1. INTRODUCTION AND COMMITMENT

Productora GA RD SRL, a company registered under Dominican Republic law with tax identification number RNC (Registro Nacional del Contribuyente): 1-31-3253-1, and its affiliates (“GARD,” “we,” “us,” “our”) are committed to protecting the privacy and personal data of all individuals who interact with our website, applications, and services (collectively, the “Services”).

This Privacy Policy explains how we collect, process, use, share, protect, and retain personal data in accordance with the Dominican Republic’s Personal Data Protection Law (Law No. 172-13 as amended, the “Dominican Data Protection Law”), the European Union’s General Data Protection Regulation (GDPR) where applicable, and other relevant international data protection standards.

By using our Services, you acknowledge that you have read and understood this Privacy Policy and consent to our collection and processing of your personal data as described herein. If you do not agree with our practices, please do not use our Services.

2. DATA CONTROLLER AND CONTACT INFORMATION

2.1 Data Controller

Productora GA RD SRL is the data controller responsible for the collection and processing of your personal data. We determine the purposes and means of processing.

Registered Address:
Calle Restauración 249, Santo Domingo, Distrito Nacional 10212, Dominican Republic.

Tax Identification Number RNC (Registro Nacional del Contribuyente): 1-31-3253-1.

Website: https://grupogard.com

2.2 Data Protection Officer (DPO) / Privacy Contact

For all privacy-related inquiries, requests, and data subject rights, please contact:

Privacy Contact:

• Email: [email protected]
• Telephone: +1 (829) 273-0683
• Mailing Address: Calle Restauración 249, Santo Domingo, Distrito Nacional 10212, Dominican Republic

Response Time: We will respond to all privacy inquiries and data subject requests within ten (10) business days, and no later than thirty (30) days as required by Dominican Data Protection Law.

3. PERSONAL DATA WE COLLECT

3.1 Categories of Personal Data

We collect the following categories of personal data, depending on how you interact with our Services:

Category	Examples	Source
Identification Data	Full name, date of birth, national identification number, passport number	Direct submission via forms, registration, job applications
Contact Information	Email address, mailing address, telephone number, fax number	Registration, inquiries, event sign-ups, correspondence
Professional Information	Job title, company/school affiliation, employment history, CV/resume, LinkedIn profile, professional credentials	Job applications, registration, profile creation
Authentication Data	Username, password, access credentials, security questions and answers	Account registration and management
Technical Data	IP address, browser type, device identifier, pages visited, time spent on pages, clickstream data, cookies, unique identifiers	Automatic collection via website analytics and cookies
Technical Data (continued)	Device tokens for push notifications (push notification identifiers, unique device IDs for notification delivery), Firebase installation IDs, push notification interaction logs	Automatic collection via OneSignal SDK; analytics via Google Firebase
E-Commerce Data	For customers making purchases: Full name, billing address, shipping address, email address, phone number, order history, purchase details	WooCommerce platform during checkout and order processing
Communication Data	Content of messages, inquiries, survey responses, forum posts, comments, feedback	Direct submission and user-generated content
Event Data	Attendance records, registration information for events, webinars, or conferences	Event registration and participation
Recruitment Data	Application materials, employment history, references, interview notes, background check information (with consent)	Job applications and recruitment process
Preference Data	Areas of interest indicated during registration, marketing preferences, communication preferences	Registration forms and preference centers
Financial Data	Payment information (processed via secure third-party payment processors; we do not store credit card data)	Transactions for products/services (if applicable)

3.2 Special Categories of Data

We do not intentionally collect sensitive personal data including health information, biometric data, racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, or data concerning sex life or sexual orientation, unless:

• You explicitly provide such information for a specific, lawful purpose;
• You provide explicit written consent;
• Processing is necessary for employment purposes (with proper safeguards); or
• You have made such data manifestly public.

If you inadvertently provide such data, we will delete it unless there is a specific legal basis to retain it.

3.3 Data Collected from Children

Our Services are not directed to children under the age of 16 years old. We do not knowingly collect personal data from children under 16 without verifiable parental consent. If you are between 16 and 18 years of age, we require your parent or legal guardian’s consent to process your personal data. If we discover we have collected data from a child under 16 without parental consent, we will delete it immediately. If a parent or guardian believes we have collected data from their child, please contact us immediately at [email protected].

4. LEGAL BASIS FOR PROCESSING

Under Dominican Data Protection Law, we only process personal data when we have a lawful basis to do so. The following are our legal bases:

4.1 Consent

• Purpose: Marketing communications, optional surveys, non-essential cookies, recruitment outreach beyond initial interest.
• Application: You have provided explicit, informed consent, which you may withdraw at any time.
• Withdrawal: Contact us at [email protected]

4.2 Contractual Necessity

• Purpose: Fulfilling requests for information, processing registrations, delivering Services, processing transactions, managing event participation.
• Application: Processing is necessary to perform a contract to which you are a party or to take steps at your request prior to entering into a contract.

4.3 Legal Obligation

• Purpose: Compliance with applicable laws, regulations, court orders, government requests.
• Application: Processing is required by Dominican law, international law, or other applicable jurisdiction.

4.4 Legitimate Interests

• Purpose: Improving our Services, analyzing user behavior, detecting fraud, maintaining security, recruitment for similar positions, aggregated analytics.
• Application: Our interests are balanced against your privacy rights; we have conducted impact assessments and implement safeguards.
• Your Right: You have the right to object to processing on this basis (see Section 10).

4.5 Vital Interests

• Purpose: Protecting health, safety, or life in emergency circumstances.
• Application: Processing is necessary to protect vital interests of you or another person.

5. HOW WE USE YOUR PERSONAL DATA

5.1 Primary Uses

We process your personal data for the following purposes:

5.2 Recruitment-Specific Processing

If you apply for a position at GARD:

• Your personal data will be processed to evaluate your application.
• With your explicit consent, we will retain your information for future relevant opportunities.
• We will request your consent annually to continue holding your information in our recruitment file.
• You may withdraw consent at any time.
• If not retained in the recruitment file, your data will be deleted within 6 months of the recruitment process ending.

5.3 Automated Decision-Making and Profiling

We do not currently use automated decision-making or profiling to make decisions that significantly affect you (such as hiring decisions). If this changes, we will update this policy and provide separate notice and safeguards.

6. COOKIES, TRACKING TECHNOLOGIES, AND IP ADDRESSES

6.1 Cookie Policy

Our Services use cookies and similar tracking technologies. We categorize them as follows:

6.2 Explicit Consent for Non-Essential Cookies

We do not use non-essential tracking cookies without your explicit prior consent. When you first visit our site, you will be presented with a cookie banner that allows you to:

• Accept All: Accept all cookies including marketing and analytics.
• Reject All: Reject all non-essential cookies.
• Manage Preferences: Choose which cookie types to accept.
• Cookie Settings: Access a detailed cookie management page at any time.

