POLÍTICA DE PRIVACIDAD – Jamaica

The Privacy Policy is applicable to the entire STT Group corporation in Jamaica, to our employees, job candidates, clients, potential clients and suppliers.

 

When we provide services as a supplier, the company we provide the service is responsible for defining the purposes and means of processing your personal data, so that, in this case, the data processed is subject to the client’s privacy policy, unless otherwise indicated. 

The Data Privacy Act (2020) defines two important figures: the Controller and the Processor.

The Controller It is the person or company — public or private — that decides how and why personal data will be used.

Already the Processor is the person or company — whether public or private — that processes this data following the Controller’s instructions.

The STT Group is the Personal Data Controller of the personal data processing activities described in this Policy, except for specific provisions of processes previously informed to the data subjects.

This section describes the different types of information we collect and how we use it.

4.1. Job candidates: If you are participating in a recruitment and selection process at Grupo STT, we may collect:

1. Identification data: such as name, age, email, telephone number and other information contained in your professional CV.
2. Academic and professional data: such as your academic and professional experience, certifications and other information contained in your professional CV.

4.2. Workers: If you are an internal employee or a collaborator on STT Group projects, we may collect: 

1. Identification data: such as full name, birth date, email, telephone number and number of ID.
2. Financial data: Bank account number.
3. Third party data: Names of parents, dependents or beneficiaries.
4. Academic and professional data: Such as your academic and professional experience, certifications and others contained in your professional resume.
5. Data of minors: name of dependents or beneficiaries (if minors).
6. Copy of documents: such as birth certificate, TRN (like driver’s licence), national ID, proof of address, NIS. 

 

4.3. Potential clients: If you are a potential STT Group client, we may collect:

1. Identification data: name, position, telephone number and/or email of the contact person at the company. 

 

We may collect information directly from you if you contact a Grupo STT sales representative, but we may also collect information from various public sources such as Linkedin. In this case, we will always notify you how the information was collected. 

4.4. Clients: If you are a client or partner of Grupo STT, we may collect the following information:

 

1. Identification data: Name, telephone number, email address, address and country of residence of the legal representative.
2. Identification documents: Copy of the identification document of the legal representative valid in the country (which may contain date of birth and name of parents)
3. Company documents: Where there is information such as the name and identity number of administrators.

4.5. Suppliers: If you are a supplier to Grupo STT, we may collect the following information:

1. Identification data: Name, telephone number, email address, address and country of residence of the legal representative.
2. Identification documents: Copy of the identification document of the legal representative valid in the country (which may contain date of birth and name of parents)
3. Company documents: Where there is information such as the name and identity number of administrators.

4.6. Cookies and similar technologies: We inform you that on our website we use cookies, web beacons or other technologies through which it is possible to monitor your behavior as an internet user, in addition to providing you with a better service and browsing experience on our website. The personal data we collect through these technologies may include:

technical information, including Internet Protocol (IP) address (used to connect your computer to the Internet), browser type and version, time zone setting, operating system and platform, the type of device that uses a unique device identifier address (for example, your device’s IMEI number and the mobile phone number used by the device), mobile network information, your mobile operating system and the type of mobile browser you use, required by essential cookies.

To better understand how we process cookies, please see our Cookie Policy.

In this section We describe how and why we use your personal information, as well as inform you about sharing personal data with third parties.

5.1.  For what purposes do we process your personal data? 

1. Job candidates: To carry out the recruitment and selection process for a job vacancy, and store the information for future vacancies, when the data subject consents.
2. Workers: To comply with labor and administrative obligations, train employees internally, carry out internal and external audit processes, manage payroll, offer well-being programs and sessions at Grupo STT. 

 

For other specific cases that may arise during the employment contract, the data subject is informed of the purpose and, if consent is necessary, it will be requested in an express and informed manner.

