Data Controller
The controller responsible for the processing of personal data collected through the website www.findholding.com and associated services is:
| Field | Detail |
|---|---|
| Legal name | Diferentt SRL |
| Tax ID (CUIT) | 30-71666216-7 |
| Email address | hello@findholding.com |
| Primary activity | Custom software development, CRM and omnichannel platform |
Hereinafter referred to as "Find Holding", "we", "us" or "the Company".
Applicable Legal Framework
This Privacy Policy is governed primarily by the following regulations of the Argentine Republic:
- Law No. 25,326 on Personal Data Protection and its Regulatory Decree No. 1558/2001.
- Regulations of the Agency for Access to Public Information (AAIP), as the enforcement authority.
- Article 43, third paragraph, of the National Constitution (habeas data action).
- Law No. 26,032 on Information Society Services (aspects relating to Internet activity).
Additionally, this policy incorporates principles recognized by international data protection standards such as the European Union's General Data Protection Regulation (GDPR) and the Council of Europe's Convention 108+, in order to provide an adequate level of protection for users from any jurisdiction.
Scope of this Policy
This policy applies to all personal data collected or processed through:
- The website www.findholding.com and any associated subdomains.
- The management systems (CRM) provided by Find Holding to its clients.
- The omnichannel platform and its integrated communication channels (chat, email, social media, messaging, telephony).
- Contact forms, registration, quote requests or service contracting.
- Commercial electronic communications sent by Find Holding.
Key Definitions
For the purposes of this policy, in accordance with Article 2 of Law 25,326, the following terms shall be understood as:
| Term | Definition |
|---|---|
| Personal data | Information of any kind referring to natural or legal persons that are identified or identifiable. |
| Sensitive data | Personal data that reveals racial and ethnic origin, political opinions, religious, philosophical or moral beliefs, trade union membership, and information regarding health or sexual life. |
| Data subject | Any natural or legal person whose data is subject to processing. |
| Data controller | The natural or legal person, public or private, who owns a database and decides on the processing of data. |
| Data processor | The natural or legal person who processes personal data on behalf of the data controller. |
| Data processing | Systematic operations and procedures that allow the collection, storage, ordering, storage, modification, evaluation, blocking, destruction and, in general, the processing of personal data. |
| Data transfer | Any disclosure of data made to a person other than the data subject. |
Roles in Data Processing
5.1. Find Holding as Data Controller
When we collect personal data directly from users of our website or from those who contract our services, we act as Data Controller in accordance with Article 2 of Law 25,326. This includes data obtained through contact forms, quote requests, account registrations, billing processes and commercial communications.
5.2. Find Holding as Data Processor
When our clients use our CRM or omnichannel system to manage data from their own end users (for example, chat conversations, support tickets, contact records), Find Holding acts as a Data Processor.
Important: In this case, our clients are the Data Controllers and determine the purposes and means of processing that data. Find Holding processes such data solely in accordance with the client's instructions and the applicable service agreement, pursuant to Article 25 of Law 25,326 and Article 25 of Decree 1558/2001. Once the contractual service has been completed, the data will be destroyed, unless the client expressly authorizes its retention for a maximum period of two (2) years.
Personal Data We Collect
6.1. Data provided directly by the user
- Full name.
- Email address.
- Phone number.
- Company or organization name.
- Tax ID (CUIT/CUIL, in case of commercial or billing relationship).
- Billing information and tax address.
- Any other information the user voluntarily includes in contact forms or communications.
6.2. Automatically collected data
- IP address and approximate geolocation data.
- Browser type and version, and operating system.
- Device identifiers.
- Pages visited, time spent, referral URL and browsing patterns.
- Cookie data and similar technologies (see Section 12).
6.3. Data processed under the CRM and omnichannel system
When we act as Data Processor on behalf of our clients, we may process data generated by those clients' end users through the platform:
- Content of chat, email, messaging conversations and support tickets.
- History of interactions with communication channels.
- End user contact data provided to the client.
- Communication metadata (date, time, channel used, duration).
- Call recordings (when the client enables this functionality).
6.4. Data we do NOT collect
In compliance with Articles 2, 7 and 8 of Law 25,326, Find Holding does not intentionally request or collect sensitive data (racial or ethnic origin, political opinions, religious, philosophical or moral beliefs, trade union membership, information regarding health or sexual life), unless strictly necessary and with the express consent of the data subject.
