Last Updated: June 18, 2025
IPAC S.A. is a company committed to transparency, responsibility, and security in the processing of personal data. In compliance with the Organic Law on Personal Data Protection (LOPDP), we inform all our stakeholders —including website users, candidates, employees, customers, suppliers, and visitors— that any personal data provided will be processed in accordance with the principles of lawfulness, fairness, transparency, purpose limitation, relevance, proportionality, confidentiality, quality, accuracy, storage, security, and accountability.
This policy applies to the processing of personal data collected through our official website https://ipac-acero.com/, as well as through physical or digital forms, digital channels, and any other means authorized by the company.
At IPAC S.A., we manage our databases under strict security measures in order to ensure the protection, confidentiality, and proper use of personal information. We invite all data subjects to review our full policy, which is published at the following link: https://ipac-acero.com/politica-de-proteccion-de-datos.
This policy may be updated at any time in accordance with the applicable legal framework, while always respecting the rights of the data subjects.
IPAC S.A.
RUC: 0991344004001
Address: Vía a Daule km 10.5 , Guayaquil, Ecuador
Phone: +593 4 370 2120
This Privacy Policy applies to the processing of personal data collected through the official IPAC S.A. website https://ipac-acero.com/ or through the forms, digital channels, and/or other means enabled by the company.
This policy is addressed to all data subjects whose personal data is processed by IPAC S.A., in its capacity as the data controller.
IPAC S.A. is committed to processing personal data lawfully, fairly, and transparently, in accordance with the purposes established in the official document.
IPAC S.A. is committed to processing personal data in accordance with the principles of lawfulness, fairness, transparency, purpose limitation, relevance, proportionality, confidentiality, quality and accuracy, storage and security, and accountability, as established by the LOPDP.
The processing activities respond to legitimate, specific, and proportionate purposes, according to the nature of the relationship with each personal data subject. Below are the main processing activities carried out by IPAC S.A.:
Website Users
The personal data you provide through the «Contact Us» form—such as name, company name, national ID or tax ID (RUC), email, mobile number, and city—will be processed for the purpose of managing your requests, responding to your inquiries, and maintaining effective communication.
Additionally, if you choose to contact us via WhatsApp, your data will be used to facilitate the exchange of information and to respond to your messages in a personalized manner.
Job Applicants
Review of candidate profiles.
Validation of judicial, academic, and other background checks necessary for the profiles.
Conducting interviews and psychometric tests; selecting suitable candidates for specific areas.
Storage of information of non-selected candidates for potential future vacancies.
Security and video surveillance at the facilities.
Employees
Administration of profiles and systems.
Management of the employment relationship.
Occupational health and safety management.
Attendance and working hours control.
Security and video surveillance at the facilities.
Logistics and administrative support.
Regulatory compliance and certifications.
Corporate communications.
Visitors
Manage entry and stay within the facilities.
Verify identity through automated ID document reading (OCR), when applicable.
Guarantee the safety of people and property within the facilities.
Investigate incidents, if necessary.
Clients
Establish, maintain, and terminate a contractual relationship.
Carry out all necessary actions to confirm and update client information.
Comply with legal, regulatory, and other applicable obligations.
Credit evaluation.
Perform commercial follow-up with the goal of improving service and product quality.
Execute marketing campaigns for product promotion and other communications necessary to keep the client informed via phone call, text message, email, WhatsApp, or any integrated social network or instant messaging platform, among others.
Collection management and debt recovery.
Obtain location and geolocation data for product delivery.
Security and video surveillance at the facilities.
Suppliers
Manage selection and qualification in procurement processes.
Formalize agreements: contracts, purchase orders, conventions, etc.
Comply with legal, contractual, and applicable regulatory obligations.
Support incidents related to personal data protection management.
Manage and verify commercial and reputation background, as well as detect and/or prevent fraud and other illegal activities.
Enable physical security mechanisms within IPAC facilities.
Conduct Due Diligence management.
Security and video surveillance at the facilities.
Within the framework of its activities, IPAC S.A. processes various types of personal data in accordance with the relationship established with each data subject and the purposes previously informed. Below are the categories of data that may be processed:
Identification data
Family circumstances
Academic and professional data
Employment details
Attendance control and security data
Financial data
Special categories of data
Commercial information
Judicial and administrative data
All data processing operations carried out by IPAC S.A. have a legal basis, in accordance with the provisions established in:
Article 66, paragraph 19 of the Constitution of the Republic recognizes and guarantees individuals the following:
«19. The right to the protection of personal data, which includes access to and decision-making over information and data of this nature, as well as its corresponding protection. The collection, storage, processing, distribution, or dissemination of such personal data shall require the authorization of the data subject or a legal mandate.”
