Data Protection & DPO Contact
Data Protection & DPO Contact
This page explains how to reach Esplendor Co ("Esplendor", "we", "us", "our") on data protection matters, how to exercise your rights, and how we protect the data entrusted to us. It supplements our Privacy Policy. Esplendor is based in El Salvador, and El Salvador's data protection law is the primary framework governing us where we act as a data controller. Effective date: July 9, 2026.
Data Protection Officer / Privacy Contact
Our designated privacy contact is responsible for overseeing our compliance with applicable data protection laws and for handling privacy inquiries and requests. You can reach them at:
- General, legal, and data protection contact: contacto@esplendorco.com
- Postal address: Esplendor Co, San Salvador, El Salvador
If your inquiry concerns conversations with an end-customer of one of our merchants, please note that Esplendor acts as a data processor on that merchant's behalf under our data processing agreement (available on request at contacto@esplendorco.com); in that case, we will forward or coordinate such requests with the responsible merchant (the data controller) so that they can respond in accordance with applicable law.
Exercising Your Rights
Depending on your location and applicable law, you may have the right to request access to, rectification of, or erasure of your personal data; to restrict or object to certain processing; to data portability; and, where processing is based on consent, to withdraw that consent at any time. A full description of these rights and how to exercise them is set out in our Privacy Policy.
To submit a request in relation to data for which Esplendor is the controller, contact us at contacto@esplendorco.com. Where your request relates to conversation, order, or customer data that we process on behalf of a merchant, the merchant is the controller and you should direct your request to that merchant; we will assist the merchant in responding as required. If you are a California resident, please also see the applicable section of our Privacy Policy.
EU Representative (GDPR Article 27)
Esplendor is based in El Salvador and offers its service to businesses in Latin America. We do not currently target or monitor individuals in the European Union, and we are therefore not required to appoint a representative under Article 27 of the GDPR. If we begin offering services to individuals in the EU, we will appoint an Article 27 representative and update this document accordingly.
You may send any data protection question, including questions relating to the processing of your personal data or the exercise of your rights, to us at contacto@esplendorco.com. We retain the GDPR-related content on this page because merchants established in the European Union or the United Kingdom may install our Shopify app; where those laws apply to a merchant's processing, we support that merchant as its processor.
Lodging a Complaint with a Supervisory Authority
We encourage you to contact us first so we can try to resolve your concern directly. However, if you are in the European Economic Area (EEA) or the United Kingdom, you have the right to lodge a complaint with a data protection supervisory authority.
You may complain to the supervisory authority in the EEA country or in the UK where you live or work, or where you believe an infringement of data protection law occurred. In the United Kingdom, this is the Information Commissioner's Office (ICO). Because we are established in El Salvador and do not currently target individuals in the EU, we do not have a lead supervisory authority in the EEA; you may nonetheless approach the authority local to you, and you may also raise data protection concerns with the competent authority in El Salvador. Exercising this right does not affect any other administrative or judicial remedy available to you.
Our Security Posture
We maintain technical and organizational measures designed to protect personal data against unauthorized access, disclosure, alteration, and loss. These include:
- Encryption in transit: data exchanged with our services is protected using industry-standard transport encryption (TLS).
- Encryption at rest: sensitive credentials, including WhatsApp Business Account access tokens, are encrypted at rest.
- Access controls: access to production systems and personal data is restricted, authenticated, and logged.
- Least privilege: personnel and systems are granted only the minimum access necessary to perform their function.
- Sub-processor oversight: we engage vetted sub-processors under written agreements that impose appropriate data protection and security obligations.
No method of transmission or storage is completely secure, but we work to continuously review and improve our safeguards.
Data-Breach Notification
We have procedures in place to detect, investigate, and respond to personal data breaches. Our notification commitments reflect our dual role:
- Where Esplendor acts as a processor (for example, end-customer conversation data and Shopify order data handled on behalf of a merchant), we will notify the affected merchant, as the data controller, without undue delay after becoming aware of a personal data breach, so that the merchant can meet its own notification obligations.
- Where Esplendor acts as a controller (for example, merchant account and billing data), we will notify the competent supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of a breach, in line with GDPR and UK GDPR requirements, and will inform affected individuals without undue delay where the breach is likely to result in a high risk to their rights and freedoms.
To report a suspected security issue or data breach, contact us immediately at contacto@esplendorco.com.
This page is governed by the laws of El Salvador, and any dispute relating to it is subject to the exclusive jurisdiction of the competent courts of San Salvador, El Salvador.