 

1. Potential clients, clients and suppliers: to prospect potential clients, to fulfill contractual, tax and accounting obligations, to fill out the Know Your Client – KYC form, to inform about new products and services and to meet regulatory and judicial requirements.  

5.2.  Legal basis for information processing

For the use of personal information to be legal, it is necessary to have a reason provided by law, this is called legal basis.

The reason we use your personal information depends on why we need it. Some common reasons include:

1. Consent: You gave us clear permission to use your information.
2. Contract: We need your information to provide a service or do something we agreed to in a contract.
3. Legal Duty: The law requires us to use your information.
4. Vital Interests: We need to use your information to protect your life or someone else’s.
5. Legitimate Interests: We have a good reason to use your information, as long as it doesn’t unfairly affect your rights.

It is important to know that, whenever your consent is required, the STT Group will ask clear, direct and with all the necessary information, so you know exactly what you’re agreeing to.

When the legal basis used is the legitimate interest, the STT Group guarantees that it has conducted an impact assessment — called DPIA (Data Protection Impact Assessment). This assessment serves to make sure that the use of your data does not put your rights, freedoms or guarantees at risk.

 

5.3. STT Group’s Obligations to Process Personal Data

1. a) Guarantee the Data Subject, at all times, the full and effective exercise of the rights of Access, Rectification, Cancellation, and Objection (ARCO Rights);
2. b) Guarantee the Data Subject, at all times, the full and effective exercise of the right to habeas data (if applicable);
3. c) Request and retain, under the conditions provided by law, a copy of the respective authorization granted by the Data Subject;
4. d) Duly inform the Data Subject of the purpose of the collection and the rights they have under the authorization granted;
5. e) Keep the information under the necessary security conditions to prevent its alteration, loss, unauthorized or fraudulent access, consultation, use, or processing;
6. f) Ensure that the information provided is truthful, complete, accurate, up-to-date, verifiable, and understandable;
7. g) Update the information regarding any new developments in the data previously provided and take any other necessary measures to ensure that the information provided remains up-to-date;
8. h) Correct information when it is incorrect;
9. i) Provide only data whose processing has been previously authorized in accordance with the law;
10. j) Demand compliance with the security and privacy conditions of the Data Subject’s information;
11. k) Process inquiries and complaints in accordance with the terms established by law;
12. l) Inform the Data Subject when certain information is being disputed, once the complaint has been filed and the respective process has not been completed;
13. m) Inform the Data Subject, upon request, about the use of their data.

 

5.4. Sharing with Third Parties

On some occasions, personal information may be shared with third parties outside the STT Group for the purpose of providing the contracted service and supporting specific activities, such as external legal support and supplier support. Some examples include:

 

1. Health benefits and agreements, where applicable
2. Lead prospecting, using search tools such as Sales Navigator (LinkedIn)
3. Sending documents for digital signature
4. Research and legal support in lawsuits and judicial analysis

 

Third parties contracted by STT Group are also required to adhere to and comply with this Privacy Policy, STT Group’s information security policies and manuals, as well as the security protocols we apply to all our processes.

We have implemented several legal safeguards for sharing with third parties, including Personal Data Processing Agreements (DPAs) and internal information security policies.

 

Every STT contract with third parties (contractors, external consultants, temporary collaborators, etc.) that involves the processing of information and personal data of our clients, suppliers, and/or collaborators includes a confidentiality agreement detailing their commitments to the protection, care, security, and preservation of confidentiality, integrity, and privacy.

The STT Group is a company with global operations. Therefore, the personal data processed by us can be shared with other Group units in other countries, whenever this is necessary to provide the requested service or comply with contractual and legal obligations.

Example: Imagine that an STT Group employee in Jamaica needs the support of the IT team located in another country to resolve a technical issue. For this, some data can be shared with this international team, but always following these safety measures, ensuring that your information remains protected.

Furthermore, if we are providing an international service, the information may also be shared between the STT Group and the customer outside Jamaica, safely and in accordance with the law.

