Page 1

Law No. 172-13 which aims at the comprehensive protection of personal data
recorded in archives, public registers, data banks or other technical means
of data processing intended to give reports, be these public or private.
GO No. 10737 of December 15, 2013.

THE NATIONAL CONGRESS
In the name of the Republic

Law No. 172-13

CONSIDERING FIRST: That the right to privacy and personal honor is a
fundamental right enshrined in the Constitution of the Dominican Republic and recognized
by all international conventions and treaties on human rights.
CONSIDERING TWO: That intimacy encompasses the private sphere of the life of a
person, prohibited for all others, as regards information, data and
situations that arise in this area, which should also enjoy the protection
adequate before the interference of unauthorized third parties.
CONSIDERING THIRD: That everyone has the right to decide on the
use of the data that exist about it and its assets, being able to access them from
freely and demand the updating, rectification or destruction of such data when not
be true.
CONSIDERING FOURTH: That everyone has the right to access information and
to the data that about her or her assets rest in the official or private registers, as well as
know the destination and the use made of them.
CONSIDERING FIFTH: That it has become common practice in our country to disclose,
use and commercialization of personal data of citizens, and that it is necessary
strengthen the legal framework for the adequate and correct treatment of information
personal.
CONSIDERING SIX: That this practice must be regulated in accordance with the law and the
fundamental rights guaranteed by the Constitution of the Dominican Republic to the
citizens.
CONSIDERING SEVENTH: That in the Dominican Republic, in recent times,
crimes and crimes concerning the usurpation or theft of the
identities of natural persons, causing them considerable economic damage. On
Consequently, it is imperative to legally regulate so that in public records and
private identification techniques are used that make it difficult or impossible to steal the
identities of natural persons at the time of contracting goods and services before the
public organizations, public companies and private companies in the Dominican territory.
SEEN: The Constitution of the Republic proclaimed on January 26, 2010.
SEEN: The Universal Declaration of Human Rights, of December 10, 1948.

Page 2

VISTA: The Resolution No.684 of 27 October 1977 approving e l Pact
International Civil and Political Rights sponsored by the United Nations, from 23
March 1976.
VISTA: The Resolution No.739 of 25 December 1977 approving l to
Inter-American Convention on Human Rights, signed in Washington by the Republic
Dominican Republic, on September 7, 1977.
VIEW: Law No.19-01, which creates the Ombudsman, of the 1st. February 2001.
SEEN: The General Health Law, No. 42-01, of March 8, 2001.

HAVING SEEN : Law No. 76-02 that establishes the Criminal Procedure Code of the Dominican Republic,
of July 19, 2002.
VIEW: Law No. 136-03 that creates the Code for the Protection System and Rights
Fundamentals of Boys, Girls and Adolescents, of August 7, 2003.
SEEN: The General Law of Free Access to Public Information No. 200-04, of 28
July 2004.
SEEN : Law No. 288-05 that regulates Credit Intermediation Companies and
Protection of the Information Holder, dated August 18, 2005.
SEEN : Law No. 176-07 of the National District and Municipalities, of July 17, 2007.
SEEN: The General Law of Archives of the Dominican Republic No. 481-08, dated 11
December 2008.
VIEW: The Organic Law of the Constitutional Court and Procedures
Constitutional, No. l37-11, of June 13, 2011.
HAVING SEEN : Resolution No. 357-05, of September 9, 2005, which approves the Treaty of
Free Trade, signed between the Dominican Republic-Central America and the United States
America, on August 5, 2004.
SEEN : Law No. 3726 on Cassation Procedure, of December 29, 1953,
and its modifications.
HAS GIVEN THE FOLLOWING LAW:
CHAPTER I
INITIAL PROVISIONS
SECTION I
OF THE OBJECT, SCOPE, SCOPE OF APPLICATION,
RESTRICTIONS AND PRINCIPLES
Article 1.- Purpose. The purpose of this law is the comprehensive protection of data
personnel recorded in files, public registers, data banks or other technical means of
treatment of data intended to give reports, whether public or private, as well as

Page 3

guarantee that the right to honor and privacy of individuals is not infringed, and also
facilitate access to the information that is recorded on them, in accordance with the
established in Article 44 of the Constitution of the Dominican Republic.
In the same way, it regulates the constitution, organization, activities, operation and extinction
of the Credit Information Companies (SIC), as well as the provision of the services of
credit references and the supply of information in the market, guaranteeing respect for
privacy and the rights of its holders, promoting truthfulness, precision,
the effective updating, confidentiality and appropriate use of such information.
In no case will journalistic information sources be affected.
Article 2.- Scope. This law is applicable to personal data
registered in any data bank that makes them susceptible to treatment, and to all
modality of subsequent use of this data in the public and private spheres.
Article 3.- Scope of application. The rules of this law are of public order and of
application throughout the national territory.
Article 4.- Restrictions. The personal data protection regime does not
will apply:
1.

To the personal data files maintained by natural persons in the exercise of
exclusively personal or domestic activities.

two.

To the personal data files established by the investigation bodies and
intelligence agencies of the Dominican Republic in charge of the prevention,
and punishment of crimes and offenses.

3.

To the files of personal data referring to deceased persons. However,
persons linked to the deceased, for family or similar reasons, may contact
those responsible for the personal data files or treatments that contain
data of this in order to notify the death, providing accreditation
enough of it.

Four. To the processing of data referring to legal persons, or to data files
personal data that are limited to incorporating the data of the natural persons who provide their
services in those, consisting of their names and surnames, functions or positions
performed, as well as the postal or electronic address, telephone and fax number
professionals.
Article 5.- Principles. This law is based on the following principles:
1.

Legality of personal data files. Personal data files are not
may have purposes contrary to the law or public order, being duly
registered and attached to the principles established in this law.

two.

Data quality. The processing of personal data and information or its
goods must be made respecting the principle of quality, that is:
to)

The personal data that is collected for the purposes of its treatment must be
certain, adequate and pertinent in relation to the scope and purpose for which the
would have obtained.

b)

The data must be accurate and updated in the event that this is

Page 4

necessary.

3.

c)

The data that is totally or partially inaccurate, or that is incomplete, must be
deleted and replaced, or, where appropriate, completed by the person responsible for the
file or database when there is knowledge of the inaccuracy or
incomplete nature of the information in question, without prejudice to the
rights of the owner of the data established in this law.

d)

The data must be stored in a way that allows the exercise of the right
access of its owner.

Right of information. When personal data is collected that requires the
consent of the owner of the data, so that they can be given the treatment of
data or be transferred after obtaining said consent, you must inform
previously, to at least one of the owners of the data, expressly and
clear, explaining:
to)

The purpose for which they will be destined and who may be their recipients
or class of recipients.

b)

The existence of the file, registry, data bank or any other type of
in question and the identity and address of the person responsible.

c)

The possibility of the interested party to exercise the rights of access, rectification and
deletion of data.

Four. Consent of the affected party. The treatment and transfer of personal data is illegal
when the owner of the data has not given their free, express and
aware, which must be in writing or by other means that allows you to be
match, according to circumstances. The aforementioned consent, given with
other statements must appear in an express and prominent way, after notification
to the required data described in paragraph 3 of this article.
They are exempt from the consent requirement referred to in this article.
all investigative and intelligence agencies of the State in charge of the
prevention, prosecution and punishment of crimes and offenses, with prior authorization from
competent judicial authority.
Financial intermediation entities, economic agents and others
natural or legal persons who have contracted the information services with the
Credit Information Societies (SIC), before requesting and obtaining a credit report
credit must obtain from the owner of the data the express consent and by
written, indicating in said permission that the owner of the data authorizes that it may be
consulted in the databases of the Credit Information Societies (SIC).
It will be the responsibility of the contracting users of the services of the
Credit Information (SIC) collect and save the permissions of the holders of the
information for a period of six (6) months, from the moment said
permission was signed by the owner of the information. Within this period, the owner will not
will allege the lack of your authorization to consult the Information Society
Credit (SIC).
Users or subscribers must keep absolute confidentiality regarding the
content of the credit reports provided by the Companies
Credit Information Office (SIC). In case of violation of the duty of confidentiality

Page 5

by the user or subscriber, they will be solely responsible for their actions
willful, as well as for their negligence and recklessness.
5.

6.

Data security. The person responsible for the personal data file and, where appropriate,
the person in charge of the treatment, must adopt and implement measures of the
technical, organizational and security necessary to safeguard personal data
personal data and avoid its alteration, loss, treatment, consultation or unauthorized access.
In consecuense:
to)

It is forbidden to record personal data in files, registers or banks of
data that do not meet technical integrity and security conditions.

b)

The data contributors, the Credit Information Societies (SIC) and the
Users or subscribers must adopt technical measures and controls
necessary to avoid alteration, loss, treatment or unauthorized access
of the data on credit history that they manage or rest in the database
Credit Information Societies (SIC).

c)

Credit Information Societies (SIC) must adopt measures
appropriate to protect your databases against natural hazards, such as
accidental loss or destruction per claim, and against the risks
human rights, such as unauthorized access, covert use of data, or
computer virus contamination.

