Privacy Policy for End Users

These privacy policies ("Privacy Policies") govern the manner in which Fintoc SpA, a joint stock company incorporated under the laws of the Republic of Chile ("Fintoc"), and the Developer (as defined below) will obtain, store and process Personal and Banking Information (as defined below) of End Users of the Application (both terms defined below).

Privacy and security are very important to us, which is why this Privacy Policy clearly explains what information is collected from the End User, how it is collected, how the information is used, who is responsible for storing and processing the information, and what rights the End User can exercise over the information. 

The Privacy Policies will come into force upon acceptance by the End User and will remain in force until the End User revokes his or her Authorization, without prejudice to the rights that will remain in force until after revocation of the same. The revocation must always be in writing and will not have retroactive effect.

Please read this Privacy Policy carefully before accessing and/or using the Fintoc API.

FIRST: Definitions.

  1. Application: Website, software, mobile application or any other platform or medium through which the End User accesses the services provided by Fintoc to link his/her Bank Account(s).
  1. Fintoc API:Application Programming Interface(API) that allows the Application Developer to obtain information from the Bank Accounts of its End Users with the express authorization of the latter. The Fintoc API is the channel that serves as a connection between the financial institution and the Application Developers.
  1. Authorization: Permission granted by the End User to Fintoc to access the Banking Information of a specific Bank Account and to communicate such information to the Application Developer.
  1. Bank Account: Account or product that the End User has with a banking institution (debit account, credit, credit card, etc.) whose information will be shared with the Developers by virtue of the implementation of the Fintoc API in their Applications and the End User's Authorization. These bank accounts can belong to both natural persons and legal entities (companies).
  1. Developer: Professional or company in charge of creating, designing and implementing an Application that will use Fintoc's Services, this concept includes its representatives, managers, workers, contractors, subcontractors and any other dependent.
  1. Bank Information: It is all the information contained in a Bank Account to which Fintoc will have access with the End User's Authorization and that will be transferred to the Developer and includes, among others, the name of the banking institution, name of the credential holder, general information of the Bank Account such as type of account, number and name of the account, among others that are detailed in the Privacy Policy.
  1. Personal Information: Data concerning natural persons, identified or identifiable through lawful means, contained in any type of support.
  1. Pop-Up: A pop-up window that appears automatically on the browser screen, in a window superimposed on the active web page or the active Application.
  1. Second Factor: Numeric series delivered by pinpass, digipass or any other technological means of security of the bank, or numeric series obtained from a coordinates card with which a bank transfer can be authorized and/or the contracting of an automatic payment of debts ("PAC").
  1. Services: Refers to the connection services between the End User's Bank Account and the Application, which are materialized in the transfer of Banking Information to the Developer.
  1. End User: Natural or legal person identified, or identifiable at least with an email, who, through the Developer's Application, may use Fintoc's services by linking in any way his or her Banking Product(s).


SECOND: General Aspects.

2.1 Fintoc has developed and owns the intellectual, moral and patrimonial property rights over the Fintoc API, whose objective is to be the link between the Applications and the information contained in the End Users' Bank Accounts, for which the End User must grant a previous Authorization. It should be noted that this Authorization by the End User must be express and specific, that is to say, it must be in writing through the acceptance of the Terms and Conditions and the Privacy Policy for Fintoc End Users and it will be applicable only with respect to the products and/or Bank Accounts that the End User expressly indicates.

2.2 The End User will first enter the Application, in which he/she must register and accept the terms and conditions and/or privacy policies of the Application, and at the time he/she requires to link his/her Bank Account, he/she may, through a Pop-Up, authorize Fintoc to collect the information contained in a particular product or Bank Account and deliver it to the Application. If you agree to our Terms and Conditions and End User Privacy Policy, you may grant us access to your Bank Account information by entering your bank's website password and password. By providing us with this password to access your Bank Account you represent and warrant that you are the account holder or have the legal authority to provide such password.

THIRD: Categories of information, how it is collected and responsibility for storage and processing.

3.1 Personal Information provided by the End User directly to the Developer. Fintoc has no involvement in the collection and processing of End User Personal Information that is collected directly by the Developer. The Developer shall be responsible for the collection, storage and processing of this information, and in this regard, shall be responsible for deciding what Personal Information it requests from End Users, as well as the manner of storage, form and purpose of the processing of such data. 

3.2 Access Information provided by the End User to Fintoc. The minute Fintoc accepts a banking credential, after the End User's Authorization, it will proceed to store and manage the information necessary to link the Bank Account with the Application. The information that the End User delivers to Fintoc to make such connection is the following: 

If you are a natural person:

a) Rut

b) Password of the bank's website to access the Bank Account.

If you are a legal entity:

a) User ID

b) Company taxpayer ID

c) Password of the bank's website to access the Bank Account.

With this data Fintoc generates a special password, different from the one given by the End User, which is given to the Developer so that he can access the Banking Information. The Developer will never have access to the password of the End User's bank page. 

If the End User uses the Fintoc API to make a bank transfer or contract a PAC, he/she will have to deliver the Second Factor in addition to the Authorization. The Developer will not have access to the information provided by the End User for these purposes.

This information delivered directly to Fintoc by the End User will be stored by Fintoc and may only be used for internal purposes, as indicated in the fourth clause below. 