To ensure the security in international transfers of personal data, the STT Group adopts several protection measures. Some examples are:

1. Standard Contractual Clauses (SCC’s), which ensure that data receives the same level of protection, even when sent outside the country;
2. Privacy Policies which apply to the entire company, in all countries where the Group operates;
3. Clauses in employment contracts, which reinforce care and responsibility in the use and sharing of data;
4. Internal rules for access and transfer of information, which clearly define who can access the data and in what situations.

An international transfer of personal data will be done while the contract lasts. After that, the data will only be kept if it is really necessary — for example, when the STT Group needs to comply with legal or regulatory obligations, such as tax, labor or accounting requirements.

Below you can see which subsidiaries of the STT Group have access to the different databases, according to the criteria explained previously — such as the purpose of the processing, the legal basis used and the need for each area or operation.

 

DATABASE	COUNTRY	FILIAL
Recruitment and Selection	Costa Rica, Brazil and Colombia	STT GROUP DE CR S.A SUPPLYING TOTAL TALENT SAS (COL) STT RECRUTAMENTO & SELEÇÃO DE MÃO DE OBRA LTDA (BR)
Internal collaborators	Costa Rica, Colombia and Nicaragua	STT GROUP DE CR S.A SUPPLYING TOTAL TALENT SAS (COL) SUPPLYING TOTAL TALENT, S.A. (NIC)
Project collaborators	Costa Rica	STT GROUP DE CR S.A
Clients and potential clients	Costa Rica, Brazil and Colombia	STT GROUP DE CR S.A SUPPLYING TOTAL TALENT SAS (COL) STT RECRUTAMENTO & SELEÇÃO DE MÃO DE OBRA LTDA (BR)
Suppliers	Costa Rica and Colombia	STT GROUP DE CR S.A SUPPLYING TOTAL TALENT SAS (COL)

Furthermore, the STT Group commercial team uses a Unified CRM, which means that the customer and potential customer information can be accessed by commercial teams from different regions.

To ensure the security and appropriate use of this data, the STT Group adopts a specific technology use policy, which defines clear rules about how this confidential information should be accessed, treated and protected.

This policy applies to the entire regional STT Group corporation and to anyone who has access to confidential data, reinforcing the commitment to privacy and information protection.

To understand all STT Group subsidiaries, consult the Annex 1

The STT Group has information security policies, procedures and standards to protect personal data under its responsibility. These measures aim to ensure the integrity, confidentiality and availability of information. These rules may be updated at any time, as decided by the Group itself.

Below we share the main security measures adopted:

• Transmission and storage of confidential data with encryption and secure protocols;
• Protection of systems and equipment used in data processing;
• Access restriction information only to authorized persons;
• Backup regular of information;
• Safe practices in software development and internal systems.

Only authorized people — whether internal employees or service providers — can access the data processed by Grupo STT.

When necessary to share information with suppliers for the execution of certain services, the STT Group requires these suppliers to adopt all necessary technical, administrative and organizational measures to comply with this Privacy Policy and the information security standards.

Furthermore, all contracts with third parties include a confidentiality agreement, which reinforces the commitment to data protection, security and confidentiality personal and corporate.

Your personal data will be kept during the term of the contract and also for the period required by laws and regulations — such as labor, accounting and tax standards. To achieve this, the STT Group follows a Document Retention and Destruction Policy, which ensures proper storage of information and safe disposal at the right time.

You, as the data subject, have rights guaranteed by the Data Privacy Act (2020), in relation to the way your information is processed by Grupo STT.

Our contact channel is available so you can:

1. Clarify doubts about this Privacy Policy;
2. Send complaints if you are not satisfied with the way your data is being treated;
3. Exercise your rights provided for by law.