Duty of secrecy. The person responsible for the personal data file and who
involved in any phase of the processing of personal data are
obliged to professional secrecy regarding them and the duty to keep them,
obligations that will subsist even after terminating your relationship with the owner of the
file of personal data or, where appropriate, with the person responsible for it, unless it is
relieved of the duty of secrecy by judicial resolution and when there are reasons
founded on public security, national defense or public health.
Taking into account this principle, the duty of secrecy will also contemplate:
to)

The obligated party will be relieved of the duty of secrecy by judicial resolution and when
there are well-founded reasons related to public safety, national security
or public health.

b)

All natural or legal persons, public or private entities,
duly recognized as users or subscribers of a Society of
Credit Information (SIC), who have access to any information
related to the history of a data subject, in accordance with this
law, they must keep due reserve regarding said information and, in
Consequently, it will not disclose to third parties, unless it is a
competent authority. Public officials or private employees who with
reason for the positions they hold have access to the information that
deals with this law, they are obliged to keep due reserve, even when they cease to
its functions.

c)

Outside of the purposes established in this law, the disclosure, the
publication, reproduction, transmission and recording of partial content
or total of a report of any kind from a Company of
Credit Information (SIC), referring to a holder of the data, in any
of its manifestations, in any mass media, be it
print, television, radio or electronic.

Page 6

7.

Loyalty. The prohibition of collecting data by fraudulent means is imposed,
unfair or illegal.

8.

Purpose of the data. The data will only be collected for processing, when they are
adequate, relevant and not excessive in relation to the scope and purposes
determined, explicit and legitimate for which they have been obtained.
SECTION II
DEFINITIONS

Article 6.- Definitions. For the purposes of this law and its application, the
following concepts:
1.

Affected or interested party: Any natural person whose information is the subject of the
data processing, as well as any creditor, be it a natural or legal person,
who has or has had a commercial or contractual relationship with a person
natural person for the exchange of goods and services, where the natural person is a debtor of the
creditor. All information derived from said relationship will be associated by
separate both the debtor and the creditor and will be governed by this definition. All
natural or legal person who has had, has or requests to have a good or service of
economic, financial, banking, commercial, industrial nature, or any other
nature, with a financial intermediation institution or with an agent
economic, as appropriate under the law.

two.

Personal data file: Organized set of personal data,
that are subject to treatment or processing, automated or not, whichever
regardless of the form or modality of its creation, storage, organization and access.
They will be privately owned or publicly owned.

3.

Privately owned data files: These are data files
personnel for which the persons, companies or entities of the
private law, regardless of who holds the ownership of its capital or of
the origin of their economic resources, as well as the files of those who are
responsible public law corporations.

Four. Publicly owned data files: These are personal data files
for which the public administration bodies are responsible, as well as the
entities or bodies related or dependent on the same and the entities
autonomous and decentralized from the State.
5.

Cancellation: Procedure by virtue of which the person responsible for the treatment ceases to
the use of the data, except for making it available to the public administration,
judges and courts, to attend to possible responsibilities.

6.

Transfer or communication of data: Data processing that involves its disclosure to
a person other than the affected or interested party.

7.

Consent of the interested party: Any expression of will, free, unequivocal,
specific and informed, by which the interested party consents to the treatment of
personal data concerning you.

8.

Specially protected data : Personal data that reveals origin
racial and ethnic, political opinions, religious, philosophical or moral convictions,
union membership and information regarding health or sexual life.

9.

Personal data: Any numerical, alphabetical, graphic information,
photographic, acoustic or of any other type concerning natural persons
identified or identifiable.

Page 7

10. Personal data related to health: Any information
concerning the past, present and future health, physical or mental, of an individual.
11. Recipient or assignee: Natural or legal person, public or private, or body
administrative, to which the data are disclosed.
12. Person in charge of the treatment: The natural or legal person, public or private, who
carry out the processing of personal data on behalf of the person responsible for the
treatment.
13. Exporter of personal data: Natural or legal person, public or private, or
administrative body located in Dominican territory that performs, in accordance with
provided in this law, a transfer of personal data to a third country.
14. Sources accessible to the public: Those files of personal data whose consultation
It can be done by anyone, not prevented by a limiting rule.
The telephone directories in the public areas are considered sources of public access.
terms provided by its specific regulations and the lists of people belonging to
to groups of professionals that contain only the data of name, title,
profession, activity, academic degree, address and indication of belonging to the
group. Likewise, they have the character of public access sources, official gazettes and
the media.
15. Importer of personal data: Natural or legal person, public or private, or
administrative body receiving the data, in case of international transfer of
the same to a third country, either responsible for the treatment, in charge of the
treatment or third party.
16. Identifiable person : Any person whose identity can be determined, directly or
indirectly, through any information referring to your physical identity,
physiological, psychic, economic, cultural or social.
17. Disassociation procedure: Any processing of personal data in such a way that
the information obtained cannot be associated with a specific or determinable person,
through the use of coding techniques, so that it does not allow the identification of the
natural person before third parties.
18. Responsible for the treatment: Any person, public or private, owner of the file of
personal data that decides the purpose, content, means of treatment and the
use of the information obtained with the processing of personal data.
19. Third: Natural or legal person, public or private, or different administrative body
of the affected or interested party, the person responsible for the treatment, the person responsible for the file,
of the person in charge of the treatment and of the persons authorized to process the data under
the direct authority of the person responsible for the treatment or the person in charge of the treatment.
20. International data transfer: Data processing that involves a
transmission of the same outside the territory of the Dominican Republic, without
import the medium, either it constitutes a transfer or communication of data, or it has
for the purpose of carrying out data processing on behalf of the person responsible for the

Page 8

personal data file established in Dominican territory.
21. Data processing: systematic, electronic or
no, that allow the collection, conservation, ordering, storage,
modification, relationship, evaluation, blocking, destruction and, in general, the
processing of personal data, as well as its transfer to third parties through
communications, consultations, interconnections or transfers. That is, any
operation or set of technical operations or procedures, automated or not,
that within a database allow to collect, organize, store, elaborate,
select, extract, compare, share, communicate, transmit or cancel data from
consumers.
22. Minimum wage: It will be the lowest national minimum wage received by the
workers from the non-sectorized private sector of industrial, commercial and
of services, set by the National Salary Committee of the Ministry of Labor of the
Dominican Republic.
23. Economic agents: Natural or legal persons, providers of goods and services.
24. Data contributors: Financial intermediation institutions, agents
economic and public entities that provide information related to their
operations to a Credit Information Society (SIC), destined to conform
your database.
25. Archive, registry, files, database or database: Indistinctly, they designate the
organized set of personal data that are subject to treatment or
processing, electronic or not, whatever the modality of its training,
storage, organization or access. It also includes the set of
information provided directly by the data contributors, as well as other
information of a public nature and domain, either because of its origin or because of its
nature.
26. Credit Information Society (SIC): Commercial company that is dedicated to
collect, organize, store, preserve, communicate, transfer or transmit data,
about consumers, goods or services related to them, as well as any
other information provided by the Superintendency of Banks, through
technical procedures, automated or not, in documentary, digital or
electronics.
27. Assignor: Entity that assigns or transfers information.
28. Credit score: It is a methodology that is based on models of the type
probabilistic, mathematical and econometric, which try to measure a series of
variables and data in order to obtain valuable information for taking
credit decisions, applying statistical actuarial evaluations through
specialized retrospective and trend analysis software
inferential for that purpose.
29. Credit history data or credit data: Information related to the history
credit of a natural or legal person, as well as any other information
provided by the Superintendency of Banks or others of character and domain
public, either by its origin or by its nature.
30. Computer data: Personal data subjected to treatment or processing
electronic or automated.

