Privacy Policy for Developers

These privacy policies ("Privacy Policies") govern the manner in which Fintoc SpA, a joint stock company incorporated under the laws of the Republic of Chile ("Fintoc"), and the Developer (as defined below) will obtain, store and process Personal and Banking Information (as defined below) and Personal Data (as defined below) of Application End Users (both terms defined below).

This Privacy Policy clearly explains what information is collected from the End User, how it is collected, what use is made of the information and who is responsible for its storage and processing. 

Fintoc will try that these Privacy Policies are known by all those who access and use the Fintoc API, therefore, in addition to this Privacy Policy, there is another one addressed to the End User. 

The Privacy Policy shall be effective upon acceptance by the Developer and shall remain in effect until revoked by the Developer. Revocation shall always be in writing and shall not have retroactive effect.

Fintoc may modify this Privacy Policy at any time, in which case it will notify Developers through a general notification on the dashboard of the Fintoc website, through a message, by telephone or to the email address indicated by the Developer in his or her Account. Subject to applicable law, by using the Fintoc API after receiving such notification, it is understood that the Developer accepts the updates to the Privacy Policy.

Developers and End Users may always decide whether or not to accept the modifications to the Privacy Policy. In the event that the Developer or End User does not accept the new Privacy Policy, the link between them and Fintoc shall be dissolved and the Developer's or End User's Personal Information and Personal Data shall be deleted by both Fintoc and the Developer.

Please read this Privacy Policy carefully before accessing and/or using the Fintoc API.

FIRST: Definitions.

  1. Agents: Representatives, managers, workers, contractors, subcontractors and any other person dependent on the Developer.
  1. Application: Developer's website, software, mobile application or any other platform or medium through which Developer wishes to apply the services provided by Fintoc to enable End Users to interact with their banks.
  1. API: The application programminginterface, also known by the acronym API, is a set of subroutines, functions and procedures (or methods, in object-oriented programming) that offers a certain library to be used by other software as an abstraction layer.
  1. API Fintoc: API that allows the Developer of an Application to obtain information from the Bank Accounts of its End Users, make bank transfers and agree on automatic payment of debts ("PAC"), always with the express authorization of the End User. The Fintoc API is the channel that serves as a connection between the financial institution and the Application Developers.
  1. Authorization: Permission granted by the End User to Fintoc to access the Banking Information of a specific Bank Account and to communicate such information to the Application Developer.
  1. License Agreement: Agreement in which Fintoc grants the Developer a limited, personal, non-exclusive, non-transferable, non-sublicensable and revocable right to access and use the Fintoc API allowing the integration of the Application to the Bank Accounts of the End Users. This Agreement will only be subscribed by the Developers that exceed the limit of free accounts that can be linked according to what is established in the third clause about the access to the Services, in this will be determined the specific conditions of the service, the support, payments and obligations of the parties, among others.
  1. Account (access account): Developer's identification form in the Fintoc API, to which he can login with a username and a password and which gives him the possibility to access to the Fintoc Services.
  1. Bank Account: Account or product that the End User has with a banking institution (debit account, credit, credit card, etc.) whose information will be shared with the Developers by virtue of the implementation of the Fintoc API in their Applications and the End User's Authorization. With respect to these accounts, wire transfers may be made or PACs may be agreed, in which case the End User will be required to add the Second Factor. These bank accounts can belong to both individuals and legal entities (companies).
  1. Developer: Professional or company in charge of creating, designing and implementing an Application that will use Fintoc Services.
  1. Bank Information: It is all the information contained in a Bank Account to which Fintoc will have access with the End User's Authorization and that will be transferred to the Developer, and includes, among others, the name of the banking institution, name of the credential holder, general information of the Bank Account such as type of account, number and name of the account, among others that are detailed in the Privacy Policy.
  1. Personal Information: Data concerning natural persons, identified or identifiable through lawful means, contained in any type of support.
  1. License: Limited, personal, non-exclusive, non-transferable, non-sublicensable, non-sublicensable, revocable authorization to access and use the Fintoc API.
  1. Second Factor: Numeric series delivered by pinpass, digipass or any other technological security means of the bank, or numeric series obtained from a coordinates card with which a bank transfer and the contracting of an automatic payment of debts ("PAC") can be authorized.
  1. Services: This refers to the connection services between the End User's Bank Account and the Application, which is materialized in the transfer of Bank Information to the Developer or the management of a bank transfer and/or PAC.
  1. End User: Natural or legal person identified, or identifiable at least with an email address, who, through the Developer's Application, has used Fintoc's services linking in any way his or her Banking Product(s).