You may withdraw your cookie consent at any time by accessing our cookie settings or contacting us at [email protected]. Withdrawal does not affect the lawfulness of processing before withdrawal.

6.3 IP Addresses

We automatically log your IP address (the location of your computer on the Internet) to:

• Diagnose technical problems with our servers.
• Administer and maintain the site’s security.
• Track traffic patterns and analyze site usage.
• Detect and prevent fraud.

Legal Basis: Legitimate interests (site security and functionality) Retention: Technical logs retained for 30 days; aggregated data retained for analytical purposes.

6.4 Third-Party Cookies

Our site may include content from third-party providers (e.g., embedded videos, widgets). These third parties may set their own cookies. We are not responsible for their cookie practices. We recommend reviewing their privacy policies. Third parties that may set cookies or collect data on our site:

• Google Analytics (analytics and website performance tracking).
• Google Firebase (mobile app analytics, crash reporting, real-time database operations, and performance monitoring).
• LinkedIn platform (professional networking and analytics).
• WhatsApp, Facebook and Instagram (Meta) platforms (social media integration and advertising).

7. SHARING YOUR PERSONAL DATA

7.1 General Principle

GARD will not share your personal data with third parties without a lawful basis and, where required, your consent. We take commercially reasonable steps to prevent unauthorized disclosure.

7.2 Categories of Recipients

A. GARD Affiliates

Your personal data may be shared with GARD affiliates and subsidiaries for the purposes described in this policy. All affiliates are bound by similar data protection obligations.

• The Solomon Brokerage Firm (Estonia).
• Latin American Center for Digital Transformation – CLTD (Mexico, Estonia, Dominican Republic, El Salvador).
• G3SIS Water Division (Latin America).
• COOPRESOL (Dominican Republic).

B. Authorized Service Providers (Data Processors)

We share personal data with third-party service providers who process data on our behalf under written Data Processing Agreements (“DPAs”). These include: Your Right: You may request a list of specific service providers and their data protection certifications by contacting [email protected].

C. Legal Requirements and Government Authorities

We may disclose your personal data without your consent when:

1. Required by Law: We are compelled by a court order, subpoena, legal process, government investigation, or regulatory authority.
2. Public Interest: Disclosure is necessary to prevent, investigate, or prosecute fraud, security breaches, or other illegal activity.
3. Protection of Rights: Disclosure is necessary to protect our rights, privacy, safety, or property, or those of our users or the public.

Notification: Except where prohibited by law, we will notify you of such disclosures if legally permitted to do so.

D. Intellectual Property Rights Protection

We may disclose contact information in response to written inquiries from legitimate intellectual property rights holders regarding allegations of infringement arising from content you have posted or submitted to our Services.

E. Business Transfers (Merger, Acquisition, Restructuring)

If GARD merges with, is acquired by, or sells substantially all of its assets or a majority of its equity to a third party:

• Transfer Notice: We will notify you of such transfer via email or prominent notice on our site.
• New Privacy Policy: The acquiring entity may operate under a different privacy policy.
• Your Choice: You will have the opportunity to withdraw consent or object before data is transferred.
• Successor Obligations: Any acquiring entity will be required to honor the commitments made in this policy.

8. INTERNATIONAL DATA TRANSFERS

8.1 Transfer Mechanisms

Personal data collected in the Dominican Republic may be transferred to and processed in other countries where GARD or its service providers operate, including:

• Estonia: Head office of The Solomon Brokerage Firm and CLTD operations.
• China: Headquarters of strategic partners PowerChina, LONGi, and CNTY for utility-scale project coordination.
• United States: Processing of technical and analytical data via Google services.

• Mechanism: Standard Contractual Clauses (SCCs) and Data Processing Agreements.
• Safeguards: Technical encryption (SSL/TLS), password-protected access controls, and regular security audits.

For transfers outside the Dominican Republic:

8.2 Your Rights Regarding Transfers

• You may request information about transfer mechanisms by contacting [email protected]
• You may object to transfers to certain countries.
• For transfers to countries without adequate data protection, we implement contractual safeguards.

8.3 No Unilateral Transfer

GARD will not transfer your personal data to countries with inadequate data protection standards without appropriate legal mechanisms in place.

9. DATA RETENTION AND DELETION

9.1 Retention Schedule

We retain personal data only as long as necessary for the purposes described in this policy. The following schedule applies:

9.2 Right to Erasure (Right to Be Forgotten)

You have the right to request erasure of your personal data in the following circumstances:

• The data is no longer necessary for the original purpose.
• You withdraw consent and there is no other legal basis.
• You object to processing on the basis of legitimate interests.
• The data was unlawfully processed.
• Erasure is required by law.

Exceptions: We may retain data if:

• Retention is required by applicable law.
• Data is necessary for legal claims or defense.
• Data relates to ongoing recruitment or employment.
• Data is necessary for security, fraud prevention, or public interest.

How to Request: Contact [email protected] with “Right to Erasure Request” in the subject line. Provide sufficient detail to identify your data. We will respond within 10 business days. Partial Erasure: If erasure is not possible due to legal obligations, we will block access to the data instead.

9.3 Anonymization and Aggregation

Data that has been anonymized or aggregated in a way that you are no longer identifiable may be retained and used indefinitely without your further consent, as it is no longer personal data under Dominican Data Protection Law.

10. YOUR PRIVACY RIGHTS AND HOW TO EXERCISE THEM

Under the Dominican Personal Data Protection Law and applicable international standards, you have the following rights:

10.1 Right to Information (Already Provided)

You have the right to know that your personal data is being collected and processed. This Privacy Policy fulfills this obligation.

10.2 Right of Access

You have the right to obtain confirmation of whether we hold your personal data and to receive a copy of it. How to Request:

• Email: [email protected].
• Include: “Right of Access Request” in subject line, sufficient identifying information.
• Response Time: 10 business days (no later than 30 days under Dominican law).
• Format: We will provide data in a clear, intelligible format.
• Cost: Free of charge (unless requests are manifestly unfounded or excessive, in which case we may charge a reasonable fee).

What You Will Receive:

• Copy of your personal data we hold.
• Purpose of processing.
• Categories of recipients.
• Retention period.
• Your rights.

10.3 Right to Rectification (Correction)

You have the right to correct inaccurate or incomplete personal data. How to Request:

• Email: [email protected] with “Right to Rectification Request” in subject line.
• Specify which data is inaccurate and provide correct information.
• Response Time: 10 business days.
• Notification: We will notify third-party recipients of the correction where feasible.

Online Self-Service: You may also correct certain data directly in your account profile (if applicable).

10.4 Right to Erasure (Right to Be Forgotten)

As detailed in Section 9.2, you have the right to request deletion of your personal data in certain circumstances.

