ALKIMIADS PRIVACY POLICY
JART GATE INC dba ALKIMIADS · Influencer Marketing Services
Effective Date: [15/06/2026] · Last Updated: [15/06/2026]
TERRITORIAL SCOPE:
This policy applies to all influencers, clients, and collaborators with whom ALKIMIADS (JART GATE INC / JART GATE EUROPE S.L.) interacts, covering the following jurisdictions: United States, Mexico, Colombia, Argentina, Chile, Brazil, Peru, Ecuador, Uruguay, Paraguay, Bolivia, Venezuela, Costa Rica, Nicaragua, El Salvador, Panama, Honduras, Guatemala, Dominican Republic, Aruba, and Europe: Spain, United Kingdom, France, Germany (and other European Union member states).
TABLE OF CONTENTS
0. Definitions
1. Who We Are
2. Who This Policy Applies To
3. What Personal Data We Collect
4. How We Use Your Data
5. Legal Bases for Processing
6. International Data Transfers
7. Data Retention
8. Security Measures
9. Your Rights by Jurisdiction
10. Applicable Law by Country
11. Cookies and Tracking Technologies
12. Minors
13. Links to Other Websites
14. Changes to This Policy
15. How to Contact Us
(The remaining country‑specific sections and authorities table are retained at the end, after Section 15)
DEFINITIONS
For the purposes of this Privacy Policy, the following terms have the meanings indicated below. Words with initial capital letters have the defined meanings, whether used in singular or plural.
- Account means a unique account created for You to access our Service or parts of our Service.
- Affiliate means any entity that controls, is controlled by, or is under common control with the Company, where “control” means ownership of 50% or more of the shares, equity interest, or other securities entitled to vote for election of directors or other managing authority.
- Company (referred to as “the Company”, “We”, “Us” or “Our” in this Policy) means JART GATE INC dba ALKIMIADS, with registered address at 2100 Coral Way PH704, Miami, FL 33145, USA.
- Cookies are small files placed on Your computer, mobile device, or any other device by a website, containing details of Your browsing history on that website.
- Country refers to the United States (Florida) and any other jurisdiction where we operate as described in the Territorial Scope.
- Device means any device that can access the Service, such as a computer, smartphone, or digital tablet.
- Personal Data is any information relating to an identified or identifiable natural person (as detailed in Section 3).
- Service refers to the Company’s website (https://alkimiads.com) and, where applicable, the influencer marketing services provided through it.
- Service Provider means any natural or legal person who processes data on behalf of the Company (e.g., SaaS platforms, advisors, payment providers).
- Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (e.g., page visit duration, IP address, browser type, etc.).
- Website refers to Alkimiads, accessible from https://alkimiads.com
- You means the individual accessing or using the Service, or the company or other legal entity on whose behalf that individual is accessing or using the Service, as applicable.
1. WHO WE ARE
JART GATE INC dba ALKIMIADS (hereinafter, the “Company” or “we”) is a company incorporated under the laws of the State of Florida, United States, with registered address at 2100 Coral Way PH704, Miami, FL 33145, USA. You may contact us at info@alkimiads.com or by phone at the number provided in Section 15.
The Company provides influencer marketing services, including talent sourcing and contracting, campaign management, content strategy, and performance analytics across multiple markets in the Americas. In carrying out these activities, the Company acts as a Data Controller for the personal data of influencers with whom it works directly. When the Company processes audience data on behalf of its brand clients, it may act as a Data Processor.
2. WHO THIS POLICY APPLIES TO
This Privacy Policy applies to all natural persons whose personal data is processed by the Company in connection with its influencer marketing activities: influencers, their representatives, brand clients, website visitors, and any person contacting the Company.
3. WHAT PERSONAL DATA WE COLLECT
In the specific context of our influencer marketing services, we collect the following categories of personal data:
3.1 Identity and Contact Data
- Full name, stage name or social media alias;
- Government-issued ID: passport, national ID, tax registration number (e.g., RFC, CUIT/CUIL, RUT, NIT, CPF) or equivalent depending on the country;
- Postal address, email address, phone number;
- Company you work for (if applicable, especially for brand client representatives);
- Country and city of residence.
3.2 Digital Presence Data (specific to influencer marketing)
- Usernames (@handles) on all platforms: Instagram, TikTok, YouTube, X/Twitter, Facebook, Pinterest, LinkedIn, and any other platform relevant to the campaign;
- Profile URLs and channel links;
- Follower count per platform at the time of contracting and during the campaign;
- Engagement rate (interactions / followers);
- Audience demographic data (age, gender, location) voluntarily provided or extracted from platform native tools with the influencer’s consent;
- Screenshots or analytics exports provided by the influencer.
3.3 Content and Campaign Data
- Drafts, work materials, and final versions of content created for the campaign;
- Images, videos, texts, and captions published under the contract;
- Content performance data: impressions, reach, views, clicks, CTR, conversions, attributed sales;
- Post‑publication statistics screenshots requested as campaign proof;
- Campaign communications (emails, messages, briefings, approvals).
3.4 Fiscal and Financial Data
- Banking details necessary for payment: IBAN/SWIFT/ACH account number, bank, account holder;
- Tax identification number according to country (RFC in Mexico, CUIT in Argentina, RUT in Chile, NIT in Colombia, CPF in Brazil, RUC in Ecuador/Peru, etc.);
- U.S. IRS forms: W-9 (for U.S. residents) or W-8BEN / W-8BEN-E (for non‑U.S. residents);
- Invoices, receipts, and payment records.
3.5 Data We Do Not Intentionally Collect
The Company does NOT intentionally collect sensitive categories of personal data: health data, genetic data, political opinions, trade union membership, religion, sexual orientation, racial or ethnic origin. If, due to the nature of the creative content, the influencer voluntarily shares any such sensitive data, it will be processed with the enhanced guarantees required by applicable law.
