POLÍTICA DE PROTECCIÓN Y TRATAMIENTO DE DATOS PERSONALES

Basic Information of the Personal Data Processing Policy

Esta política tiene como propósito señalar las finalidades de tratamiento de los datos personales de los usuarios que PLURALL PAY COLOMBIA S.A.S., y PLURALL CAPITAL COLOMBIA S.A.S., (en adelante, los “Responsables”) realizamos, las obligaciones a nuestro cargo y los lineamientos de seguridad que debemos observar para proteger los datos; establecer lineamientos para la atención de consultas y reclamos que los Usuarios formulen, e informar sobre los canales que los Responsables hemos dispuesto para recibir y atender las solicitudes o el ejercicio de los derechos de habeas data que le asisten a los Usuarios, como titulares de los datos personales, de acuerdo con la ley.

PLURALL PAY COLOMBIA S.A.S. realiza actividades de corresponsalía digital y presta servicios de iniciación de pagos y de suministro de información sobre cuentas de depósito constituidas en entidades vigiladas por la Superintendencia Financiera de Colombia de las que sea corresponsal digital.

PLURALL CAPITAL COLOMBIA S.A.S. realiza actividades de otorgamiento de crédito.

For the development of the above activities, the Responsible may access, consult, collect, request personal data of Users, customers, employees, suppliers and others.

For more information see the Detailed Information section.

Detailed information on the Personal Data Processing Policy

1. OBJETIVO

Establish the criteria for the collection, consultation, storage, ordering, classification, cataloging, analysis, processing, use, circulation and deletion of the personal data processed by those responsible for the treatment of the personal data of the Holders.

2. ALCANCE

La presente Política aplica para toda la información personal registrada en las bases de datos de los Responsables.

3. RESPONSABLES

Los responsables del tratamiento de los datos personales serán PLURALL PAY COLOMBIA S.A.S., identificada con NIT 901.512.344-4 y PLURALL CAPITAL COLOMBIA S.A.S. identificada con NIT 901.512.345-1, ambas con domicilio en la ciudad de Bogotá D.C., en Carrera 7 #116-50, We Work Usaquén, teléfono (57) 3203020065, y Página web: www.plurall.com

4. TRATAMIENTO Y FINALIDADAD

The Controllers may collect the following information for the provision of their services:

  1. Regarding the clients or users of the products or services
    • Contact information, such as first and last name, type and identification number, address and email and telephone number.

    • Information on economic activity.

    • The number of the credit or debit card and the expiration date of the card, the bank account number and/or electronic deposit number and certain information about the volume of sales and transactions.

    • Information about your transactions with credit and debit cards, or small or ordinary deposits, such as the amount of the transaction, date and time, place or merchant where the transaction was made, the description provided by the seller about the goods and services purchased, the type of payment method used, a description of the reason for the transaction and the offer associated with the transaction (if any), and your purchase or payment history.

    • Financial information

    • Information on purchasing habits and preferences, age, date of birth, sex and family situation, socioeconomic status.

    • Information about your geographic location or physical location, for example, through information from GPS signals sent by a mobile device, or through different technologies to determine location, such as data from device sensors that provide, for example, information about the closest Wi-Fi access points and mobile phone antennas, or the location of the dataphones where transactions are made.

    • Mobile device data (such as device model, operating system version, unique identifiers and mobile network data, IP address, including phone number, and telecommunications service provider) .

    • Your information collected through third-party verification services related to the use of third-party payment methods linked to the Controllers, or that coming from the information derived from the transactions carried out through the network of means of access of the systems of low payment and other administrators of these systems.

  1. Regarding dependent and independent workers of the Managers

    • Personal information of the workers, related to their date and place of birth, nationality, marital status, sex, education levels, work experience, personal references, socioeconomic level and status, and financial situation.

    • Personal information of the workers related to their health status, social security entities to which they are affiliated, disciplinary and judicial records.

    • Información personal de los trabajadores relacionada con su núcleo familiar y dependiente, y sus preferencias personales en términos de actividades y hobbies.

