PERSONAL DATA PROCESSING POLICY
1. Scope of Personal Data Processing
The scope of our policy covers the processing of personal data by DAGUR PAYMENTS S.A.S. in the development of its object and social activities, including staff recruitment, supplier engagement, advertising and marketing activities, among others. DAGUR PAYMENTS S.A.S. is identified under the distinctive sign DAGUR PAY and will hereinafter be referred to as DAGUR PAY.
In general, we only process the personal data of our users to the extent necessary to provide a website that works with all our content and services. Continuous processing of personal data is only carried out with the user’s consent. Exceptions include cases where prior consent cannot be technically obtained and where processing of the data is permitted by law.
2. Who is Responsible for Processing?
DAGUR PAYMENTS S.A.S. and its subsidiaries and partners will be responsible for the processing of personal data, identified with the following information:
Company Name: | DAGUR PAYMENTS S.A.S. |
Tax ID (NIT): | 901748621-3 |
Registered Address: | Carrera 21 # 103-51, Ofi 513, Bogotá D.C. |
Email: | juan.perez@dagurpay.com |
Effective Date: | This Personal Data Processing Policy comes into effect on September 20, 2024. |
3. Who is the Personal Data Protection Officer?
The Personal Data Protection Officer of DAGUR PAY is Jorge Amarís Silva. His contact information is as follows: jorge.amaris@lois.com.co
4. What Personal Data Do We Process?
- Identity and account access data
- Contact data, financial data, payment credential data
- Payment data, technical and usage data
- Behavioral data and credit rating data
- Employment data
- Browsing data: if the person has accepted the use of cookies and similar technologies on browsing devices, the data obtained from browsing third-party websites or mobile applications and browsing performed on them: browsing history (visited pages and clicks on content), device ID, advertising ID, IP address
5. For What Purposes Do We Process Personal Data at DAGUR PAY?
The personal data of users are processed for the following purposes:
- Verification, Authentication, and Authorization:
– To authenticate and authorize the use of our products and services.
- Payment Management:
– To collect, record, and process the information necessary to manage and process orders for payments and transfers made by users.
– To verify the identity and financial information of users to authorize and facilitate payment transactions.
– To maintain accounting and financial records of the transactions made.
– To use personal information to manage and process orders for sending and receiving money through the enabled channels.
- Legal Compliance:
– To comply with legal and regulatory obligations related to payment services, including fraud and money laundering prevention.
– To cooperate with competent authorities in investigations related to illicit or fraudulent activities.
– To comply with internal policies, national and international standards in force regarding the prevention of money laundering and financing of terrorism.
- Customer Service:
– To provide customer service and resolve inquiries, complaints, or claims related to payment services.
– To improve service quality and user experience..
- Commercial Communications:
– To send commercial and promotional communications about products and services related to payment services, provided that the holder has given their consent to receive such communications.
– To manage the voluntary exclusion of receiving commercial communications when requested by the holder.
- Suppliers:
– To conduct analyses, evaluations, and selection of potential suppliers and/or contractors.
– To communicate policies and procedures for supplier engagement.
– To carry out monitoring, control, and accounting registration of obligations contracted with suppliers.
– To execute contracts, agreements, and purchase orders.
– To make the respective payments or contributions to contractors, suppliers, or partners.
– To consult information on money laundering lists.
- Employees:
– To collect, consolidate, and update information about workers to carry out activities in compliance with the functions of the human resources department within DAGUR PAY.
– To comply with activities related to the contractual relationship established between DAGUR PAY and employees and/or applicants.
– To ensure the safety and health of employees.
– To identify the employee for security reasons upon entering physical and virtual facilities.
- Information Security:
– To protect the personal and financial information of users through adequate technological and administrative security measures.
- Research and Development:
– To conduct research and statistical analysis to improve the quality of payment services.
– To develop and enhance products and services related to payments.
6. What is the Legitimacy for Personal Data Processing by DAGUR PAY?
DAGUR PAY processes the information of the holders only if it is legally entitled to do so. In general, DAGUR PAY uses the collected personal information in the following cases:
- When there is prior and express consent from the holder of the personal data, through which the purposes of processing are informed.
- When it is necessary to comply with a legal obligation established in Colombian regulations.
- When it is necessary to fulfill a contract between DAGUR PAY and the holder.
7. How Long Will DAGUR PAY Retain Personal Data?
In general, DAGUR PAY will only retain personal data for the time strictly necessary for the purpose for which it was collected. After this period, provided that the right of deletion has not been exercised, the data will be retained according to the applicable legal deadlines in each specific case, considering the nature of the data and the purpose of processing.
8. With Whom Does DAGUR PAY Share Personal Data?
DAGUR PAY may share personal information with third parties, both internal and external to the company, corresponding to partners of DAGUR PAY, in order to provide technical and support services to those third parties receiving some of these services from them.
9. To Whom Will DAGUR PAY Communicate Personal Data?
In order to ensure the proper provision of services, certain service providers and/or affiliated entities linked to DAGUR PAY may process personal data on behalf of and for the account of DAGUR PAY, acting as data processors. These entities may include providers of technological or support services, filing or storage services, among others. In some cases, it is important to note that certain processing may involve international data transfers. However, such transfers will always be made in compliance with the adequate guarantees established in the LEPD.