Page 9

31. Sensitive data: Personal data that reveals political opinions,
religious, philosophical or moral convictions, union membership and information
relating to health or sexual life.
32. Business days: These are the business days that do not include Saturdays or Sundays, or
holidays in the Dominican Republic.
33. Financial intermediation entities : Those public or private entities
that carry out financial intermediation, with prior authorization from the Monetary Board.
34. Public entities: The Legislative Power of the State, made up of the Congress
Nacional and any of its dependencies; the Executive Power of the State and all
dependencies and entities of the public administration; the Judicial Power of the State and
all your organs; state administrative courts; municipalities
municipalities, government agencies or decentralized officials and with
public autonomy, and the other entities to which the Constitution and the laws
recognized as in the public interest.
35. Credit information: Information of an economic, financial, banking or
commercial related to a consumer about their obligations, payment history,
guarantees and debtor classification, in such a way as to allow the correct and unequivocal
identification, location and description of the level of indebtedness of the holder in a
Certain moment.
36. Public information: Any record, file or any data that is collected,
maintains, processes or is in the power of the public entities to which it is
refers to this law. Likewise, all information that by virtue of the Constitution of the
The Dominican Republic guarantees the principle of publicity of the acts of the Powers of Attorney
of the State and the right of access to public information, established in the Law
General of Free Access to Public Information No. 200-04, dated July 28,
2004.
37. Monetary Board: Institution referred to in the Monetary and Financial Law.
38. Public Registry: Public or private entities destined to provide reports
legal, whether they are credit or not.
39. Credit Report: The credit information presented by a Company of
Credit Information (SIC), in documentary, digital or electronic form, to be
provided to a user or subscriber who has requested it in accordance with
this law.
40. Public information report: The information presented by a Society of
Credit Information (SIC), in documentary, digital or electronic form that is
collect, maintain, store, update, record, organize, compile, process or be
find in the Judicial Power and any of its organs consigned in the
Constitution and in the Law of Judicial Organization.
41. Insurance report: The information presented by a data bank, with
authorization to do so, in documentary, digital or electronic form that is collected,
maintain, store, update, record, organize, compose, process or be in the
insurance sector.
42. Report for collection purposes: The information presented by a Company of

Page 10

Credit Information (SIC), in documentary, digital or electronic form that is
collect, maintain, store, update, record, organize, compile or process under
of the granting of a loan, in which the debtor, whose last address is
unknown, has breached its obligation to the creditor to the detriment of the latter.

43. Responsible for the file, registry, database or database: Natural or legal person,
public or private, which is the owner of a file, registry, database or database.
44. Risk: It is that related to obligations or financial, commercial,
insurance or any other nature of a natural or legal person, which allows
evaluate the trajectory of indebtedness, payment and the like.
45. Banking secrecy: referred to in Article 55, literal b) of the Monetary Law and
Financial
46. Professional secret: To which the Dominican Penal Code refers.
47. Superintendency of Banks: Entity referred to in Section V, articles 18,
19, 20 and 21 of the Monetary and Financial Law No. 183-02, dated November 21
from 2002.
48. Owner of the data, debtor, consumer, client or owner of the information:
Any natural person whose information is the object of data processing, as well as
Like any creditor, be it a natural or legal person, who has or has had a
commercial or contractual relationship with a natural person for the exchange of
goods and services, where the natural person is the creditor's debtor. All information
that derives from said relationship will be associated separately with both the debtor and the
creditor and will be governed by this definition. Any natural or legal person who has
had, has or requests to have a good or service of an economic, financial,
banking, commercial, industrial, or of any other nature, with an institution of
financial intermediation or with an economic agent, as appropriate according to the
law.
49. Data user, subscriber or affiliate: Any person, public or private, who performs
at your discretion the processing of data, whether in files, records or databases
own or through connection with them. Likewise, the entities of
financial intermediation, economic agents, public entities, and
other natural or legal persons that have agreements with the Companies of
Credit Information (SIC) to access consumer information.
CHAPTER II
GENERAL DISPOSITION

SECTION I
OF THE RIGHTS OF PEOPLE AND THEIR EXERCISE
Article 7.- Right of consultation for data protection. Everyone has the right to
a legal action to find out about the existence and access the data contained in it
public or private records or databases and, in the event of discrimination, inaccuracy or error,
demand the suspension, rectification and updating of those, in accordance with this law.

Page 11

Article 8.- General conditions for the exercise of rights of access, rectification,
cancellation and opposition. Everyone has the right to be rectified, updated, and,
when appropriate, deleted, the personal data of which it is the owner and that are included
in a data bank.
The person responsible for the data bank, after verifying and verifying the relevance of the
claim, you must proceed to rectify, delete or update personal data
of the affected party, carrying out the necessary operations for this purpose, within a maximum period of ten (10)
business days of receipt of the claim of the owner of the data or the error or inaccuracy noticed.
Failure to comply with this obligation within the term agreed in the preceding paragraph,
will enable the interested party to promote the data protection action without further requirements
personal or habeas data provided for in this law.
In the event of the transfer or transfer of data, the person in charge or user of the database
must notify the rectification or deletion to the assignee within five (5) business days of
the data processing has been carried out.
The deletion does not proceed when it could cause damage to the rights or legitimate interests of
third parties, or when there is a contractual or legal obligation to keep the data.
During the process of verification and rectification of the error or inaccuracy of the information of
in question, the person in charge or user of the data bank must state, when providing
information regarding the plaintiff, the circumstance that is subject to review or
challenge.
The rectification, updating or deletion of inaccurate or incomplete personal data that
they exist in public or private registries will be carried out without any charge for the interested party.
Article 9.- Independence of the rights of access, rectification, cancellation and
opposition. The rights of access, rectification, cancellation and opposition are rights
independent. It cannot be understood that the exercise of any of them is a prerequisite
for the exercise of another.

Article 10.- Right of access. Everyone has the right to access information and
the data that about it or its assets rest in official or private records, as well as
know the destination and the use made of them, with the limitations set by this law.
The treatment of personal data and information or of your property must be done
respecting the principles of quality, legality, loyalty, security and purpose. They will request before the
competent judicial authority updating, opposition to treatment, rectification or
destruction of information that illegitimately affects your rights.
The exercise of the right to which this article refers, in the case of personal data
deceased, it will correspond to their universal successors.
The owner of the data, after proof of identity, has the right to request and obtain
information of your personal data included in public databases, in the registers
officials of public entities, agencies and companies, as well as their data registered in the
archives of private institutions and companies, or in private databases.
The user of the data bank must provide the information requested by the owner of the
data within five (5) business days after having been made personally said
request, or by act of bailiff. Once the period has expired without the order being satisfied, the owner of the

Page 12

data may initiate a legal action before a court of first instance to hear the
existence and access the data contained in it in public records or databases or
private, in accordance with the procedure provided in this law.
The SIC must adopt all the security mechanisms in order to guarantee the
protection of the confidentiality of credit information belonging to the owner of the
data, and that it can access, exclusively, its own information.

Article 11.- Access procedures. Data holders will have the right to request
the Credit Information Society (SIC) your credit history or credit report. East
Right will be exercised free of charge four (4) times per year, and at intervals of no less than

three (3) months, unless a legitimate interest to that effect is demonstrated. Credit history or
Personal credit report can be viewed at the offices of the credit unions.
Credit Information (SIC); optionally, the owner of the data can request access
secure through a platform via the Internet.

Article 12.- Term. The Credit Information Society (SIC) must present the report of
credit requested in a clear, complete and accessible way, and must make it available to the holder
of the data within a period of no more than five (5) business days, counted from the date on which
the Credit Information Society (SIC) would have received the corresponding request. Same
This provision applies to other entities that manage data banks, public or private.
Article 13.- Those responsible for data processing must fulfill the following duties:
1.

Guarantee the owner of the data, in any circumstance, the full and effective
exercise of the right of habeas data.

two.

Keep the information under the necessary security conditions to prevent
its adulteration, loss, consultation and unauthorized use or access.

3.

Timely update, rectify or delete the data in the
terms of this law.

Four. Process the queries and claims made by the owners of the data.
5.

Adopt an internal manual of policies and procedures to guarantee the adequate
compliance with this law, and, especially, for the attention of queries and
claims by the holders of the information.

6.

Allow access to information only to people who may have
right to it.

Article 14.- Rights of rectification and cancellation. Everyone has the right to be
rectified, updated, and, where appropriate, deleted, the personal data of which
is the owner and that they are included in a data bank.
Article 15.- Blocking of data. The cancellation gives rise to the blocking of the data,
being kept only at the disposal of the powers of the State for the attention of the
possible responsibilities arising from the treatment during the prescription period of these.
Once the aforementioned period has elapsed, the deletion must be carried out. In any case, deletion does not
It proceeds when it could cause damage to the rights or legitimate interests of third parties, or when
there is a legal obligation to keep the data.

