Privacy Policy

I. Identification, Scope, and Compliance Framework

At Edge Tec S.A.C. (hereinafter, “Musa”), identified with Tax ID (RUC) No. 20608615017 and domiciled at Av. Brasil 4158, Int. 1703, Magdalena del Mar, Lima – Peru, we are committed to complying with the applicable personal data protection legislation in each jurisdiction where we operate.
This Policy establishes the general conditions governing the processing of your personal data.

A. Institutional Responsibility and Governance

Musa has appointed a Data Protection Officer (DPO) or its equivalent role (Privacy Officer), who is responsible for overseeing regulatory compliance. This DPO serves as the official point of contact between Musa, the supervisory authority, and data subjects.

For any inquiries regarding the processing of your data, you may contact the DPO at the following address:
DPO Contact: soporte@musa.la

II. Processing and Purposes of Personal Data (Musa as Processor)

Musa primarily operates as a Data Processor. This means that Musa processes information strictly in accordance with the instructions provided by the organizations that contract our services (the Data Controllers).

A. Essential Data and Primary Purposes

Musa processes a set of personal data from its users (students) that are necessary to design academic course content, manage access to the platform, prepare surveys, design dashboards to track user (student) progress, and generate reports for the organizations that contract our services.

Data Categories: These include, but are not limited to, phone number, name, nickname (for platform access), and country of residence. Additional data that may be processed, depending on the instructions of the Data Controller, include email address, role within the organization, work area, age, gender, household position, among others.

Data Source: These personal data are received directly from the contracting organizations and/or from users (students), primarily via WhatsApp.

In its capacity as Data Processor, Musa guarantees that it will process personal data in compliance with all applicable organizational, legal, and technical security and confidentiality obligations, in accordance with regulatory standards and the security and data retention instructions provided by the organizations that are the legal Controllers of the personal data.

B. Data for Additional Purposes (Secondary Purposes)

If authorized by the user, Musa may also use personal data for purposes such as profile analysis, statistical analysis, brand and/or service promotion of Musa, as well as the preparation of industry and profile-based reports.

Anonymization: Although such reports may be shared with third parties, the identity of users will never be disclosed, and all conclusions will be anonymized.

Database: Personal data processed for these purposes will be incorporated into the Users’ Personal Data Database owned by Musa.

C. Legal Basis and Consent

Musa respects the importance of obtaining free and informed consent. Musa understands that authorization is obtained from adults or, in the case of minors, through the consent of their parents or legal guardians. Specific minimum age requirements for consent are detailed in the Jurisdictional Annex.

III. Security, Retention, and Incident Management

A. Security Measures and Technical Commitment

Musa is committed to ensuring security and confidentiality by implementing rigorous technical and organizational measures, including but not limited to:

  • Data Encryption: Implementation of robust security standards, such as encryption of stored data.

  • Access Control: Multi-Factor Authentication (MFA) is implemented across all systems that handle personal data to ensure access is limited to authorized personnel only.

  • Monitoring: Musa maintains active system monitoring to detect and respond to potential security vulnerabilities.

B. Data Retention and Deletion Periods

Data retention will be governed by a specific retention period determined by the purpose of processing or by the instructions of the Data Controller. Personal data will be retained only for as long as strictly necessary to fulfill the purposes for which they were collected or until consent is revoked.

C. Mandatory Incident Notification

In the event of a security breach affecting the confidentiality or security of personal data (data breach), Musa commits to immediate mandatory notification in accordance with applicable regulations:

  • Immediate notification to the competent supervisory authority in the affected jurisdiction.

  • Immediate notification to the affected data subjects.

IV. International Data Transfers and Third-Party Relationships

A. International Transfers and Legal Mechanisms

For the storage of personal data, Musa uses Microsoft Azure services, a cloud hosting provider domiciled in the United States of America.

Musa guarantees that all international data transfers are carried out under a legal framework that ensures an adequate level of data protection. The legality of such transfers is supported by the implementation of internationally recognized certification mechanisms or contractual safeguards, such as Standard Contractual Clauses or Binding Corporate Rules, ensuring that the destination country provides a level of protection equal to or higher than that required by the user’s local legislation.

B. Data Processing Agreements (DPA)

Musa declares that it requires a Data Processing Agreement (DPA) or its contractual equivalent from all suppliers and subcontractors who have access to personal data. This agreement ensures that such third parties comply with the same security and confidentiality standards required by applicable legislation.

V. Data Subject Rights (ARCO Rights and Withdrawal of Consent)

Musa guarantees the free exercise of your rights of access, rectification, cancellation, opposition, and revocation (ARCO rights) at any time you deem appropriate.

A. Procedure for Exercising Rights

To exercise your rights, you must send a communication to the DPO or to the following email address:
contacto@musa.la

Identity Verification: Musa will implement a clear protocol that includes verification of the requester’s identity before processing any request, such as data deletion or cancellation, ensuring the authenticity of the request.

Complaints: If you believe that your rights have not been adequately addressed, you may submit a request or complaint to the competent supervisory authority in your country of residence.