Privacy Policy

Last updated: February 19, 2026

Athanor Tech SpA , with registered office in Santiago, Chile, and Tax ID 78.095.543-0, is committed to protecting the privacy and personal data of our users, clients, website visitors (https://athanor-tech.com/), demo participants, Microsoft partners, and any individuals whose personal data we process in connection with our services in sovereign and agentic AI, IT consulting, digital transformation, cybersecurity, custom software development, and e-learning platforms.

This Privacy Policy explains how we collect, use, store, protect, and (when necessary) share your personal data, in compliance with Chilean Law No. 19.628 on the Protection of Private Life (currently in force) and in anticipation of the strengthened requirements under Law No. 21.719 (full effect December 1, 2026), including data sovereignty principles (Laws 21.663 and 21.719).

1. Personal Data We Collect

We collect personal data only when necessary and to the minimum extent required:

- Basic identification data: name, surname, job title, company, RUT (when required), email address, phone number.

- Professional contact data: corporate email, LinkedIn or other professional profiles (if voluntarily provided).

- Interaction data: inquiries, emails, chat messages, form submissions, demo registrations, webinar attendance, usage of Athanor Nexus or Microsoft 365-based solutions (Copilot agents, SharePoint integrations).

- Technical data: IP address, browser type, device information, essential/analytical cookies (with opt-out option), access logs to platforms.

- Sensitive data (only in exceptional cases and with explicit consent): data revealing political opinions, religious beliefs, health, or ethnic origin, solely when strictly required for specific GRC or compliance projects.

We do not collect unnecessary data nor perform solely automated decisions with legal effects without human intervention.

2. Purposes of Processing

We process your personal data exclusively for:

- Managing inquiries, demos, commercial proposals, and pre-contractual steps.

- Delivering and improving our services (sovereign AI agents, IT consulting, cybersecurity, Microsoft 365 integrations).

- Fulfilling contracts with clients and Microsoft Partner Network obligations.

- Sending commercial/technical communications (newsletters, Athanor Nexus updates) only with prior consent.

- Complying with legal obligations, responding to authority requests, and defending legal rights.

- Aggregated analytics to enhance website and service experience (no individual profiling without legal basis).

3. Legal Basis for Processing

- Explicit consent (e.g., form submissions, newsletter sign-up).

- Performance of a contract or pre-contractual measures (proposals, demos).

- Legitimate interests (platform security, fraud prevention, B2B direct marketing in permitted cases).

- Legal obligation (regulatory compliance, authority requests).

In sovereign AI solutions, all processing occurs within the client’s Microsoft 365 tenant or controlled sovereign environments — no external data leakage.

4. Sharing and International Transfers

We do not sell or rent personal data. We share data only when strictly necessary:

- With subprocessors (e.g., Microsoft for cloud infrastructure) under signed Data Processing Agreements (DPAs).

- With competent authorities when legally required.

- In the event of merger, acquisition, or corporate restructuring (with prior notice where required).

International transfers: Any transfer outside Chile (e.g., Microsoft cloud regions in the US) is safeguarded by appropriate mechanisms (standard contractual clauses, binding corporate rules, or future adequacy decisions by the Chilean Data Protection Agency).

5. Data Security

We implement technical and organizational measures aligned with ISO 27001, NIST frameworks, and Chilean data sovereignty standards:

- Encryption in transit and at rest.

- Role-based access control (RBAC) in Microsoft 365 environments.

- Regular security audits and incident response procedures.

- Data minimization and limited retention (only as long as necessary or required by law).

6. Your Rights as Data Subject

You may exercise the following rights free of charge at any time:

- Access, rectification, cancellation, and opposition (ARCO rights under Law 19.628).

- Portability, restriction of processing, and erasure (expanded under Law 21.719 from December 2026).

Send your request to: privacy@athanortech.net

We will respond within a maximum of 10 business days (or the legally applicable term).

7. Cookies and Similar Technologies

We use essential, analytical, and (optionally) marketing cookies. You can manage preferences via the cookie banner or browser settings.

8. Changes to This Policy

We may update this policy to reflect regulatory changes (especially Law 21.719 full implementation). Material changes will be notified via email or prominent notice on our website.

9. Contact

Data Controller: Athanor Tech SpA

Email: privacy@athanortech.net

Thank you for trusting Athanor Tech with your sovereign AI and digital transformation needs.