Article 92 of the Constitution (CRE) provides that:
«Every person, either by their own rights or as a duly authorized representative, shall have the right to be informed of the existence of and to access documents, genetic data, databases, or records of personal data and reports concerning themselves or their property, whether held by public or private entities, in physical or electronic format. Likewise, they shall have the right to know how such data is used, its purpose, the origin and destination of the personal information, and the retention period of the file or database. The persons responsible for databases or records of personal data may disseminate the stored information only with the authorization of the data subject or by mandate of the law. The data subject may request from the controller free access to the file, as well as the updating, rectification, deletion, or cancellation of the data. In the case of sensitive data, the storage of which must be authorized either by law or by the data subject, the adoption of the necessary security measures shall be required. If the request is not fulfilled, the data subject may seek judicial recourse. The affected individual may also file a claim for damages.”
The Organic Law on Personal Data Protection, Article 7 establishes the following regarding the lawful processing of personal data:
«The processing shall be lawful and legitimate if it meets any of the following conditions:
By consent of the data subject for the processing of their personal data for one or more specific purposes;
When carried out by the controller in compliance with a legal obligation;
When carried out by the controller by judicial order, subject to the principles established in this Law;
When the processing of personal data is based on the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, derived from a competence attributed by law, and subject to compliance with applicable international human rights standards, the principles of this Law, and the criteria of legality, proportionality, and necessity;
For the execution of pre-contractual measures requested by the data subject, or for the performance of contractual obligations pursued by the controller, processor, or a third party legally authorized to do so;
For the protection of vital interests of the data subject or another natural person, such as their life, health, or physical integrity;
For the processing of personal data contained in publicly accessible databases; or,
To satisfy a legitimate interest of the controller or a third party, provided that the interest or fundamental rights of the data subject do not prevail, as established in this Law.”
Personal data will be stored only for the period necessary to fulfill the purposes for which it was collected or subsequently processed, ensuring compliance with all applicable legal regulations.
As the owner of personal data, you have the right to exercise the rights of access, rectification and updating, deletion, objection, cancellation, restriction of processing, portability, and the right not to be subject to decisions based solely on automated processing, as well as any other rights established in the Organic Law on Personal Data Protection and its Regulations.
The mechanisms implemented by IPAC S.A. for the exercise of these rights are free of charge and include the following steps:
Complete the form “PDP FOR 04 – Rights Request.”
Send the completed form to the email address: protecciondedatospersonales@ipac-acero.com.
Attach a copy of your valid identification document. In the case of foreign nationals, the corresponding immigration document must be attached.
If acting on behalf of the data subject, a duly legalized special power of attorney must be attached to prove such representation.
In the event that you request the rectification or updating of your personal data, you must expressly indicate in the PDP FOR 04 – Rights Request the modifications requested and attach the supporting documents for your petition (e.g., birth certificate, proof of residence, etc.).
To exercise your rights, you must complete the PDP FOR 04 – Rights Request form, available online at: https://ipac-acero.com/.
It is important to highlight that parents, legal guardians, or custodians may exercise these rights on behalf of children, adolescents, or persons with disabilities, in accordance with applicable legislation.
For this reason, we suggest following the steps below:
Complete the required information in the PDP FOR 04 – Rights Request form.
Send the completed form by email to: protecciondedatospersonales@ipac-acero.com.
Attach a valid identification document to verify your identity. In the case of foreign nationals, a valid passport or immigration document must be provided.
If the request is submitted by someone other than the data subject, the document accrediting legal representation must also be attached:
In the case of minors, the following documents are required:
Birth certificate.
Identity card of the minor, parents, or the legal representative.
In the case of persons with disabilities, the following documents are required:
Identity card of the parents, or
Legal document proving representation.
In the event of requesting the rectification of personal data, you must indicate the modifications to be made in the PDP FOR 04 – Rights Request form and attach the supporting documentation for your request (e.g., birth certificate, proof of residence, or any other document evidencing and justifying the requested change to your personal data).
For further information regarding the procedure for exercising the rights of data subjects, you may consult [here].
The data subject whose personal data is being processed by IPAC S.A. may request the withdrawal of their consent at any time.
To do so, it is necessary to send a notification via email to: protecciondedatospersonales@ipac-acero.com