Page 13

Article 16.- Right to compensation. Interested parties that as a consequence of
breach of the provisions of this law, suffer damages, have the
merit to be compensated according to common law.
Article 17.- Habeas data action. Without prejudice to the mechanisms established for the
exercise of the rights of the interested parties, they may exercise the judicial action of habeas
dates in accordance with the Constitution and the laws that govern the matter.
The judicial action of habeas data will proceed to take knowledge of the existence of the
personal data stored in public or private files, registers or databases that
derive from a commercial, employment or contractual relationship with a public or private entity; or
simply, to become aware of the personal data that is presumed to exist
stored in public or private files, registries or databases.
In cases where inaccuracy is presumed, the outdated information of which is
treats, or the processing of data whose registration is prohibited in this law, for
demand its rectification, deletion or updating.
Article 18.- Active standing. The action of protection of personal data or habeas
data will be exercised by the affected party, their guardians, successors or their attorneys-in-fact. When the action
judicial is exercised by legal persons must be filed by their legal representatives
or the attorneys-in-fact that they designate for this purpose.
Article 19.- Passive legitimation. The legal action will proceed with respect to the
managers and users of public and private databases intended to provide reports,
when they act contrary to the provisions established in this law.
Article 20.- Competition. The judge of the domicile will be competent to hear this action
of the defendant, and in the case of plurality of defendants, at the domicile of one of them.
Article 21.- Applicable procedure. The habeas data action will be processed according to the
provisions of this law and by the procedure that corresponds to the amparo action.
The registry or data bank, while the procedure lasts, must record or publish in the
reports that the disputed information is subject to a judicial or challenge process
habeas data.
Article 22.- Processing of the habeas data claim. Submitted the action, the judge will require,
By means of a reasoned resolution, to the file, registry or database the referral of the
information concerning the plaintiff. You can also request reports on the support
data technician.
Article 23.- Answer to the report. When answering the report, file, register or bank
data must state the reasons why you included the questioned information and
Those for which the request made by the interested party was not complied with.
Article 24.- Expansion of the habeas data claim. The report has been answered by the
defendant, within ten (10) business days, the plaintiff must present the evidence
certifying that your case is incorrect, erroneous or inaccurate information, and you may
demand the suspension, rectification and updating of information that affects
your rights illegitimately.

Page 14

Article 25.- Complaint procedure applicable to Information Societies
Credit (SIC) for the modification, rectification and cancellation of the information of the
headline. When the owners of the data are not satisfied with the information contained in a
report from a Credit Information Society (SIC) or entities that
develop credit scoring tools, they will be able to file a claim. Bliss
The claim must be presented by instance or by a bailiff act in which it is indicated with
make clear the records containing the contested information, as well as copies of the
documentation on which they base their disagreement. In case of not having the
corresponding documentation, they must explain this situation in the writing they use to
submit your claim:
1.

Credit Information Societies (SIC) are not obliged to process
claims about the information contained in the records that have been the subject of
of a previous claim, in respect of which the procedure of
claim provided for in this article.

two.

Credit Information Societies (SIC) must deliver to the unit
specialized in financial intermediation entities or, in the case of agents
those who are designated as managers for those purposes, the claim
presented by the owner of the data, within a period of ten (10) business days,
counted from the date on which the Credit Information Society (SIC)
had received. The contributors of the data in question must respond in writing
to the claim presented by the owner of the information, within a period of ten
(10 working days.

3.

Once the Credit Information Society (SIC) notifies in writing the
claim to the respective data provider, you must include in the record that
treat the legend: "Record Contested by Habeas Data", which will not be eliminated until
to conclude the procedure contained in the previous paragraph.

Four. If the specialized units of financial intermediation entities, or in the
case of economic agents, of those they designate as responsible for these
effects, they do not send their response to the Credit Information Societies (SIC)
to the claim submitted by the owner of the information within a period of ten
(10) business days, counted from when they have received the notification of the
claim, the Credit Information Societies (SIC) must modify or
eliminate from its databases the information that appears in the registry in question,
as requested by the owner of the data, as well as the legend: "Registration
Contested by Habeas Data ”.
5.

If the data provider accepts in whole or in part what is indicated in the claim
presented by the owner of the data, the data provider must carry out
promptly make appropriate changes to its database and notify you of the
prior to the Credit Information Companies (SIC) that have sent you the
claim, sending it back to the Credit Information Societies (SIC)
the correction made to its databases.

6.

In the event that the data provider partially accepts what is indicated in the
claim or point out the inadmissibility of this, you must express in your answer,
by means of a request addressed to the Credit Information Society (SIC) and endorsed
for this, the elements that it considered regarding the claim. The Society of
Credit Information (SIC) must make available to the owner of the data that
a copy of said instance has been submitted for the claim, within five days
working days after receiving the response from the data provider.

7.

In the event that the claim submitted by the owner of the data is rejected by
the data provider, and when the data owner does not agree with the
arguments presented by the data contributor, the Information Societies
Crediticia (SIC) is exempt from liability to the owner of the data. The
Credit Information Companies (SIC) will maintain the registry in question with
the legend: "Record Contested by Habeas Data", which will not be eliminated until

Page 15

Both: (1) The Credit Information Society (SIC) receives the instance where
It is established that the data provider authorizes the Credit Information Companies
(SIC) to correct the data, obtaining the request of the data owner; or (2)
until the Credit Information Societies (SIC) are notified of a
final and irrevocable sentence favoring the owner of the data, settling the
conflict between the owner of the data and the data provider, in which case the
Credit Information Societies (SIC) will eliminate the legend: "Registration
Contested by Habeas Data ”and they must correct the data within a period of no more than
five (5) business days from the date the Information Society
Crediticia (SIC) receives said judgment.
8.

In the event that the errors that are the object of the claim presented by the owner of the
data are attributable to Credit Information Societies (SIC), this must
correct them within a period of no more than five (5) business days from the date on which
the Credit Information Society (SIC) receives the response from the contributor of
data.

9.

Credit Information Societies (SIC) will only include again within
its database the information previously contained in the records that have
modified or eliminated when the data provider sends the elements that
support, in its opinion, the inclusion, again, of the contested information. On
In this case, the Credit Information Society (SIC) will eliminate the legend:
"Registration Contested by Habeas Data", and will inform the owner of the
the data, making available the response of the data provider, together with a
new credit report, within a period of five (5) business days, counted from the date of
date on which the data contributor has again included the information
contested by the owner of the data in the information provided to the Company of
Credit Information (SIC).

10. The Credit Information Companies (SIC) will not have any responsibility
due to modifications, inclusions or deletions of information or of
records that they carry out as part of the claim procedure provided for in this
Article. In the development of said procedure the Information Societies
Crediticia (SIC) will be limited to deliver to the data contributors and the holders of the
data the documentation that corresponds to each one in the terms of the articles
above, and will not be responsible for resolving, resolving or acting as friendly
composer of the differences that arise between them.
11. In cases where the claim results in a modification to the information of the
owner of the data contained in the database of the Information Society
Crediticia (SIC), it must make it freely available to the owner of the data
a new credit report in the specialized unit of the Societies of
Credit Information (SIC).
12. Cases in which the information claimed or contested comes from a
public entity defined in this law, the Credit Information Society (SIC)
You will receive the claim from the owner of the data, with the documents that you
serve as the basis, if any, and will have a term of up to fifteen (15)

Page 16

business days to verify with said entities and correct the information contained in
its database, where appropriate.
13. The owner of the data that is considered affected by information contained in a
report from a Credit Information Society (SIC) has a deadline
ten (10) business days, counted from having exhausted the procedure of
claim stipulated in this law, to initiate your action before the
competent courts. After you have exhausted the complaint procedure
applicable to the Credit Information Society (SIC), be it filed by a
natural or legal person, and after the Credit Information Society
(SIC) has complied with the requirements specified in this article, the
Credit Information Society (SIC) is exempt from liability.
Article 26.- Exceptions to the rights of access, rectification, cancellation and opposition.
By judicial resolution, those responsible or users of official databases may
deny access, rectification or deletion based on security protection
national, order and public security, or the protection of the rights and interests of
third parties. These exceptions cannot interfere with the rights to which each person is entitled.
citizen and that enshrines the Constitution of the Dominican Republic.
Information on personal data may also be denied by those responsible or
users of public data banks, when in such a way actions could be impeded
judicial or administrative proceedings in progress related to the investigation on compliance with
tax obligations, the development of health and environmental control functions,
the investigation of crimes and offenses by the competent authority and the verification of
administrative offenses.
Article 27.- Exceptions to the consent requirement. It will not be necessary
consent to the treatment and transfer of data when:
1.

They are obtained from publicly accessible sources.

two.

They are collected for the exercise of functions inherent to the powers of the State or by virtue of
of a legal obligation.

3.

In the case of lists for marketing purposes, whose data is limited to name, identity card
identity and electoral information, passport, tax identification and other information
biographical.

Four. Are derived from a commercial, employment or contractual, scientific or professional relationship
with the natural person, and are necessary for its development or fulfillment.
5.

In the case of personal data that they receive from their clients in relation to operations
carried out by financial intermediation entities regulated by the Law
Monetary and Financial and economic agents, Information Societies
Crediticia (SIC), and of the entities that develop scoring tools
credit for the assessment of the risk of the debtors of the financial system and
national commercial, according to the conditions established in Article 5,
numeral 4.

6.

As provided by a law.

7.

It is carried out between dependencies of the State bodies directly, in the
measure of compliance with their respective competencies.