Processing Purposes
Personal data collected as Data Controller will be used exclusively for the following purposes, in accordance with the purpose limitation principle set out in Article 4, paragraph 3, of Law 25,326:
| Purpose | Description |
|---|---|
| Service delivery | Custom software development, implementation and support of the contracted CRM and omnichannel platform. |
| Commercial management | Responding to inquiries, preparing quotes, managing the contractual and commercial relationship. |
| Communications | Sending information about service updates, news and commercial communications, subject to prior consent of the data subject. |
| Billing and payments | Payment processing, invoice issuance and accounting management. |
| Service improvement | Analysis of website and service usage to optimize user experience. |
| Legal compliance | Meeting legal, regulatory, tax and accounting obligations. |
| Security | Fraud prevention, protection of technological infrastructure and detection of unauthorized access. |
Data processed as Data Processor will be used exclusively in accordance with the instructions of the responsible client and for the purposes established in the corresponding service agreement.
Legal Basis for Processing
The processing of personal data is based on the following legal grounds, as applicable:
- Free, express and informed consent of the data subject (Article 5 of Law 25,326).
- Performance of a contract to which the data subject is a party, or implementation of pre-contractual measures taken at their request.
- Compliance with legal obligations to which the controller is subject (tax, accounting, regulatory obligations).
- Legitimate interests of Find Holding, provided that the fundamental rights and freedoms of the data subject do not prevail.
- Data from publicly and freely accessible sources (Article 5, paragraph 2.c of Law 25,326).
Consent
In accordance with Article 5 of Law 25,326, the consent of the data subject must be free, express and informed, given in writing or by another equivalent means as appropriate.
The data subject may withdraw their consent at any time, without retroactive effect, by contacting us at hello@findholding.com. Withdrawal will not affect the lawfulness of processing based on consent prior to its withdrawal.
Voluntary or mandatory nature: At the time of collection, the data subject will be informed whether the provision of certain data is mandatory (for example, for the performance of a contract) or voluntary, and the consequences of refusing to provide them, in accordance with Article 6 of Law 25,326.
Sharing Data with Third Parties
Find Holding does not sell, rent or transfer personal data to third parties for their own commercial purposes, in compliance with Article 10 of Law 25,326. Personal data may only be shared in the following circumstances:
10.1. Technology service providers
- Amazon Web Services (AWS): Hosting services, cloud infrastructure, storage and processing. AWS holds international security certifications (SOC 1/2/3, ISO 27001, ISO 27017, ISO 27018).
10.2. Payment service providers
- Stripe: International payment processing. Complies with PCI-DSS Level 1 standard.
- MercadoPago: Local payment processing. Complies with BCRA regulations and PCI-DSS standard.
These providers only access data strictly necessary to complete the transaction.
10.3. Other disclosure scenarios
- When required by a legal, judicial or administrative obligation.
- To defend Find Holding's rights in judicial or administrative proceedings.
- In the event of a merger, acquisition or corporate restructuring, with prior notification to the data subject.
In all cases, third parties who access personal data will be contractually bound to maintain confidentiality and to use the data exclusively for the agreed purpose, in accordance with Article 25 of Law 25,326.
International Data Transfers
Due to the nature of our services and technology providers, personal data may be transferred to and stored on servers located outside the Argentine Republic, particularly in the United States (AWS, Stripe).
Pursuant to Article 12 of Law 25,326, such transfers are carried out with the following safeguards:
- Contractual clauses ensuring an adequate level of protection equivalent to Argentine legislation.
- Use of providers holding recognized international security and privacy certifications.
- Where applicable, verification that the destination country offers an adequate level of protection according to AAIP criteria.
Cookie Policy and Similar Technologies
The website www.findholding.com uses cookies and similar technologies (local storage, tracking pixels) to improve the browsing experience.
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential | Necessary for the basic functioning of the website (session, security, technical preferences). | Session |
| Analytics | Allow analysis of site usage to improve its performance and content. | Up to 2 years |
| Functional | Store user preferences to personalize their experience (language, region). | Up to 1 year |
| Marketing | Used to display relevant advertising and measure the effectiveness of campaigns. | Up to 2 years |
Users may configure their browser to reject all cookies or receive a notification when cookies are sent. Preferences can also be managed through the site's cookie banner. Disabling essential cookies may affect site functionality.
Consent for non-essential cookies: Analytical, functional and marketing cookies will only be activated after obtaining the user's prior consent, in accordance with international best practices and AAIP recommendations.
Security Measures
Find Holding implements appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure or destruction, in accordance with Article 9 of Law 25,326 and DNPDP Resolution No. 11/2006 on Security Measures.
Technical measures
- Encryption of data in transit (TLS 1.2+/SSL) and at rest (AES-256).
- Role-based access controls and principle of least privilege.
- Multi-factor authentication (MFA) for access to internal systems.
- Firewalls, intrusion detection and prevention systems (IDS/IPS).
- Encrypted backups with periodic frequency and recovery procedures.
- Continuous monitoring and access auditing of systems.
