral part of the business relationship with ARANDA.
The acceptance of a Purchase Order from ARANDA, through any of the following mechanisms: (i) handwritten or electronic signature, (ii) written confirmation, (iii) acceptance email, (iv) issuance of invoice related to the Purchase Order, (v) initiation of the execution or provision of the contracted service, (vi) any mechanism of sending data message in accordance with the applicable legislation on electronic commerce in the jurisdiction of the SUPPLIER, or (vii) any unequivocal act that demonstrates the intention to comply with what is requested in the Purchase Order, constitutes an unequivocal manifestation of the SUPPLIER's consent for all the purposes described in this document. This consent is given in a free, prior, informed, specific and unequivocal manner, being revocable under the terms permitted by law. The acceptance made by any of these mechanisms will have full validity and legal effectiveness in the domicile or jurisdiction of the SUPPLIER, expressly recognizing its evidentiary and contractual validity in accordance with the applicable electronic commerce regulations.
ARANDA guarantees that all international data transfers will be carried out in full compliance with applicable laws, ensuring adequate levels of protection. To this end, ARANDA has implemented Binding Corporate Rules (BCR) that constitute an internal code of conduct of mandatory compliance for all its subsidiaries and authorized third parties in any jurisdiction, establishing principles, guarantees and effective mechanisms to ensure the protection of personal data.
These Binding Corporate Rules:
a) Establish uniform data protection standards throughout ARANDA's global operations.
b) Guarantee enforceable rights for data subjects and effective complaint mechanisms.
c) Include accountability measures, auditing and continuous training.
d) They are applicable to all data processing carried out on behalf of ARANDA or its subsidiaries, regardless of geographical location.
Additionally, ARANDA may implement other protection mechanisms such as standard contractual clauses or other legally valid mechanisms as required by each jurisdiction.
In the event that the SUPPLIER, by virtue of the execution of a Purchase Order, has access to personal data of holders linked to ARANDA, it is obliged to:
a) Treat such data exclusively for the fulfillment of the contractual purpose. b) Apply appropriate security measures according to the type of data. c) Not disclose or transfer such information to third parties without prior authorization from ARANDA. d) Return or delete the data upon termination of the contractual relationship. e) Ensure the exercise of the rights of the owners.
This transmission does not imply transfer of ownership of personal data.
The SUPPLIER acknowledges that, in accordance with applicable laws, he/she has the right to know, update, rectify and request the deletion of his/her personal data, as well as to revoke the authorization granted for the processing thereof, when appropriate. To exercise these rights, you may contact ARANDA through the channels established in its Privacy Policy.
The SUPPLIER authorizes ARANDA to receive, process, compile and forward information related to the ownership of contracted services, beneficial owners, shareholder composition, contact details, movements and balances, to national or foreign authorities, in compliance with tax evasion or LAFT prevention regulations, such as FATCA and CRS (Common Reporting Standard) of the OECD, or similar future regulations.
ARANDA agrees to comply with all obligations set forth in the applicable personal data protection and privacy regulations in force in each jurisdiction where it operates, including but not limited to Latin American and North American regulations. The parties acknowledge that this document constitutes a binding agreement for the proper processing and protection of personal data.
LIMITATION OF USE OF PERSONAL DATA: In the event that THE SUPPLIER, by virtue of the execution of this Purchase Order, has access to personal data of holders linked to ARANDA, it is obliged to: (i) treat such data exclusively for the fulfillment of the contractual object, (ii) apply appropriate security measures according to the type of data, (iii) not disclose or transfer such information to third parties without prior authorization from ARANDA, (iv) return or delete the data once the contractual relationship is concluded, and (v) ensure the exercise of the rights of the holders. This transmission does not imply transfer of ownership of personal data.
The SUPPLIER authorizes ARANDA to receive, process, compile and forward the information related to the ownership of the products and services contracted and those contracted in the future, the beneficial owners of the same, its shareholder composition (in case of legal entity), contact details, movements and balances, and any other information required, to the national or foreign authorities, in compliance with national or foreign regulations for the prevention of tax evasion or money laundering and financing of terrorism.