8.

It is personal data related to health, and is necessary for health reasons
public, emergency or to carry out epidemiological studies, as long as it is
preserve the secret of the identity of the owners of the data through mechanisms
proper dissociation.

9.

An information disassociation procedure would have been applied, so that
the holders of the data are not identifiable.

Page 17

Article 28.- Assignment. The personal data object of data processing can only be
assigned for the fulfillment of the purposes directly related to the legitimate interest of the
transferor and assignee, with the prior consent of at least one of the holders of
the data.
CHAPTER III
ORGANIC PROVISIONS

SECTION I
CONTROL BODY
Article 29.- Nature. The files, registers or databases, public or private,
intended to provide credit reports will be subject to the inspection and surveillance of the
Superintendency of Banks as a control body.
The control body must carry out all the necessary actions to comply with the
objectives and other provisions of this law. To this end, it will have the following
functions and powers:
1.

Assist and advise individuals who require it about the scope and
the legal means available to them to defend the rights that it guarantees.

two.

Impose the administrative sanctions that may correspond to violation of the
established rules.

Article 30.- The provision of services consisting of the collection, processing and
exchange of information about the credit history of a natural or legal person,
as long as said information comes from financial intermediation entities
regulated by the Monetary and Financial Law, and of economic agents, as well as any other
information that is considered useful for the preparation of an efficient credit report, such as
such as those of a public nature and nature, it will only be carried out by Societies of
Credit Information (SIC) that obtain the prior authorization of the Monetary Board.
Article 31. -The application to operate as a Credit Information Society (SIC) is
will formalize before the Superintendency of Banks, which will process the request with your opinion
to the Monetary Board.
Article 32 . - The Monetary Board will only authorize a commercial company to operate as a
Credit Information Society (SIC), when it:
1.

Submit the following constituent documents:
to)

Updated list of shareholders, indicating the capital that each of

Page 18

they subscribed and paid to constitute the subscribed and paid capital stock of the
Credit Information Society (SIC).
b)

List of the members of the different councils and main officials
of the Credit Information Society (SIC), including those who
occupy positions with the immediate hierarchy lower than that of the director or
general manager, as well as your resume.

c)

The other constitutive documents, including the Certificate of Registration
Mercantile on Business Companies, issued by the Chamber of Commerce and
Corresponding production, and the document issued by the General Directorate
of Internal Taxes, where the assignment of the Registration number
National Taxpayers.

two.

Present proof of the real existence in the accounts of the society of the resources
contributed by the partners to constitute the subscribed and paid share capital of the
society.

3.

Present the general operating program, including at least:
to)

The description of the computer systems for the collection and processing of
collection and processing of information.

b)

The characteristics of the products and services that they will provide to users or
subscribers.

c)

The service provision policies with which they intend to operate.

d)

The security and control measures, in order to avoid the improper handling of the
information.

and)

The bases of organization.

F)

The contingency plan in case of disaster.

Four. Present any other information or related documentation that the Superintendency
of Banks requests you in writing, in order to evaluate the respective request to issue
the opinion to be rendered to the Monetary Board before it proceeds to issue its
authorization.
These provisions will not be applicable to the Credit Information Society (S1C) that at
moment of promulgation of this law have at least five (5) years operating as
such.
Article 33.- The appointment of the directors and the director or general administrator of the
Credit Information Companies (SIC) will not fall on the following persons:
1.

Those sentenced by a final and irrevocable sentence, for crimes or offenses, the
disqualified to engage in business or to perform a job, position or
commission in the public service, or in the Dominican financial system, during the
duration of your disqualification.

two.

The streams that have not been rehabilitated.

3.

Those that perform functions of regulation, inspection or surveillance with respect to the

Page 19

Credit Information Companies (SIC).
Credit Information Companies (SIC) must inform the Superintendency of
Banks the appointment of the general administrator, within five (5) business days
subsequent to his appointment, expressly stating that he complies with the
applicable requirements.
No representative of the financial intermediation entities may be appointed as
director director or general administrator of a Credit Information Society (SIC);
Likewise, no financial intermediation entity may be a shareholder of a Company.
of Credit Information (SIC), nor to acquire investment instruments in them.
Article 34.- Prior to the start of activities, Credit Information Societies (SIC)
must be registered in the public registry of the Credit Information Society (SIC) that
It will be in charge of the Superintendency of Banks.
Article 35 . - The Credit Information Societies (SIC) will carry out the activities
necessary for the realization of its object, including the credit rating service or
risk, as well as similar and related.

Article 36.- Credit Information Companies (SIC) will be subject to inspection and
supervision of the Superintendency of Banks, in the terms established by this law.
CHAPTER IV
PROCEDURAL PROVISIONS
SECTION I
OF PUBLIC OWNERSHIP FILES
Article 37.- Creation, modification or deletion. The creation, modification or deletion of
The personal data files of the public administration can only be done by means of
the provisions contained in the Public Function Law, and through the General Law of
Free Access to Public Information.
Article 38 . - The provisions for the creation or modification of personal data files
must indicate:
1.

The purpose of the personal data file and the intended uses for it.

two.

The people or groups about which it is intended to obtain personal data
and the optional or mandatory nature of its supply by them.

3.

The procedure for collecting and updating personal data.

Four. The basic structure of the personal data file, automated or not, and the
description of the types of personal data included in it.
5.

The transfers of personal data and, where appropriate, transfers and
data interconnections that are foreseen to third countries.

6.

The administrative bodies responsible for the filing of personal data,
specifying the hierarchical dependency, if applicable.

7.

The services or units before which access rights could be exercised,
rectification, cancellation and opposition.

8.

The security measures indicating the basic, medium or high level required.

Page 20

The provisions issued for the deletion of personal data files must
establish their destination or, where appropriate, the provisions adopted for their
destruction.
Article 39.- Communication of data between institutions of the public administration. The
personal data collected or prepared by the public administration for the
performance of their duties may be communicated to other institutions of the
public administration.
The transfer of personal data, object of treatment, which must be carried out by the
tax administration in the exercise of its powers, in accordance with the provisions of its
regulatory regulations, will not require the consent of the affected party in accordance with
established in this law.
SECTION II
OF THE FILES OF THE ARMED FORCES, SECURITY
AND POLICE OR INTELLIGENCE BODIES
Article 40.- Files of the Armed Forces, security and police agencies or
intelligence. The personal data files created by the Armed Forces, security and
police or intelligence agencies that contain personal data that, for
have been collected for administrative purposes, must be subject to permanent registration, are not
subject to the general regime of this law.
SECTION III
OF PRIVATE OWNERSHIP FILES
Article 41.- Creation of privately owned personal data files. The
individuals that form files, registers or databases that are not for a specific use
exclusively personal must satisfy the requirements stipulated in this law.
Article 42.- Registration of data files. Any file, registry, database or database,
public or private, it must have adequate information policies that guarantee the
security and control measures, in order to avoid the improper handling of the information of the
data holders.
Article 43.- Credit Information Companies (SIC) must register with the
Superintendency of Banks of the Dominican Republic, after having obtained from the Board
Monetary the corresponding operating permit that empowers and authorizes the company
to operate as a Credit Information Society (SIC), in accordance with the law that
regulates said financial intermediation entities. The Superintendency of Banks is the
entity authorized to regulate Credit Information Societies (SIC). Said requirement
does not apply to entities that already exist and that are operating duly registered with the
Superintendency of Banks of the Dominican Republic.
Article 44.- Data included in public access sources. The personal data that
appear on the lists of people belonging to professional groups should be limited to the

Page 21

that are strictly necessary to fulfill the purpose for which each listing is intended. The
inclusion of additional data by the entities responsible for the maintenance of said
sources will require the consent of the interested party, which may be revoked at any
moment.
Interested parties have the right to have the entity responsible for maintaining the lists
of professional associations indicate free of charge that your personal data cannot
used for advertising or commercial prospecting purposes, as well as the right to demand
free of charge the exclusion of all your personal data that appear in the census
promotional by the entities in charge of the maintenance of these sources.
Article 45.- Sources of access to the public. The public access sources that are published in
book form or other physical or electronic format do not lose the font character
accessible with the new edition that is published.
Article 46.- Telecommunications service guides. The data contained in the guides
telecommunications services available to the public will be considered data from
sources accessible to the public.
Article 47.- Information. The creditor acquires the right to make the prior requirement
of payment to whom the fulfillment of the obligation corresponds. Whether or not the
payment in the term provided for it and comply with the legal requirements, the data related to the
payment or non-payment will be communicated to personal data files related to compliance or
breach of pecuniary obligations.
Article 48.- Rights of access, rectification or cancellation. When the interested party exercises his
right of access in relation to the inclusion of your data in a personal data file
common credit information, will be governed as established in this law.