- Infrastructure hosted on AWS with SOC 1/2/3, ISO 27001 certifications.
Organizational measures
- Internal information security and data classification policies.
- Confidentiality agreements with all personnel accessing personal data.
- Regular staff training on data protection and security.
- Documented security incident management procedures.
- Periodic review and update of implemented security measures.
Data Retention
Personal data will be retained for the time strictly necessary to fulfill the purposes for which it was collected, and in any case in accordance with Article 4, paragraph 7, of Law 25,326. The criteria for determining the retention period include:
- Contractual relationship: During the term of the contract and until the statute of limitations for any possible legal actions arising from it.
- Legal obligations: The time required by tax, accounting or regulatory regulations (generally 10 years under Argentine tax law).
- Consent: Until the data subject withdraws their consent.
- Legitimate interest: As long as the legitimate interest justifying the processing persists, unless the data subject objects.
Once these purposes have been fulfilled, data will be securely deleted, blocked or anonymized.
Data processed as Processor: Retention will be governed by the terms established in the agreement with the responsible client. Upon termination of the contractual relationship, Find Holding will return or delete the data in accordance with the client's instructions, within a maximum period of sixty (60) days, unless a legal obligation requires otherwise.
Data Subject Rights
In accordance with Articles 14, 15 and 16 of Law 25,326, every data subject has the right to:
| Right | Description | Legal Basis |
|---|---|---|
| Access | Request information about the personal data held in our databases, free of charge, at intervals of no less than six (6) months, unless there is a legitimate interest. | Art. 14 |
| Rectification | Request the correction of inaccurate, incomplete or outdated data. | Art. 16.2 |
| Update | Request that data be brought up to date when it has changed. | Art. 16.2 |
| Deletion | Request the deletion of data when it is no longer necessary for the purpose for which it was collected, or when consent is withdrawn. | Art. 16.3 |
| Confidentiality | Require that data be treated with due reserve and confidentiality. | Art. 10 |
| Objection | Object to the processing of data in certain circumstances, including objection to use for direct marketing purposes. | Art. 27.3 |
| Information | Know the existence of the database, its purpose and the identity of the controller. | Art. 13 |
| Withdrawal | Withdraw previously given consent, without retroactive effect. | Art. 5 |
How to exercise these rights?
Data subjects may send a request to hello@findholding.com with the subject line "Exercise of Rights — Personal Data", indicating:
- Full name and contact details.
- Copy of identity document (for verification purposes).
- Right to be exercised and description of the request.
Find Holding will respond within a maximum of ten (10) calendar days from receipt of the request, in accordance with Article 14, paragraph 2, of Law 25,326. The exercise of these rights is free of charge.
Right to lodge a complaint: If the data subject believes their rights have been violated, they may file a complaint with the Agency for Access to Public Information (AAIP) — Av. Pte. Julio A. Roca 710, 2nd Floor, Buenos Aires City — or through www.argentina.gob.ar/aaip.
Minors' Data
Find Holding's services are not directed at persons under eighteen (18) years of age. We do not intentionally collect personal data from minors. If we become aware that we have collected data from a minor without the consent of their legal guardian, we will delete it within forty-eight (48) hours of verification.
If you are a parent or guardian and believe that your minor child has provided us with personal data, please contact us at hello@findholding.com.
Security Incident Management
Find Holding has documented procedures for the detection, containment, investigation and notification of security incidents that may affect personal data.
In the event of a security incident that may pose a significant risk to the rights and freedoms of data subjects, Find Holding will:
- Notify the AAIP and affected data subjects as soon as possible, in accordance with the enforcement authority's recommendations.
- Report the nature of the incident, potentially compromised data, measures taken and recommended actions to the data subject.
- When acting as Data Processor, notify the responsible client without undue delay so that they can fulfill their own notification obligations.
Preparation for future regulations: This policy incorporates the security incident notification principle aligned with the proposed amendments to Law 25,326 currently under legislative debate, which provide for notification to the supervisory authority within 72 hours.
Changes to this Policy
Find Holding reserves the right to modify this Privacy Policy at any time to adapt it to legislative developments, case law, industry practices or changes in our services.
Modifications will take effect upon publication on the website www.findholding.com with indication of the new "last updated" date. For substantial changes affecting data subjects' rights, Find Holding will make reasonable efforts to notify users in advance by email or through a prominent notice on the website.
Users are encouraged to review this page periodically to stay informed about any changes.
Contact
For inquiries, complaints, information requests or exercise of rights related to this Privacy Policy, data subjects may contact Find Holding through:
| Channel | Detail |
|---|---|
| hello@findholding.com | |
| Website | www.findholding.com |
| Supervisory authority | Agency for Access to Public Information (AAIP) — www.argentina.gob.ar/aaip |