These privacy policies ("Privacy Policies") govern the manner in which Fintoc SpA, a joint stock company incorporated under the laws of the Republic of Chile ("Fintoc"), and the Developer (as defined below) will obtain, store and process Personal and Banking Information (as defined below) of End Users of the Application (both terms defined below).
The Privacy Policies will come into force upon acceptance by the End User and will remain in force until the End User revokes his or her Authorization, without prejudice to the rights that will remain in force until after revocation of the same. The revocation must always be in writing and will not have retroactive effect.
SECOND: General Aspects.
THIRD: Categories of information, how it is collected and responsibility for storage and processing.
3.1 Personal Information provided by the End User directly to the Developer. Fintoc has no involvement in the collection and processing of End User Personal Information that is collected directly by the Developer. The Developer shall be responsible for the collection, storage and processing of this information, and in this regard, shall be responsible for deciding what Personal Information it requests from End Users, as well as the manner of storage, form and purpose of the processing of such data.
3.2 Access Information provided by the End User to Fintoc. The minute Fintoc accepts a banking credential, after the End User's Authorization, it will proceed to store and manage the information necessary to link the Bank Account with the Application. The information that the End User delivers to Fintoc to make such connection is the following:
If you are a natural person:
b) Password of the bank's website to access the Bank Account.
If you are a legal entity:
a) User ID
b) Company taxpayer ID
c) Password of the bank's website to access the Bank Account.
With this data Fintoc generates a special password, different from the one given by the End User, which is given to the Developer so that he can access the Banking Information. The Developer will never have access to the password of the End User's bank page.
If the End User uses the Fintoc API to make a bank transfer or contract a PAC, he/she will have to deliver the Second Factor in addition to the Authorization. The Developer will not have access to the information provided by the End User for these purposes.
This information delivered directly to Fintoc by the End User will be stored by Fintoc and may only be used for internal purposes, as indicated in the fourth clause below.
3.3 Information Fintoc infers from the End User's device: From the device with which the End User is connecting, Fintoc can infer the following information:
a) Source IP, which in turn can be used to infer other data such as location.
b) Operating system of the End User device.
This information, which Fintoc may infer from the End User's device, will not be given to the Developer and may only be used for internal purposes, as indicated in clause four below.
3.4 Information Fintoc collects from the End User: Upon End User's Authorization, Fintoc may access the following information from the Bank Account to which access is granted:
a) Name of the banking institution.
b) Name of the credential holder.
c) Name of the company, if applicable.
d) Personal information of the account holder (email, gender, address, phone number).
General Bank Account Information:
a) Type of account.
b) Account number.
c) Account name (if applicable).
Information specific to Bank Accounts:
a) Balance sheet.
b) Transaction Cartel.
c) Maintenance costs.
d) Investment history.
e) History of credits and their payments.
In general, Fintoc will collect all the available information to which it can access from the credentials that the End User delivered regarding the products or specific Bank Accounts to which he/she granted access. All this information will be transferred directly to the Developer for the purposes required by the Developer and which shall be set forth in its own terms and conditions and/or privacy policies. The storage and treatment of the information that Fintoc collects from the End User is the exclusive responsibility of the Developer.
FOURTH: How we share your information.
Fintoc may use End Users' Personal and Banking Information only for the following purposes:
4.1 Internal use of the information. Fintoc will be able to use all the information indicated in the third clause above for the following purposes:
a) To improve the Services provided by Fintoc and to add more products; and
b) To protect End Users from malicious activities against Fintoc.
4.2 External use of information. Fintoc may share the following information with the following parties:
a) May share only the Banking Information of the Bank Accounts authorized by the Client indicated in numeral 3.5 above with the Developer that performed the integration with Fintoc; and
b) You may share all of the information set forth in the third clause for identity and age confirmation purposes, as set forth in the fifth clause below, or legal only to the extent applicable, as set forth in the sixth clause below.
Fintoc will treat the Personal and Banking Information of the End Users in accordance with the provisions of Law No. 19.628 on Protection of Privacy and always respecting the full exercise of the fundamental rights of the same.
Fintoc considers that End Users' Personal and Banking Information is an asset that must be protected from loss or unauthorized access and will take every precaution to safeguard it by implementing effective computer security mechanisms, such as encryption,firewalls and Secure Socket Layers ("SSL").
Fintoc is obliged to comply with all regulations regarding security measures applicable to personal data, using industry standards in terms of protection and confidentiality of your Personal Information.
The API Fintoc can only be used by people over 18 years old, being therefore restricted the entrance of people under 18 years old. Fintoc reserves the right to verify, by any means it deems appropriate, the real age of any End User. Upon suspicion or verification that an End User is under 18 years of age, Fintoc may deny access to the Services without the right to any claim by the affected End User.
SIXTH: Legal Requirements.
Fintoc will cooperate with the competent authorities and other third parties to ensure compliance with applicable regulations, e.g. regarding the protection of intellectual property rights, prevention of fraud, among others.
In this regard, Fintoc may disclose the Personal Information of the Developers and End Users if required to do so by competent judicial or governmental authorities for the purposes of investigations conducted by them, as well as in the case of criminal investigations, fraud or investigations related to hacking or copyright infringement. In such situations, Fintoc will cooperate with the competent authorities in order to safeguard the integrity and security of the community, the Developers and the End Users.
For such purposes, Fintoc may disclose any Personal Information and/or Personal Data of the Developers and End Users, in order to comply with applicable law and to cooperate with the competent authorities, to the extent it deems necessary and appropriate in connection with any investigation of an unlawful act or fraud, infringement of industrial or intellectual property rights, or other activity that is illegal or that may expose Fintoc, the Developers or the End Users to any legal liability. This right will be exercised by Fintoc for the purpose of cooperating with law enforcement and compliance.