10.5 Right to Restrict Processing

You have the right to request that we limit the processing of your personal data (e.g., restrict marketing communications while keeping data in systems for legal compliance). How to Request:

• Email: [email protected] with “Right to Restrict Processing” in subject line.
• Specify which processing activities you wish to restrict.
• Response Time: 10 business days.

Effect: Restricted data will not be processed except as necessary for storage and legal compliance, until you request removal of the restriction.

10.6 Right to Object

You have the right to object to processing of your personal data on the basis of legitimate interests. How to Request:

• Email: [email protected] with “Right to Object” in subject line.
• Specify which processing activity you object to
• Provide your grounds for objection.
• Response Time: 10 business days.

Marketing Communications: For email or other marketing, you may object by clicking the “unsubscribe” link in the communication or contacting us. Effect: Upon receiving a valid objection, we will cease the processing activity unless we demonstrate compelling legitimate grounds that override your interests.

10.7 Right to Data Portability

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller (if technically feasible). How to Request:

• Email: [email protected] with “Right to Data Portability Request” in subject line.
• Response Time: 10 business days.
• Format: We will provide data in CSV, JSON, or other standard format (as available).

Limitations: This right does not apply to data that cannot be technically separated or that is aggregated with others’ data.

10.8 Right to Withdraw Consent

If we process your data based on your consent, you have the right to withdraw that consent at any time, without penalty. How to Withdraw:

• Email: [email protected] with “Consent Withdrawal Request”.
• Specify which consent(s) you are withdrawing.
• Withdrawal is effective immediately for future processing.
• Past processing based on the original consent remains lawful.

Examples:

• Unsubscribe from marketing emails.
• Withdraw consent for non-essential cookies.
• Withdraw consent for recruitment file retention.

10.9 Right Not to Be Subject to Automated Decision-Making

You have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects on you (such as automatic hiring decisions). Currently, GARD does not use fully automated decision-making for significant decisions. If this changes, we will update this policy and provide appropriate notice and safeguards, including the right to human review.

10.10 Right to Lodge a Complaint

In accordance with Law No. 172-13 on the Protection of Personal Data, the Dominican Republic does not currently have a centralized, independent data protection supervisory authority. Users are advised that the primary body responsible for protecting fundamental rights, including the right to personal data protection, is the Ombudsman (Defensor del Pueblo). Dominican Authority: Defensor del Pueblo de la República Dominicana (Ombudsman of the Dominican Republic). Address: Av. Tiradentes esquina Av. 27 de Febrero, Plaza Merengue, Santo Domingo de Guzmán, Distrito Nacional, República Dominicana Website: https://www.defensordelpueblo.gob.do Email: [email protected] Telephone: +1 (809) 381-4777 Other Authorities:

• If you are in the EU, you may also complain to your national data protection authority.
• If you are in other jurisdictions with data protection authorities, you may lodge complaints with them.

11. DATA SECURITY AND PROTECTION

11.1 Security Measures

GARD implements comprehensive technical and organizational security measures to protect your personal data from loss, misuse, alteration, unauthorized access, and destruction. These include: Technical Measures:

• Encryption: Data in transit is encrypted using SSL/TLS protocols (HTTPS).
• Data at Rest: Sensitive personal data is encrypted at rest using industry-standard encryption.
• Access Controls: Only authorized personnel with a need-to-know have access to personal data.
• Multi-Factor Authentication: Administrative access requires multi-factor authentication.
• Regular Security Testing: We conduct penetration testing, vulnerability assessments, and security audits.
• Intrusion Detection: Automated monitoring systems detect suspicious activity.

Organizational Measures:

• Data Protection Training: All personnel handling personal data receive data protection training.
• Confidentiality Agreements: All employees and contractors sign confidentiality agreements.
• Access Logs: We maintain logs of who accessed personal data and when.
• Incident Response Plan: We have documented procedures for responding to security breaches.
• Third-Party Security: Service providers are required to maintain comparable security standards (verified through contracts and audits).

11.2 Limitations on Security Guarantees

Despite these precautions, no system is completely secure. GARD cannot guarantee that unauthorized persons will not obtain access to your personal data. Transmission over the Internet is not completely secure. You use our Services at your own risk. We are not responsible for circumvention of security measures.

11.3 Password and Account Security

You are responsible for:

• Maintaining the confidentiality of your password and access credentials.
• Notifying us immediately of any unauthorized use of your account.
• Logging out of your account when finished, especially on shared computers.

We recommend using a strong, unique password and not sharing your credentials.

12. DATA SAFETY SUMMARY

This section provides a transparent overview of how GARD’s mobile applications handle personal data and implements privacy and security safeguards in compliance with Google Play Data Safety requirements, the GDPR, and other applicable privacy regulations.

12.1 Data Collection Summary

Our mobile application collects the following categories of personal data:

Data Category	Examples	Collection Method	Purpose
Device Information	Device model, operating system, app version, unique installation ID, device manufacturer, API level	Automatic collection via mobile SDK	App functionality, analytics, crash reporting
Device Identifiers for Push Notifications	Push notification tokens, device IDs (IDFA on iOS, GAID on Android), unique push identifiers	OneSignal SDK	Delivering push notifications and tracking notification interactions
Usage & Analytics Data	Pages/screens accessed, features used, time spent, session duration, user interactions, click events	Automatic collection via Google Firebase Analytics	Understanding app usage patterns, improving user experience, app optimization
Technical Data	IP address, device type, browser/app version, locale settings, network type (WiFi/cellular)	Automatic collection via analytics and hosting providers	Site security, functionality, performance optimization
Account Data (if applicable)	Email address, username, authentication credentials, account preferences	Direct submission during registration/login	Account access and management
E-Commerce Data (if using WooCommerce store)	Full name, email address, billing address, shipping address, phone number, order history	Direct submission during checkout and account registration	Processing and fulfilling orders, shipping, payment processing, customer service
Crash & Error Logs	Application error messages, stack traces, device state at time of crash, memory usage	Automatic collection via Firebase Crashlytics	Diagnosing and fixing application crashes and performance issues

12.2 Data Security & Encryption

Data in Transit:

• All data transmitted between the app and our servers is encrypted using SSL/TLS (HTTPS) 1.2 or higher
• Payment information is encrypted and processed by secure third-party payment processors; we do not store credit card data

Data at Rest:

• Sensitive personal data stored on our servers is encrypted using industry-standard encryption (AES-256 or equivalent)
• Database access is restricted to authorized personnel with role-based access controls
• Regular security audits and penetration testing are conducted

Local Device Storage:

• App data stored locally on your device benefits from the device operating system’s built-in security features
• Users can clear app data at any time through device settings

12.3 Third-Party Data Sharing

Your personal data is shared with the following third-party data processors to enable app functionality:

