Sulaco Data Security and Privacy Policy

1.Purpose

This policy defines Sulaco’s commitment to protecting all data collected, processed, or stored in the course of its business operations. It ensures that data is handled responsibly, securely, and transparently, respecting the rights of individuals and protecting company assets.

2.Scope

This policy applies to:

All Sulaco employees, contractors, and partners with access to company systems or data.

All data collected from customers, partners, vendors, and end users.

All IT systems, applications, and infrastructure owned or operated by Sulaco.

3.Guiding Principles

Sulaco adheres to the following principles in handling data:

Transparency – We clearly communicate what data we collect and how it is used.

Data Minimization – We collect only the data strictly necessary to improve our products and services.

Security by Design – All systems are designed with strong security safeguards from the outset.

Privacy by Default – No personal data is shared with third parties unless legally required.

Accountability – All staff are responsible for protecting data and ensuring compliance with this policy.

4.Data Collection and Usage

Sulaco collects technical and performance data strictly for the purpose of improving our products and services.

We do not track user location, movements, or behavioral profiles.

No personal data will be sold, rented, or disclosed to external parties.

Data is only shared with trusted service providers when absolutely necessary (e.g., hosting, analytics), and only under strict confidentiality and data protection agreements.

5.Data Security Measures

Sulaco employs industry-standard practices, including:

Encryption – All sensitive data is encrypted in transit (TLS 1.2+) and at rest (AES-256).

Access Control – Data access is restricted on a “least privilege” basis.

Authentication – Strong authentication methods (MFA where possible) are enforced.

Monitoring – Systems are regularly monitored for suspicious activity.

Backups – Encrypted backups are maintained and tested regularly.

Incident Response – A formal incident response plan is in place to address data breaches swiftly.

6.Data Retention and Deletion

Data is retained only as long as necessary to fulfill its purpose.

Upon request or once data is no longer needed, it is securely deleted or anonymized.

7.User Rights

In line with GDPR/CCPA principles, individuals have the right to:

Request a copy of the data we hold about them.

Request correction or deletion of their data.

Withdraw consent to data processing at any time.

Requests can be made via privacy@sulaco.cc.

8.Employee Responsibilities

Employees must follow this policy at all times.

Unauthorized access, sharing, or misuse of data is strictly prohibited and may result in disciplinary action. Employees receive regular training on data security and privacy best practices.

9.Compliance

This policy aligns with:

General Data Protection Regulation (GDPR)

California Consumer Privacy Act (CCPA)

ISO/IEC 27001 Information Security best practices

10.Policy Review

This policy is reviewed annually, or sooner if there are significant changes in applicable laws, technology, or Sulaco’s operations.