The main rights you can exercise include:

• Access Your Data: You can ask to see what personal information a company or organization has about you
• Fix Mistakes: If your information is wrong or incomplete, you can ask for it to be corrected.
• Delete Your Data: In some cases, you can ask for your information to be deleted, especially if it’s no longer needed or you take back your consent.
• Limit Use of Your Data: You can ask to limit how your information is used in certain situations—like if you think it’s not accurate.
• Say “No” to Use: You can say no to your information being used, especially when the legal basis is the consent.
• Take Your Data Somewhere Else: You can ask for your information to be sent to you or another organization in a format that’s easy to use.
• No Automatic Decisions: You can say no to decisions made about you by computers only (without a human involved), especially if it affects you in a big way.

To exercise your rights, contact Grupo STT via email to privacidadinformacion@grupostt.com  

The STT Group is committed to responding to requests from holders of personal data within 30 days, counted from the date of the order.

If this Privacy Policy passes significant changes, an effective date will be updated and the new version will be available for 30 days for users’ knowledge.

By continuing to use our websites and services after the new version comes into force, we will understand that you read, understood and agrees with the changes carried out in this Policy.

México (JEMO Y ASOCIADOS, S.A.)

In the case of personal information and data processed in Mexico, the procedures for exercising the holders’ rights will be those provided for in the Federal Law on the Protection of Personal Data held by Private Persons (DOF 03/20/2025).

For this country, via email privacidadinformacion.mx@grupostt.com  The STT Group will be attentive to resolve requests, doubts and complaints from holders and to carry out any updating, rectification and deletion of personal data.

Nicarágua (SUPPLYING TOTAL TALENT, S.A.)

The Data Protection Law (Law No. 787 of March 21, 2012) governs personal data protection issues in Nicaragua.

For this country, via email privacidadinformacion@grupostt.com  The STT Group will be attentive to resolve requests, doubts and complaints from holders and to carry out any updating, rectification and deletion of personal data.

Costa Rica (STT GROUP DE CR S.A., GBS DATA CORPORATION S.A., S.T.T. CENTROAMERICA S.A., PAYROLL OUTSOURCING S.A., INTERNATIONAL TALENT OUTSOURCING SOLUTIONS ITOS S.A)

The Law on the Protection of Individuals Against the Processing of their Personal Data (Law No. 8,968 of November 5, 2011) of Costa Rica and its Regulations (Executive Decree No. 37,554-JP of March 5, 2013 and the reform through Executive Decree No. 40,008 of December 6, 2016), establish the rights that holders of personal data have in relation to their processing. 

For this country, via email privacidadinformacion@grupostt.com  The STT Group will be attentive to resolve requests, doubts and complaints from holders and to carry out any updating, rectification and deletion of personal data.

Colômbia (SUPPLYING TOTAL TALENT SAS, STT GROUP SUCURSAL COLOMBIA S.A. – SUCURSAL DE STT GROUP DE CR S.A., BETA SERVICIOS TEMPORALES S.A.S)

In the case of personal information and data processed in Colombia, and in the development of the security principle established in Law 1,581 of 2012 and its regulatory decrees. 

For this country, via email privacidadinformacion@grupostt.com  The STT Group will be attentive to resolve requests, doubts and complaints from holders and to carry out any updating, rectification and deletion of personal data.

Peru​ (GRUPO STT PERU, S.A.C.)

In the case of personal information and data processed in Peru, the procedures for exercising the holders’ rights will be those provided for in Law 29,733 and Supreme Decree 003-2013-JUS (hereinafter referred to as the Law and its Regulations). 

For this country, via email privacidadinformacion@grupostt.com  The STT Group will be attentive to resolve requests, doubts and complaints from holders and to carry out any updating, rectification and deletion of personal data.

Ecuador (TOTAL TALENT ECUADOR TOTAECUA S.A.)

In the case of personal information and data processed in Ecuador, and in the development of the principle of proactive and demonstrated Responsibility, the procedures for exercising the rights of holders will be those provided for in the Organic Law for the Protection of Personal Data (LOPD).

