U.S. Privacy Policy

1.1. What does this Privacy Policy regulate?

This Privacy Policy (hereinafter the "Policy") reflects our commitment to protecting the privacy of individuals concerning their personal data.

This policy applies to our operations in the United States and complies with applicable federal and state privacy laws, including the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), the Virginia Consumer Data Protection Act (VCDPA), and the Colorado Privacy Act (CPA). Our objective is to adhere to the highest standard of data protection established by these laws.

This Policy applies to people who visit our Website, register to request commercial contact information, or request a demonstration of the products we market. It is also applicable to those who use our Services (as defined below) by accessing PrometeoApi.

Your privacy is important to us. We do not sell your personal information as defined under the California Consumer Privacy Act, as amended by the California Privacy Rights Act.

1.2. What is the objective?

To provide the necessary information to ensure the protection of personal data. We explain what data we collect and for what purposes, as well as detailing the resources available to you.

Regarding our Services, we clarify that the provision of these is not possible without access to certain personal data, as detailed below.

PROMETEAM LLC (also referred to as “Prometeo”), number 92-1060766, is the DATA CONTROLLER of the personal data of visitors to the Website and Clients (as defined below).

Purpose

• Manage the web browsing experience.
• Manage any kind of request, suggestion, or inquiry about our services made by interested parties.
• Commercial communications: Processing your data to inform you about activities, articles of interest, and general information about our services via email.
• Fulfill the provision of the Services you have contracted (if you are a "Client").
• Fulfill your payment request (if you are the "End User").

Transparency

In some cases, Prometeo acts as a data controller in the context of its Account Pre-validation service and processes certain personal data of natural persons (such as bank account holders) through its APIs. In line with applicable data protection laws, we aim to ensure transparency by providing individuals with information about:

• Our identity and contact details,
• The categories of personal data processed,
• The purposes and lawful basis for the processing,
• The recipients of the data and any onward transfers,
• The rights available to data subjects.

Where direct communication is not feasible, this information is made publicly available through this Privacy Policy.

For more information on how personal data is handled in the context of our services, please refer to the applicable Data Processing Agreement (DPA).

Prometeo may collect personal data in the following cases:

• While browsing the Website.
• When contracting and/or using the Services.
• When personal data have been obtained from other legitimate sources following applicable regulations.

If you are browsing our Website

We request and may collect personal information about visitors when they submit forms on our Website, such as their name, address, phone number, email address, as well as certain related information like their company name, website, and the position they hold within the company. The available web forms on the page are the following:

https://dashboard.prometeoapi.com/register-account/

https://share.hsforms.com/1vfZ4ObpXTcCsDXZ22yK4ug1upu8

https://prometeoapi.com/en/banks

https://prometeoapi.com/en/credits-loans

https://prometeoapi.com/en/ecommerce

https://prometeoapi.com/en/payment-gateway

https://prometeoapi.com/en/cash-management

https://prometeoapi.com/en/bank-account-verification

Prometeo may use cookies and other information-gathering technologies for various purposes. These technologies may provide us with personal information, device and network information that the visitor uses to access our Website, and other information related to your interactions with our Website.

Additionally, it should be noted that it is possible to configure the browser being used to notify you when cookies are received by changing the preferences in the privacy section and/or preventing their installation. These changes will be implemented from the browser in which you log in. In other words, if you access from another browser, you will need to follow the same steps, as we will provide our cookie notice again.

If you use our Services

When you contract and/or use our Services, we may collect the following data:

• Individuals: Full name, identification number and type (ID card, DNI, or another depending on the country of issuance), and email address.
• Legal entities: Business name, address, tax identification number, representative’s details, and email address.

For certain Services (such as Account-to-Account Payments/Treasury Management), we may also collect, with your authorization:

• From the Client: Bank account number, account holder's name, and credentials (for certain Services that require access to your bank)*.
• From the End User: Bank account number and credentials (for certain Services that require access to your bank)*.

*These access details allow Prometeo to provide the Service you are requesting.

6.1. How long is your data stored?

They will be kept for the time necessary to fulfill the purpose of the processing, according to the purposes mentioned previously, or if there are legal requirements that dictate their retention.

When storage is no longer necessary, the data will be deleted with appropriate security measures to ensure either the anonymization of the data or their total destruction.

6.2. To whom do we share your personal data?

We do not intend to share your personal data with third parties, except in the following cases and only when necessary for the development and execution of the processing purposes:

• To our communication-related service providers, with whom the CONTROLLER has entered into confidentiality and data processing agreements in accordance with applicable privacy regulations.
• To Prometeo group entities (including affiliates, subsidiaries, and parent companies), for the management and administration of the commercial agreement.
• To auditors, solely for the purpose of fulfilling Prometeo’s certification requirements and/or complying with legal or regulatory obligations.
• To judicial or administrative authorities, in response to a formal written request.

7.1. What are your rights?

Data subjects have the right to:

• Access their personal data;
• Request the correction of incomplete or inaccurate data;
• Request the anonymization, blocking, or deletion of data;
• Exercise data portability;
• Withdraw their consent at any time;
• Not be subject to discriminatory treatment for exercising their privacy rights.

7.2. How can you exercise them?

You can send a written request to the following email:
datospersonales@prometeoapi.com, detailing:

• Your name/business name, depending on whether you are an individual or a legal entity
• Type and number of identification (you must attach a scan of it)
• Email address

You also have the right to lodge a complaint with the Federal Trade Commission or the appropriate supervisory authority if you believe that the processing of your data does not comply with applicable regulations.

Visitors, End Users, and Clients, by checking the corresponding boxes and entering data in the fields marked with an asterisk (*) in the contact form or download forms, expressly and freely acknowledge that their data are necessary for the provider to handle their request, while the inclusion of data in the remaining fields is voluntary. Visitors, End Users, and Clients guarantee that the personal data provided to the CONTROLLER are truthful and take responsibility for communicating any modifications.

The CONTROLLER informs that all data requested through the Website are necessary for the optimal provision of the service. If all the data are not provided, the information and services offered may not be fully tailored to your needs.

In accordance with the provisions of the current personal data protection regulations, the CONTROLLER complies with all legal and regulatory requirements, ensuring that data is processed lawfully, fairly, and transparently concerning the data subject, and that it is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.

The CONTROLLER guarantees that appropriate technical and organizational policies have been implemented to apply the security measures established by the aforementioned law, to protect the rights and freedoms of the USERS, and has provided them with the necessary information to enable them to exercise those rights.

For more information about privacy guarantees, you can contact the CONTROLLER at the following email address: datospersonales@prometeoapi.com.

As our company operates in multiple countries, including across LATAM, your personal information may be transferred outside the United States to countries where our service providers or business partners operate. We ensure that such transfers comply with applicable laws, including the use of safeguards such as standard contractual clauses or certifications like the EU-U.S. Data Privacy Framework, where applicable.

We comply with U.S. Executive Order 14117, which prohibits or restricts bulk sensitive data transactions with "countries of concern" (such as China, Cuba, Iran, North Korea, Russia, and Venezuela).

Prometeo may modify this Policy at its sole discretion. If modified, the new version will be published on the Website. The use of our Services and/or browsing the Website after such a change will constitute acceptance of the new terms.

IMPORTANT: If you do not agree with this Policy, you must stop using our services and/or accessing the Website.