Home About Services Pricing FAQ Contact

PRIVACY POLICY OF “FMCAMPS”

Last update: April 7, 2026

Below you will find the Privacy Policy of the Website www.fmcamps.com (hereinafter, the “Platform”), which, together with the Terms and Conditions and Cookie Policy, form a contract between FMCAMPS S.A.C., with RUC No. 20608949225 (hereinafter, “FMCAMPS”) and the client and/or user (hereinafter, the “User”).

FMCAMPS ensures the utmost confidentiality and protection of personal data that Users provide through the use of the Platform for the purpose of using the services.

1. Introduction

The Platform manages two personal data banks with different owners and responsibilities:

1.1 FMCAMPS Bank (commercial data)

FMCAMPS acts as the Database Owner with respect to the contact data of its commercial clients (contact persons, contract administrators). This bank is registered with the National Registry for the Protection of Personal Data (RNPDP) under registration code 28922 (Resolution 3240-2024).

1.2 Client Bank (operational personnel data)

FMCAMPS acts as the Data Processor of the personal data of operational personnel entered into the Platform on behalf of the Client (contracting company), who acts as the Database Owner or Data Controller. As Owner, the Client is responsible for:

  • Obtaining the consent of personal data subjects before registering them on the Platform.
  • Registering their data bank with the RNPDP in accordance with articles 42 and 43 of Supreme Decree 016-2024-JUS.
  • Handling requests for the exercise of rights from their personnel.

This Privacy Policy describes how personal data is collected, processed, stored, and protected in both banks, in compliance with current regulations.

2. Purpose and objective

FMCAMPS is aware of the high importance of the privacy of our Users and all those who are interested in the services and products offered.

Consistent with this consideration, we are committed to respecting your privacy and protecting the confidentiality of your private information and personal data. For this reason, through this Privacy Policy, we inform our Users of the purpose and manner in which personal data is collected, processed, and protected.

Private personal information does not include information that is available through publicly accessible sources. These are understood to be electronic, optical, and other technology communication media designed to provide information to the public and open to general consultation, telephone directories, newspapers and magazines, social media, professional lists, anonymized jurisprudence collections, Public Registries administered by the National Superintendency of Public Registries, as well as any other registry or database classified as public under the law, Public Administration entities in relation to information that must be delivered under Law No. 27806, Transparency and Access to Public Information Law.

3. Legislation

In accordance with Law No. 29733 – Personal Data Protection Law (hereinafter, the “Law”) and its Regulations, approved by Supreme Decree No. 016-2024-JUS, personal data is understood as any information about a natural person that identifies or makes them identifiable through means that can be reasonably used.

On the other hand, processing of personal data is understood as any technical operation or procedure, automated or not, that allows the collection, registration, organization, storage, preservation, elaboration, modification, extraction, consultation, use, blocking, deletion, communication by transfer or dissemination, or any other form of processing that facilitates access, correlation, or interconnection of personal data.

FMCAMPS and the Client develop their personal data processing policy based on the guiding principles established in the Law and the Regulations, mentioned below:

  1. Principle of legality: the collection of personal data through fraudulent, unfair, or illicit means is rejected.
  2. Principle of consent: the processing of personal data shall be mediated by the consent of the data subject.
  3. Principle of purpose: personal data shall be collected for a specific, explicit, and lawful purpose, and shall not be extended to any purpose other than that unequivocally established as such at the time of collection.
  4. Principle of proportionality: all processing of personal data shall be adequate, relevant, and not excessive for the purpose for which they were collected.
  5. Principle of quality: personal data shall be truthful, accurate, and, where possible, updated, necessary, relevant, and adequate with respect to the purpose for which they were collected.
  6. Principle of security: data shall be preserved in a manner that guarantees its security and only for the time necessary to fulfill the purpose of processing.
  7. Principle of transparency: personal data processing shall be reported permanently, clearly, in an easy-to-understand manner, and accessible to the data subject.
  8. Principle of proactive responsibility: FMCAMPS (as Owner and as Processor, depending on the bank) and the Client (as Owner of the Client Bank) shall apply legal, technical, and organizational measures to guarantee effective compliance with personal data regulations, and shall be able to demonstrate such compliance.