    • Información personal de los candidatos a cualquier posición o trabajo entre la que se encuentra sus nombres y apellidos, tipo y número de identificación, teléfonos fijos y celulares de contacto, direcciones postales y electrónicas (personales y/o laborales), profesión u oficio, títulos, perfil académico (colegio, universidad, etc.), perfil profesional (puestos de trabajo, antecedentes, etc.) pertenencia a asociaciones profesionales o académicas, salarios y jornadas de trabajo, evaluaciones de rendimiento y/o cualquier otro dato que se incluya dentro de la hoja de vida del aspirante o candidato. una vez se formalice la relación laboral el candidato se regirá bajo las reglas de los empleados de los respectivos Responsables.

    • Personal information of officials, employees and contractors of the business partners or suppliers of the Controllers, including their position or work, names and surnames, type and identification number, contact landlines and cell phones, postal and electronic addresses ( personal and/or work), profession or trade, professional profile (job positions, background, etc.).

The treatment that each Responsible will carry out with the personal information will be: to obtain, storage, consultation, analysis, evaluation, comparison, processing, reporting, updating, compilation, sending, rectification, use, elimination, supply, ordering, cataloging, classification, recording , and conservation. As well as to disclose it to operators, information centers or databases and credit bureaus and/or any other national or foreign entity that has the same or similar purposes to those expressed in this Policy;

It will also process the personal data and information that it collects from the Owners to: verify, confirm, validate, update, and/or investigate it with the other data that it obtains and those that it legitimately has; to supply them to national or foreign contractors or third parties, who develop operational processes specific to the object of the contracts or services provided, or risk management of the activities or services of the respective Responsible.

The treatment carried out by the Controllers will have the following purposes:

    1. Purposes of treatment Common to Plurall Pay Colombia S.A.S. (“Plural Pay”) and Plurall Capital Colombia S.A.S. (“Plurall Capital”)

    •  
      • Register and link the User to the mobile application (“APP”) of Plurall Pay and/or other services, channels or means of attention that the Responsibles have enabled or enable.

      • Carry out procedures to know the User and to prevent money laundering, the financing of terrorism, as well as to detect fraud and other illegal activities.

      • Prevent money laundering, terrorist financing, as well as detect fraud and other illegal activities,

      • Share personal data to financial entities allied with the Controllers so that they can carry out the link and knowledge of the User in the process of linking or opening financial products or services offered and operated by such allied financial entities.

      • Promote, market or offer, individually or jointly, products and/or services of the Controllers or offered in a commercial alliance, through the Plurall Pay APP or any means or service channel that the Controllers have enabled or enable.

      • Access, know and process data and information on the User's financial products or services (including those subject to bank reserves) that they have in financial entities allied with Plurall Pay or Plurall Capital, as well as receive, process and send electronic orders from the Plurall APP Pay to such entities, and present or make available to the User, in the APP, the result of such electronic orders on financial products or services of financial entities.

      • Carry out analysis, studies and behavioral projections of the User or of their transactional profile, with the purpose of making credit ratings and sharing the results among the Treatment Managers;

      • Prepare behavioral studies, statistics, surveys, analysis of market trends that allow those Responsible for Treatment to better understand the needs of Users;

      • Maintain the support of operations, follow-up of incidents and fulfillment of obligations both of a pecuniary nature and of another nature;

      • Comply with its legal and contractual obligations;

      • Send messages, notifications or alerts through any means to send and disclose legal information, security, promotions, commercial, advertising, marketing, institutional or educational campaigns, raffles, events or other benefits; and inform the User about the innovations made in the APP, its products and/or services; publicize the improvements or changes in their service channels, publicize other services and/or products offered by the Controllers and/or their commercial allies, and confirmation of personal data necessary for the execution of the legal relationship that has been established between them ;

      • Contact the User via email to send contractual documents, information, account statements or invoices in relation to the obligations arising from the contracts entered into with Plurall Pay, with Plurall Capital, or with third party allies of these whose contracts are have celebrated through the APP;

         

      • Provide the information to third parties with whom it has a contractual relationship and that it is necessary to deliver it for the fulfillment of the contracted object;

