Privacy Policy

Introduction

At the World Spiritist Institute, we are committed to protecting the privacy and security of our users’ personal data. This policy describes how we collect, use, share, and protect personal information in compliance with applicable privacy laws, including the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR) for users in the European Union.

1. Information We Collect

We collect personal information that you provide directly to us, such as:

  1. Name, email address, and phone number.
  2. Payment and billing information.
  3. Registration information on our website or app.

We also automatically collect information through cookies and similar technologies, such as:

  1. IP address and device type.
  2. Browsing history and preferences.
2. Use of Information

We use personal information to:

Provide and improve our services.

  1. Process transactions and send confirmations.
  2. Personalize the user experience.
  3. Comply with legal and regulatory obligations.
3. Information Sharing

We do not sell or share your personal information with third parties, except in the following cases:

  1. With service providers who help us operate our business.
  2. When necessary to comply with the law or protect our rights.
  3. With your explicit consent.
4. User Rights

You have the right to:

  1. Access, correct, or delete your personal data.
  2. Withdraw your consent at any time.
  3. Object to the processing of your data.
  4. Request data portability.

To exercise these rights, contact us at +51 936 820 329 in Peru or (+1) 281 909 7570 in the United States, or use the contact form on our website.

5. Data Security

We implement technical and organizational security measures to protect your data from unauthorized access, loss, or alteration. We use encryption, firewalls, and regular security reviews.

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes described in this policy, unless a longer period is required by law.

7. Changes to the Policy

We reserve the right to update this policy at any time. We will notify you of significant changes through our website or by email.

8. Contact

If you have questions or concerns about this policy, please contact us at +51 936 820 329 in Peru or (+1) 281 909 7570 in the United States, or use the contact form on our website.

Appendix:

Additional Information for California Residents
Under the CCPA, California residents have additional rights, such as the right to request a list of the categories of personal information we have shared with third parties for business purposes. For more information, please visit our California Privacy page.

Appendix:

Additional Information for EU Users
For users in the European Union, we comply with the GDPR, ensuring that your data is treated fairly, transparently, and securely.

This document is an example and should be adapted to your company’s specific needs and comply with applicable local laws.

Additionally, the Personal Data Protection Policy for Peru is based on the new Regulation of the Personal Data Protection Law in Peru, approved by Supreme Decree No. 016-2024-JUS, which introduces several additional points to strengthen the protection of personal data. The main aspects are highlighted below:

1. Personal Data Officer (PDO)

The progressive obligation to appoint a Personal Data Officer within a period of four years is established. This position will be mandatory for entities that handle large volumes of data, sensitive data, or when their main activities involve the processing of this type of information.

2. Data Portability

The right to data portability is incorporated, allowing data subjects to request the transfer of their personal data to another controller or data bank owner, provided it is technically feasible and not excessively burdensome.

3. Notification of Security Incidents

Data bank owners or data controllers must notify the National Data Protection Authority (ANPD) within 48 hours of learning of a security incident. They must also inform those affected about the level of exposure of their data and the measures taken.

4. Codes of Conduct

The implementation of Codes of Conduct is encouraged as voluntary tools to strengthen regulatory compliance. These should include procedures to facilitate the exercise of rights, confidentiality mechanisms, and clauses for obtaining