3.6 Usage Data and Website Visitor Data
When You visit our website or interact with our online forms, we may automatically collect certain information, including but not limited to:
- Internet Protocol (IP) address;
- Browser type and version;
- Pages You visit on our site, time and date of visit, time spent on those pages;
- Unique device identifiers and other diagnostic data;
- If You access via a mobile device: mobile device type, unique ID, operating system, mobile browser type.
This information is collected anonymously where possible and used to improve the functionality and security of our website.
4. HOW WE USE YOUR DATA
4.1 Purposes specific to influencers (original table)
| PURPOSE | LEGAL BASIS |
|---|---|
| Scouting and selection of influencers | Contract performance |
| Preparation and execution of the service contract | Contract performance |
| Campaign coordination and follow‑up | Contract performance |
| Content approval and feedback | Contract performance |
| Payment of fees and fiscal management | Legal obligation |
| KPI measurement and reporting to brand client | Contract performance / Legitimate interest |
| Compliance with legal obligations (FTC, tax laws) | Legal obligation |
| Fraud prevention and verification of organic metrics | Legitimate interest |
| Building and maintaining talent database | Legitimate interest |
| Future commercial communications (only with consent) | Consent |
4.2 Additional purposes for website visitors and general users
In addition to the purposes described in Section 4.1, the Company may process Your personal data (including Usage Data) for the following purposes, where applicable:
- To provide and maintain our Service, including monitoring the usage of our website;
- To manage Your Account if You register as a user on our site;
- To contact You by email, telephone, SMS, or other equivalent electronic communication regarding security updates, functionalities, or informational communications related to contracted services;
- To provide You with news, special offers, and general information about other goods, services, and events we offer that are similar to those You have already purchased or enquired about, unless You have opted out;
- To manage Your requests (e.g., exercising your data protection rights);
- For other purposes such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns, and evaluating and improving our Service, products, marketing, and your experience.
5. LEGAL BASES FOR PROCESSING
The legal bases on which we ground the processing of personal data are as follows, recognized in all jurisdictions where we operate:
- Contract performance: when processing is necessary for the provision of the service contracted with the influencer.
- Legal obligation: when processing is necessary to comply with applicable tax, labour, or regulatory laws.
- Legitimate interest: when processing is necessary for the Company’s legitimate purposes, such as fraud prevention or talent portfolio management, provided that your rights and freedoms do not override those interests.
- Consent: for purposes not linked to the contract, such as sending commercial communications or inclusion in the talent database for future campaigns. Consent may be withdrawn at any time.
6. INTERNATIONAL DATA TRANSFERS
Because the Company operates with influencers located in multiple countries from its headquarters in Florida, USA, personal data is inherently transferred internationally as part of our activity.
6.1 Transfers from countries with data protection laws to the USA
For influencers residing in countries with data protection legislation, the transfer of their data to the Company in the USA is based on:
- The necessity for performance of the service contract signed between the parties;
- Standard contractual clauses or equivalent safeguards where required by applicable local law;
- The explicit consent of the data subject when no other legal basis applies.
6.2 Recipients and sub‑processors
Influencers’ personal data may be shared with the following categories of recipients:
- Brand clients on whose behalf the campaign is run – only data necessary for operational campaign management;
- Influencer marketing campaign management platforms (e.g., SaaS analytics tools) – subject to data processing agreements;
- Payment service providers and banking entities;
- Legal, tax, and audit advisors under a duty of confidentiality;
- Public authorities when required by law (e.g., U.S. IRS, local tax authorities).
The Company does NOT sell, rent, or transfer influencers’ personal data to third parties for their own commercial purposes.
6.3 Business transfers
In the event the Company participates in a merger, acquisition, sale of assets, restructuring, dissolution, or similar transaction, your personal data may be transferred as part of the company’s assets. In such an event, we will notify data subjects before their personal data is transferred and becomes subject to a different privacy policy, in accordance with applicable laws. Nothing above will affect your rights under this Policy.
7. DATA RETENTION
| DATA TYPE | RETENTION PERIOD |
|---|---|
| Contractual data and signed contract | 5 years from the end of the contract (or longer if required by law) |
| Fiscal and financial data (invoices, payments, withholdings, W-8BEN/W-9) | 7 years (IRS + most demanding local tax law) |
| Campaign data (content, metrics, approvals) | 3 years from content publication |
| Communications data (emails, briefings) | 3 years from last communication |
| Talent database (profile, handles, metrics) | As long as the influencer does not request deletion |
| Data of non‑hired candidates | 12 months, unless consent given for longer retention |
Additionally, Usage Data is generally retained for a shorter period, except when needed to strengthen security, improve functionality, or when we are legally obligated to retain it longer.
Once retention periods expire, data will be securely deleted or anonymised so that the data subject can no longer be identified.
8. SECURITY MEASURES
The Company applies appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction, or accidental disclosure. These measures include:
- Encryption in transit (TLS/HTTPS) and at rest for databases containing personal data;
- Role‑based access control: only personnel who need access to perform their work may access data;
- Confidentiality agreements with all employees and collaborators;
- Data processing agreements with all sub‑processors;
- Internal data breach notification procedure;
- Periodic review of access rights and security policies.
Security disclaimer: While we strive to use commercially acceptable means to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security.
In the event of a security breach affecting your personal data, the Company will notify you without undue delay, and in any case within the time limit required by your jurisdiction, with the necessary information to enable you to protect yourself.