FMCAMPS and, where applicable, sub-processors have appropriate security measures consistent with the processing to be carried out, in addition to adopting the necessary technical, organizational, and legal measures to guarantee the confidentiality of personal data.

4. Information about personal data and consent

4.1 FMCAMPS Bank (commercial data)

The User (commercial contact of the Client) is informed and freely and voluntarily authorizes FMCAMPS to collect, store, preserve, access, use, delete, or update their personal contact data for the management of the commercial relationship and provision of services. This data will be incorporated into the data bank “FMCAMPS SOFTWARE USERS” (RNPDP Registration 28922), created and owned by FMCAMPS S.A.C.

4.2 Client Bank (operational personnel data)

The Client, as Database Owner, is responsible for obtaining the authorization and consent of their personnel before registering their data on the Platform. FMCAMPS, as Data Processor, processes the data solely in accordance with the Client's instructions and the security measures described in this Policy.

The Client is responsible for registering their data bank with the RNPDP in accordance with article 42 of Supreme Decree 016-2024-JUS. FMCAMPS provides an RNPDP Technical Sheet with pre-filled information to facilitate this process.

4.3 Common provisions

Personal data provided shall be treated with complete confidentiality and may only be known and managed by FMCAMPS personnel who need to know such information to provide the offered services. FMCAMPS commits to maintaining professional secrecy regarding such data and guarantees the duty to safeguard it by adopting all necessary security measures. Authorization shall not be necessary when personal data is required for the execution of a contractual relationship in which the personal data subject is a party.

If the registered data is found to be inaccurate, in whole or in part, or incomplete, FMCAMPS may update and/or replace them with the corresponding corrected or completed data, in accordance with the Client's instructions in the case of the Client Bank.

5. Purpose of the processing of personal data

5.1 FMCAMPS Bank (commercial data)

FMCAMPS collects contact data from its commercial clients for:

  • Commercial management, billing, and administration of the service relationship.
  • Technical support and contractual communications.
  • Diagnosis and improvement of the Services.

Data collected:

  • First and last names,
  • National ID/Immigration Card/Passport,
  • Corporate email address,
  • Contact telephone,
  • Contact's position.

This data constitutes basic contact information, adequate, relevant, and not excessive in relation to the purpose for which it is collected. No sensitive data is processed in this bank.

5.2 Client Bank (operational personnel data)

The Client registers personal data of its operational personnel on the Platform for the management of On Site services, including maintenance of mining camps and equipment — but not limited thereto — through the software called “FMCAMPS”. FMCAMPS processes this data as Processor, in accordance with the Client's instructions.

Data registered by the Client:

  • First and last names,
  • National ID/Immigration Card/Passport,
  • Date of birth,
  • Gender,
  • Age,
  • Address (domicile),
  • Contact telephone,
  • Personal email address,
  • Work email address,
  • Image (face photograph),
  • Position (responsibility),
  • Work specialty,
  • Company,
  • Cost center,
  • Work area,
  • Clothing and shoe sizes,
  • Training,
  • Medical pass validity (sensitive data — data derived from occupational health, in accordance with article III.6 of Supreme Decree 016-2024-JUS).

Sensitive data: Depending on the scope of contracted modules, the Platform may process one sensitive data item: the medical pass validity, which constitutes data derived from occupational health in accordance with article III.6 of Supreme Decree 016-2024-JUS. This data is only collected when the Enablements (HSE) module is included in the contracted Services. The processing of this data requires the express consent of the data subject in accordance with article 13.6 of the Law. The Client, as Database Owner, is responsible for obtaining such consent from their personnel.

5.3 Retention period

FMCAMPS Bank: Commercial contact data shall be retained while the contractual relationship between FMCAMPS and the Client exists. Billing and audit data shall be retained as long as necessary in accordance with legal accounting retention obligations.

