Privacy and Personal Data Protection

En Grupo Financiero ST y todas las sociedades que lo componen respetamos la privacidad de la información personal y asumimos nuestra responsabilidad de protegerla. Durante el curso de nuestras actividades comerciales, recopilamos, utilizamos, almacenamos y procesamos información personal cumpliendo con los requerimientos legales e implementando medidas de seguridad diseñadas a tal efecto.

At Grupo Financiero ST and all its associated companies, we respect the privacy of personal information and take our responsibility to protect it seriously. Throughout our business activities, we collect, use, store, and process personal information in compliance with legal requirements and implement security measures designed for this purpose.

What are the current regulations on Personal Data Protection in Argentina?

  • Law 25.326 on Personal Data Protection and/or its amendments and supplements.
  • Decree 1558/2001, Regulatory Decree of Law 25.326.
  • Resolutions of the Agency of Access to Public Information (AAIP).

How do we handle personal data?

We handle personal data in a transparent and lawful manner. When collecting personal data, we inform what personal data we process, what we use it for, with whom we share it, what rights data subjects have regarding it, and how we protect it.

How do we protect your personal information?

We limit the collection and processing of personal data to the minimum necessary to fulfill the purpose for which it was collected.

We maintain physical, electronic, and procedural security measures to protect personal information within our organization and with those with whom we share it. We only grant access to personal information to those who need it to do their job, and we require strict compliance with security and confidentiality measures. Additionally, we protect personal data against unauthorized or unlawful processing and against accidental loss, destruction, or damage.

We limit the personal data we share with third parties. In some cases, we must share personal data with companies that are part of our shareholder group, our service providers, business partners, or with governmental or regulatory entities. In all cases, it is done lawfully, transparently, and the minimum necessary data is shared to fulfill the established purpose.

Our online services (including, but not limited to, website, applications, social networks, emails) are controlled and operated from Argentina and are intended for residents of Argentina. They are not intended to subject any of Grupo Financiero ST’s companies to the laws or jurisdictions of any state, country, or territory other than Argentina.

We limit the retention of personal data to the minimum time necessary to fulfill the established purpose.

We maintain internal procedures and controls to comply with the Privacy and Personal Data Protection Policy and the applicable legislation on the matter.

With whom can we share personal information?

We may share the personal information provided to us among Grupo ST companies and with other companies that provide services for us or on our behalf, for our day-to-day business purposes and to provide you with better services and manage them. We may also share personal information to comply with legal or regulatory requirements, with regulatory and judicial entities, governmental or tax authorities, law enforcement agencies.

How long do we retain personal information?

Grupo Financiero ST companies retain personal information for the time necessary or permitted to achieve the purposes for which it was obtained and in accordance with applicable law.

What is the regulatory authority overseeing the applicable regulations?

The Agency of Access to Public Information, as the Control Body of Law No. 25.326, has the authority to address complaints and claims made by those whose rights are affected by non-compliance with the current personal data protection regulations.

What rights do data subjects have regarding their personal data?

All data subjects have the following rights under data protection laws:

  • The right to request and obtain information about their personal data included in databases free of charge at intervals not less than six months, unless a legitimate interest is proven.
  • The right to have personal data rectified, updated, or modified and, when appropriate, deleted.
  • The right to claim compensation for damages caused by non-compliance with data protection legislation.
  • The right to revoke granted consent (the withdrawal of consent will not affect the legality of processing based on prior consent).

Data subjects may at any time request the withdrawal or blocking, total or partial, of their name from the databases referred to in Article 27, paragraph 3 of Law 25.326 (files, records, or databases for advertising purposes).

How can data subjects exercise their rights?

Each Grupo Financiero ST company provides the necessary mechanisms for data subjects to have control over their personal data and enables channels to receive requests for access, updating, rectification, and deletion of personal data.

Concerns related to the processing of personal information or dissatisfaction with our handling of a request related to data protection rights can be raised by filing a complaint with the Agency of Access to Public Information. In this regard, the Agency of Access to Public Information, as the Control Body of Law No. 25.326, has the authority to address complaints and claims made by those whose rights are affected by non-compliance with current personal data protection regulations.