9. YOUR RIGHTS BY JURISDICTION
Regardless of your country of residence, you have the following rights (where applicable under local law):
| RIGHT | DESCRIPTION |
|---|---|
| Access | Know what data we have about you |
| Rectification | Correct inaccurate or incomplete data |
| Erasure / Cancellation | Delete your data when no longer necessary |
| Objection | Object to processing based on legitimate interest |
| Portability | Receive your data in a structured format (where applicable) |
| Restriction | Temporarily suspend processing |
| Withdraw consent | At any time for processing based on consent |
| Lodge a complaint | With the data protection authority of your country |
Self‑service deletion: If you have an account on our Service (e.g., as a registered client), you may be able to delete certain information about yourself directly from your account settings. If you do not have an account or cannot delete the information yourself, you may contact us to request access, correction, or deletion of any personal information you have provided to us.
To exercise any of these rights, contact: info@alkimiads.com indicating your full name, country of residence, and the right you wish to exercise. We will respond within the applicable legal period (usually 30 business days).
10. APPLICABLE LAW BY COUNTRY
The following is a breakdown of the data protection regulations applicable in each of the countries where the Company hires influencers, along with the specific obligations arising from each set of laws:
| 🇺🇸 / UNITED STATESLey aplicable: FTC Act (15 U.S.C. §45) + CCPA/CPRA (Cal. Civ. Code §1798.100 et seq.)Autoridad: FTC (Federal Trade Commission) + California Privacy Protection Agency (CPPA)Nivel de protección: Alto / High |
The Company is headquartered in Florida and operates under U.S. law. The Federal Trade Commission Act prohibits unfair or deceptive practices in the handling of personal data. Additionally, the California Consumer Privacy Act (CCPA), as amended by the CPRA, grants specific rights to California residents.
Specific obligations regarding influencer marketing:
- All paid or sponsored content must include a clear and visible disclosure in accordance with the FTC Guides to Endorsements (16 C.F.R. Part 255, updated in 2023): #ad, #sponsored, “Paid partnership,” or the platform’s native disclosure tool;
- The Company is jointly and severally liable with the influencer for any disclosure violations that reach a U.S. audience, regardless of the influencer’s country of origin;
- The Company publishes a Privacy Policy on its website and provides mechanisms for California residents to exercise their CCPA rights.
California residents: You can exercise your CCPA rights (access, deletion, correction, and opt-out of sale) at: info@alkimiads.com or by clicking the “Do Not Sell or Share My Personal Information” link available in the website’s footer.
| 🇲🇽 MÉXICO Applicable Law: Federal Law on the Protection of Personal Data Held by Private Parties (LFPDPPP) + Regulations (DOF 12/21/2011) + Privacy Notice Guidelines (DOF 01/17/2013) Authority: INAI — National Institute for Transparency, Access to Information, and Protection of Personal Data Level of protection: High |
For influencers residing in Mexico, the processing of their personal data is governed by the LFPDPPP. The Company acts as the Data Controller in accordance with Article 3, Section XIV of that law.
Privacy Notice (Art. 16 of the LFPDPPP):
- Data Controller: JART GATE INC dba ALKIMIADS, located at 2100 Coral Way PH704, Miami, FL 33145, USA, Florida, USA;
- Purposes: those described in Section 4 of this Policy;
- Data collected: those described in Section 3;
- Transfers: Data will not be transferred without prior consent, except as provided for in Article 37 of the LFPDPPP (competent authorities, subsidiaries, service providers);
- ARCO Rights: Data subjects may exercise their rights of access, rectification, erasure, and objection by submitting a written request to info@alkimiads.com;
- Sensitive Data Clause: The Company does not request sensitive data; if such data is provided voluntarily, the Company will require express, written consent.
Responses to ARCO requests will be provided within 20 business days of receipt (extendable by an additional 20 days in justified cases).
| 🇨🇴 COLOMBIA Applicable Law: Statutory Law 1581 of 2012 + Decree 1377 of 2013 (consolidated into Single Decree 1074 of 2015)Authority: SIC — Superintendency of Industry and Commerce / Data Protection OfficeLevel of protection: High |
For influencers residing in Colombia, the Company acts as the Data Controller under the terms of Law 1581. Data processing requires the data subject’s prior, express, and informed consent, which is obtained through the signing of the service agreement, which includes the corresponding privacy notice.
Rights of Data Subjects (Art. 8 of Law 1581):
- To access, update, and correct personal data;
- Request proof of the authorization granted;
- To be informed about how the data is used;
- File complaints with the SIC regarding violations of the law;
- Revoke consent and/or request the erasure of the data when the principles governing the processing apply.
Customer service channel: info@alkimiads.com. Response time: 10 business days (inquiries) or 15 business days (complaints), extendable by an additional 8 business days with notification to the customer.
| 🇦🇷 ARGENTINA Applicable law: Law No. 25,326 on the Protection of Personal Data (2000) + Supplementary provisions of the AAIPAuthority: AAIP — Agency for Access to Public InformationLevel of protection: High |
For influencers residing in Argentina, the Company processes their personal data in accordance with Law 25,326. Argentina has been granted adequacy status by the European Union. The AAIP is currently working to promote a reform of the law to bring it into line with the European GDPR.
Rights of the Data Subject (Art. 14 et seq. of Law 25,326):
- Right of access: to know what data is stored, its source, and its recipients;
- Right to rectification: to correct inaccurate, outdated, or incomplete information;
- Right to erasure: to delete data that is false, inaccurate, sensitive, unauthorized, or whose processing is prohibited;
- Right to confidentiality: to assert confidentiality in the event of a disclosure.
Exercising rights: info@alkimiads.com. Deadline: 5 business days for acknowledgment of receipt; response within a reasonable time. The data subject may file a complaint with the AAIP or seek redress through the ordinary courts in the event of noncompliance.
| 🇨🇱 CHILE Applicable law: Law 19.628 on the Protection of Privacy (in force) + Law 21.719 on the Protection of Personal Data (enacted in August 2024, currently being implemented)Authority: Currently: civil courts. Under Law 21.719: Personal Data Protection Agency (being established)Level of protection: High and transitioning |
Chile is currently undergoing a regulatory transition. Law 21.719, passed by Congress in August 2024 and modeled after the European GDPR, will take full effect once the new Data Protection Agency is established. The Company applies the principles of both laws as a precaution.
