Privacy Policy
Last updated: April 4, 2026
This Privacy Policy (hereinafter, the "Policy") describes how Oasys Corporations, the commercial name of Grupo Empresarial Oasys, Sociedad Anónima (the Guatemalan legal equivalent of a corporation) (hereinafter, the "Company", "we" or "our"), collects, uses, stores and protects the personal information of users (hereinafter, the "User" or "you") who access the website oasyscorporations.com (hereinafter, the "Website") or who communicate with the Company through third-party messaging platforms, including WhatsApp Business, Instagram Direct and Facebook Messenger (hereinafter, the "Messaging Platforms").
By using the Website, you accept the practices described in this Policy. If you do not agree with any of its provisions, we ask that you refrain from using the Website.
1. Data Controller
The controller responsible for the processing of your personal data is:
- Company: Oasys Corporations
- Legal Name: Grupo Empresarial Oasys, Sociedad Anónima
- Country: Republic of Guatemala
- Address: Zona 9, Guatemala City, Guatemala
- Email: info@oasyscorporations.com
- Website: oasyscorporations.com
The address indicated corresponds to a mailing address and does not constitute a public-facing office. The Company operates remotely and does not receive walk-in visits without a prior appointment coordinated through the contact channels indicated above.
2. Data We Collect
2.1. Data provided voluntarily by the User
We collect the personal data you voluntarily provide when interacting with the Website:
- Contact form: name, email address, subject and message.
- Newsletter subscription: email address.
2.2. Data collected automatically
While browsing the Website, certain technical data is collected automatically:
- IP address: used for security and general geolocation purposes (country of origin).
- Browser data: browser type, version, operating system and device.
- Browsing data: pages visited, time spent, access date and time, referral URL.
- Country of origin: determined from the User's IP address.
- Security information: detection of VPN, proxy or Tor network usage, in order to prevent abuse and protect the security of the Website.
2.3. Data collected through Messaging Platforms
When the User communicates with the Company through WhatsApp Business, Instagram Direct or Facebook Messenger, the following data is collected:
- Identification data: phone number (WhatsApp), profile or username on the platform, unique user identifier provided by the platform.
- Communication content: text messages, images, documents, audio files, video, stickers, shared locations, reactions and any other content sent or received during the conversation.
- Communication metadata: date and time of sending and receiving each message, delivery status (sent, delivered, read), message direction (inbound or outbound).
- Agent data: identification of the Company collaborator who handled the conversation.
This data is stored in the Company's internal systems for the purpose of providing customer service, commercial follow-up and improving the quality of service. Additionally, Meta may independently collect and process User data in accordance with its own privacy policies, over which the Company has no control or responsibility.
3. Purpose of Processing
The personal data collected is used for the following purposes:
- Responding to contact requests: managing and responding to inquiries, requests or messages sent through the contact form.
- Sending newsletters: sending informational and commercial communications about our services, only when the User has given verified, express consent.
- Customer service via messaging: managing, responding to and following up on inquiries, requests, complaints or communications the User makes through WhatsApp Business, Instagram Direct or Facebook Messenger.
- Commercial follow-up: linking messaging conversations with the customer's or prospect's history within our internal systems (CRM) to offer personalized, continuous service.
- Quality control: retaining conversation history for internal supervision, staff training and continuous improvement of service.
- Security and abuse prevention: protecting the Website and its users by verifying IP addresses, geolocation and detecting connections through VPN, proxy or anonymization networks, in order to prevent malicious access, cyberattacks, spam and any form of abuse.
- Website improvement: analyzing browsing behavior in an aggregated and anonymous manner to improve user experience, performance and content of the Website.
4. Legal Basis for Processing
The processing of your personal data is based on the following legal grounds:
- User consent: for the submission of the contact form and newsletter subscription. The User grants consent freely, specifically, in an informed and unambiguous manner when completing and submitting such forms.
- Legitimate interest: for the collection of security data (IP address, VPN/proxy detection, geolocation) necessary to protect the Website, prevent fraud and guarantee the security of systems and users.
5. Sharing Data with Third Parties
We do not sell, rent or share your personal data with third parties for commercial or advertising purposes.
However, for the proper functioning of the Website and the provision of our services, we may share certain data with the following service providers acting as data processors:
- Meta Platforms, Inc. (WhatsApp Business API, Instagram API, Facebook Messenger API): used to manage communications with users through the Messaging Platforms. Shared data includes message content, phone number, profile name and media files exchanged. Meta may process this data in accordance with its own privacy policies, available at WhatsApp, Instagram and Facebook. The Company assumes no responsibility for the independent processing Meta performs on such data.
- Amazon Web Services (AWS) — Amazon SES: used to send transactional and newsletter emails. Shared data may include the recipient's email address.
- ipquery.io: service used for IP address security verification, including detection of VPN, proxy and Tor networks, as well as general geolocation.
- Google Analytics: web traffic analysis tool that collects browsing data in an aggregated and anonymized manner to help us understand how users interact with the Website.
- MaxMind GeoIP: geolocation service based on the User's IP address, used to determine country of origin for security and personalization purposes.