Article 49.- Provision of credit information services. All entities of
financial intermediation, economic agents, official or state institutions,
and the other natural or legal persons that avail themselves of the requirements of this law,
They may be users or subscribers of Credit Information Societies (SIC).
The quality of user or subscriber of the Credit Information Societies (SIC) is acquired
by signing a contract for the provision of services with the Company of
Credit Information (SIC) in question.
Article 50.- The users or subscribers of the services provided by the Societies of
Credit Information (SIC), its officials, employees and service providers, must
keep confidential the information contained in the credit reports to which
have access.

Consumers, users or subscribers will not share or show the reports to others
people, nor will they deliver the original report or a copy thereof to other people, nor disclose
orally or in writing, or by any means of electronic transmission, the content of
reports to others who are not authorized employees of the subscriber or affiliate,
as long as it does so in the exercise of its official or contractual functions. The society
Credit Information System (SIC), providing a credit report will reveal the source that
provided the information.
Article 51 . - Users or subscribers, before accessing the database of the Society of

Page 22

Credit Information (SIC) to obtain the credit information of a client or consumer,
They must have the express authorization of the latter, by means of their autograph or digital signature,
or by any form of expression of consent, which must include the
use that the user or subscriber will give to said information.
It will be considered that there is an express expression of consent when the client or
consumer has requested or received, verbally or in writing, the granting of a
credit, the provision of a service or the performance of any activity that generates a
legal relationship between the consumer and the user or subscriber. In case I get to
formalize said legal relationship between the client and the user or subscriber, the latter may
make periodic inquiries to the consumer's credit information during the time of
validity of said legal relationship.
The validity of the authorization provided for in this article will be two (2) years, counted from
its bestowal. When the legal relationship has been formalized, the authorization to access
The customer's credit information will remain as long as said legal relationship is in force.
These authorizations will not apply when:
1.

The information requested by the Superintendency of Banks, by the entities
public authorities referred to in this law, by virtue of an official investigation, including the
drug trafficking and combating money laundering, anti-terrorist activities, or by the
tax collecting authorities for tax purposes, or the required information
by any other governmental or official institution.

two.

Whether it is a public information report, the report for collection purposes, the report
credit score, and the insurance report, defined in this law.

3.

The user or subscriber accesses the credit information of consumers included
in the lists for marketing purposes contemplated in this law on the
consent of the owner of the data.

Four. In the case of accessing credit information related to a legal person
defined and contemplated in the Commercial Code.
Article 52 . - Credit Information Companies (SIC) may agree to provide their
services, through the use of equipment, electronic, optical or any other means
technology, automated data processing systems and telecommunications networks,
whether public or private, establishing in the respective contracts the bases to determine
the next:
1.

The services whose provision is agreed.

two.

The means of identification of users or subscribers and consumers, and

3.

The means by which the creation, transmission, modification or
extinction of rights and obligations inherent to the services in question.

The use of the means of identification that are established in accordance with the provisions of this
Article, in substitution of the autograph signature, will produce the same effects that the laws grant
to the corresponding documents and, where appropriate, they will have the same probative value.
Credit Information Societies (SIC) may agree with another Credit Information Society
Credit Information (SIC) legally constituted, the supply and exchange of the
information contained in its databases.

Page 23

The Credit Information Societies (SIC) will not establish policies or criteria of
operation that contravenes the provisions of this law, nor will they prevent their subscribers or
affiliates that request or deliver information to any other Information Society
Crediticia (SIC), and they will not be able to establish limits to the number of inquiries that those
can perform.
Article 53 . - Credit Information Companies (SIC) must have systems and
processes to verify the identity of the user or subscriber or the customer or consumer,
through the authentication process that it determines, which must be approved
previously by the Board of Directors of the Credit Information Society
(SIC), in order to safeguard the confidentiality of the information, in the terms of the
applicable legal provisions.
Article 54 . - Credit Information Companies (SIC) must submit to the
Superintendency of Banks the manuals that establish the minimum security measures,
which will include the transport of information, as well as physical security, logistics and
those of communications. Said manuals must contain the necessary measures for the
security of external data processing.
Article 55 . - Credit Information Societies (SIC) are prohibited from granting or
transfer, in whole or in part, the information provided by a data provider,
to be used by another data provider, user, subscriber or affiliate, or a third party, in
unfair competition practices; Credit Information Societies (SIC) do not
prepare, prepare, nor sell or assign, lists of debtors or select consumers to
its subscribers or affiliates, or any other natural or legal person, as long as said
lists of prospects have not been previously prepared and delivered to the Companies of
Credit Information (SIC) by the same subscribers or affiliates, for the purposes of making
queries in batches.
Article 56.- General guidelines for the collection and processing of information
applicable to Credit Information Companies (SIC). For collection and
treatment of the information in their charge, the Credit Information Companies (SIC)
must observe the following general guidelines:
1.

The collection of information will not be carried out by fraudulent or illegal means.

two.

The information collected will only be used for the stated purposes.

3.

The information will be lawful, updated, accurate and truthful, in such a way that it responds to the
real situation of the owner of the information at a given time. If the
Information turns out to be illegal, inaccurate or erroneous, in whole or in part, they must
corrective measures be adopted, as the case may be, by the Society of
Credit Information (SIC). For the purposes of determining the moment, each time
report, indicate the date of the report.

Article 57 . - The database of Credit Information Companies (SIC) will be integrated
with the information provided directly by the contributors of data on the
credit operations and others of a similar nature that the latter grant to their
consumers, in the form and terms in which it is received from the data contributors, as well as with
any other information provided by the Superintendency of Banks or other
information from public entities, either because of its origin or because of its
nature.
Article 58.- In the event that the information provided by the data provider is relative

Page 24

to a legal entity, the data provider must include the officials responsible for the
general management or administration and finances, as well as the main partners,
taking advantage of the provisions of articles 21 and 22 of Law No. 3-02, on Registration
Trade.
Article 59 . - In order to protect the owner of the information, and to promote the accuracy, the
veracity and the timely and effective updating of the database of the Societies of
Credit Information (SIC), data contributors must provide the Sociedad de
Credit Information (SIC), at least two (2) times a month, the updated data of your
clients or consumers, in such a way as to allow correct and unequivocal identification,
location and description of the level of indebtedness of the holder at a given moment.

Article 60 . - Credit Information Societies (SIC) must use techniques of
biometric identification that make it difficult or impossible the usurpation or theft of the
identities of natural persons at the time of contracting goods and services before the
public bodies, public companies and private companies, or any entity
that use the information services of the Information Societies
Credit (SIC).
In this regard, Credit Information Societies (SIC) and data contributors
They must include in the reports they issue and in the information they provide, respectively,
the updated or available photo of the consumer or the owner of the data, in such a way that the
User of the reports from a Credit Information Society (SIC) must
validate and authenticate the identity of the natural person by comparing the face of the applicant for the property
or service with the image in the report of the Credit Information Society (SIC).
Article 61.- Credit Information Companies (SIC), within fifteen (15) days
business days following the date of receipt of the information provided by the contributors of
data, they must proceed to update their database, diligently and efficiently, except in the case
force majeure or impossible execution.
Article 62.- In the case of data contributors who are financial intermediation entities,
intervened by the Superintendency of Banks or the Central Bank, or in the process of liquidation,
the Liquidation Commission or the Superintendency of Banks or the Central Bank shall
provide the Credit Information Companies (SIC), at least once a month, the
updated data of the debtors of said entities.
Article 63.- The Credit Information Companies (SIC) must adopt the measures of
security and control that are necessary to avoid the improper handling of the information;
Likewise, they must protect, under the strictest security and confidentiality measures, the
algorithms and technologies used to provide services.
Article 64.- The Credit Information Companies (SIC) may process, for the purposes of
presentation in the reports, the credit information that is provided to them by the
data contributors, according to the following criteria:
1.

For term credits or credits contracted for periodic installments, which are
expired or not, contracted in a term less than or equal to forty-eight (48)
months, Credit Information Societies (SIC) must present in the reports
the information associated with them, for a period of no more than forty-five
eight (48) months elapsed from the credit opening date.

two.

For term credits or credits contracted for periodic installments, which are
expired, contracted within a term greater than forty-eight (48) months, the

Page 25

Credit Information Companies (SIC) must present in the reports the
information associated with them during a period elapsed from the date
of the last payment to the credit in question, a period that should not be greater than forty-five
eight (48) months and must not exceed the original expiration date of the credit
agreed.
3.

For recurring credits, that is, credits that reoccur or reappear,
especially after an interval, including including credit cards,
bank or financial lines of credit, commercial credits, which are in
default or expired, Credit Information Societies (SIC) must submit
in the reports the information associated with them for a period of no longer
forty-eight (48) months elapsed from the date of the last payment made
to the credit in question.