Key Changes in Law 21.719:
- Introduce the terms “data controller” and “data processor,” which are equivalent to those in the GDPR;
- Recognizes multiple legal bases for processing (contract, legal obligation, legitimate interest, consent);
- Requires security breaches to be reported to the Agency within 72 hours;
- Fines of up to 4% of annual global revenue;
- Requires a local representative for foreign companies that process Chilean personal data on a non-occasional basis.
Exercising your rights: info@alkimiads.com.
| 🇧🇷 BRASILApplicable law: General Data Protection Law (LGPD) — Law 13,709/2018, as amended by Law 13,853/2019Authority: ANPD — National Data Protection AuthorityLevel of protection: High |
For influencers residing in Brazil, the processing of personal data is governed by the LGPD. The Company acts as the Data Controller for the personal data processed under this agreement. The primary legal basis is the performance of the agreement (Art. 7, V of the LGPD).
Rights of the Data Subject (Art. 18 of the LGPD):
- Confirmation that processing is taking place;
- Access to data;
- Correction of incomplete, inaccurate, or outdated data;
- Anonymization, blocking, or deletion of unnecessary or excessive data;
- Data portability;
- Information about public and private entities with which the Company has shared data;
- Information about the option to withhold consent and the consequences;
- Withdrawal of consent.
Exercising your rights: info@alkimiads.com. Response time: 15 business days. If a complaint remains unresolved, the data subject may file an appeal with the ANPD (www.gov.br/anpd).
| 🇵🇪 PERÚ Applicable Law: Law 29733 — Personal Data Protection Act + Regulation D.S. 003-2013-JUSAuthority: ANPDP — National Authority for the Protection of Personal Data (Ministry of Justice)Level of Protection: High |
For influencers residing in Peru, the Company processes their personal data only after obtaining prior, informed, express, and unequivocal consent from the data subject, in accordance with Article 13 of Law 29733. Such consent is obtained through the signing of the service agreement.
ARCO Rights of the Data Subject:
- Access: to know what information is held about you, the purposes for which it is used, and the recipients;
- Correction: updating inaccurate or incomplete information;
- Deletion: Request deletion when the data is no longer necessary or you have withdrawn your consent;
- Objection: to object to treatment when there is a justifiable reason.
Objeción: oponerse a un tratamiento cuando existe una razón justificada.
| 🇪🇨 ECUADOR Applicable law: Organic Law on Personal Data Protection (LOPDP) + General Regulations (Executive Decree 904, November 2023)Authority: SPDP — Superintendency of Personal Data ProtectionLevel of protection: High — inspired by the GDPR |
Ecuador’s LOPDP has been fully in effect since May 2021, with administrative penalties taking effect in May 2023. It is modeled after the European GDPR and introduces the concept of a legal basis for processing, the data protection officer, and mandatory breach notification.
Special Obligations for the Company:
- Consent must be freely given, specific, informed, and unambiguous; silence does not constitute consent;
- Notification of data breaches to the SPDP: within 3 days of detection; to the data subject: within 5 days.
Rights of the Data Subject (Art. 66.19 of the Constitution + LOPDP):
- Access, rectification and updating, erasure, objection, data portability, restriction of processing, and the right not to be subject to automated decision-making.
Exercising your rights: info@alkimiads.com. Supervisory authority: SPDP — www.spdp.gob.ec.
| 🇺🇾 URUGUAY Applicable Law: Law 18.331 on the Protection of Personal Data and Habeas Data Proceedings + Decree 414/009Authority: URCDP — Regulatory and Control Unit for Personal DataLevel of Protection: High — EU adequacy recognized |
Uruguay is the only country in Latin America to have received formal recognition of equivalence from the European Union, which reflects the strength of its regulatory framework. Law 18.331 recognizes data protection as a fundamental human right.
Registration requirement:
The company must register its databases containing data on Uruguayan citizens with the URCDP (www.urcdp.gob.uy). This registration is mandatory under Article 16 of the Law and Decree 414/009, and must be kept up to date.
Rights of the Data Subject (Chapter III, Law 18,331):
- Access to your data and its source;
- Correction of inaccurate or incomplete data;
- Deletion of data obtained unlawfully or that is no longer necessary;
- Updating outdated data.
Exercising your rights: info@alkimiads.com. Supervisory authority: URCDP. Response time: 5 business days for an acknowledgment of receipt.
| 🇵🇾 PARAGUAY Applicable law: Law 1682/2001 — Regulating private information (limited scope, focused on financial data)Authority: No independent data protection authority. Ordinary judicial jurisdictionLevel of protection: Moderate — basic law |
Paraguay has a data protection law with limited scope, focused primarily on the financial sector. A bill modeled after the GDPR is currently pending approval in Congress. As a precautionary measure, the Company applies the general data protection principles described in this Policy to all Paraguayan influencers.
Contact for exercising your rights: info@alkimiads.com.
| 🇧🇴 BOLIVIAApplicable law: No specific data protection law. Constitutional protection: Art. 130 of the Political Constitution of the State (Habeas Data). Bill pending in Congress. Authority: No specific authority. Constitutional action for Habeas Data before the Plurinational Constitutional Court. Level of protection: Under development / Developing |
In the absence of specific legislation, the Company applies the general data protection principles set forth in this Policy to Bolivian influencers: consent, purpose, proportionality, security, confidentiality, and the rights of access, rectification, and erasure.
Contact for exercising your rights: info@alkimiads.com.
| 🇻🇪 VENEZUELA Applicable law: No specific personal data protection law. Constitutional protection: Art. 28 of the Constitution of the Bolivarian Republic of Venezuela (Habeas Data). Authority: No specific data protection authority. Level of protection: Under development / Developing |
In the absence of specific legislation, the Company applies the general principles of this Policy to Venezuelan influencers. The constitutional right to Habeas Data allows data subjects to access, correct, and delete their data in public and private records.