OneSignal (Push Notification Service Provider)

• Data Shared: Device IDs, push notification tokens, email address (if provided), notification interactions (opens, clicks), user tags
• Purpose: Delivering push notifications, managing device registrations, and analyzing notification engagement
• Location: United States
• Legal Basis: Contractual necessity (to deliver push notifications you have opted into) / Consent
• Your Control: You may opt out of push notifications in app settings, which will prevent OneSignal from receiving your device ID

Google Firebase (Analytics & App Performance)

• Data Shared: Device information, app usage analytics, crash logs, performance metrics, installation IDs, pages/screens visited, time spent in app
• Purpose: App analytics, crash reporting, performance monitoring, and service improvement
• Location: United States (some Firebase services have multi-region options)
• Legal Basis: Legitimate interests (improving app functionality and user experience) / Consent
• Your Control: Firebase data collection can be limited through app settings; detailed Firebase privacy practices available at https://firebase.google.com/support/privacy

WooCommerce/Automattic (E-Commerce Platform) — if applicable

• Data Shared: Full name, email address, billing address, shipping address, phone number, order details, purchase history, payment information (processed via secure payment gateway)
• Purpose: Processing orders, fulfilling shipments, managing inventory, processing payments, and providing customer service
• Location: United States
• Legal Basis: Contractual necessity (to process and fulfill your order)
• Your Control: Order and account data can be accessed, updated, or deleted by contacting our support team

Google Analytics

• Data Shared: Anonymized IP addresses, pages visited, time on site, device information, referral source
• Purpose: Website and app analytics, user behavior analysis, and service improvement
• Location: United States
• Legal Basis: Legitimate interests / Consent
• Your Control: You may opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on

12.4 Data Retention Periods

Data Type	Retention Period	Basis for Retention
Push notification tokens and device IDs	Until app uninstall, user opt-out of notifications, or 12 months of inactivity	Necessary for push notification delivery; managed by OneSignal
App analytics data (Firebase)	Up to 26 months for individual data; aggregated data retained indefinitely	Legitimate business interest in understanding app usage patterns
Crash logs and error diagnostics	30 days (then automatically deleted)	Necessary to diagnose and fix app issues
E-Commerce order data	5 years from order completion	Dominican tax law requirements (DGII compliance); necessary for dispute resolution
Account information	Duration of account + 1 year after deletion request	Contractual necessity while account is active; legal hold thereafter
Website analytics data	Up to 26 months	Google Analytics default retention policy

12.5 User Rights & Data Control

You have the following rights regarding your personal data:

Right to Access: You may request a copy of the personal data we hold about you in the app or on our website. Submit requests to [email protected] with the subject line “Right of Access Request – Mobile App.”

Right to Delete: You may request deletion of your account and associated personal data. For WooCommerce orders, deletion is subject to a 5-year legal retention requirement. Submit deletion requests to [email protected] with the subject line “Right to Erasure Request – Mobile App.”

Right to Opt-Out of Push Notifications: You may disable push notifications in app settings at any time. This will prevent OneSignal from receiving your device ID for future notifications.

Right to Limit Analytics: You may disable non-essential analytics in app settings, though some analytics data is necessary for app functionality.

Right to Data Portability: You may request your personal data in a structured, machine-readable format (CSV or JSON) by contacting [email protected] with the subject line “Right to Data Portability Request.”

Right to Withdraw Consent: If we process your data based on your consent (such as for non-essential analytics or marketing), you may withdraw consent at any time at [email protected]. Withdrawal does not affect the lawfulness of processing before withdrawal.

12.6 Security Practices & Data Breach Response

Security Measures in Place:

• SSL/TLS encryption for all data in transit
• Industry-standard encryption for data at rest
• Multi-factor authentication for administrative access
• Regular security audits and vulnerability assessments
• Restricted access to personal data on a need-to-know basis
• Data Processing Agreements (DPAs) in place with all third-party processors

Data Breach Notification:

In the event of a data breach affecting the security of personal data in our mobile applications, we will:

• Notify affected users without undue delay and no later than 30 days from discovery of the breach
• Provide details of the affected data and recommended protective measures
• Report the breach to relevant regulatory authorities as required by law
• Cooperate with law enforcement investigations

Questions or Concerns:

For any privacy or security concerns regarding our mobile applications, please contact us at:

• Email: [email protected]
• Telephone: +1 (829) 273-0683
• Address: Calle Restauración 249, Santo Domingo, Dominican Republic

12.7 ANDROID APP DATA SAFETY DISCLOSURE

This subsection provides detailed information about data collection, processing, and user controls specific to the GrupoGard Android application, in compliance with Google Play’s Data Safety requirements.

12.7.1 Android-Specific Data Collection

The GrupoGard Android application collects the following data categories for the purposes listed below:

Push Notification IDs and Device Tokens

• Data collected: Device tokens, push notification identifiers, unique device IDs, and OneSignal installation identifiers
• Purpose: Delivering push notifications, managing device subscriptions, and tracking notification delivery status
• Third-party processor: OneSignal (United States)
• Retention period: Until app uninstall or 12 months of inactivity
• Legal basis: User consent (collected at app first launch)
• Data processing agreement: https://onesignal.com/dpa

Purchase and E-Commerce Information

• Data collected: Full name, email address, billing address, shipping address, phone number, order history, purchase details, and payment reference numbers
• Purpose: Processing orders, fulfilling purchases, managing returns, and facilitating customer service
• Third-party processor: WooCommerce/Automattic (United States)
• Retention period: 5 years (required by Dominican Republic tax law – DGII regulations)
• Legal basis: Contractual necessity (customer order requests)
• Data processing agreement: Available upon request; see Section 16

App Analytics and Performance Data

• Data collected: App usage statistics, feature interaction logs, crash reports, performance metrics, device model, operating system version, app version, and anonymized user behavior patterns
• Purpose: Improving app performance, identifying bugs, understanding user behavior, and optimizing user experience
• Third-party processor: Google Firebase (United States) — including Firebase Analytics, Firebase Crashlytics, Firebase Realtime Database, and Firebase Cloud Storage
• Retention period: 90 days for raw analytics events; 26 months for aggregated metrics
• Legal basis: Legitimate interest (app improvement and security)
• Data processing agreement: https://firebase.google.com/support/privacy

12.7.2 Data NOT Collected by the Android Application

The following data is NOT collected by our Android app without explicit user action and permission:

• Location data (unless user explicitly enables location services in app settings)
• Camera or microphone access (unless user grants permission in app settings)
• Contact list data
• Calendar data
• Photos or media library access
• Health or fitness data
• Financial or payment card data (payment processors handle this separately)

12.7.3 Android User Controls & Data Management

Users of the GrupoGard Android application have the following controls over their data:

Disable Push Notifications:

• Navigate to Settings > Notifications > GrupoGard
• Toggle off “GrupoGard Notifications” to prevent OneSignal from tracking your device
• You will no longer receive push notifications, and your device ID will not be shared with OneSignal for future notifications

Delete Your Account and Associated Data:

• Navigate to Account Settings > Delete Account within the app
• Data deletion is processed within 30 days
• Order data (if applicable) is retained for 5 years per Dominican Republic tax law

Uninstall the Application:

• Uninstalling the app removes all locally stored app data from your device
• Server-side data retention follows the periods specified in Section 12.4

Request Data Export or Deletion:

• Contact [email protected] with the subject line “Android Data Access Request” or “Android Data Deletion Request”
• Include your account email or user ID in your request
• Requests will be processed within 30 days in compliance with GDPR Article 12

Manage Analytics Sharing:

• Navigate to Settings > Privacy & Analytics in the app
• Disable non-essential analytics data collection (note: some analytics data is necessary for app functionality)

12.7.4 Third-Party Data Processors for Android App

The following third parties process personal data collected by the GrupoGard Android application:

Service Provider	Data Processed	Location	Purpose	Legal Basis
OneSignal	Device IDs, push tokens, email, notification interactions	United States	Push notification delivery and management	Consent / Contractual necessity
Google Firebase	Usage analytics, crash logs, performance metrics, device info	United States	App analytics, performance monitoring, bug identification	Legitimate interests / Consent
WooCommerce/Automattic	Order data, account info, billing/shipping addresses, payment references	United States	E-commerce order processing and fulfillment	Contractual necessity
Google Analytics	Anonymized usage data, device type, app version, session info	United States	App usage analysis and optimization	Legitimate interests / Consent

12.7.5 Android Data Security & Encryption

Encryption in Transit:

• All data transmitted from your Android device to GARD servers is encrypted using TLS 1.2 or higher
• Push notification data is encrypted during transmission via OneSignal’s secure servers
• Payment and e-commerce data is processed through PCI-compliant secure payment gateways

Encryption at Rest:

• Sensitive personal data stored on GARD servers is encrypted using AES-256 encryption or equivalent
• Database access is restricted to authorized personnel only

Local Device Security:

• App data stored locally on your Android device benefits from Android OS security features (sandbox isolation, permission system)
• Users can clear app data at any time through Android Settings > Apps > GrupoGard > Storage > Clear Data

12.7.6 Changes to Android Data Safety Disclosure

We may update this Android Data Safety Disclosure as our app features evolve or in response to new regulations or platform requirements. Material changes will be notified via:

• In-app notification (for all active users)
• Email notification (for registered users with email on file) at least 14 days before changes take effect
• Updates to this policy posted on our website

Your continued use of the GrupoGard Android application following notification of material changes constitutes your acceptance of the updated disclosure.

12.7.7 Android Data Subject Rights & Complaints

Your Rights as an Android App User:

• Right to Access: Request a copy of all personal data collected via the Android app by emailing [email protected] with “Android Data Access Request”
• Right to Deletion: Request deletion of your Android app account and associated data (subject to 5-year e-commerce data retention); contact [email protected]
• Right to Data Portability: Request your data in a structured, machine-readable format (CSV or JSON) by contacting [email protected] with “Android Data Portability Request”
• Right to Withdraw Consent: Withdraw consent for analytics, push notifications, or marketing communications at any time in app settings or by contacting [email protected]
• Right to Lodge a Complaint: If you believe we are not complying with Google Play Data Safety requirements or applicable privacy laws, you may file a complaint with your local data protection authority or contact Google Play Support

Google Play Data Safety Complaints:

If you have concerns about our Android app’s compliance with Google Play Data Safety policies, you may report the app directly through Google Play by:

1. Opening the GrupoGard app in Google Play Store
2. Tapping the menu icon (three vertical dots) at the top right
3. Selecting “Report” or “Flag as Inappropriate”
4. Choosing the appropriate concern category

12.7.8 Android App Privacy Contact Information

For Android app-specific privacy questions, data requests, or concerns, please contact:

• Email: [email protected]
• Subject Line: “Android App Privacy Inquiry” or “Android App Data Request”
• Response Time: Within 15 business days
• Support Contact: [email protected] | Telephone: +1 (829) 273-0683
• Address: Calle Restauración 249, Santo Domingo, Dominican Republic

13. DATA BREACH NOTIFICATION

13.1 Notification Procedures

In the event of a personal data breach (unauthorized access, loss, alteration, or destruction of data), GARD will:

1. Assess Risk: Determine whether the breach poses a risk to your rights and freedoms.
2. Internal Notification: Notify affected individuals without undue delay (typically within 3 business days).
3. Government Notification: Notify the Dominican data protection authority if required by law.
4. Content of Notice: The breach notification will include:
   • Description of the breach.
   • Likely consequences for affected individuals.
   • Measures taken or proposed to address the breach and mitigate harm.
   • Contact information for further details
   • Recommendations for protecting yourself.

13.2 Notification Methods

Breach notifications will be sent via:

• Email to your last known email address.
• Registered mail to your postal address (if email is unavailable).
• Prominent notice on our website.

13.3 Exceptions to Notification

We may not notify you if:

• The breach involves encrypted or anonymized data that cannot be decrypted or de-anonymized.
• We have implemented appropriate technical measures that render data unreadable.
• Risk assessment shows the breach poses no risk to your rights and freedoms.

14. THIRD-PARTY LINKS AND EXTERNAL SERVICES

14.1 Third-Party Websites

Our Services may contain links to third-party websites, applications, and services. GARD is not responsible for the privacy practices, security measures, or content of third-party sites. When you click a link to a third-party site:

• You are leaving GARD’s Services.
• The third party’s privacy policy applies, not ours.
• Any data you provide to the third party is governed by their policies.
• We recommend reviewing their privacy policies before providing data.

14.2 Embedded Content and Framing

Some content on our Services may be supplied by third parties (e.g., embedded videos, widgets, framed content). We do not control:

• Information collection practices of third-party content providers.
• How third parties use data they collect.
• The accuracy or legality of third-party content.

Contact Third Parties Directly: For privacy inquiries about third-party content, contact the third-party provider directly.

14.3 Social Media Integration

If we offer social media integration (e.g., login with Facebook/Google, share buttons), third-party platforms may collect data about your use of our Services. We are not responsible for their practices. Review their privacy policies directly.

15. MARKETING COMMUNICATIONS AND PREFERENCES

15.1 Email Marketing

We may send you marketing communications (promotional offers, newsletters, service updates) based on your consent. You will never receive marketing emails from us without your explicit opt-in consent.

15.2 Opting In to Marketing

How to Subscribe:

• During registration, opt-in to specific email lists or marketing categories
• Request to be added by emailing [email protected] with “Subscribe to Marketing” in the subject line.