Article 65.- The terms specified in the previous article will not be applicable in cases where
that there is a final judgment condemning the client or consumer for the commission
of a crime or near misdemeanor related to any credit and that has been made known
of the Credit Information Society (SIC).
Article 66.- Prohibitions on Credit Information Companies (SIC). This
Credit Information Societies (SIC) are prohibited from collecting, collecting, storing,
update, record, organize, systematize, elaborate, select, confront, interconnect in its
database, and, in general, use in a credit report, or through any other format
or medium, the information of the holders specified below:
1.

Balances and movements of current accounts.

two.

Balances and movements of savings accounts.

3.

Certificates of deposits, of any nature, of a holder of the data in
banking or financial institutions.

Four. Commercial papers owned by the owners of the data.
5.

Information referring to the moral or emotional characteristics of a person
physical.

6.

Information related to events or circumstances of people's emotional lives
physical.

7.

Ideologies and political opinions.

8.

Religious beliefs or convictions.

9.

Information on the states of physical or mental health.

10. Information about sexual behavior, preference or orientation.
Article 67 . - The Credit Information Societies (SIC) will not disseminate in their reports of
credit the following information:
1.

Information prohibited to Credit Information Companies (SIC),
listed in the previous article.

two.

Information referring to the insolvency or bankruptcy of the owner of the information, up to

Page 26

both forty-eight (48) months have elapsed since the status of
insolvency or since bankruptcy was declared.

Article 68.- Credit Information Societies (SIC) are prohibited from publishing in the
reports of a guarantor or guarantor the information of the holders of the information, in such a way
that the debtor's default does not harm the credit status of the guarantor or the
guarantor, or negatively affect the credit score or credit score of the latter.
The data contributors will be responsible for strictly complying with this article,
notwithstanding that Credit Information Societies (SIC) collect and process said
information for the purposes of balancing the accounts associated with the credits. If a holder, guarantor
or guarantor is affected by the breach of this article must avail himself of the procedure
claim specified in this law.
If an owner of the information pays the entirety of a credit that has been in legal status or
uncollectible, and it is closed or definitively canceled, the data contributor must report to the
Credit Information Society (SIC) the information concerning the cancellation of
said credit, in such a way that after twelve months from the date of
cancellation, the Credit Information Society (SIC) will not publish in the history of said
credit the legends: "Legal" or "Uncollectible", notwithstanding that your credit score may be
see affected.
Article 69.- Special prohibitions. Outside of the purposes established in this law, it is prohibited
the disclosure, publication, reproduction, transmission and recording of the content
Partial or total of a report of any kind from an Information Society
Crediticia (SIC), in any of its manifestations, in any means of communication
mass, be it printed, television, radio, electronic, or any other form of publication.
Credit Information Societies (SIC) and their representatives will not be responsible,
civilly or criminally, of any violations of this article, committed by a
subscriber or affiliate, a client or consumer, the representatives of public entities, the
representatives of the media or any natural or legal person.
Article 70.- Common personal data files that contain character data
personnel established by insurance entities. Health establishments
public or private and professionals linked to the health sciences can collect and
process personal data related to the physical or mental health of patients who come to the
themselves or who are or have been under treatment of those, respecting the principles
of professional secrecy.
Without prejudice to the provisions of this law regarding the transfer of data, the institutions
and public and private health centers and the corresponding professionals can
proceed to the processing of personal data related to the physical or mental health of
the people who come to them or are to be treated in them, in accordance with the
provided in the Dominican legislation on health.
Notwithstanding the provisions on specially protected data, they may be subject to treatment
personal data that refer to racial origin, health and sexual life,
when such treatment is necessary for prevention or medical diagnosis, the
provision of healthcare or medical treatment or the management of healthcare services,
provided that said data processing is carried out by a professional subject to secrecy
professional or by another person also subject to an equivalent obligation of secrecy.

Page 27

Article 71.- Treatments for advertising and commercial prospecting purposes. In the
collection of addresses, distribution of documents, advertising or direct sales and other
analogous activities, data that are suitable to establish certain profiles may be processed
for promotional, commercial or advertising purposes or to establish habits of
consumption, when these appear in documents accessible to the public or that have been provided
by the owners of the data or obtained with their consent.
In the cases contemplated in this article, the owner of the data will exercise the right
access free of charge.
The owner of the data will request, at any time, the withdrawal or blocking of their name from the
databases referred to in this article.
Article 72.- Personal data files related to the surveys. The provisions of the
This law will not apply to opinion polls, measurements and statistics, work of
market research, scientific or medical research and similar activities, in the
insofar as the data collected cannot be attributed to a specific or determinable person.
Article 73.- Standard codes. Through sectoral agreements, administrative agreements or
company decisions, those responsible for public and private treatment, as well as
As the organizations in which they are grouped, they can formulate standard codes that establish the
organizational conditions, operating regime, applicable procedures, standards of
security of the environment, programs or equipment, obligations of those involved in the treatment and
use of personal information, as well as guarantees, in its scope, for the exercise of
rights of people with full respect for the principles and provisions of this law.
The aforementioned codes may or may not contain detailed operational rules for each system.
particular and technical standards of application, and in the event that such rules or standards
are not directly incorporated into the code, instructions or orders that establish them
They must respect the principles set forth therein.
Article 74.- Codes of conduct. Associations or representative entities of
Managers or users of privately owned data banks will develop codes of
conduct of professional practice, which establish parameters for data processing
personnel that tend to ensure and improve the operating conditions of the
information based on the principles established in this law.
SECTION IV
OTHER DATA
SUBSECTION I
SPECIALLY PROTECTED DATA
Article 75.- Specially protected data. No natural person can be obliged to
provide sensitive data. The natural person may provide sensitive data, if free and
consciously decide to do it of your own free will.
The formation of files, data banks or records that store
information that directly or indirectly reveals sensitive data, as long as the person
has not provided the corresponding consent freely, consciously and
voluntary. Notwithstanding this, churches, religious associations, clinics and hospitals, and
political and trade union organizations may keep a record of their members.

Page 28

Sensitive data can only be collected and be subject to data processing when
mediate reasons of general interest authorized by law. They may also be treated with
statistical or scientific purposes when their owners cannot be identified.
Article 76.- Consent. Only with the express and written consent of the affected party
personal data that reveal political opinions may be processed,
religious, philosophical or moral convictions, union membership and information regarding the
health or sexual life.
The personal data files maintained by political parties, unions,
churches or religious communities and associations, foundations and other non-profit entities
profit, whose purpose is political, philosophical, religious or union, in terms of data relating to
its associates or members, without prejudice to the fact that the transfer of said data will always require the
prior consent of the affected party.
Article 77.- Data on criminal offenses. The personal data relating to the
commission of criminal offenses will only be included in personal data files, and only
will be processed or communicated to the public records, as soon as a
opening to trial in accordance with the law.
SUBSECTION II
HEALTH DATA
Article 78.- Data related to health. Without prejudice to the provisions of this law
Regarding the transfer of data, institutions and health centers, public and private, and
the corresponding professionals may proceed to the processing of the character data
personnel related to the physical or mental health of the people who come to them or are to be
treated in them, in accordance with the provisions of Dominican health legislation.
Notwithstanding the provisions on specially protected data, they may be subject to treatment
personal data that refer to racial origin, health and sexual life,
when such treatment is necessary for prevention or medical diagnosis, the
provision of healthcare or medical treatment or the management of healthcare services,
provided that said data processing is carried out by a professional subject to secrecy
professional or by another person also subject to an equivalent obligation of secrecy.
Health establishments, public or private, and professionals linked to the
health sciences may collect and process personal data relating to physical health or
mental health of patients who come to them or who are or have been under treatment
of those, respecting the principles of professional secrecy.
SUBSECTION III
DATA PROCESSING OF MINORS
Article 79.- Processing of data of minors. The data processing of
minors will be governed by the provisions established in the Code for the
Protection of the Rights of Children and Adolescents, the Penal Code and other laws
specials.
SECTION V
INTERNATIONAL DATA MOVEMENT

Page 29

Article 80.- International data transfer. The transfer of personal data from
any type with countries or international or supra-national organizations that require the
consent of the owner of the data, will only be made when:
1.

The physical person, freely and consciously, decides to authorize the
data transfer, or when the laws allow it.

two.

In the case of exchange of medical data, when the treatment so requires
of the affected person or an epidemiological investigation, or for health or hygiene reasons
public.

3.

In the case of bank or stock transfers, in relation to transactions
respective and in accordance with the legislation that is applicable to them.

Four. The transfer of data had been agreed or contemplated in the framework of treaties
international agreements or conventions, and in free trade agreements to which it is a party
the Dominican Republic.
5.

The purpose of the data transfer is international cooperation between
intelligence agencies for the fight against organized crime, terrorism,
human trafficking, drug trafficking, and other crimes and offenses.