Contact for exercising your rights: info@alkimiads.com.
| 🇨🇷 COSTA RICA Applicable Law: Law 8968 — Law on the Protection of Individuals with Respect to the Processing of Their Personal Data + Regulations (Decree 37554-JP, 2013)Authority: PRODHAB — Agency for the Protection of Residents’ DataLevel of Protection: High HabitantesNivel de protección: Alto / High |
Costa Rica was the first country in Central America to adopt comprehensive personal data protection legislation. Law 8968 guarantees the right to informational self-determination, which is derived from Article 24 of the Constitution. Costa Rica has been a member of the OECD since 2021.
Registration Requirements:
Companies that manage databases of Costa Rican citizens for distribution, disclosure, or marketing purposes are required to register with PRODHAB. Databases for internal use are exempt from registration. The company evaluates on a case-by-case basis whether its activities require registration.
Fundamental Principles (Art. 6, Law 8968):
- Informed and express consent from the data subject for all processing;
- Data quality: accuracy, completeness, and timeliness;
- Purpose: The data may only be used for the stated purpose;
- Confidentiality and Security.
Supervisory authority: PRODHAB — www.prodhab.go.cr. Exercising your rights: info@alkimiads.com.
| 🇳🇮 NICARAGUA Applicable law: Law No. 787 — Personal Data Protection Act + Regulations (Decree 36-2012)Authority: No independent data protection authority. Jurisdiction lies with the Ministry of the InteriorLevel of protection: Moderate |
Nicaragua has had a data protection law in place since 2012, making it one of the pioneers in Central America. However, enforcement is weak due to the lack of an independent authority. The company applies the principles of Law 787 to Nicaraguan influencers.
Key Principles of Law 787:
- Prior and informed consent of the data subject;
- Lawfulness: Data may only be collected for lawful purposes;
- Proportionality: Data must be appropriate and not excessive;
- Confidentiality and security;
- Right to access, update, correct, and delete personal data: The data subject has the right to access, update, correct, and delete their personal data.
Contact for exercising your rights: info@alkimiads.com.
| 🇸🇻 EL SALVADOR Applicable Law: Law on the Protection of Personal Data, Legislative Decree No. 144 of November 12, 2024. Effective as of November 28, 2024. Authority: ACE — State Cybersecurity Agency Level of protection: High — new law inspired by the GDPR |
In November 2024, El Salvador passed its first comprehensive personal data protection law, marking a structural change in the country’s legal landscape. The law applies to individuals and legal entities that process data within or outside the country’s territory.
Key aspects of Decree 144:
- It recognizes multiple legal bases: consent, contract, legal obligation, vital interest, public interest, and legitimate interest;
- International transfers: permitted only if the recipient country guarantees an equivalent or higher level of protection (Art. 44);
- Data subject rights: access, rectification, erasure, objection, portability, the right to be forgotten, and restriction;
- Fines: from $408.80 to $16,352.00, depending on the severity of the violation;
- Supervisory authority: State Cybersecurity Agency (ACE).
Exercising your rights: info@alkimiads.com. Response time: 30 business days.
| 🇵🇦 PANAMÁ Applicable Law: Law No. 81 of March 26, 2019, on the Protection of Personal Data + Executive Decree No. 285 of May 28, 2021Authority: ATTT — Public Services Authority. Special protection for data subjects within the justice system.Level of protection: High |
In 2019, Panama adopted a personal data protection law that took full effect along with its implementing regulations in 2021. The law requires a publicly available privacy policy and express consent for data processing.
Main Obligations for the Company:
- Obtain express, informed, and voluntary consent before collecting data from Panamanian citizens;
- Post a privacy policy on the website (a specific requirement of Law 81);
- For international transfers: ensure that the recipient country provides an adequate level of protection or enter into standard contractual clauses;
- Report security breaches to the data subject and the regulatory authority.
Rights of the owner:
Access, rectification, erasure, objection, and data portability. To exercise these rights: info@alkimiads.com.
| 🇭🇳 HONDURAS Applicable law: No specific data protection law. A bill is under consideration. Constitutional protection: Art. 76 of the Constitution of Honduras. Law on Transparency and Access to Public Information (Art. 3, No. 7, Arts. 24–25). Authority: No specific authority. Ordinary courts. Level of protection: Under development |
Honduras no cuenta aún con legislación específica de protección de datos personales, aunque existe un proyecto de ley en estudio. La protección se articula a través de la garantía constitucional de inviolabilidad de las comunicaciones y la Ley de Transparencia. La Empresa aplica los principios generales de esta Política a todos los influencers hondureños.
Contact for exercising your rights: info@alkimiads.com.
| 🇬🇹 GUATEMALA Applicable law: No specific personal data protection law. Bills 6103 and 6572 are currently going through the legislative process. Constitutional protection: Art. 24 of the Constitution (inviolability of communications) + Habeas Data guarantee. Authority: No specific authority. The Constitutional Court has ruled that consent is required for the use of personal data. Level of protection: Under development |
Guatemala does not have a specific data protection law, although the Constitutional Court has established through case law that the use of personal data requires the consent of the data subject. The Company applies the general principles of this Policy to all Guatemalan influencers.
Contact for exercising your rights: info@alkimiads.com.
| 🇩🇴 REPÚBLICA DOMINICANA Applicable law: Law No. 172-13 on the Protection of Personal Data, enacted on December 13, 2013. Authority: Superintendency of Banks (financial sector only). There is no independent general data protection authority for other sectors. Level of protection: Moderate—weak enforcement in non-financial sectors |
The Dominican Republic has had a data protection law in place since 2013, with two objectives: to regulate the processing of personal data in the public and private sectors, and to regulate credit reporting agencies (SIC). The absence of an independent general authority limits the effectiveness of enforcement outside the financial sector.