The SUPPLIER acknowledges that, in accordance with applicable laws, he/she has the right to know, update, rectify and request the deletion of his/her personal data, as well as to revoke the authorization granted for the processing thereof, when appropriate. To exercise these rights, you may contact ARANDA through the channels established in its Privacy Policy.
The SUPPLIER declares under oath that:
a) Neither he, nor his shareholders, associates or partners, legal representatives, members of the board of directors, administrators and their relatives within the second degree of consanguinity, second degree of affinity or first civil degree, are included in restrictive, binding or control lists issued by national or foreign authorities, such as the list of the Office of Foreign Assets Control - OFAC, the list of the Security Council of the United Nations, the list of the Office of Foreign Assets Control - OFAC, the list of the United Nations Security Council, the list of the Office of Foreign Assets Control - OFAC, the list of the Office of Foreign Assets Control - OFAC and the list of the United Nations Security Council.
United Nations, or other lists related to predicate offenses of money laundering, financing of terrorism, corruption or related offenses.
b) Is not involved in criminal investigations or proceedings for money laundering, financing of terrorism, corruption, transnational bribery or any other related crime.
c) The resources, funds, assets and operations that make up or derive from its economic activity have a lawful origin and destination, and do not derive from illicit activities contemplated in the Penal Code or any regulation that modifies, adds or complements it.
d) Complies with the rules and regulations on prevention and control of money laundering and financing of terrorism in force in its jurisdiction.
e) It is obliged to annually update the information required by ARANDA for the control and prevention of money laundering and terrorist financing risks, as well as to notify any change in the information provided.
The SUPPLIER acknowledges and agrees that:
f) ARANDA is empowered to carry out the verifications it deems pertinent in national and international public databases or lists related to persons investigated for money laundering and financing of terrorism.
g) Any inaccuracy in the information provided or failure to comply with these declarations shall constitute sufficient cause for the unilateral and immediate termination of any commercial or contractual relationship, without this giving rise to any indemnity in favor of the SUPPLIER.
h) Authorizes ARANDA to report to the competent authorities the operations it considers suspicious, unusual or attempted related to money laundering, financing of terrorism or other associated crimes.
These terms and conditions shall be governed by the laws of the country where the ARANDA subsidiary issuing the Purchase Order is domiciled. Any dispute will be resolved preferably through conciliation mechanisms, without prejudice to legal actions before competent authorities.
These terms and conditions:
a) Are binding as from any of the acts of acceptance mentioned in Section 3.
b) Shall remain in effect as long as there is a commercial relationship between the parties and for an additional period of five (5) years for regulatory compliance purposes, or the time established by applicable laws.
c) They are considered automatically incorporated to all Purchase Orders issued by ARANDA, without the need of express reference in each one of them.
d) Shall prevail over any conflicting provisions in other documents of the SUPPLIER, unless specifically agreed in writing between the parties.
ARANDA reserves the right to:
a) Request from the SUPPLIER evidence of compliance with the obligations set forth in these terms and conditions.
b) Perform, directly or through authorized third parties, audits related to compliance with the provisions on data protection and information security, with prior reasonable notice to the SUPPLIER.
c) Require the correction of identified non-compliances, establishing reasonable deadlines according to their nature and seriousness.
With respect to updates to these Terms and Conditions:
a) ARANDA reserves the right to modify, update or supplement these Terms and Conditions at any time, according to regulatory, commercial, technical or other changes that may be required.
b) The updates will come into effect on the date indicated in the new version published on ARANDA's website or in the medium that ARANDA provides for this purpose.
c) ARANDA will notify the SUPPLIER about substantial changes in these Terms and Conditions by means of a communication addressed to the registered contact e-mail address, at least ten (10) calendar days prior to their entry into force.
d) The SUPPLIER may express its disagreement with the modifications within ten (10) calendar days following the notification. The lack of manifestation within such term, or the continuation of the commercial relationship after the entry into force of the changes, shall constitute tacit acceptance of the changes.
e) The most recent version of these Terms and Conditions will always be available for consultation on the website: www.arandasoft.com. Each version will clearly indicate its date of last update.