These privacy policies ("Privacy Policies") govern the manner in which Fintoc SpA, a joint stock company incorporated under the laws of the Republic of Chile ("Fintoc"), and the Developer (as defined below) will obtain, store and process Personal and Banking Information (as defined below) and Personal Data (as defined below) of Application End Users (both terms defined below).
SECOND: General Aspects.
THIRD: Categories of information and its collection.
3.1 Personal Information provided by the Developer in the Fintoc website registration. As indicated in Fintoc's Terms and Conditions, in order for a Developer to have access to Fintoc's API Services, he/she must complete a registration in Fintoc's webpage in which his/her Personal Information and the information of the company, enterprise or entity he/she represents, if applicable (i.e. user's rut, company's rut and password) will be required. This information will be stored by Fintoc with the purpose of being able to clearly identify the Developer, since it is the Developer, or the company it represents, who directly contracts Fintoc's Services, and with the purpose of improving the Service.
With the information provided and through the use of the Account that will be assigned to the Developer, the Developer will be able to access the Services. The Developer shall be responsible for keeping his/her password safe and secure and shall notify Fintoc of any possible unauthorized use of his/her Account.
In addition, Fintoc will be able to check that the Developer is making proper and correct use of the Fintoc API and will, in turn, be able to detect cases of malicious use of the Services. This information will NOT be used for any other purpose, will not be sold to third parties and will only be stored while the relationship between the Developer and Fintoc is in force. Fintoc will delete the Personal Information of the Developer and of the company, enterprise or entity he/she represents.
3.2 Personal Information provided by End User directly to Developer. The End User will complete the relevant registration on the Developer's Application and provide the personal information requested by the Developer. Fintoc has no involvement in the collection and processing of the End User's Personal Information that is collected directly by the Developer.
3.3 Access Information provided by the End User to Fintoc. The minute Fintoc accepts a banking credential, it will proceed to save and manage the necessary information to perform the connection and integration operations. The information that the End User gives to Fintoc to make the connection is the following:
If you are a natural person:
b) Password of the bank's website to access the Bank Account.
If you are a legal entity:
a) User ID
b) Company taxpayer ID
c) Password of the bank's website to access the Bank Account.
With this data Fintoc generates an access token so that the Developer can have access to the User's Personal and Banking Information, however the Developer will not have access to the password of the End User's banking website. In case the End User makes a transfer and/or contracts a PAC through the Fintoc API, the Second Factor that he/she gives to Fintoc will not be disclosed to the Developer.
3.4 Information Fintoc infers from the End User's device: From the device with which the End User is connecting, Fintoc can infer the following information:
a) Source IP, which in turn can be used to infer other data such as location.
b) Operating system of the End User device.
This information will only be used by Fintoc for its internal operation and will not be given to the Developer.
a) Name of the banking institution.
b) Name of the credential holder.
c) Name of the company, if applicable.
d) Account holder's personal information (email, gender, address, phone number)
General Bank Account Information:
a) Type of account.
b) Account number.
c) Account name (if applicable).
Information specific to Bank Accounts:
a) Balance sheet.
b) Transaction Cartel.
c) Maintenance costs.
d) Investment history.
e) History of credits and their payments.
In general, Fintoc will collect all the available information to which it can access from the credentials that the End User delivered. All this information will be transferred directly to the Developer for the purposes required by the Developer and which must be stated in its own terms and conditions and/or privacy policies, which must have been previously accepted by the End User. The storage and treatment of the aforementioned information is the exclusive responsibility of the Developer, and in this sense, the Developer undertakes to indemnify Fintoc for any claim, problem or judicial or extrajudicial controversy that may involve Fintoc due to the misuse that the Developer or any of its Agents may give to the End User's Banking Information.
FOURTH: Protection of Personal Information.
Fintoc will protect the Personal Information of the Developers and the End Users in accordance with the provisions of the Law Nº 19.628 on Protection of Private Life and always respecting the full exercise of their fundamental rights.
Fintoc considers the Personal Information of Developers and End Users to be an asset that must be protected from loss or unauthorized access and will take every precaution to safeguard it by implementing effective computer security mechanisms, such as encryption, firewalls and Secure Socket Layers ("SSL").
Fintoc is obliged to comply with all applicable regulations regarding security measures applicable to personal data, using industry standards for the protection and confidentiality of your Personal Information.
FIFTH: Prohibited conduct and activities.
The Developer is strictly prohibited:
a) Sell or deliver under any title the End User's Banking or Personal Information to third parties.
b) Use the Service or the End User's Banking or Personal Information in any manner that may infringe or threaten to infringe any rights of the End User or legislation in force in the Republic of Chile.
c) Publish any information that has not been previously published by the End User or by the corresponding banking entity.
d) Use the Bank Information in a manner different from that authorized by the End User.
The Fintoc API may only be used by persons over 18 years of age, being therefore restricted to persons under 18 years of age. Fintoc reserves the right to verify, by any means it deems appropriate, the actual age of any Developer or its Agents. Upon suspicion or verification that a Developer or any of its Agents is under 18 years of age, Fintoc may deny access to the Services without the right to any claim by the affected Developer.
SEVENTH: Legal Requirements.
Fintoc will cooperate with the competent authorities and other third parties to ensure compliance with applicable regulations, e.g. regarding the protection of intellectual property rights, prevention of fraud, among others.
In this regard, Fintoc may disclose the Personal Information of the Developers and End Users if required to do so by competent judicial or governmental authorities for the purposes of investigations conducted by them, as well as in the case of criminal investigations, fraud or investigations related to hacking or copyright infringement. In such situations, Fintoc will cooperate with the competent authorities in order to safeguard the integrity and security of the community, the Developers and the End Users.
For such purposes, Fintoc may disclose any Personal Information and/or Personal Data of the Developers and End Users, in order to comply with applicable law and to cooperate with the competent authorities, to the extent it deems necessary and appropriate in connection with any investigation of an unlawful act or fraud, infringement of industrial or intellectual property rights, or other activity that is illegal or that may expose Fintoc, the Developers or the End Users to any legal liability. This right will be exercised by Fintoc for the purpose of cooperating with law enforcement and compliance.