SECOND: General Aspects.

Fintoc has developed and owns the intellectual, moral and patrimonial property rights over the Fintoc API, which allows Developers to connect their Applications with Bank Accounts of different financial institutions, belonging to the End Users of such Application, always with the End User's Authorization. It should be noted that this Authorization by the End User must be express and specific, that is to say, it must be in writing through the acceptance of the Terms and Conditions and the Privacy Policy for Fintoc End Users and authorizes the obtaining of specific information from the End User's Bank Account. In order to manage a bank transfer and/or a PAC it will be necessary, in addition to the Authorization, the delivery by the End User of the Second Factor.

THIRD: Categories of information and its collection.

3.1 Personal Information provided by the Developer in the Fintoc website registration. As indicated in Fintoc's Terms and Conditions, in order for a Developer to have access to Fintoc's API Services, he/she must complete a registration in Fintoc's webpage in which his/her Personal Information and the information of the company, enterprise or entity he/she represents, if applicable (i.e. user's rut, company's rut and password) will be required. This information will be stored by Fintoc with the purpose of being able to clearly identify the Developer, since it is the Developer, or the company it represents, who directly contracts Fintoc's Services, and with the purpose of improving the Service. 

With the information provided and through the use of the Account that will be assigned to the Developer, the Developer will be able to access the Services. The Developer shall be responsible for keeping his/her password safe and secure and shall notify Fintoc of any possible unauthorized use of his/her Account.

In addition, Fintoc will be able to check that the Developer is making proper and correct use of the Fintoc API and will, in turn, be able to detect cases of malicious use of the Services. This information will NOT be used for any other purpose, will not be sold to third parties and will only be stored while the relationship between the Developer and Fintoc is in force. Fintoc will delete the Personal Information of the Developer and of the company, enterprise or entity he/she represents. 

3.2 Personal Information provided by End User directly to Developer. The End User will complete the relevant registration on the Developer's Application and provide the personal information requested by the Developer. Fintoc has no involvement in the collection and processing of the End User's Personal Information that is collected directly by the Developer. 

The Developer shall be responsible for the collection, storage and processing of this information, and in this regard, shall be responsible for deciding what Personal Information it requests from End Users, the form of storage, the manner and purpose of the processing of such data. It is of utmost importance, and the Developer undertakes, that this responsibility is clearly expressed by the Developer in the Terms and Conditions and/or Privacy Policy of its own Application.  

3.3 Access Information provided by the End User to Fintoc. The minute Fintoc accepts a banking credential, it will proceed to save and manage the necessary information to perform the connection and integration operations. The information that the End User gives to Fintoc to make the connection is the following: 

If you are a natural person:

a) Rut

b) Password of the bank's website to access the Bank Account.

If you are a legal entity:

a) User ID

b) Company taxpayer ID

c) Password of the bank's website to access the Bank Account.

With this data Fintoc generates an access token so that the Developer can have access to the User's Personal and Banking Information, however the Developer will not have access to the password of the End User's banking website. In case the End User makes a transfer and/or contracts a PAC through the Fintoc API, the Second Factor that he/she gives to Fintoc will not be disclosed to the Developer. 

3.4 Information Fintoc infers from the End User's device: From the device with which the End User is connecting, Fintoc can infer the following information: 

a) Source IP, which in turn can be used to infer other data such as location.

b) Operating system of the End User device.

This information will only be used by Fintoc for its internal operation and will not be given to the Developer. 

3.5 Information Fintoc collects from the End User: Subject to the End User's authorization, and acceptance of the End User's Terms and Conditions and Privacy Policy, Fintoc may access the following information from the Bank Account to which the End User has been granted access: 

Credential information:

a) Name of the banking institution.

b) Name of the credential holder.

c) Name of the company, if applicable.

d) Account holder's personal information (email, gender, address, phone number)

General Bank Account Information:

a) Type of account.

b) Account number.

c) Account name (if applicable).