3.3 Information Fintoc infers from the End User's device: From the device with which the End User is connecting, Fintoc can infer the following information: 

a) Source IP, which in turn can be used to infer other data such as location.

b) Operating system of the End User device.

This information, which Fintoc may infer from the End User's device, will not be given to the Developer and may only be used for internal purposes, as indicated in clause four below. 

3.4 Information Fintoc collects from the End User: Upon End User's Authorization, Fintoc may access the following information from the Bank Account to which access is granted: 

Credential information:

a) Name of the banking institution.

b) Name of the credential holder.

c) Name of the company, if applicable.

d) Personal information of the account holder (email, gender, address, phone number).

General Bank Account Information:

a) Type of account.

b) Account number.

c) Account name (if applicable).

Information specific to Bank Accounts:

a) Balance sheet.

b) Transaction Cartel.

c) Maintenance costs.

d) Investment history.

e) History of credits and their payments.

In general, Fintoc will collect all the available information to which it can access from the credentials that the End User delivered regarding the products or specific Bank Accounts to which he/she granted access. All this information will be transferred directly to the Developer for the purposes required by the Developer and which shall be set forth in its own terms and conditions and/or privacy policies. The storage and treatment of the information that Fintoc collects from the End User is the exclusive responsibility of the Developer.

FOURTH: How we share your information.

Fintoc may use End Users' Personal and Banking Information only for the following purposes:

4.1 Internal use of the information. Fintoc will be able to use all the information indicated in the third clause above for the following purposes: 


a) To improve the Services provided by Fintoc and to add more products; and 

b) To protect End Users from malicious activities against Fintoc.


4.2 External use of information. Fintoc may share the following information with the following parties:

a) May share only the Banking Information of the Bank Accounts authorized by the Client indicated in numeral 3.5 above with the Developer that performed the integration with Fintoc; and

b) You may share all of the information set forth in the third clause for identity and age confirmation purposes, as set forth in the fifth clause below, or legal only to the extent applicable, as set forth in the sixth clause below.

Fintoc will treat the Personal and Banking Information of the End Users in accordance with the provisions of Law No. 19.628 on Protection of Privacy and always respecting the full exercise of the fundamental rights of the same.

Fintoc considers that End Users' Personal and Banking Information is an asset that must be protected from loss or unauthorized access and will take every precaution to safeguard it by implementing effective computer security mechanisms, such as encryption,firewalls and Secure Socket Layers ("SSL").

Fintoc is obliged to comply with all regulations regarding security measures applicable to personal data, using industry standards in terms of protection and confidentiality of your Personal Information.  

Fintoc will not sell, rent or share End Users' Personal and Banking Information, except as set forth in the Terms and Conditions and this Privacy Policy. Fintoc will not use the collected information to form databases, i.e. your banking information will not be used in an aggregated or "anonymous" form. 


FIFTH: Minors

The API Fintoc can only be used by people over 18 years old, being therefore restricted the entrance of people under 18 years old. Fintoc reserves the right to verify, by any means it deems appropriate, the real age of any End User. Upon suspicion or verification that an End User is under 18 years of age, Fintoc may deny access to the Services without the right to any claim by the affected End User.


SIXTH: Legal Requirements.

Fintoc will cooperate with the competent authorities and other third parties to ensure compliance with applicable regulations, e.g. regarding the protection of intellectual property rights, prevention of fraud, among others. 

In this regard, Fintoc may disclose the Personal Information of the Developers and End Users if required to do so by competent judicial or governmental authorities for the purposes of investigations conducted by them, as well as in the case of criminal investigations, fraud or investigations related to hacking or copyright infringement. In such situations, Fintoc will cooperate with the competent authorities in order to safeguard the integrity and security of the community, the Developers and the End Users.

For such purposes, Fintoc may disclose any Personal Information and/or Personal Data of the Developers and End Users, in order to comply with applicable law and to cooperate with the competent authorities, to the extent it deems necessary and appropriate in connection with any investigation of an unlawful act or fraud, infringement of industrial or intellectual property rights, or other activity that is illegal or that may expose Fintoc, the Developers or the End Users to any legal liability. This right will be exercised by Fintoc for the purpose of cooperating with law enforcement and compliance.

In addition, Fintoc reserves the right (and Developers expressly authorize it to do so) to communicate information to entities or third parties when there are sufficient grounds to believe that a Developer's activity is suspected of committing or attempting to commit a crime or attempting to harm others. This right shall be used by Fintoc in its sole discretion, as it deems appropriate or necessary to maintain the integrity and safety of the community, other Developers and End Users, to enforce the Terms and Conditions and Privacy Policy and for the purpose of cooperating with law enforcement and compliance with the law. This right will be exercised by Fintoc for the purpose of cooperating with law enforcement, regardless of whether there is a court or administrative order to that effect.


SEVENTH: Amendment

Fintoc may amend this Privacy Policy upon notice to End User so that End User may revoke the Authorization prior to the effective date of the new End User Privacy Policy if End User does not agree to the new terms. That said, Fintoc may construe your continued use of the Services after the effective date of such amendment as your acceptance of the amendment. Our failure to insist on compliance with any provision of the Privacy Policy, at any time, does not constitute a waiver of that provision or any other provision thereof.