What You Will Receive:

• Promotional emails about products, services, or events.
• Newsletters with industry updates and insights.
• Invitations to webinars, events, or surveys.
• Product announcements and special offers.

15.3 Managing Your Preferences

You have complete control over which marketing communications you receive. How to Manage Preferences:

1. Unsubscribe Link: Every marketing email includes an “unsubscribe” link at the bottom. Click it to opt out.
2. Preference Center: Access your preference center at https://grupogard.com/cookies to select which types of communications you want.
3. Email Us: Contact [email protected] with “Update Marketing Preferences” in subject line, specifying which communications you want or don’t want.
4. Opt Out Completely: Request complete removal from all marketing lists.

Response Time: We will process preference changes within 5 to 10 business days (though removal from ongoing campaigns may take up to 5 business days).

15.4 Transactional Communications

Even if you opt out of marketing, we will still send you transactional communications, such as:

• Account confirmation and password resets.
• Order confirmations and shipping updates.
• Service announcements and security alerts.
• Responses to your inquiries.

These are not marketing; they are necessary to maintain your account and our relationship.

16. CONTACT US AND EXERCISE YOUR RIGHTS

16.1 Primary Contact Method

For all privacy-related inquiries, requests, and to exercise your rights, please contact: Email: [email protected] Telephone: +1 (829) 273-0683 Mailing Address: Productora GA RD SRL Calle Restauración 249, Santo Domingo, Dominican Republic.

16.2 Types of Requests We Accept

• Privacy Inquiries: Questions about this policy or our data practices.
• Right of Access: Request copies of your personal data.
• Rectification: Correct inaccurate data.
• Erasure: Request deletion of your data.
• Restrict Processing: Limit how we use your data.
• Data Portability: Receive your data in portable format.
• Objections: Object to processing on legitimate interest basis.
• Consent Withdrawal: Withdraw consent for marketing, cookies, etc.
• Complaint: Report a concern or violation.

16.3 Request Procedures

To submit a request:

1. Email: Send a request to [email protected] with:
   • “[Type of Request]” in the subject line (e.g., “Right of Access Request”).
   • Your full name
   • Email address and/or telephone number.
   • Sufficient detail to identify your data (account number, dates, etc.).
   • Specific request and supporting explanation.
   • Your signature (digital signature acceptable).
2. Mailing Address: Send a written request to the mailing address above with the same information.
3. In Person: Visit our offices during business hours to submit a request in person.

16.4 Verification

To protect your privacy, we may request additional information to verify your identity before processing your request. This may include:

• Government-issued ID.
• Confirmation of personal details.
• Proof of residence.

16.5 Response Time and Fees

16.6 Denial of Requests

If we deny a request, we will explain:

• Reasons for denial.
• Your right to lodge a complaint with the data protection authority.
• Information about the appeal process (if any).

17. CHILDREN’S PRIVACY

17.1 Age Restrictions

Our Services are not intended for children under 13 years of age. We do not knowingly collect personal data from children under 13 without verifiable parental consent.

17.2 Parental Consent for Ages 13-18

For individuals between 13 and 18 years of age, we require verifiable consent from a parent or legal guardian before processing personal data. Process for Obtaining Parental Consent:

• We will request email from the parent/guardian.
• Parent/guardian will receive a verification email with consent details.
• Parent/guardian must confirm consent before the child’s account is activated.
• Parents/guardians may withdraw consent at any time.

17.3 Data Involving Minors

Personal data involving minors will be:

• Processed with greater care and security.
• Not sold or disclosed to third parties for marketing.
• Used only for the stated purposes.
• Deleted upon request from the parent/guardian.

17.4 Parental Rights

A parent or legal guardian of a minor may:

• Request access to the minor’s personal data.
• Correct inaccurate information.
• Request deletion.
• Withdraw consent.
• Opt the minor out of all non-essential processing.

Contact: Email [email protected] with “Parental Request” in the subject line, including proof of guardianship and the minor’s name.

17.5 Discovery of Unauthorized Child Data

If we discover we are processing personal data from a child under 13 without proper parental consent, we will:

• Delete the data immediately.
• Notify the parent/guardian if we can identify them.
• Not use the data for any purpose.

18. SPECIAL PROVISIONS FOR DIFFERENT JURISDICTIONS

18.1 Dominican Republic

This Privacy Policy is primarily designed to comply with the Dominican Personal Data Protection Law (Law No. 172-13). Residents of the Dominican Republic have all rights outlined in this policy and Section 10.

18.2 European Union (GDPR)

If you are an EU resident, your personal data is processed in accordance with the GDPR. You have additional rights and protections, including:

• Right to lodge a complaint with your national data protection authority.
• All rights listed in Section 10 apply with full GDPR protections.
• We will not transfer your data outside the EEA without appropriate safeguards.

18.3 Other Jurisdictions

For residents of other countries with data protection laws (e.g., California’s CCPA, Canada’s PIPEDA, Brazil’s LGPD):

• Your local data protection laws apply in addition to this policy.
• You have rights under your local laws in addition to those described here.
• For jurisdiction-specific rights and requests, contact [email protected].

19. AUTOMATED DECISION-MAKING AND PROFILING

19.1 Current Practices

GARD does not currently use fully automated decision-making or profiling to make decisions that significantly affect you, such as:

• Automatic job hiring or rejection.
• Automatic loan/credit decisions.
• Automatic benefit determinations.
• Other decisions with significant legal or practical effect.

19.2 Future Use

If GARD introduces automated decision-making in the future, we will:

• Update this policy with clear disclosure.
• Provide you with advance notice.
• Explain the logic, significance, and consequences of the automation.
• Offer you the right to human review and decision-making.
• Allow you to contest automated decisions.
• Implement safeguards to prevent discrimination.

19.3 Right to Object

If we do use automated decision-making, you have the right to:

• Request explanation of the automated decision.
• Obtain human review by GARD personnel.
• Provide input or challenge the decision.

20. DATA PROTECTION IMPACT ASSESSMENTS

20.1 Commitment to Impact Assessments

GARD conducts Data Protection Impact Assessments (DPIAs) for high-risk processing activities, including:

• Large-scale collection of personal data.
• Processing of sensitive data.
• Automated decision-making or profiling.
• New technologies or processing methods.
• Processing that may restrict individuals’ rights or freedoms.

20.2 Your Right to Know

You may request information about whether a DPIA has been conducted for processing that affects you. Contact [email protected] with “DPIA Inquiry” in the subject line.

20.3 Documentation

GARD maintains documentation of:

• Processing activities and purposes.
• Data flows and recipients.
• Security measures and safeguards.
• Risk assessments and mitigation strategies.
• Lawful basis for each processing activity.

This documentation is available upon request by data protection authorities.