Principles of Law 172-13 (Art. 5):
- Lawfulness: Data must be obtained lawfully and fairly;
- Purpose: collected for specific, explicit, and legitimate purposes;
- Quality: accurate, complete, and up-to-date;
- Consent: generally required, with exceptions for the performance of a contract;
- Security: appropriate technical and organizational measures.
Derechos del titular: acceso, rectificación, cancelación y oposición. Ejercicio: info@alkimiads.com.
| 🇦🇼 ARUBA Applicable law: Landsverordening Persoonsregistratie — National Ordinance Laying Down New Rules for the Protection of Privacy in Connection with the Recording and Dissemination of Personal Data (May 19, 2011) Authority: No general data protection authority. Oversight is the responsibility of the Minister of Justice and Security. There is no registration requirement. Level of protection: Basic — framework under development |
Aruba is a constituent country of the Kingdom of the Netherlands, but it is not part of the European Union or the European Economic Area. Therefore, the European GDPR is not directly applicable in Aruba, although its principles influence local interpretation. The 2011 Ordinance establishes basic principles of data protection: consent, purpose, and limitations on transfers.
Special considerations:
- There is no requirement to register with any authority in Aruba;
- There are no specific regulations regarding the reporting of security breaches;
- Article 24(2) of the Ordinance prohibits the transfer of data from Aruba to foreign countries if the transfer could harm the data subject’s privacy; the Minister of Justice must declare such harm before the prohibition applies;
- Maximum penalty for noncompliance: 10,000 Afl. (approx. USD 5,600) (Art. 20 of the Ordinance);
- The company applies GDPR standards to Aruban influencers as a precautionary measure, given the Dutch influence on its legal system.
11. COOKIES AND TRACKING TECHNOLOGIES
Contact for exercising your rights: info@alkimiads.com.
The Company’s website uses Cookies and similar tracking technologies (such as web beacons, tags, and scripts) to track activity on our Service and store certain information. When you access the site, you will see a cookie banner allowing you to accept, reject, or customise your choice. The Company only activates non‑essential cookies upon your explicit acceptance.
Types of cookies we use:
| TYPE | DESCRIPTION |
|---|---|
| Essential / Necessary Cookies | Session cookies administered by us. Necessary for the website to function and to enable you to use its features. They help authenticate users and prevent fraudulent use of accounts. Do not require consent. |
| Cookie Policy Acceptance Cookies | Persistent cookies administered by us. They identify if users have accepted the use of cookies on the website. |
| Functionality Cookies | Persistent cookies administered by us. They remember choices you make (e.g., login details, language preference) to provide a more personal experience. |
| Analytics Cookies | Allow us to analyse website usage (e.g., Google Analytics). Require consent. |
| Marketing Cookies | Allow personalised advertising. Require consent. |
| Social Media Cookies | Allow sharing content on social media platforms. Require consent. |
Web Beacons: Certain sections of our Service and our emails may contain small electronic files known as web beacons (also called clear gifs, pixel tags, or single‑pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email, and for other related website statistics (e.g., recording popularity of a section and verifying system integrity).
For more information about the cookies we use, please see our Cookie Policy available at: https://www.alkimiads.com/cookie-policy
12. MINORS
12.1 Influencers under 18
The Company does not engage influencers under 18 years of age without written parental or guardian consent. If the Company becomes aware that it has collected personal data from a minor under 18 without such consent, it will delete such data promptly.
12.2 General minors – Children’s Privacy
Our website is not directed to anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under 13. If you are a parent or guardian and you are aware that your child has provided us with Personal Data without your consent, please contact us. If we become aware that we have collected Personal Data from anyone under 13 without verification of parental consent, we take steps to remove that information from our servers.
If we need to rely on consent as a legal basis for processing and your country requires consent from a parent, we may require your parent’s consent before we collect and use that information.
13. LINKS TO OTHER WEBSITES
Our Service may contain links to other websites that are not operated by us. If you click on a third‑party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit.
We have no control over and assume no responsibility for the content, privacy policies, or practices of any third‑party sites or services.
14. CHANGES TO THIS POLICY
The Company reserves the right to modify this Privacy Policy to adapt it to legislative changes, changes in its services, or recommendations of data protection authorities. Substantial changes will be notified at least 30 days in advance by:
- A prominent notice on the website;
- Email to active influencers and brand clients;
- Updating the “Last updated” date visible at the top of this document.
Your continued contractual relationship after the updated version takes effect implies acceptance of the changes.
15. HOW TO CONTACT US
For any queries, exercise of rights, or complaints related to the processing of your personal data:
| 📧 PrivacyContact Email: info@alkimiads.com Postal: JART GATE INC dba ALKIMIADS, Attn: Privacy Officer, 2100 Coral Way PH704, Miami, FL 33145, USA, Florida, USAWeb: https://www.alkimiads.com/privacy-policy Rights request form: https://www.alkimiads.com/data-rights ⏱ Response time: 30 calendar days from the date of receipt of the request (unless a shorter statutory period applies in your jurisdiction). |
| 🇪🇺 UNIÓN EUROPEA (GENERAL) / EUROPEAN UNION (GENERAL) Applicable law: General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) / General Data Protection Regulation (GDPR) Authority: Lead authority: AEPD (Spain, principal place of business of JART GATE EUROPE S.L.) — One-stop shop mechanism (Art. 56 GDPR)Level of protection: High — Harmonized framework across the 27 Member States |
The GDPR is the regulatory framework governing the processing of personal data in the 27 Member States of the European Union. Since JART GATE EUROPE S.L. has its main establishment in Spain, the Spanish Data Protection Agency (AEPD) acts as the lead supervisory authority for cross-border processing, in accordance with the one-stop-shop mechanism set forth in Article 56 of the GDPR.