Information specific to Bank Accounts:

a) Balance sheet.

b) Transaction Cartel.

c) Maintenance costs.

d) Investment history.

e) History of credits and their payments.

In general, Fintoc will collect all the available information to which it can access from the credentials that the End User delivered. All this information will be transferred directly to the Developer for the purposes required by the Developer and which must be stated in its own terms and conditions and/or privacy policies, which must have been previously accepted by the End User. The storage and treatment of the aforementioned information is the exclusive responsibility of the Developer, and in this sense, the Developer undertakes to indemnify Fintoc for any claim, problem or judicial or extrajudicial controversy that may involve Fintoc due to the misuse that the Developer or any of its Agents may give to the End User's Banking Information.

FOURTH: Protection of Personal Information.

Fintoc will protect the Personal Information of the Developers and the End Users in accordance with the provisions of the Law Nº 19.628 on Protection of Private Life and always respecting the full exercise of their fundamental rights. 

Fintoc considers the Personal Information of Developers and End Users to be an asset that must be protected from loss or unauthorized access and will take every precaution to safeguard it by implementing effective computer security mechanisms, such as encryption, firewalls and Secure Socket Layers ("SSL"). 

Fintoc is obliged to comply with all applicable regulations regarding security measures applicable to personal data, using industry standards for the protection and confidentiality of your Personal Information. 

Fintoc will not sell, rent or share End Users' Personal and Banking Information, except as set forth in the Terms and Conditions and this Privacy Policy.

FIFTH: Prohibited conduct and activities. 

The Developer is strictly prohibited:

a) Sell or deliver under any title the End User's Banking or Personal Information to third parties.

b) Use the Service or the End User's Banking or Personal Information in any manner that may infringe or threaten to infringe any rights of the End User or legislation in force in the Republic of Chile.

c) Publish any information that has not been previously published by the End User or by the corresponding banking entity.

d) Use the Bank Information in a manner different from that authorized by the End User.


SIXTH: Minors

The Fintoc API may only be used by persons over 18 years of age, being therefore restricted to persons under 18 years of age. Fintoc reserves the right to verify, by any means it deems appropriate, the actual age of any Developer or its Agents. Upon suspicion or verification that a Developer or any of its Agents is under 18 years of age, Fintoc may deny access to the Services without the right to any claim by the affected Developer.

SEVENTH: Legal Requirements.

Fintoc will cooperate with the competent authorities and other third parties to ensure compliance with applicable regulations, e.g. regarding the protection of intellectual property rights, prevention of fraud, among others.

In this regard, Fintoc may disclose the Personal Information of the Developers and End Users if required to do so by competent judicial or governmental authorities for the purposes of investigations conducted by them, as well as in the case of criminal investigations, fraud or investigations related to hacking or copyright infringement. In such situations, Fintoc will cooperate with the competent authorities in order to safeguard the integrity and security of the community, the Developers and the End Users. 

For such purposes, Fintoc may disclose any Personal Information and/or Personal Data of the Developers and End Users, in order to comply with applicable law and to cooperate with the competent authorities, to the extent it deems necessary and appropriate in connection with any investigation of an unlawful act or fraud, infringement of industrial or intellectual property rights, or other activity that is illegal or that may expose Fintoc, the Developers or the End Users to any legal liability. This right will be exercised by Fintoc for the purpose of cooperating with law enforcement and compliance.

In addition, Fintoc reserves the right (and Developers expressly authorize it to do so) to communicate information to entities or third parties when there are sufficient grounds to believe that a Developer's activity is suspected of committing or attempting to commit a crime or attempting to harm others. This right shall be used by Fintoc in its sole discretion, as it deems appropriate or necessary to maintain the integrity and safety of the community, other Developers and End Users, to enforce the Terms and Conditions and Privacy Policy and for the purpose of cooperating with law enforcement and compliance with the law. This right will be exercised by Fintoc for the purpose of cooperating with law enforcement, regardless of whether there is a court or administrative order to that effect.