21. COOKIES AND PREFERENCE MANAGEMENT

21.1 Detailed Cookie Information

Essential Cookies (No Consent Required):

• Session cookies that maintain your login.
• Security cookies that detect suspicious activity.
• Preference cookies that remember your language and settings.
• Load-balancing cookies that optimize site performance.

Analytics Cookies (Consent Required):

• Google Analytics: Measures site traffic, user behavior, conversion rates.
• Facebook Pixel, Google Ads, and LinkedIn Insight Tag: These tools are used to track user interactions and engagement with advertisements to measure marketing effectiveness and deliver targeted content.
• Duration: Up to 2 years
• Data: Pages visited, time on page, geographic location, device type, browser

Marketing Cookies (Consent Required):

• Retargeting pixels: Show you relevant ads after you leave our site.
• Facebook Pixel, Google Ads, etc.: Track conversions and user journeys.
• Duration: Up to 2 years
• Data: Products viewed, pages visited, time on site.

21.2 Managing Your Cookie Preferences

At Any Time, You Can:

1. Visit our Cookie Preferences page at https://grupogard.com/cookies.
2. Click “Manage Cookies” in the footer of our website.
3. Email [email protected] with “Cookie Preferences Change” in subject line.
4. Adjust settings in your browser to reject cookies (note: this may limit site functionality).

Browser-Level Controls:

• Chrome: Settings > Privacy and Security > Cookies and other site data.
• Firefox: Preferences > Privacy & Security > Cookies and Site Data.
• Safari: Preferences > Privacy > Cookies and website data.
• Edge: Settings > Privacy > Cookies and other site data.

21.3 Do Not Track Signals

Some browsers allow you to send a “Do Not Track” signal. GARD honors Do Not Track signals by disabling non-essential tracking cookies if you have Do Not Track enabled in your browser.

22. LEGITIMATE INTERESTS ASSESSMENT

22.1 Processing Based on Legitimate Interests

Where we process personal data based on legitimate interests (as stated in Section 4.4), we have balanced our interests against your privacy rights and conducted impact assessments.

22.2 Our Legitimate Interests Include:

22.3 Balancing Test

For each legitimate interest, we have assessed:

• Necessity: Is processing necessary to achieve the interest?
• Proportionality: Is the processing proportional to the interest?
• Your Expectations: Would you reasonably expect this processing?
• Your Interests: Do your privacy interests override our interests?
• Safeguards: What safeguards protect your rights?

You may request documentation of this balancing test by contacting [email protected].

23. POLICY UPDATES AND AMENDMENTS

23.1 Right to Update This Policy

GARD reserves the right to modify this Privacy Policy at any time to reflect:

• Changes in our data practices.
• Changes in applicable law.
• Improvements to our privacy protections.
• Feedback from users and regulators.

23.2 Notification of Changes

We will notify you of material changes by:

1. Email Notification: Sending an email to your registered email address (at least 30 days before changes take effect).
2. Website Notice: Displaying a prominent notice on our website homepage.
3. In-Service Notice: Displaying a notice when you log into your account.
4. Effective Date: Stating the new effective date clearly.

What Constitutes “Material Change”:

• Changes to the types of data we collect.
• Changes to how we use your data.
• Changes to recipients of your data.
• Reduction in your privacy rights.
• Changes to contact information or complaint procedures.

Minor Changes (clarifications, corrections, non-substantive updates) may be made without 30-day notice.

23.3 Your Consent to Changes

By continuing to use our Services after we notify you of material changes, you consent to the updated policy. If you do not agree with changes, you have the right to:

• Withdraw consent.
• Request deletion of your data (subject to legal retention obligations).
• Stop using our Services.
• Object to specific processing activities.

23.4 Version History

24. ACCOUNTABILITY AND GOVERNANCE

24.1 Data Protection Compliance Program

GARD has implemented a comprehensive data protection compliance program including: Governance:

• Data Protection Officer oversight (if required).
• Privacy committee reviewing policies and practices.
• Regular compliance audits and assessments.
• Incident response and breach notification procedures.

Training & Awareness:

• Annual data protection training for all personnel.
• Role-specific training for those handling personal data.
• Awareness campaigns about privacy best practices.

Documentation:

• Records of all processing activities.
• Data Processing Agreements with service providers.
• Policies and procedures for data handling.
• Incident logs and corrective action records.

24.2 Regulatory Cooperation

GARD cooperates fully with:

• Dominican data protection authority (Defensor del Pueblo de la República Dominicana (Ombudsman of the Dominican Republic)).
• Other regulatory and law enforcement authorities.
• Data subjects in exercising their rights.

24.3 Breach Management

GARD maintains:

• Incident Response Team: Trained personnel to respond to breaches.
• Documentation: Records of all incidents and responses.
• Notification Procedures: Protocols for timely notification to affected individuals and authorities.
• Remediation: Steps taken to prevent recurrence.

25. THIRD-PARTY DATA PROCESSORS AND CONTROLLERS

25.1 Data Processor Relationships

When GARD engages service providers to process personal data on our behalf, we ensure: Contractual Requirements:

• Written Data Processing Agreement (DPA) with each processor.
• Clear description of processing scope, purposes, and duration.
• Explicit authorization limits (processors cannot use data for their own purposes).
• Confidentiality obligations.
• Security standards matching GARD’s commitments.
• Sub-processor notification and approval procedures.
• Audit and inspection rights.
• Data subject rights assistance (processors must help you exercise your rights).
• Deletion or return of data upon termination.

Processor Category	Primary Entity	Country/Jurisdiction
Website Analytics	Google Analytics	United States
Digital Logistics & Trade Facilitation	The Solomon Brokerage Firm	Estonia
Infrastructure Digital Transformation	Latin American Center for Digital Transformation (CLTD)	Mexico, Estonia, El Salvador
Waste-to-Energy Project Coordination	China Tianying Inc. (CNTY)	China
Utility-Scale Energy Structuring	Power Construction Corporation of China (PowerChina)	China
Solar Technology Implementation	LONGi Green Energy Technology	China
Water Treatment Systems Engineering	G3SIS Water Division	Latin America / International
Digital Payment & Waste Logistics	COOPRESOL	Dominican Republic
Web Development & Digital Hosting	QBRI.Digital	Estonia

25.2 Joint Controllers

In some cases, GARD may be a joint controller with another entity (both entities determine purposes and means of processing). In such cases:

• A Joint Controller Agreement will be in place.
• You will be notified of joint control.
• Contact information for both controllers will be provided.
• Each controller is responsible for complying with your rights requests.

25.3 Sub-Processors

Some of our processors may engage their own sub-processors. You have the right to:

• Know who sub-processors are.
• Object to engagement of new sub-processors.
• Request a list of current sub-processors.