  1. Finalidades Particulares de Plurall Capital

  •  
      • Process the credit request(s) made by the User to Plurall Capital;

      • Validate, verify and consult the economic and transactional information of the User with the purpose of evaluating the possibility of granting the requested credit;

      • Consult, verify and confirm, in the CIFIN Information Center, TRANSUNION or any other public or private, national, foreign or multilateral entity that administers or handles databases or credit information, or any other financial entity in Colombia, or abroad or from multilateral character, all the information that refers to the User, about his credit, financial, commercial behavior, services and third countries of the same nature.;

      • Evaluate and perform analysis of the transactional behavior of the User in the Plurall Pay APP, as well as debits and payments made by the User to credit.

      • Exercise the rights of Plurall Capital as a creditor of the credits disbursed to the User, including those related to judicial and extrajudicial collection activities, and the related procedures to obtain the payment of the obligations in charge of the User or their employer, if applicable. ;

      • To make both negative, positive or neutral reports, to the risk and information centers, such as CIFIN, TRANSUNION or any other entity of the same nature, in accordance with the provisions regarding habeas data, in accordance with the authorization established in favor of the Responsible of the Treatment later;

The custody of the information will be for 5 years from the last treatment. In any case, the information provided will remain stored for as long as necessary to allow us to fulfill the purposes set forth herein and for the fulfillment of legal and/or contractual obligations in charge of the Responsible Parties, especially in labor, accounting, fiscal and tax matters. or for all the time necessary to meet the provisions applicable to the matter in question and the administrative, labor, accounting, fiscal, legal and historical aspects of the information, or in any event provided for by law.

5. DEBERES DE LOS RESPONSABLES DEL TRATAMIENTO

In relation to data processing, the Controllers undertake to:

  1. Guarantee the owner the full and effective exercise of their rights.

  2.  Request and keep a copy of the authorization granted by the owner or proof thereof.

  3. Inform the owner about the purposes of the collection, the uses of their personal data and their rights based on the authorization granted.

  4. Keep the information in secure conditions to prevent its adulteration, loss, consultation, use or unauthorized access.

  5. Guarantee that the information provided to third parties or data processors is truthful, complete, accurate, up-to-date, verifiable and understandable.

  6. Update the information that a third party or person in charge has, regarding all the news in relation to the data provided and adopt the necessary measures so that the information is updated.

  7. Rectify the information when you become aware that it is incorrect.

  8. Velar por que los terceros y/o encargados del tratamiento de la información personal de la cual es responsable., cuenten con medidas y políticas efectivas para garantizar el adecuado tratamiento de dicha información. Asimismo, les exigirá el compromiso de acogerse y dar aplicación a lo previsto en la presente Política de Tratamiento Datos Personales y demás lineamientos establecidos por los Responsables o certificar que sus políticas internas recogen cuando menos las disposiciones aquí previstas. En caso de no ser posible la emisión de la certificación, cada Responsable deberá corroborar que las

    políticas internas de los terceros y/o encargados recogen criterios de seguridad y/o privacidad equivalentes o superiores a los aquí previstos. En este sentido, los terceros y/o encargados deberán adoptar las medidas y condiciones de seguridad y privacidad para los datos personales, que sean compartidos con estos, cuando menos al mismo nivel de protección adoptado por los Responsables.

  9. Process queries and claims made in accordance with the provisions of this Policy and the law.

  10. Inform the data protection authority when there are security violations and there are risks in the administration of the information of the holders.

6. DERECHOS DE LOS TITULARES

As the owner of your personal data, you have the right to:

  1. Free access to the data provided that have been processed.

  2. Know, update and rectify your information against partial, inaccurate, incomplete, fragmented, misleading data, or those whose treatment is prohibited or has not been authorized.

  3. Request proof of authorization granted.

  4. Submit to the Superintendency of Industry and Commerce (SIC) complaints for violations of the provisions of current regulations.

  5. Revoke the authorization and/or request the deletion of the data, provided that there is no legal or contractual duty that prevents their deletion.