These providers access data only to the extent necessary to provide their services and are subject to their own privacy policies and confidentiality obligations.
We may also disclose personal data when required by law, court order, request from a competent authority, or when necessary to protect our legal rights, the safety of our users or the public in general.
6. Data Retention
We retain your personal data for as long as strictly necessary to fulfill the purposes described:
- Contact form data: retained for the time necessary to manage and respond to the User's request, and thereafter for the applicable legal period.
- Newsletter subscription data: retained until the User requests to unsubscribe, at which point the data will be deleted or dissociated.
- Messaging conversation data: the history of conversations conducted through the Messaging Platforms is retained while there is an active commercial relationship with the User or while necessary to follow up on pending requests, and thereafter for the applicable legal period. The User may request deletion of their conversation history by contacting info@oasyscorporations.com. This deletion applies only to records stored by the Company and does not affect data that Meta independently retains on its own systems.
- Security logs: retained for a limited, reasonable period necessary for detecting and preventing security incidents, after which they are automatically deleted.
- Web analytics data: retained in an aggregated and anonymized manner according to Google Analytics' retention policies.
7. User Rights
The User has the right to:
- Access: request information about the personal data the Company holds about you.
- Rectification: request correction of inaccurate or incomplete personal data.
- Deletion: request deletion of your personal data when it is no longer necessary for the purpose for which it was collected, or when you withdraw your consent.
- Objection: object to the processing of your personal data under certain circumstances.
- Restriction of processing: request the restriction of processing of your data in cases provided for by applicable law.
To exercise any of these rights:
- Newsletter: every newsletter email includes an unsubscribe link that allows you to opt out immediately and automatically.
- Other data: send your request to info@oasyscorporations.com, clearly indicating the right you wish to exercise and providing sufficient information to verify your identity.
We are committed to responding to your request within a reasonable period and in accordance with applicable law.
8. Data Security
The Company implements reasonable and appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, loss or accidental or unlawful destruction. These measures include:
- SSL/TLS encryption for data transmission between the User's browser and the Website.
- Restricted access controls to personal data.
- Monitoring and logging of security activities.
- Periodic updates to systems and software.
However, no data transmission or storage system on the Internet is completely secure. Therefore, although we strive to protect your information, we cannot guarantee or ensure the absolute security of data transmitted to or from the Website. The User acknowledges and accepts that the transmission of information is done at their own risk.
9. Responsibility Regarding Third-Party Messaging Platforms
The Messaging Platforms (WhatsApp Business, Instagram Direct, Facebook Messenger) are services provided by Meta Platforms, Inc. and are subject to their own terms of service, privacy policies and security standards.
The Company does not warrant or assume responsibility for:
- The security, encryption or confidentiality of data transmitted through the Messaging Platforms, whose protection depends on measures implemented by Meta.
- The processing, storage, retention or deletion of data that Meta independently performs on User information.
- Leaks, security breaches, unauthorized access or vulnerabilities originating in Meta's systems.
- Changes to Meta's privacy policies or terms of service that affect the processing of User data.
- The availability, continuity or functioning of the Messaging Platforms.
The User acknowledges that by using the Messaging Platforms to communicate with the Company, their data is processed both by the Company and by Meta, with each party responsible only for the processing carried out within its own scope of control. Users are encouraged to review Meta's privacy policies to understand the scope of the processing that company performs on their data.
10. Cookies and Similar Technologies
The Website may use cookies and similar tracking technologies for the following purposes:
- Technical or session cookies: necessary for the proper functioning of the Website, session management and security.
- Analytics cookies (Google Analytics): used to collect anonymous statistical information about Website usage, such as most visited pages, time spent and traffic sources.
The User may configure their browser to reject all or some cookies, or to receive a notification when cookies are sent. However, if you disable cookies, some Website features may not be available or may not function correctly.
11. Minors
The Website is not directed at persons under 18 years of age. We do not knowingly collect personal data from minors. If you are a parent or legal guardian and become aware that a minor has provided us with personal data without your consent, please contact us at info@oasyscorporations.com so we can take the necessary steps to delete such information.
12. International Data Transfers
Since some of our service providers (such as Amazon Web Services, Google Analytics and others) may operate in jurisdictions other than Guatemala, your personal data may be transferred and processed outside the Republic of Guatemala. In such cases, we ensure that providers have adequate protection measures in place and are subject to privacy and security policies that comply with internationally recognized standards.
13. Changes to the Privacy Policy
The Company reserves the right to modify, update or replace this Privacy Policy at any time. Modifications will take effect upon publication on the Website, and the "Last updated" date at the beginning of this document will be updated accordingly.
It is the User's responsibility to periodically review this Policy. Continued use of the Website after the publication of any modification will constitute acceptance of the modified Policy.
14. Contact
If you have questions, comments or requests related to this Privacy Policy or the processing of your personal data, you may contact us through:
- Company: Oasys Corporations
- Address: Zona 9, Guatemala City, Guatemala
- Email: info@oasyscorporations.com
- Website: oasyscorporations.com