Privacy Policy & Personal Data Protection Notice
Through this Privacy Policy, TEMOCHE CONSULTING states its commitment to comply with the laws and regulations applicable to the personal data we process while delivering our services. Specifically, Temoche Consulting complies with the following Peruvian legislation:
- Law No. 29733, the Personal Data Protection Law.
- Supreme Decree No. 016-2024-JUS, Regulation of Law No. 29733.
- Regulation of Law No. 29733, approved by Supreme Decree No. 016-2024-JUS.
1. About us
TEMOCHE CONSULTING S.A.C., owner of this web domain and controller of the processing activities described here, is a closed corporation with registered office at Avenida Paseo de la República 3195, Office 504, San Isidro, Lima, Peru, Peruvian taxpayer ID RUC 20610358668.
For any request related to your personal data, write to legal@temocheconsulting.com.
2. What information we collect
By channel and purpose, we collect the following categories:
a) Through the website contact form
- Identification data: name, corporate email and company.
- Commercial context: free-text the visitor chooses to share about their initiative.
Data submitted through the form is processed and transmitted via our providers Cloudflare (hosting and edge security) and Resend (email delivery), located in the United States, under the international transfer framework described in Annex 02 (standard contractual clauses).
b) Within a contractual engagement with clients
- Identification data of client personnel: name, role, email, phone, signature when applicable to review minutes.
- Economic and financial data of the client legal entity (not of the individual data subject) for billing.
- For projects requiring specific financial due diligence of the data subject (exceptional cases), explicit prior written consent is obtained pursuant to article 13.5 of Peruvian Law 29733.
We do not process biometric data or sensitive data through the website. In engagements where the client transfers sensitive data to us (e.g., payment processor environments), we act as data processor on behalf of the client (who remains the controller), following their instructions and the applicable contractual framework.
c) Site browsing
- IP addresses, user-agent and server logs for short periods (up to 30 days) for operational security purposes.
- Strictly necessary cookies for site functionality.
- Anonymous, cookieless usage analytics (Cloudflare Web Analytics); we set no analytics or tracking cookies.
We do not operate an active newsletter at this time. If we enable periodic commercial communications in the future, explicit opt-in consent will be requested and this policy will be updated.
We do not carry out automated decision-making or profiling with legal effects on the data subject: every assessment relies on human review. Providing the contact-form data is optional; if the necessary data is not provided, we will not be able to handle the enquiry or manage the requested relationship.
3. How we protect your information
We run periodic risk assessments and apply an internal Information Security Policy covering access control, incident management and backup procedures. If you detect any incident affecting your data, please report it to legal@temocheconsulting.com.
4. Rights of data subjects
Under Peruvian Law 29733 you may exercise the following rights over your personal data:
- Access: know what data we hold about you.
- Rectification: correct inaccurate or outdated data.
- Erasure / Cancellation: request deletion.
- Objection: object to specific processing activities.
- Portability: receive your data in a structured format.
- Restriction of processing.
To exercise any of these rights, email legal@temocheconsulting.com or send a postal request to our San Isidro office. You may also file a complaint with the National Authority for Personal Data Protection: Mesa de Partes MINJUS, Calle Scipión Llona 350, Miraflores, Lima, Peru.
5. Disclosures and transfers
We only disclose or transfer information to recipients strictly required to deliver our services and meet legal obligations:
- Public authorities and entities and credit bureaus (SUNAT, EsSalud, the pension fund AFP or ONP, among others).
- For employee data: the health insurer (EPS) providing health coverage and the insurer of the mandatory Vida Ley life insurance (including dependants and the beneficiaries designated by the employee), and the financial institution where wages are paid. These entities act as controllers.
- Hosting, messaging and technology service providers.
- Marketing services and contact-center providers.
- Legal and accounting advisors.
We maintain the following personal-data registers, registered with the National Registry of Personal Data Protection (RNPDP) of the National Authority for Personal Data Protection, with their respective registration codes:
- Clients (RNPDP code PJ-2026-3263)
- Prospective clients (RNPDP code PJ-2026-3264)
- Suppliers (RNPDP code PJ-2026-3265)
- Employees (RNPDP code PJ-2026-3266)
- Job applicants (RNPDP code PJ-2026-3267)
- Complaints/Claims (RNPDP code PJ-2026-3268)
The registration of these registers can be publicly consulted in the National Registry of Personal Data Protection.
6. Data retention
We retain personal data for as long as it is necessary to fulfil the purpose for which it was collected. Billing-related data and training-service data are retained for 5 years. After the service ends, data is blocked to address any pending responsibilities and is deleted after one additional year, unless a legal duty requires a longer period.
7. General terms of use and liability
a) Site availability
Temoche Consulting does not warrant the absence of interruptions, errors or content being fully up-to-date at all times.
b) Third-party links
The site may include links to third-party resources. Temoche Consulting is not responsible for the content or privacy practices of those external sites.
c) User responsibility
Users agree to use the site and the services of Temoche Consulting appropriately, in compliance with applicable law and the terms described here.
8. Governing law and jurisdiction
These terms are governed by Peruvian law. For any dispute, Temoche Consulting submits to the judges, tribunals and case law of the city of Lima, Peru.