  6. Refrain from answering questions about sensitive data. The answers that deal with sensitive data or data of children and adolescents will be optional.

7. ATENCIÓN DE PETICIONES, CONSULTAS Y RECLAMOS

El área de atención de Plurall Pay y Plurall Capital es la dependencia que tiene a cargo dar trámite a las solicitudes de los titulares para hacer efectivos sus derechos.

Para lo anterior, los titulares pueden formular sus peticiones, consultas o reclamos en relación con sus datos personales a través de la App móvil, página web, o al correo electrónico hola@plurall.com.

8. PROCEDIMIENTOS PARA EL EJERCICIO DEL DERECHO DE HABEAS DATA

In compliance with the regulations on the protection of personal data, the Controllers present the procedure and minimum requirements for the exercise of their rights:

For the filing and attention of your request, we ask you to provide the following information:

  • Full name and identification document

  • Contact information (Physical and/or electronic address and contact telephone numbers),

  • Reason(s)/event(s) giving rise to the claim with a brief description of the right you wish to exercise (know, update, rectify, request proof of the authorization granted, revoke it, delete it, access information)

The Managers inform that the maximum term provided by law to resolve your claim is fifteen (15) business days, counted from the day following the date of receipt. When it is not possible to address the claim within said term, the consumer service area will inform the interested party of the reasons for the delay and the date on which their claim will be addressed, which in no case may exceed eight (8) days. working days following the expiration of the first term.

Notwithstanding the foregoing, the Controllers have established the following procedure in relation to the following procedures related to the exercise of the right of habeas data by the Data Holders:

  1. Consultation

The Holders, the authorized persons or their successors in title may consult their personal information that resides in the Plurall Pay or Plurall Capital databases, in which case the requested information will be provided, after verification of the legitimacy to present said request. The query will be answered within a maximum term of ten (10) business days from the date of receipt of the respective request. When it is not possible to attend the consultation within said term, you will be informed of the reasons for the delay, indicating the date on which your consultation will be attended, which in no case may exceed five (5) business days following the expiration of the first finished.

  1. Claims

If the holders, authorized persons or assignees consider that the information contained in a database should be subject to correction, updating, clarification or deletion, or when they notice the alleged breach of any of the duties contained in current regulations, they may file a claim with the respective Responsible, which will be processed under the following rules:

  1. The Holder's claim must be made by means of a request addressed to the Responsible, indicating the Holder's information indicated at the beginning of this section. If the claim is incomplete, we will require it within five (5) business days after receipt of the claim to correct the faults. After one (1) month from the date of the request, without you submitting the required information, we will understand that you have withdrawn the claim.

  2. In the event that we are not competent to resolve your claim, we will transfer it to the appropriate party within a maximum term of two (2) business days and we will inform you in a timely manner.

  3. If applicable, once the complete claim has been received, a legend will be included in the database that says "claim in process" or equivalent expression and the reason for it, within a term not exceeding two (2) business days. Said legend must be kept until the claim is decided.

  4. The maximum term to address the claim will be fifteen (15) business days from the day following the date of receipt. When it is not possible to address the claim within said term, you will be informed of the reasons for the delay and the date on which your claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the first term. .

En todo momento los Titulares podrán limitar el consentimiento para el tratamiento de sus datos personales para las finalidades de mercadeo y promociones mediante el envío de un correo electrónico a la siguiente dirección electrónica: hola@plurall.com mencionando tales limitantes. En un plazo no mayor a diez (10) hábiles, días contados a partir del envío del correo electrónico, los Responsables dejarán de remitir información comercial, de mercadeo y/o promocional de sus servicios.

9. INFORMACIÓN IMPORTANTE A LOS TITULARES DE LOS DATOS E INFORMACIÓN

  1. Security of the information

For the Controllers, the security of the information of their clients, as well as that information that in the development of the provision of their services and/or operations is very important, therefore it is essential to protect this information and the assets that contain it, from any loss of confidentiality, integrity or availability, whether accidental or intentional; taking into account the current applicable regulations, all this through the implementation of appropriate measures related to people, processes, technology, infrastructure and related services.

