Drag

Privacy and Policy

1. INTRODUCTION

Cristal Azul Inc (“CA”, “we”, “our” or “us”) values the privacy of individuals whose personal data it collects, processes, and retains in the course of its business activities. This Privacy Policy (“Policy” or “Notice”) sets forth the categories of personal data collected, the legal basis and purposes for such collection and processing, and the rights of the data subjects in relation thereto. This Policy applies to all data subjects interacting with CA through its websites, applications, business operations, office visits, and third-party platforms.

CA encourages all data subjects to read this Policy carefully.

2. GENERAL

CA is committed to protecting and respecting your privacy. This privacy policy (“Privacy Policy”), together with the TERMS AND CONDITIONS and all other policies notified by us from time to time governs your use of this Website. This Privacy Policy describes our policies and procedures on the collection, use, disclosure, sharing, processing, transfer storage, retention and safeguarding of the Information provided to us by you through the use of the Platforms and/or pursuant to the purchase of the Products on the Platforms.

3. SCOPE OF APPLICATION

This Policy governs the collection and use of personal data provided to or collected by CA through :

  • Our websites and mobile applications;
  • Interactions with vendors, suppliers, service providers, and business partners;
  • Marketing communications and promotions conducted directly or through authorized third parties;
  • Visits to our offices or properties;
  • Engagement through third-party websites and social media platforms, subject to their respective privacy policies.

Where the processing of personal data requires express consent under applicable law, CA shall obtain such consent prior to processing.

4. DEFINITION OF PERSONAL DATA

“Personal Data” shall mean any data relating to an identified or identifiable natural person, either directly or indirectly, including but not limited to name, address, email address, phone number, demographic information, identification numbers, IP addresses, device identifiers, location data, or any other information deemed personal under applicable law.

5. CATEGORIES OF PERSONAL DATA COLLECTED

CA may collect personal data under the following categories :

  • a. Data Provided Directly by the Data Subject : Includes, but is not limited to :
    • Full name, address, date of birth, contact details;
    • Payment and transactional data;
    • Demographic details;
    • Survey responses or feedback;
  • b. Data Collected Automatically:

    Collected via digital interaction, including through cookies and similar tracking technologies:
    • IP address, device type, browser version;
    • Location data, operating system, session logs;
    • Usage patterns and clickstream data;
    • Authentication credentials, access times.
  • Data Received from Third Parties:

    Includes data obtained from:
    • Social media platforms and advertising networks;
    • Business partners and data enrichment services;
    • Publicly available sources, and joint marketing partners.

6. PURPOSES OF PROCESSING

CA collects and processes personal data for the following lawful purposes :

  • Performance of Contract: Processing necessary for execution of contracts with customers, vendors, and employees.
  • Legal Compliance: Processing as mandated under applicable laws.
  • Legitimate Interests: Processing for business operations, fraud prevention, internal analytics, quality assurance, and consumer profiling, provided such interests are not overridden by data subjects’ fundamental rights.
  • Consent: Where required by law, personal data will be processed only upon obtaining explicit, informed, and freely-given consent.

Specific purposes include, but are not limited to :

  • Responding to inquiries and complaints;
  • Payment processing;
  • Conducting surveys and promotional events;
  • Enhancing website performance and user experience;
  • Monitoring and securing our physical premises;
  • Hiring and evaluating job applicants;
  • Conducting marketing campaigns and targeted advertising;
  • Analytics and consumer insights.

7. PROCESSING OF CHILDREN’S DATA

CA’s websites and services are not intended for use by minors under the legal drinking age in the relevant jurisdiction. Where personal data of minors is collected, CA shall obtain verifiable parental consent in compliance with applicable data protection laws.

Any personal data of minors collected without the required consent shall be deleted upon discovery.

8. AUTOMATED DECISION MAKING

CA may, under specific circumstances, employ automated decision-making tools for profiling, risk analysis, or consumer behaviour prediction, where permitted by applicable law. In such cases, data subjects shall have the right to request human intervention or object to automated decisions that significantly affect them.

9. DATA SHARING AND DISCLOSURE

CA may disclose personal data under the following circumstances :

a. Intra-Group Sharing :

  • To affiliated companies within the CA group for internal administrative and operational purposes.

a. Intra-Group Sharing :

  • To affiliated companies within the CA group for internal administrative and operational purposes.

b. Third-Party Service Providers :

  • To vendors, contractors, auditors, and partners who process data on our behalf under binding contractual obligations ensuring confidentiality and compliance with applicable data protection laws.

c. Legal Disclosures :

  • To governmental authorities, regulatory agencies, law enforcement, or pursuant to a judicial process or order, where required or permitted by law.

d. Business Transfers :

  • In connection with mergers, acquisitions, asset sales, or restructuring, subject to contractual guarantees of continued data protection.

e. Data Enrichment or Marketing Partners :

  • To advertising networks, analytics providers, and social media platforms for legitimate business purposes and where permitted by law.

10. INTERNATIONAL DATA TRANSFERS

Where personal data is transferred outside the jurisdiction in which it was originally collected, CA shall ensure such transfer complies with applicable cross-border data transfer restrictions and is based on :

  • An adequacy decision by the appropriate authority;
  • Standard contractual clauses or binding corporate rules;
  • Legal exceptions under applicable law; and
  • Transfer restrictions imposed by any Statutory Authority.

11. DATA SECURITY MEASURES

CA implements appropriate technical and organizational measures to secure personal data against unauthorized access, alteration, disclosure, or destruction. These include :

  • Encryption and secure data storage;
  • Access controls and authentication protocols;
  • Regular audits and penetration testing;
  • Confidentiality agreements with employees and processors.

However, CA does not warrant the security of any data transmitted over the internet and disclaims liability for breaches beyond its reasonable control.

11. DATA SECURITY MEASURES

CA implements appropriate technical and organizational measures to secure personal data against unauthorized access, alteration, disclosure, or destruction. These include :

  • Encryption and secure data storage;
  • Access controls and authentication protocols;
  • Regular audits and penetration testing;
  • Confidentiality agreements with employees and processors.

12. DATA RETENTION

CA shall retain personal data only for as long as necessary for the purpose for which it was collected, or as required by law, including statutes of limitation.

Upon expiration of the applicable retention period, data shall be deleted or anonymized using appropriate data disposal protocols, unless further retention is legally justified.

13. DATA SUBJECT RIGHTS

Data subjects may, in accordance with applicable law:

  • Request access to their personal data;
  • Seek correction, update, or completion of inaccurate data;
  • Withdraw consent where processing is based on consent;
  • Request restriction or objection to certain processing;
  • Lodge complaints with the designated supervisory authority.

Requests may be submitted by contacting CA as per the details in Section 14. CA shall respond to such requests within a reasonable period, subject to verification and legal exceptions.

14. CONTACT INFORMATION

Privacy Office : 5 Penn Plaza, 19th floor, New York, NY 10001

Privacy Email : info@cristalazultequila.com

If you are not satisfied with our response, you may escalate the matter to the appropriate data protection authority.

15. AMENDMENTS TO THIS POLICY

CA reserves the right to amend or update this Privacy Policy from time to time. Material changes will be communicated by appropriate means, including through our website. Data subjects are encouraged to review the Policy periodically.

16. ADDITIONAL NOTICES

Certain marketing campaigns, events, or promotions may be subject to additional privacy terms and conditions, which shall prevail to the extent of any inconsistency with this Policy. Such notices shall be made available at the point of data collection.