For this country, via email privacidadinformacion@grupostt.com  The STT Group will be attentive to resolve requests, doubts and complaints from holders and to carry out any updating, rectification and deletion of personal data.

Panama (GRUPO STT PANAMÁ S.A.)

In the case of personal information and data processed in Panama and in the development of the principle of proactive and demonstrated Responsibility, the procedures for exercising the rights of holders will be those provided for in Law No. 81 of 2019 on the Protection of Personal Data and in Executive Decree No. 285 of 2021, which regulates the Personal Data Protection Law.

For this country, via email privacidadinformacion@grupostt.com  The STT Group will be attentive to resolve requests, doubts and complaints from holders and to carry out any updating, rectification and deletion of personal data.

Argentina (SUPPLYING TOTAL TALENT S.A.S.)

In the case of information and personal data whose processing is carried out in Argentina and in development of the principle of information and confidentiality, the procedures for exercising the rights of holders will be those provided for in Law 25,326/2000, which deals with the protection of personal data and in Decree 1,558/2001 which regulates the Personal Data Protection Law.

For this country, via email privacidadinformacion@grupostt.com  The STT Group will be attentive to resolve requests, doubts and complaints from holders and to carry out any updating, rectification and deletion of personal data.

Dominican Republic (STT GROUP DE LA REPÚBLICA DOMINICANA S.R.L., SUPPLYING TOTAL TALENT RD, SRL (ZONA LIVRE)

In the case of personal information and data processed in the Dominican Republic, the procedures for exercising the holders’ rights will be those provided for in Law 172 of 2013.

For this country, via email privacidadinformacion@grupostt.com  The STT Group will be attentive to resolve requests, doubts and complaints from holders and to carry out any updating, rectification and deletion of personal data.

Uruguay (PINAMEL S.A. , REFUERTE S.A.)

In the case of information and personal data processed in Uruguay, and in the development of the principle of proactive and demonstrated Responsibility, the procedures for exercising the rights of holders will be those provided for in Law No. 18,331/2008 which deals with the Protection of Personal Data and in Decree No. 414/2009 which regulates said Law.

For this country, via email privacidadinformacion@grupostt.com  The STT Group will be attentive to resolve requests, doubts and complaints from holders and to carry out any updating, rectification and deletion of personal data.

El Salvador (STT GROUP DE EL SALVADOR S.A. DE CV)

In the case of personal information and data processed in El Salvador, the procedures for exercising the holders’ rights will be those provided for in Decree No. 144, which deals with the Personal Data Protection Law.

For this country, via email privacidadinformacion@grupostt.com  The STT Group will be attentive to resolve requests, doubts and complaints from holders and to carry out any updating, rectification and deletion of personal data.

Honduras (STT GROUP DE HONDURAS S.A. DE CV) AND GUATEMALA (FIND YOUR JOB, S.A.)

In the case of personal information and data processed in Honduras and Guatemala, it is clarified that there is no specific legislation for the protection of personal data. However, as a good practice of the STT Group, the procedures for exercising holders’ rights will govern what is described in this Privacy Policy.

For this country, via email privacidadinformacion@grupostt.com The STT Group will be attentive to resolve requests, doubts and complaints from holders and to carry out any updating, rectification and deletion of personal data.

Brazil (JMM TERCEIRIZACAO DE MAO DE OBRA LTDA and STT RECRUTAMENTO & SELEÇÃO DE MÃO DE OBRA LTDA)

In the case of information and personal data processed in Brazil, and in accordance with the security principle established in the General Data Protection Law No. 13709/18, STT Group will adopt the necessary technical, human, and administrative measures to ensure the security of the records, preventing their unauthorized or fraudulent manipulation, loss, consultation, use, or access.

To exercise your rights as data subject, including access, rectification, deletion, alteration, or any complaint regarding the way your personal data is processed, please contact the Personal Data Protection Officer: privacidade@grupostt.com.