How to Request: Contact [email protected] with “Sub-Processor Inquiry” in subject line.

26. COMPLAINT AND DISPUTE RESOLUTION

26.1 Internal Complaint Process

If you have a privacy concern or believe your rights have been violated: Step 1: Contact Us

• Email: [email protected] with “Privacy Complaint” in subject line.
• Include: Your name, description of the issue, what you’re requesting as resolution, and any supporting documentation.
• Timeline: You will receive acknowledgment within 5 business days.

Step 2: Investigation

• GARD will investigate your complaint thoroughly.
• You may be contacted for additional information.
• Investigation will be completed within 30 days (may be extended for complex issues).

Step 3: Response

• We will provide a written response explaining:
  • Our findings.
  • Whether we found a violation.
  • Corrective actions taken or proposed.
  • Your right to escalate to the data protection authority.

Step 4: Appeal

• If you’re unsatisfied with our response, you may request escalation to our Data Protection Officer or management.
• Additional review will be conducted within 15 business days.

26.2 Regulatory Complaint Process

Escalation to National Authorities:

• General Personal Data: Complaints regarding general data processing violations should be directed to the Defensor del Pueblo.
• Financial & Credit Data: Complaints specifically regarding credit bureau (SIC) data or financial sector infringements should be directed to the Superintendencia de Bancos de la República Dominicana via their ProUsuario platform.

Dominican Authority: Defensor del Pueblo de la República Dominicana (Ombudsman of the Dominican Republic). Address: Av. Tiradentes esquina Av. 27 de Febrero, Plaza Merengue, Santo Domingo de Guzmán, Distrito Nacional, República Dominicana Website: https://www.defensordelpueblo.gob.do Email: [email protected] Telephone: +1 (809) 381-4777 Other Authorities:

• EU Residents: Your national data protection authority (find it at edpb.eu).
• Canadian Residents: Office of the Privacy Commissioner of Canada (priv.gc.ca).
• Other Jurisdictions: Your country’s data protection or privacy commissioner.

26.3 Dispute Resolution

• Mediation: Conducted in Santo Domingo, Dominican Republic, through neutral mediators such as those appointed by the Dominican Chamber of Commerce.
• Arbitration: Binding arbitration administered by the American Chamber of Commerce of the Dominican Republic (AMCHAM), the International Chamber of Commerce (ICC), or under UNCITRAL Rules.

26.4 No Retaliation

GARD will not retaliate or discriminate against you for:

• Exercising your privacy rights.
• Lodging a complaint with a regulatory authority.
• Objecting to processing.
• Withdrawing consent.

27. CONTACT INFORMATION FOR REGULATORY AUTHORITIES

27.1 Dominican Republic

In accordance with Law No. 172-13 on the Protection of Personal Data, the Dominican Republic does not currently have a centralized, independent data protection supervisory authority. Users are advised that the primary body responsible for protecting fundamental rights, including the right to personal data protection, is the Ombudsman (Defensor del Pueblo). Dominican Authority: Defensor del Pueblo de la República Dominicana (Ombudsman of the Dominican Republic). Address: Av. Tiradentes esquina Av. 27 de Febrero, Plaza Merengue, Santo Domingo de Guzmán, Distrito Nacional, República Dominicana Website: https://www.defensordelpueblo.gob.do Email: [email protected] Telephone: +1 (809) 381-4777 Complaint Process:

• Complaints may be filed in writing or electronically.
• Provide your name, contact information, description of violation, and supporting evidence.
• Authority will investigate and provide written response within specified timeframe.

27.2 Other Regulatory Bodies

If you are subject to multiple jurisdictions, data protection authorities include:

28. DEFINITIONS

For clarity, the following terms have these meanings in this Privacy Policy:

29. MISCELLANEOUS PROVISIONS

29.1 Entire Agreement

This Privacy Policy, together with our Terms of Service and other posted policies, constitutes the entire agreement between you and GARD regarding the processing of your personal data. This policy supersedes all prior privacy statements or policies.

29.2 Severability

If any provision of this Privacy Policy is found to be invalid or unenforceable under applicable law, that provision will be severed and the remainder of the policy will continue in full force and effect.

29.3 Governing Law

This Privacy Policy is governed by the laws of the Dominican Republic, without regard to conflicts of law principles. However, to the extent you are subject to GDPR or other jurisdiction-specific data protection laws, those laws will apply to the extent they conflict with Dominican law.

29.4 Jurisdiction and Venue

For disputes arising under this Privacy Policy:

• Jurisdiction: Courts of the Dominican Republic.
• Venue: Santo Domingo, Distrito Nacional.
• Exception: You retain the right to lodge complaints with data protection authorities in any jurisdiction where you have rights under local law.

29.5 No Waiver

GARD’s failure to enforce any provision of this Privacy Policy does not constitute a waiver of that provision or any other provision.

29.6 Interpretation

• Headings are for convenience only and do not affect interpretation.
• Use of “including” means “including without limitation”.
• “Or” is not exclusive
• Singular and plural forms are interchangeable.

29.7 Language

In accordance with Section 13.4.4 of our Terms & Conditions, please be advised that while this policy is provided in English for your convenience, any formal legal proceedings or regulatory filings within the Dominican Republic will be conducted in Spanish.

30. ACKNOWLEDGMENT AND CONSENT

30.1 Your Acknowledgment

By using GARD’s Services, you acknowledge that you have:

• Read this entire Privacy Policy.
• Understood how we collect, process, and protect your personal data.
• Understood your rights and how to exercise them.
• Agreed to the collection and processing of your personal data as described herein.
• Consented to the storage of your information in our systems.

30.2 Withdrawal of Consent

You may withdraw this consent at any time by:

• Contacting us at [email protected] with “Consent Withdrawal” in the subject line.
• Specifying which processing activities you withdraw consent from.
• Requesting deletion of your data (subject to legal retention obligations).

Withdrawal does not affect the lawfulness of processing before withdrawal.

30.3 No Obligation to Provide Data

You are not obligated to provide personal data to GARD. However:

• Certain data may be necessary to use our Services.
• If required data is not provided, we may be unable to fulfill your requests or provide services.
• Optional data will be clearly marked as such.

31. FINAL PROVISIONS

31.1 Contact Us for Any Questions

If you have any questions, comments, or concerns about this Privacy Policy or our privacy practices, please contact us:
Email: [email protected]
Telephone: +1 (829) 273-0683
Mailing Address: Productora GA RD SRL Calle Restauración 249, Santo Domingo, Dominican Republic.
Website: https://grupogard.com We welcome your feedback and are committed to addressing your concerns promptly.

31.2 Effective Date and Updates

Effective Date: January 1, 2018. (This policy replaces all prior privacy policies)
Last Updated: April 10, 2026
Next Review Date: January 1, 2027. (We review this policy annually.)