GDPR Policy
EFFECTIVE DATE: 13.11.2025
1. Introduction
This GDPR Policy explains how CORESOLTA SAS ensures the protection of personal data in compliance with the EU General Data Protection Regulation (GDPR 2016/679) and the Uruguayan Data Protection Law No. 18.331.
We are committed to safeguarding the privacy and rights of individuals whose data we process in the course of our business.
2. Data controller
The controller of personal data is:
CORESOLTA SAS
Av. 18 de Julio 1953, Apto. 603, 11210 Montevideo, Uruguay
info@coresolta.com
3. Principles of data processing
We adhere to the following principles established by GDPR (Art. 5) and Ley 18.331:
4. Rights of data subjects
Individuals have the following rights under GDPR and Ley 18.331:
5. Legal basis for processing
Personal data are processed on the following legal grounds:
6. Data transfers and processors
If data are transferred or stored outside Uruguay or the European Economic Area, CORESOLTA SAS ensures that such transfers comply with GDPR Articles 44-49, using adequacy decisions, standard contractual clauses, or equivalent safeguards.
7. Security measures
We implement organizational and technical measures to ensure the confidentiality, integrity, and availability of personal data, including encrypted storage, access control, and staff confidentiality obligations.
8. Supervisory authority
For Uruguay, the competent authority is the Unidad Reguladora y de Control de Datos Personales (URCDP).
For EU residents, complaints may also be addressed to their local Data Protection Authority (DPA).
9. Updates to this policy
CORESOLTA SAS may update this GDPR Policy periodically.
Last updated: November 2025.
This GDPR Policy explains how CORESOLTA SAS ensures the protection of personal data in compliance with the EU General Data Protection Regulation (GDPR 2016/679) and the Uruguayan Data Protection Law No. 18.331.
We are committed to safeguarding the privacy and rights of individuals whose data we process in the course of our business.
2. Data controller
The controller of personal data is:
CORESOLTA SAS
Av. 18 de Julio 1953, Apto. 603, 11210 Montevideo, Uruguay
info@coresolta.com
3. Principles of data processing
We adhere to the following principles established by GDPR (Art. 5) and Ley 18.331:
- Lawfulness, fairness, and transparency — data are processed legally and with clear information to the subject.
- Purpose limitation — data are collected only for specific, legitimate purposes.
- Data minimization — only data necessary for the stated purposes are processed.
- Accuracy — we keep data accurate and up-to-date.
- Storage limitation — data are retained only as long as needed.
- Integrity and confidentiality — data are protected against unauthorized access or loss.
- Accountability — CORESOLTA SAS can demonstrate compliance with these principles at any time.
4. Rights of data subjects
Individuals have the following rights under GDPR and Ley 18.331:
- Access: obtain confirmation of whether data are processed and receive a copy.
- Rectification: request correction of inaccurate data.
- Erasure (“right to be forgotten”): request deletion when data are no longer necessary or consent is withdrawn.
- Restriction of processing: limit processing in certain situations.
- Data portability: receive personal data in a structured format and transfer them to another controller.
- Objection: object to processing based on legitimate interest.
- Withdrawal of consent: withdraw previously granted consent at any time.
5. Legal basis for processing
Personal data are processed on the following legal grounds:
- the data subject’s consent;
- the performance of a contract or pre-contractual measures;
- the legitimate interests of CORESOLTA SAS or its partners;
- legal obligations under Uruguayan or international law.
6. Data transfers and processors
If data are transferred or stored outside Uruguay or the European Economic Area, CORESOLTA SAS ensures that such transfers comply with GDPR Articles 44-49, using adequacy decisions, standard contractual clauses, or equivalent safeguards.
7. Security measures
We implement organizational and technical measures to ensure the confidentiality, integrity, and availability of personal data, including encrypted storage, access control, and staff confidentiality obligations.
8. Supervisory authority
For Uruguay, the competent authority is the Unidad Reguladora y de Control de Datos Personales (URCDP).
For EU residents, complaints may also be addressed to their local Data Protection Authority (DPA).
9. Updates to this policy
CORESOLTA SAS may update this GDPR Policy periodically.
Last updated: November 2025.
