epinova
Get a quote

Legal

Privacy and Personal Data Processing Policy

Last updated: [Date]. In force from publication.

1. Data controller.

The personal data controller is Epinova Group, Tax ID (NIT) [NIT], with registered address at [Address, Guatemala City, Guatemala]. For any communication related to personal data processing, the Client may contact the data protection officer at privacidad@epinovagroup.com.

2. Data collected.

Epinova collects and processes the following Client personal data:

  • Identification data: full name, identification document (DPI or passport) when applicable for FEL invoicing.
  • Contact data: email, phone number, postal address when applicable.
  • Academic data: university, field of study, semester, research work title, subject area.
  • Financial data: payment information necessary to process transactions (processed by our payment providers Recurrente and Stripe — Epinova does not store full card numbers).
  • Technical data: IP address, session identifiers, browsing data collected through cookies.

Epinova does not collect sensitive data within the meaning of Article 9, item 6, of Decree 57-2008 (racial origin, political opinions, religious convictions, health, sexual life) unless the research work addresses them thematically, in which case they receive reinforced confidential treatment.

3. Purpose of processing.

  • Handle quote requests and commercial inquiries.
  • Execute the service contract and deliver the contracted services.
  • Issue electronic invoices under SAT regulations.
  • Communicate progress, deliverables, and operational matters.
  • Comply with legal, accounting, and tax obligations.
  • Handle rights of access, rectification, cancellation, or opposition.
  • Improve service quality through anonymized statistical analysis.

Epinova does not use Client data for external marketing, third-party advertising, or sell it to third parties for commercial purposes.

4. Legal basis for processing.

Personal data processing is based on: (i) the express, prior, and informed consent of the Client when accepting this Policy and the T&C; (ii) the necessity for contract performance with the Client; (iii) compliance with legal obligations applicable to Epinova, particularly in tax matters. As reference framework, we apply Decree 57-2008 (Public Information Access Law) and the habeas data doctrine developed by the Constitutional Court of Guatemala, in the absence of a general personal data protection law in Guatemala.

5. Retention periods.

  • Academic data and project content: up to twelve (12) months after contract termination, after which it is destroyed or anonymized.
  • Accounting, tax, and billing data: for the legal period of five (5) years established by Guatemalan tax regulations.
  • Marketing and CRM data: until the Client requests cancellation.

6. Recipients and international transfers.

Client data is accessed exclusively by Epinova's authorized team and by the following data processors, all subject to contractual confidentiality and security obligations:

  • Payment processors: Recurrente, S.A. (Guatemala) and Stripe, Inc. (USA) for international payments.
  • Technology infrastructure providers: hosting, cloud storage, and email services, located in Guatemala and the United States.
  • Professional advisors: accountants, tax, and legal counsel under professional secrecy duties.

Epinova DOES NOT sell, rent, or transfer data to third parties for commercial purposes. Epinova DOES NOT transfer or share information with the Client's academic institution under any circumstance, except express judicial requirement.

7. Data subject rights (ARCO).

The Client, as personal data subject, may exercise the following rights at any time:

  • Access: know what personal data is processed and for what purpose.
  • Rectification: correct inaccurate or incomplete data.
  • Cancellation: request data suppression when no longer necessary or consent has been withdrawn.
  • Opposition: object to processing on grounds related to their particular situation.

Procedure: the request must be sent by email to privacidad@epinovagroup.com indicating the right being exercised, requester identification, and description of the request. Epinova will respond within a maximum of fifteen (15) business days. Data cancellation does not proceed when there is a legal retention obligation (e.g., tax obligations).

8. Security measures.

  • In-transit encryption via HTTPS/TLS protocols across the entire website and client portal.
  • At-rest encryption of sensitive files in the storage infrastructure.
  • Role-based access control and two-factor authentication for the internal team.
  • Periodic backups of operational information.
  • Internal incident-handling policy with logged records.
  • Periodic training of the team on data protection and confidentiality.

9. Cookie Policy.

Epinova's website uses cookies and similar technologies to improve browsing experience and analyze site usage. We distinguish:

  • Necessary cookies: essential for site operation (session, language preference). No consent required.
  • Analytics cookies: measure aggregate visitor traffic and behavior (e.g., Plausible, Google Analytics where applicable). Require consent.
  • Marketing cookies: used for advertising personalization. Require express consent.

The Client may configure cookies at any time via the consent banner displayed upon entering the site or through their browser settings.

10. Policy modifications.

Epinova may modify this Policy at any time. Modifications will be published at https://epinovagroup.com/en/privacy and notified by email to active Clients at least fifteen (15) calendar days before their effective date.

11. Contact and supervisory authority.

For any inquiry, complaint, or rights exercise related to personal data processing, the Client may contact privacidad@epinovagroup.com. If no satisfactory response is obtained, the Client may turn to the Human Rights Ombudsman (PDH) of Guatemala, which exercises supervisory functions on habeas data under Decree 57-2008.