Personal data will not be shared with third parties unless there is a legal obligation, vital interest, legitimate interest, or prior consent from the holder.
10. What Are the Rights of Personal Data Holders?
Holders may, at any time, exercise their rights to:
- Know, update, rectify, or delete their personal data: This right may be exercised, among others, regarding partial, inaccurate, incomplete, fragmented data, data that induces error, or data whose processing is expressly prohibited or not authorized. DAGUR PAY may periodically request the update of personal data to keep the information current.
- Request proof of the authorization granted for the processing of their personal data: Holders may, at any time, in accordance with the provisions of the personal data protection policy, request proof of the authorization granted for the processing of their personal data. Except where it concerns exempt personal data, in accordance with the provisions of Article 10 of Law 1581 of 2012.
- Be informed of the use given to their personal data: Holders may exercise this right upon request to DAGUR PAY according to the procedures set forth in the personal data protection policy.
- File complaints with the Superintendence of Industry and Commerce:: Holders may file complaints with the personal data protection authority through the channels provided by it, which can be accessed at www.sic.gov.co
- Revoke the authorization and/or request the deletion of their personal data: Holders may exercise this right when they consider that the principles, rights, and constitutional and legal guarantees were not respected in the processing. Holders may exercise this right upon request to DAGUR PAY according to the procedures set forth in the PTDP. Notwithstanding the above, personal data holders may not revoke the authorization and request the deletion of personal data when there is a legal or contractual obligation requiring them to remain in the databases.
11. How Can Holders Exercise Their Rights?
DAGUR PAY guarantees the exercise of the rights of the holders. These rights may be exercised by:
- The holder, proving their identity by the means provided by DAGUR PAY.
- The heirs of the holder, proving their status.
- The representative or attorney of the holder, proving their status.
The person in charge will act as the personal data protection officer. Holders, their heirs, or authorized third parties may submit their inquiries, claims, requests for rectification, updating, and deletion of their personal data, or exercise their rights:
- By sending written communication to the address: Carrera 21 # 103-51, Ofi 513, Bogotá.
- By email to the address: juan.perez@dagurpay.com
- By email to the Personal Data Protection Officer: jorge.amaris@lois.com.co
PROCESS FOR RECEIVING REQUESTS TO EXERCISE RIGHTS | |
PROCEDURE | DESCRIPTION |
Submission of request to the Personal Data Processing Officer | Any request related to the Processing of Personal Data must be submitted to the Officer to initiate processing according to the type of request. |
Classification of the request | Once the request is received, the Officer classifies whether it is an inquiry or a complaint. |
Registration of request | The Personal Data Processing Officer registers the request and keeps a record within the Database of the supporting documentation of the request. |
PROCESS FOR ADDRESSING INQUIRIES | |
PROCEDURE | DDESCRIPTION |
Request Procedure | The Data Protection Officer will respond via the requested means or to the address indicated by the Data Subject. The response must be issued within ten (10) business days from the date of receipt.. |
Extension of the Term | The Data Subject is informed of the reasons why it is not possible to address the request within the previously indicated term, informing the Data Subject that the response to their request will be provided within the following five (5) business days. |
Response to the Inquiry | Send the response and keep a record for the National Registry of Databases. |
COMPLAINT HANDLING PROCESS | |
PROCEDURE | DESCRIPTION |
Verification of Information | It is verified that the information is required to process the complaint. |
Incomplete Information | The Data Subject is informed of the missing requirements within five (5) days following the receipt of the complaint, indicating that if no response is received within the next two (2) months, the request will be considered withdrawn. |
Complete Information | If the request meets all requirements, the processing of the complaint begins, and the data is labeled with the description “COMPLAINT IN PROCESS.” |
Request Procedure | Once the information is verified, the Data Protection Officer will respond via the requested means or to the address indicated by the Data Subject. The response must be issued within fifteen (15) business days from the date of receipt. |
Extension of the Term | The Data Subject is informed of the reasons why it is not possible to address the request within the previously indicated term, informing the Data Subject that the deadline is extended by eight (8) additional business days and indicating the response date. |
Response to the Complaint | Send the response and keep a record of it. If the complaint is upheld, the request made by the Data Subject will be fulfilled. If the complaint is not upheld, the applicant will be informed with the relevant arguments. |
12. Security of Use and Management of Information
DAGUR PAY is committed to the proper use and processing of the Personal Data contained in its Databases and files, preventing unauthorized access by third parties who may know, update, modify, disclose, or destroy the information therein; for which it has adopted technical, human, and administrative measures that provide security to the Databases and files of DAGUR PAY, through the Internal Policies and Procedures Manual for Personal Data Protection.
13. Modification and/or Update of the Personal Data Processing Policy
Without prejudice to constitutional rights and applicable legal and regulatory provisions, especially those contained in Law 1581 of 2012 and Decree 1377 of 2013 (compiled in Decree 1074 of 2015), DAGUR PAY may modify this Personal Data Processing Policy at any time. Such modifications will be communicated to the Data Subjects through any other directed or non-directed mass dissemination mechanism, informing them of the modification and/or update.