Client Bank: Operational personnel data shall be retained while the contractual relationship between FMCAMPS and the Client exists, and for a maximum of thirty (30) calendar days after the termination of the contract, as established in the Master Service Agreement. After this period, data shall be securely deleted, and only information required by legal obligations may be retained, duly anonymized when possible. Subsequent processing for historical, statistical, or scientific purposes shall not be considered incompatible.

5.4 Automated decisions

FMCAMPS does not make decisions based solely on automated processing that produce legal effects on the User or significantly affect them, in either of the two data banks. Should such processing be incorporated in the future, the data subject shall be informed in advance in accordance with article 23 of the Law.

6. Complaints book

Additionally, the User expressly authorizes FMCAMPS so that when making use of the complaints book, their data may be processed for the purpose of attending to the needs of said procedure, as well as, once the complaint handling procedure has concluded, to attend to the needs arising from any judicial, administrative, or arbitration process or procedure that may derive or arise in the future in relation to the complaint submitted by the user, and to attend to any audit by the competent authority on personal data processing matters.

The data collected through the complaints book shall be stored in the data bank owned by FMCAMPS (RNPDP Registration 28922).

As a consequence of the purposes described, the data storage period shall be as long as necessary to fulfill obligations arising from judicial, administrative, or arbitration processes. For all purposes, FMCAMPS may choose to store and/or process them for shorter periods. This does not in any way affect the rights of users to revoke consent for their personal data at any time, as the Law permits and FMCAMPS details in this Privacy Policy.

7. Security of personal data

In compliance with current regulations and the security directives of the National Authority for the Protection of Personal Data, FMCAMPS has adopted appropriate technical and organizational security and confidentiality measures for the category of personal data, necessary to maintain the required level of security, with the aim of avoiding, as far as possible, the alteration, loss, or unauthorized processing or access that may affect the integrity, confidentiality, and availability of information.

7.1 Measures implemented by FMCAMPS

The security measures implemented by FMCAMPS include, but are not limited to:

  • Encryption of data in transit using TLS 1.2 protocol or higher.
  • Encryption of data at rest.
  • Physical data isolation per operation (independent database per client).
  • Role-based access control and query group segmentation.
  • Access audit logs.
  • Periodic encrypted information backups.
  • Security incident management procedures.
  • User authentication through cloud identity service.
  • Continuous infrastructure threat monitoring.
  • Time-limited signed access for private documents and files.

7.2 Shared responsibility of the Client

The Client, as Owner of the Client Bank, is responsible for implementing within their organization:

  • Access control: define and periodically review who in their organization can register and access personal data on the Platform.
  • Credential management: assign and supervise the use of user accounts in accordance with the Platform's security policies.
  • Training: train their personnel on data protection and secure use of the Platform.
  • Incident reporting: immediately notify FMCAMPS of any unauthorized access or suspected breach.

7.3 Limitations

However, the transmission of information through communication networks and the Internet is not completely secure; therefore, despite FMCAMPS making its best efforts to protect personal data, it cannot guarantee the security thereof during transit to the Platform. All information that Internet users provide through this medium shall be sent at their own risk.

8. Exercise of Rights of the Personal Data Subject

Personal data subjects have the right to exercise their rights of information, access, update, inclusion, rectification and deletion, to prevent the supply of their personal data, to object to processing or objective data processing, and portability, under the terms set forth in current legislation. Such rights may only be exercised by the personal data subject or their authorized representative, in accordance with the law.

Personal data portability: The data subject has the right to request their personal data in a structured, commonly used, and machine-readable format, and to have it transmitted to another data controller when technically possible, in accordance with article 76 of the Regulations.

8.1 FMCAMPS Bank (commercial data)

The Client's commercial contacts may exercise their rights directly before FMCAMPS by contacting soporte@fmcamps.com with the reference “Personal Data Protection”, specifying their data, proving their identity, and the reasons for their request. The person signing the request must attach a simple copy of documents proving the identity of the data subject (National Identity Document or equivalent document) or, where applicable, that of the authorized representative, as well as a simple copy of the notarially granted power of attorney when applicable.

