The Universidad de Chile, hereinafter referred to as "the University", hereby informs all persons who access its web pages, hereinafter referred to as "the Users", of the information and personal data protection policy set out below, stating that by accessing any of its web pages, the User is deemed to be aware of and accepting the same.

Target

The purpose of this policy is to inform users of the treatment of information and personal data collected through the Universidad de Chile's platforms and computer systems.

Scope of Application

The users of the data collected when accessing the University's portals, such as academics, collaborators, students, suppliers, patients and, in general, anyone who submits personal data, as well as academics, collaborators and third parties who process such information.

Duties and obligations

In accordance with the provisions of Article 19.4 of the Political Constitution of the Republic and the provisions of Law 19.628 on the Protection of Privacy, in order to ensure the correct use of the information collected during visits to any of its portals, the University will adopt the necessary security measures to protect the confidentiality and integrity of the personal data of its holders, such as students, academics, collaborators, suppliers, patients and, in general, anyone who provides personal data to the University, guaranteeing their privacy.

Those responsible for any stage of the processing of personal data are obliged to maintain the confidentiality of the same. They will also be required to store and, where appropriate, manage the data with due care, obligations that will continue after their relationship with the University has ended.

The data provided by users will be managed and processed by University staff in accordance with Law No. 19,628 on the Protection of Personal Data and for the purposes authorised by law, avoiding their misuse, alteration or disclosure to third parties. Notwithstanding the foregoing, the University is not responsible for the use that third parties may make of the personal data provided by its owners in forums or public spaces.

In the event that the processing of the institution's database is carried out by a body or organisation external to the University, by means of a service contract, confidentiality and data processing clauses shall be included in the corresponding contracts, so that in no case may the data be used for a purpose other than that for which they were provided, guaranteeing adequate security standards, protecting the data against unauthorised processing, loss, filtering, damage or destruction, using the technical or organisational measures necessary for this purpose.

Data collection and storage

The personal data of the holders will be used for the purposes indicated in the respective platforms or computer systems and always within the limits of the competences and legal powers of the University, in accordance with the provisions of Article 20 of Law no. 19.628 on the protection of privacy. In each platform or computer system, information will be provided on the specific purposes for which the data is collected.

In cases where it is intended to carry out a treatment different from that indicated, an explicit record of the holder's consent must be left.

The personal data provided by the owners will be stored together with the other information collected in order to allow the operation and maintenance of the platforms or computer systems concerned. In no case will this data be used for other purposes without the prior express consent of the holder.

Use of information

Personal data collected through any platform or computer system will be kept only for the time necessary to provide the service or fulfil the purpose for which it was collected.

Personal data will not be disseminated through the institutional website, except for the information contained in the directory of academics, in the White Pages or as expressly authorised by the person concerned.

Information that does not personally identify the owners and/or visitors of the site may be used to inform government authorities if requested.

Use for statistical purposes

Data collected via the University's computer platforms or systems may be stored and processed for statistical purposes as long as it is not possible to identify the owners.

Communication of data to third parties

The University may communicate, assign, transfer, transmit or carry out any of the acts provided for in letter o) of Article 2° of Law no. 19,628 on the protection of privacy, as long as it concerns matters within its competence and subject to the rules established in the aforementioned Law no. 19,628. In such cases, the consent of the owner is not required. Notwithstanding the foregoing, the University may disclose the personal data it handles, as provided for by Law no. 19,628, in the following cases

1. Communication of personal data necessary for the provision of services to third parties, provided that the third party complies with the necessary data protection safeguards.
2. This information is statistical, aggregated and anonymous.
3. It is carried out in compliance with a legal mandate or court order, or in cases where it is necessary to ensure national security or the public interest.
4. In connection with the commission of a criminal offence and as required by a court order of the court having jurisdiction in the matter.

On the rights and duties of data subjects

The holder may at any time exercise the rights granted by Law No. 19.628 on the Protection of Privacy. In particular, he/she may:

1. Request information about your personal data.
2. Request that your personal information be changed if it is inaccurate or not kept up to date.
3. Request the deletion or erasure of the data provided, if you so wish, when it is no longer necessary or relevant for the purposes for which it was collected or recorded.

The user registered on any of the University's platforms or computer systems is obliged to keep confidential and reserved the access codes, passwords or other similar data used to access any of its services, and is liable for any damage of any kind resulting from the misuse of his or her data, by himself or herself or by third parties.

Use of cookies

The University uses its own and third party cookies (Google Analytics) to collect information, analyse traffic patterns on our site and compile metrics in order to improve the content and ease of use of the sites and to personalise your experience. No personal information is stored in a cookie, nor can it be linked to an identified or identifiable individual.

Related regulations

• Law No. 19,628, on the Protection of Privacy.
• Decree No. 779, of 2000, of the Ministry of Justice, which approves regulations for the registry of personal data banks in charge of public agencies.

Modification of the Policy

The University reserves the right to change this Privacy Policy at any time. The use of this navigation portal after the notification or announcement of any changes will constitute your acceptance of such changes. This Privacy Policy on Information and Personal Data does not constitute a contractual agreement between its holders and the Universidad de Chile, but is for information purposes only.

Non-compliance with the Policy

Failure to comply with any of the provisions of this policy will give rise to liability and possible sanctions in accordance with the duties and obligations of the offender.

Therefore, the failure of a student to comply with the obligations set forth in Article 3 of U.D. No. 007586 of 1993, Regulations for Students of the Universidad de Chile, may result in any of the disciplinary measures set forth in U.D. No. 0026685 of 2019, Regulations for the Disciplinary Jurisdiction of Students of the Universidad de Chile.

Likewise, the failure of any academic or collaborative staff member of the University to comply with the provisions of this Law may give rise to the disciplinary measures established for the violation of any of the duties and/or prohibitions set forth in Law No. 18,834 on Administrative Statutes, after the corresponding disciplinary procedure has been carried out.

In the event of non-compliance by an external body or company that manages the University's databases, the sanctions provided for in the relevant contract shall apply. The foregoing is without prejudice to the civil and/or criminal liability that may apply in each case and to the provisions of Article 23 of Law No. 19,628 on the protection of privacy.

Definitions within the Policy

1. Information Security: A set of preventive and reactive measures taken by organisations and technological systems to secure and protect information in order to maintain confidentiality, availability and data integrity.
2. Confidentiality (part of the information triad): Ensure that information is only accessed by the right people.
3. Integrity (part of the information triad): Ensure that the information has not been altered in any of its three states, i.e. in storage, in process or in transit.
4. Availability (part of the information triad): Maintain active access to the necessary information for those who need it at the time it is needed.
5. Personal data: Information relating to identified or identifiable natural persons, in accordance with the provisions of Law No. 19,628 on the protection of privacy.
6. Statistical Data: Data that in its origin or as a consequence of its processing, cannot be associated to an identified or identifiable owner.
7. Head: Natural person to whom the personal data refer, in accordance with the provisions of Law no. 19.628 on the protection of privacy.
8. Data controller: The private natural or legal person or the corresponding public body responsible for decisions relating to the processing of personal data, in accordance with the provisions of Law No. 19,628 on the protection of privacy.
9. Platform or computer system: Universidad de Chile websites, mobile application, enrolment systems, forums, U-Campus, U-Courses, support wiki, CEC services, among others.
10. Cookies: Small pieces of information stored temporarily on a computer or mobile device.

Approval date: January 13, 2021