9. Cookies policy
Our site uses only strictly necessary cookies for site operation (session, user preferences, CSRF defense). Usage analytics is anonymous and cookieless (Cloudflare Web Analytics): it sets no cookies and does not identify individuals, so it requires no consent. We show an informational notice on entry.
a) Affirmative consent
In accordance with article 13 of Peru's Law 29733 and its Regulation (Supreme Decree 016-2024-JUS), consent for non-essential cookies must be freely given, prior, express, unambiguous and informed. Continued browsing of the site without an action does not constitute consent. We currently use no non-essential cookies; if we add any in the future, their use will require your express prior consent.
b) Revoking consent
You may withdraw your consent at any time by deleting the cookies associated with this site from your browser, or by writing to legal@temocheconsulting.com to halt any derived processing.
c) How to change your cookie settings
Every modern browser (Chrome, Firefox, Safari, Edge) lets you manage cookies from its privacy settings.
10. Processing of minors' data
The site and Temoche Consulting's services are addressed to professional interlocutors of regulated enterprises (B2B). We do not process personal data of minors under 14 and we do not direct communications to that audience. If we become aware of inadvertent processing of a minor's data, we will delete it without undue delay.
11. Single point of contact for personal-data matters
Temoche Consulting S.A.C. designates the legal department as the single point of contact for personal-data matters: legal@temocheconsulting.com. The response window, pursuant to article 69 of the Regulation, is 8 days for the right to information, 20 days for access, and 10 days for rectification, cancellation or opposition.
12. Modifications to this policy
Material modifications to this policy will be announced via a prominent notice on this page for a minimum period of 30 calendar days from publication. Minor modifications (typographic corrections, supplier updates without a change of purpose) may be incorporated without prior notice, always recording the update date at the top of the document.
Annex 01: Commercial partners
Currently the services rendered by Temoche Consulting, both for service delivery and for marketing communications, do not involve business partners. There is therefore no transfer of information for additional commercial purposes.
Annex 02: Data processors and international transfers
Pursuant to article 15 of Peruvian Law 29733 and the cross-border transfer provisions of Regulation DS 016-2024-JUS, we declare below the processors that handle personal data on behalf of Temoche Consulting, specifying country, purpose and the contractual instrument that provides an adequate level of protection for the international transfer.
| Processor | Country | Purpose | Safeguard instrument |
|---|---|---|---|
| Cloudflare, Inc. | United States | Hosting, authoritative DNS, edge security, content delivery | Cloudflare DPA with the DGTAIPD model clauses (RD 074-2022) as the safeguard before the Peruvian authority, reinforced by the EU Standard Contractual Clauses (SCCs 2021/914), available at cloudflare.com/cloudflare-customer-dpa |
| Google LLC | United States | Email, internal storage and web typography | Google Workspace Data Processing Amendment with the DGTAIPD model clauses (RD 074-2022) as the safeguard before the Peruvian authority, reinforced by the EU Standard Contractual Clauses (SCCs 2021/914) |
| Resend, Inc. | United States | Email delivery | Resend DPA with the DGTAIPD model clauses (RD 074-2022) as the safeguard before the Peruvian authority, reinforced by the EU Standard Contractual Clauses (SCCs 2021/914) |
| Atlassian Corporation | United States | Project, task and documentation management | Atlassian DPA with the DGTAIPD model clauses (RD 074-2022) as the safeguard before the Peruvian authority, reinforced by the EU Standard Contractual Clauses (SCCs 2021/914) |
| Keeper Security, Inc. | United States | Secrets management and encryption | Keeper Security DPA with the DGTAIPD model clauses (RD 074-2022) as the safeguard before the Peruvian authority, reinforced by the EU Standard Contractual Clauses (SCCs 2021/914) |
| Soluciones Alegra S.A.S. | Colombia | Electronic invoicing and accounting | Alegra data-processing agreement with confidentiality and data-protection clauses |
| Indeed, Inc. | United States | Job posting and receipt of applications | Indeed DPA with the DGTAIPD model clauses (RD 074-2022) as the safeguard before the Peruvian authority, reinforced by the EU Standard Contractual Clauses (SCCs 2021/914) |
| TestGorilla B.V. | Netherlands (EU) | Skills assessment of job applicants | TestGorilla DPA with the DGTAIPD model clauses (RD 074-2022) as the safeguard before the Peruvian authority, reinforced by the EU Standard Contractual Clauses (SCCs 2021/914) |
| BoldSign (Syncfusion, Inc.) | United States | Electronic signature of contracts (clients, suppliers and employees) | Syncfusion/BoldSign DPA with the DGTAIPD model clauses (RD 074-2022) as the safeguard before the Peruvian authority, reinforced by the EU Standard Contractual Clauses (SCCs 2021/914) |
| Meta Platforms, Inc. (WhatsApp) | United States | Messaging with clients, prospects, suppliers and applicants (WhatsApp Business) | WhatsApp Business terms and Meta data-processing terms |
| Temoche Consulting LLC | United States | Intra-group processor: support and management of clients, prospects and suppliers in the English-speaking segment | Intra-group data-processing agreement with DGTAIPD model clauses (RD 074-2022) |
Foreign processors declared here operate under Standard Contractual Clauses (SCCs) as an appropriate safeguard for cross-border flows to countries lacking an adequacy decision, in accordance with article 15 of Law 29733 and articles 18, 20 and 21 of its Regulation (Supreme Decree 016-2024-JUS).
Among the processors is Temoche Consulting LLC, a company within our same corporate group located in the United States, which acts as a data processor on behalf of and under the instructions of Temoche Consulting S.A.C. for the support and management of clients, prospects and suppliers in the English-speaking segment. This transfer relies on the DGTAIPD model clauses (RD 074-2022) and does not include the Employees or Applicants databases or sensitive data.