FMCAMPS shall process requests within the deadlines established in the Regulations: eight (8) business days for the right to information, twenty (20) business days for the right of access, and ten (10) business days for the rights of rectification, cancellation, and objection.

8.2 Client Bank (operational personnel data)

The Client's operational personnel who wish to exercise their rights must first contact their employer company (the Client), who acts as the Database Owner and is responsible for handling requests within the legal deadlines.

The Client coordinates with FMCAMPS, through soporte@fmcamps.com, for the technical execution of requests (data export, blocking, deletion on the Platform). FMCAMPS executes in accordance with the Client's instructions.

If operational personnel contact FMCAMPS directly, the request shall be referred to the Client for handling, and the requester shall be informed of this procedure.

8.3 Administrative and jurisdictional channels

Additionally, FMCAMPS informs personal data subjects of the existence of the administrative channel to assert their rights before the National Authority for the Protection of Personal Data, or the jurisdictional channel before the Judiciary for the purposes of the corresponding habeas data action.

9. International transfer of personal data

9.1 FMCAMPS Bank (commercial data)

Commercial contact data is stored in FMCAMPS' own systems. No international transfer of this data is performed.

9.2 Client Bank (operational personnel data)

Operational personnel data is stored on servers of Amazon Web Services, Inc., identified with E.I.N. No. 204938068, located in the United States of America (region us-east-1, Virginia). This constitutes cross-border flow of personal data.

Amazon Web Services holds internationally recognized security certifications (ISO 27001, ISO 27017, ISO 27018, SOC 1, SOC 2, SOC 3) and operates under a Data Processing Addendum that establishes obligations equivalent to or higher than those required by Peruvian legislation on personal data protection.

9.3 Communication channels

FMCAMPS may use third-party messaging services, including WhatsApp (Meta Platforms, Inc.), as a communication channel for sending operational notifications. Data transmitted through such channels is limited to what is strictly necessary for message delivery.

9.4 Authorities

These personal data may also be communicated to administrative entities, judicial and/or police authorities, provided it is established by Law.

10. Security incidents

In the event of a security incident affecting personal data:

FMCAMPS Bank: FMCAMPS, as Owner, shall directly notify the affected data subjects and, when applicable, the National Authority for the Protection of Personal Data, in accordance with article 34 of the Regulations.

Client Bank: FMCAMPS shall notify the Client immediately and within no more than twenty-four (24) hours of detecting the incident, providing available information about the nature and scope thereof. The Client, as Database Owner, is responsible for notifying their personnel and, when applicable, the National Authority for the Protection of Personal Data within the current legal deadline (article 34 of the Regulations).

11. Other provisions

As this is a virtual tool that does not allow direct physical contact between FMCAMPS and the personal data subject:

FMCAMPS Bank: FMCAMPS shall collect and process commercial contact personal data based on the good faith presumption that the person providing them is of legal age, is proficient in the Spanish language, is in full use of their mental faculties, holds full civil capacity, and is the owner of the personal data or acts as a representative of the Client.

Client Bank: The Client is responsible for ensuring that the personnel data registered on the Platform corresponds to real and identified persons, and that the necessary consents have been obtained. FMCAMPS presumes in good faith that the data uploaded by the Client is accurate and authorized.

For any inquiries regarding this Privacy Policy, please contact us at the following email address: soporte@fmcamps.com

12. Validity and modification of this Personal Data Protection Policy

FMCAMPS' Personal Data Protection Policy is updated periodically. FMCAMPS reserves the right to modify its policy in the event of a change in current legislation, doctrine, jurisprudence, or its own business criteria. In the case of substantial changes, FMCAMPS shall notify the Client with no less than thirty (30) days' advance notice. If any change is made to this policy, the new text will be published on this same Website.

All users are recommended to periodically access this Privacy Policy which can be found on the web page www.fmcamps.com/en/privacy.

13. Contact

If you have any questions, complaints, comments, or suggestions regarding this Privacy Policy, please contact us at soporte@fmcamps.com.