6.

The transfer of data is necessary for the execution of a contract between the owner
of the data and the person responsible for the treatment, or for the execution of measures
pre-contractual.

7.

The legally required data transfer is for the safeguarding of interest
public or for the recognition, exercise or defense of a right in a process
judicial, or requested by a tax or customs administration for compliance with
their competencies.

8.

The data transfer is carried out to provide or request legal assistance
international.

9.

The data transfer is carried out at the request of an international organization with
legitimate interest from a public record.

CHAPTER V
VIOLATIONS AND SANCTIONS PROVISIONS

Article 81.- Administrative sanctions. The competent body to sanction infractions
administrative tasks committed by Credit Information Societies (SIC) will be the
Superintendency of Banks:
1.

Administrative infractions of this law are considered:
to)

Include in credit reports any of the information prohibited to
the Credit Information Societies (SIC), listed in this law.

b)

Refuse to provide access to credit information to the owner of the same.

c)

Denying, without foundation, a request for review or a request for
rectification of credit information required by the holder of the
information.

d)

Refuse to modify or cancel the information of an information holder,
after it has obtained a favorable ruling in a
procedure followed in accordance with the provisions of this law.

Page 30

two.

The Superintendency of Banks will impose on Credit Information Companies
(SIC) the following administrative sanctions:
to)

When the Credit Information Society (SIC) seriously infringes or
reiterated the provisions of the judgments of the courts with the authority of
the thing irrevocably judged, according to the Civil Code of the Republic
Dominican Republic, violations that derive from the offenses typified in the
previous section, the Superintendency of Banks will impose a fine of ten
(10) to one hundred (100) minimum wages, which must be paid from three (3)
business days after receiving such notification.

b)

When the Credit Information Societies (SIC) do not initiate the
activities within six (6) months after the date on which the
authorization has been granted by the Monetary Board, the Superintendency
de Banks will withdraw or revoke the operating permit.

Article 82.- Credit Information Companies (SIC) have a term of thirty
(30) business days to appeal for reconsideration before the Superintendency of Banks of
any decision of this that affects them and, in case of disagreement with the decision
intervened, they have a period of sixty (60) business days from the notification of the
resolution, by act of bailiff, duly endorsed by the Information Society
Credit (SIC), to appeal before the Monetary Board.
When the Monetary Board issues a resolution rejecting the challenge or appeal, the
Credit Information Companies (SIC) have a term of thirty (30) business days to
from the notification of said resolution, by act of the bailiff, to appeal before the
Superior Administrative Court.
Article 83 . - In the event of an adverse ruling to the Credit Information Society (SIC) before the
Superior Administrative Court, the Credit Information Society (SIC) has a
period of one (1) month to appeal in cassation, in accordance with the law that establishes the
Cassation Procedure. The Superintendency of Banks cannot exercise the powers
stipulated in this law to the detriment of a Credit Information Society (SIC)
until a final decision intervenes and with the authority of the thing irrevocably
judged.

Article 84.- Exceptional sanctions. It will be sanctioned with a fine of ten (10) to fifty
(50) current minimum wages, without prejudice to the appropriate reparations for the damages and
damages suffered by the person due to violation of their right to privacy,
In accordance with the norms of common law, the natural person who:
1.

Knowingly insert or cause to insert false data into a data file
personal, maliciously or in bad faith.

two.

Provide, maliciously or in bad faith, false information to a third party,
contained in a personal data file.

3.

Accesses knowingly and illegitimately, or violating confidentiality systems and
data security, in any way, to a personal data bank.

Page 31

Four. I will reveal to other information registered in a personal data bank whose secret
It is obliged to preserve by provision of a law.
Article 85.- Civil penalties. The application and rectification procedure has been exhausted
established in this law, the following will be considered civil offenses:
1.

Deny, without grounds, a request for review or a request for rectification of
the credit information required by the owner of the information.

two.

Refuse to modify or cancel the information of an information holder, then
that it has obtained a favorable ruling in a procedure followed
in accordance with the provisions of this law.

3.

Violate in a serious or repeated manner the provisions of the judgments of the
civil courts with the authority of the irrevocably judged thing.

Article 86.- Criminal sanctions. In the event that a user or subscriber has accessed a
database to consult, fraudulently, the personal information of a holder
Without having obtained prior authorization from this, you will be sanctioned with a fine that will go from ten (10) to
fifty (50) current minimum wages, without prejudice to the reparations that may be made by the
damages suffered by the person as a result of violation of their right to
privacy, in accordance with the norms of common law.
To the user or subscriber or any natural person who uses or provides a credit report
from a Credit Information Society (SIC), with the purpose of the commission of
a crime, a sanction equivalent to correctional imprisonment of six months to two years will be imposed,
and in the event that it was intended to facilitate the commission of a crime, it will be sanctioned
with the prison established by the current Penal Code for accomplices.
An aggravating circumstance of the crime charged will be considered the fact that a user or
subscriber makes use of a credit report from an Information Society
Credit (SIC), with the purpose of committing a crime.
The user or subscriber who gives the credit report a different use than that which has been consigned in
the authorization of the client or consumer, will be sanctioned with a fine that will go from ten (10) to one hundred
(100) current minimum wages, without prejudice to the reparations that may proceed for the damages and
damages suffered by the person due to violation of their right to privacy,
in accordance with the norms of common law.

Article 87 . - In the event that a natural person has fraudulently accessed the database
data from a Credit Information Society (SIC) to obtain and use any type of
report from a Credit Information Society (SIC), using passwords
access that does not belong to him, will be sanctioned with a fine ranging from twenty (20) to one hundred (100)
minimum wages in force, without prejudice to the reparations that may proceed for the damages and
damages suffered by the person due to violation of their right to privacy,
in accordance with the norms of common law.

Page 32

In the event that the improper use of said report has had as its purpose the commission of a
crime, it will be imposed on the natural person who has fraudulently accessed the report and to whom
uses it or prevails of it, a sanction equivalent to correctional imprisonment of six months to
two years, and in the event that the purpose was to commit a crime, it will be
sanctioned with the prison established by the current Penal Code.

Article 88.- The subscriber or affiliate, the client or consumer, the representatives of the
public entities, or any natural or legal person who violates the provisions contained
in the present law, it will be sanctioned with correctional prison from six months to two years, and a
fine of one hundred (100) to one hundred and fifty (150) current minimum wages.

The same sanction will be imposed on who, outside of the purposes established in this law, discloses,
publish, reproduce, transmit or record the partial or total content of a report of any
type from a Credit Information Society (SIC), referring to a holder of the
data, in any of its manifestations, in any mass communication medium, be it
print, television, radio or electronic.

CHAPTER VI
TRANSITIONAL AND FINAL PROVISIONS

SECTION I
TRANSITORY DISPOSITIONS

Article 89.- Treatments created by international agreements. Everything related with
the protection of natural persons, with regard to the processing of personal data
personal, in relation to any international agreement or treaty to which the
Dominican Republic, will be governed according to its provisions.
Article 90.- The Credit Information Societies (SIC), the data contributors and the
financial intermediation entities will have a term of six (6) months from the date of
entry into force of this law, to comply with the provisions of it, and adjust its
systems and structures as provided in it.

SECTION II
FINAL DISPOSITION

Article 91.- This law repeals in all its parts Law No. 288-05, of August 18,
year 2005, which regulates the Credit Information and Protection of the Holder of the
Information, and modifies any other law or part of the law insofar as it is contrary to it.

GIVEN in the Chamber of Deputies Session Room, Congress Palace
Nacional, in Santo Domingo de Guzmán, National District, capital of the Republic

Page 33

Dominicana, on the twelfth day of the month of November of the year two thousand thirteen; 170 years of the
Independence and 151 of the Restoration.

Abel Martinez Duran
President

Angela Well
Secretary

Jose Luis Cosme Mercedes
Secretary

GIVEN in the Senate Session Room, Palace of the National Congress, in Santo
Domingo de Guzmán, National District, Capital of the Dominican Republic, at
twenty-six (26) days of the month of November of the year two thousand thirteen (2013); 170 years of the
Independence and 151 of the Restoration.

Reinaldo Pared Perez
President
Manuel De Jesús Güichardo Vargas
Secretary

Rubén Darío Cruz Ubiera
Ad-Hoc Secretary.

DANILO MEDINA
President of the Dominican Republic

In exercise of the powers conferred on me by Article 128 of the Constitution of the
Republic.
I PROMULATE this Law and order that it be published in the Official Gazette, for its
knowledge and compliance.

GIVEN in Santo Domingo de Guzmán, National District, Capital of the Republic
Dominicana, on the thirteenth (13) day of the month of December of the year two thousand thirteen (2013);
170 years of Independence and 151 of the Restoration.

DANILO MEDINA