Legal basis for processing (Art. 6 GDPR):
- Performance of the contract (Art. 6.1.b): to manage the contractual relationship with the influencer;
- Legal obligation (Art. 6.1.c): to comply with tax and labor obligations;
- Legitimate interest (Art. 6.1.f): for fraud prevention, talent portfolio management, and campaign reporting;
- Consent (Art. 6.1.a): for commercial communications and inclusion in the talent database for future campaigns.
International Data Transfers (Chapter V of the GDPR):
Transfers of personal data of EU residents to third countries (such as the U.S.) are carried out through: (a) adequacy decisions by the European Commission, where available; or (b) standard contractual clauses (SCCs) adopted by the Commission through Implementing Decision (EU) 2021/914. Intra-European transfers (between EU and EEA Member States) do not require any additional mechanism.
Rights of the data subject (Articles 15–22 of the GDPR):
Every EU resident has the right to: access (Art. 15), rectification (Art. 16), erasure or the “right to be forgotten” (Art. 17), restriction of processing (Art. 18), data portability (Art. 20), objection (Art. 21), and not to be subject to decisions based solely on automated processing that produce significant legal effects (Art. 22). The response deadline is 30 calendar days, extendable by an additional 60 days in complex cases. The data subject may also file a complaint with the supervisory authority of their Member State of residence.
Additional European regulations applicable to influencer marketing:
- Regulation (EU) 2022/2065 on Digital Services (Digital Services Act — DSA): requires that commercial communications on digital platforms be clearly identified;
- Directive 2005/29/EC on unfair commercial practices, transposed into the national laws of each Member State: it prohibits surreptitious advertising.
Exercising your rights: info@alkimiads.com. AEPD: www.aepd.es.
| 🇪🇸 ESPAÑA / SPAIN Applicable law: GDPR (Regulation (EU) 2016/679) + Organic Law 3/2018, of December 5, on the Protection of Personal Data and the Guarantee of Digital Rights (LOPDGDD) Authority: AEPD — Spanish Data Protection Agency — Primary supervisory authority for JART GATE EUROPE S.L. Level of protection: High — Main establishment of the Data Controller |
Spain is the country of primary establishment for JART GATE EUROPE S.L. (ALKIMIADS). The LOPDGDD supplements and implements the GDPR within the Spanish legal system, introducing specific provisions applicable to influencer marketing activities.
Specific provisions of the LOPDGDD relevant to influencer marketing:
- Right to digital disconnection (Art. 88): although primarily applicable to employment relationships, it reflects the principle of limiting data processing in the digital sphere;
- Right to be forgotten on internet search engines (Art. 93) and social media (Art. 94): influencers may request the removal of content that has been deindexed or posted on social media, which may affect deliverables from past campaigns;
- Protection of minors online (Art. 92 LOPDGDD): minimum age of consent: 14 years (compared to 16 under the standard GDPR). Influencers under the age of 18 are not hired without parental consent;
- Processing of Member and Collaborator Data (Art. 22): When the processing is not based on an employment relationship, the general principles of the GDPR apply.
Influencer Advertising in Spain — Applicable Regulations:
- General Advertising Law 34/1988, Art. 9: Prohibition of Covert Advertising;
- Law 3/1991 on Unfair Competition, Art. 26: Misleading omissions in commercial communications;
- AUTOCONTROL Code of Conduct on the Use of Influencers in Advertising (effective since 2021);
- CNMC Circular 1/2020: Recommendations on Influencer Practices.
Exercising your rights: info@alkimiads.com. AEPD: www.aepd.es / 901 100 099.
| 🇬🇧 REINO UNIDO / UNITED KINGDOM Applicable law: UK GDPR (Retained EU Law) + Data Protection Act 2018 (DPA 2018). Post-Brexit: The EU GDPR no longer applies directly in the UK. Authority: ICO — Information Commissioner’s Office Level of protection: High — Framework virtually identical to the GDPR |
Following the United Kingdom’s withdrawal from the European Union, the GDPR was incorporated into British domestic law as the “UK GDPR” through the European Union (Withdrawal) Act 2018, retaining virtually the same content as the European GDPR. The Data Protection Act 2018 supplements the UK GDPR with national provisions.
Key Considerations for the Company:
- Adequacy: The European Commission adopted an Adequacy Decision for the United Kingdom (June 2021), allowing the transfer of personal data from the EU to the UK without the need for additional safeguards. This decision is subject to periodic review, and the Company undertakes to update its procedures should its status change.
- UK Representative: If the Company processes the personal data of individuals in the UK on a non-occasional basis, it may be required to appoint a representative in the UK in accordance with Article 27 of the UK GDPR. The Company will assess this obligation based on the volume of its activities with influencers residing in the UK.
- ICO Registration: Organizations that process personal data in the UK may be required to register with the ICO (Information Commissioner’s Office) and pay the data protection fee.
- Influencer advertising in the UK: The ASA (Advertising Standards Authority) and the CAP Code require that advertising content be clearly identified with “Ad,” “Sponsored,” or an equivalent label. The CMA (Competition and Markets Authority) has published specific guidelines for influencers.
Rights of the data subject under the UK GDPR (equivalent to the GDPR):
Access, rectification, erasure, restriction, portability, objection, and rights regarding automated decision-making. Response time: 1 month (30 calendar days).
Exercising your rights: info@alkimiads.com. ICO: www.ico.org.uk / 0303 123 1113.
| 🇫🇷 FRANCIA / FRANCE Applicable law: GDPR (Regulation (EU) 2016/679) + Data Protection Act (Law No. 78-17 of January 6, 1978, as amended by Law No. 2018-493 and Ordinance No. 2018-1125) Authority: CNIL — Commission Nationale de l’Informatique et des Libertés Level of protection: High — CNIL exercises its own discretion and imposes active sanctions |
France has implemented the GDPR by amending its landmark 1978 Loi Informatique et Libertés. The CNIL is one of the most active data protection authorities in Europe, with its own interpretive criteria and a track record of imposing significant penalties.