 

Due to the foregoing, the Controllers are obliged to establish technical, logical and physical measures in terms of protecting the confidentiality of your Personal Information and information subject to bank reserve (to which you have access).

 

For this reason, the Responsibles took precautions and measures to protect your information, using the mechanisms of the Information Security Policy. Complete and effective information protection computer security, including those described in the data protection standard such as ISO 27000. The Controllers are not responsible for the damages generated from the loss of information derived from illegal interceptions or violation of their systems. or databases by unauthorized persons; nor are they responsible for the improper use of information obtained by legitimate means. In these cases, the Controllers, once they become aware of these infractions, will inform the competent authorities, in accordance with the law.

 

The third parties hired by or allied to the Controllers are equally obliged to adhere to and comply with the information security policies and manuals, as well as the security protocols that have been established or are established for all their processes.

 

Any contract with third parties (contractors, employees, external consultants, temporary collaborators, etc.) that involves the processing of information and personal data, includes a confidentiality agreement that details their commitments for the protection, care, security and preservation of confidentiality, integrity and privacy of it.

The Managers guarantee and are responsible, in any case, for the veracity, accuracy, validity and authenticity of the personal information provided, and undertake to keep it duly updated.

  1. Treatment of Sensitive Personal Data and of Minors

In accordance with Law 1581 of 2012, sensitive data is understood to be that which affects the privacy of the owner of said data, or whose improper use may generate discrimination, such as those that reveal racial or ethnic origin; political orientation; religious or philosophical convictions; membership in trade unions, social or human rights organizations; those related to health, sexual life and biometric data.

 

In the event that the Controllers collect, compile and process sensitive data, these will be treated carefully subject to the provisions of Law 1581 of 2012. This Policy informs the Holders that they will not be obliged in any event to authorize the treatment of sensitive data, and therefore the provision of Plurall Pay or Plurall Capital services is not conditioned to the delivery of this sensitive information, except in cases where the processing of biometric data is required as an authentication factor before the systems and applications arranged by the Responsible for the provision of the respective contracts or contracted services.

 

Plurall Pay and Plurall Capital take the privacy of children and adolescents very seriously, so they will ensure the proper use and protection of the personal data of children and adolescents who are minors, guaranteeing that in the treatment of their data the best interests of minors are respected, and their fundamental rights and as far as possible, taking into account their opinion, as holders of their personal data.

  1. Use of Cookies

The user and visitor to the Website of the Controllers or the Plurall Pay APP knows and accepts that the Controllers may collect certain information through the use of cookies. Cookies are small files that are installed on the hard drive of the user's computer or mobile device, with a limited duration in time that help personalize services. We also offer certain features that are only available through the use of cookies. The information collected through cookies is, among others, the user's path to the website, pages visited, source IP address, browser type, browser language, and the date and time of the user's visit.

 

This information helps Controllers track trends and improve product and service offerings, based on visits, and is analytics commonly used by most websites.

At any time, the user can uninstall cookies on his computer (Internet browser) or mobile device, which depends on his sole will and can be removed from his computer when the user so wishes.

  1. Attention to Requirements of Administrative and Judicial Entities

The Controllers may disclose the personal information of their Users at the request of the competent judicial or administrative authorities in accordance with current legislation. Plurall Pay or Plurall Capital will not be responsible for this disclosure of information.

10. VIGENCIA

La presente Política rige a partir del 1ro de enero de 2022.

The databases in which the personal data will be recorded will have a validity equal to the time in which the information is maintained and used for the purposes described in this Policy. Once that purpose(s) is/are fulfilled and provided that there is no legal or contractual duty to keep your information, your data will be removed from our databases.

The Controllers may modify the terms and conditions of this Policy at any time. All changes to this privacy policy will be informed by posting a new version on the website.

The natural persons subject to this policy must ensure that they review this page periodically to verify the aforementioned changes.

en_USEnglish

Tu puedes ser uno de los Pioneros Plurall.

Regístrate con tus datos para obtener un crédito para tu negocio de hasta $2.000.000.

Te estaremos avisando pasos a seguir.