Specific aspects of France relevant to influencer marketing:
- Law of June 9, 2023, on the Regulation of Commercial Influence (Influencer Law): In 2023, France passed the first European law specifically designed to regulate the activities of commercial influencers. It establishes: (a) the obligation to identify all advertising with the words “Publicité” or “Collaboration commerciale”; (b) a ban on promoting certain products (cosmetic surgery, speculative financial assets, etc.); (c) the requirement for a written contract for campaigns exceeding certain thresholds; (d) joint and several liability of the agent (ALKIMIADS) for breaches by the influencer.
- CNIL — Cookies and Tracking: The CNIL has strict criteria regarding consent for analytics and marketing cookies. The cookie banner on alkimiads.com must comply with CNIL guidelines.
- Minors: minimum age of digital consent: 15 years old in France (compared to 16 under the standard GDPR), in accordance with Article 7-1 of the amended Data Protection Act.
Rights of the data subject (equivalent to the GDPR + Art. 85 of the French Data Protection Act):
Access, rectification, erasure, restriction, portability, objection, and the right to provide post-mortem instructions regarding your personal data (specific to French law, Art. 85).
Exercising your rights: info@alkimiads.com. CNIL: www.cnil.fr / +33 1 53 73 22 22.
| 🇩🇪 ALEMANIA / GERMANY Applicable law: GDPR (Regulation (EU) 2016/679) + Bundesdatenschutzgesetz (BDSG — Federal Data Protection Act) + State data protection laws (Landesdatenschutzgesetze) Authority: BfDI — Federal Commissioner for Data Protection and Freedom of Information (federal level) + 16 state supervisory authorities (Landesbehörden)Level of protection: High — Strictest regime in the EU |
Germany has the most complex data protection framework in the European Union: in addition to the GDPR and the federal BDSG, each of the 16 federal states (Länder) has its own data protection law. Supervisory authorities are also decentralized: the BfDI oversees the federal sector, while state authorities (such as the Bayerisches Landesamt für Datenschutzaufsicht in Bavaria or the LfDI in Baden-Württemberg) oversee the private sector.
Specific aspects of Germany relevant to influencer marketing:
- Cookie Consent: Germany requires prior, free, specific, and informed consent for all non-essential cookies, including analytics cookies. The German Federal Court (BGH) confirmed in 2020 (Planet49 case) that pre-checked boxes do not constitute valid consent. The banner on alkimiads.com must comply with this standard.
- Digital Media Act (Medienstaatsvertrag — MStV): regulates advertising on digital platforms and social media. Influencers with an audience in Germany must label commercial content in accordance with §62 MStV.
- Unfair Competition Act (Gesetz gegen den unlauteren Wettbewerb — UWG): Failure to identify influencer content as advertising constitutes unfair competition. German courts have issued numerous rulings on this matter.
- Data Protection Officer (DPO): The BDSG requires the appointment of a DPO when data from 20 or more individuals is processed on a regular basis. The Company will assess this requirement based on the volume of its business activities in Germany.
Rights of the data subject (equivalent to the GDPR + §34 BDSG):
Right of access, rectification, erasure, restriction, data portability, and objection. Response time: 1 month. The data subject may file a complaint with the competent state authority in the Land where they reside.
Exercising your rights: info@alkimiads.com. BfDI: www.bfdi.bund.de.
Data Protection Authorities by Country
| País | Autoridad | Web / Contacto |
| 🇪🇺 UE (General) | AEPD (autoridad guía) + autoridades nacionales | www.aepd.es (ventanilla única) |
| 🇪🇸 España | AEPD — Agencia Española de Protección de Datos | www.aepd.es |
| 🇬🇧 Reino Unido | ICO — Information Commissioner’s Office | www.ico.org.uk |
| 🇫🇷 Francia | CNIL — Commission Nationale de l’Informatique et des Libertés | www.cnil.fr |
| 🇩🇪 Alemania | BfDI + autoridades estatales (Land) | www.bfdi.bund.de |
| 🇺🇸 EE.UU. | FTC + CPPA (California) | www.ftc.gov / www.cppa.ca.gov |
| 🇲🇽 México | INAI | www.inai.org.mx |
| 🇨🇴 Colombia | SIC | www.sic.gov.co |
| 🇦🇷 Argentina | AAIP | www.argentina.gob.ar/aaip |
| 🇨🇱 Chile | Agencia (en constitución) | www.consejotransparencia.cl |
| 🇧🇷 Brasil | ANPD | www.gov.br/anpd |
| 🇵🇪 Perú | ANPDP | www.minjus.gob.pe/proteccion-de-datos-personales |
| 🇪🇨 Ecuador | SPDP | www.spdp.gob.ec |
| 🇺🇾 Uruguay | URCDP | www.urcdp.gob.uy |
| 🇨🇷 Costa Rica | PRODHAB | www.prodhab.go.cr |
| 🇸🇻 El Salvador | ACE | www.ace.gob.sv |
| 🇵🇦 Panamá | ATTT | www.attt.gob.pa |
| 🇩🇴 Rep. Dominicana | Superintendencia de Bancos | www.sb.gob.do |
| 🇳🇮 Nicaragua | Sin autoridad específica | — |
| 🇭🇳 Honduras | Sin autoridad específica | — |
| 🇬🇹 Guatemala | Sin autoridad específica | — |
| 🇵🇾 Paraguay | Sin autoridad específica | — |
| 🇧🇴 Bolivia | Sin autoridad específica | — |
| 🇻🇪 Venezuela | Sin autoridad específica | — |
| 🇦🇼 Aruba | Ministro de Justicia (Aruba) | — |
