Mexico Privacy Notice

Updated: September 2024

In compliance with the duty to safeguard information and personal data, and based on the provisions of articles 3, section I, 8, 12, 15, 16, and other related articles of the Federal Law on Protection of Personal Data Held by Private Parties, PROMEQUALIA S.A. DE C.V., trading under the name Prometeo, provides this Privacy Notice.

1. INTRODUCTION

1.1 What does this Privacy Notice regulate?

This Privacy Notice (from now on the “Notice”) reflects our commitment to protecting the privacy of individuals regarding their personal data.
This Notice applies to individuals who visit our website, register to request information, business contact, or demonstrate the products we market. It also applies to individuals using our Services (as defined below) by accessing PrometeoApi.

1.2 What is the purpose?

To provide the necessary information to ensure the protection of personal data. We explain what data we collect, for what purposes, and the resources available to you.

Regarding our Services, we clarify that it is not possible to provide the Service without access to certain personal data, as detailed below.

2. INFORMATION ABOUT PROMETEO AND ITS ROLE REGARDING PERSONAL DATA

PROMEQUALIA S.A. DE C.V., trading under the name "Prometeo," located at Av. Insurgentes Sur 1605, 15th Floor, Module IV, San José Insurgentes, Benito Juárez, Mexico City, is responsible for processing the personal data of website visitors and Clients (as defined below).

3. PURPOSE: Why do we process your data?

  • To manage the web browsing experience.
  • To handle any type of request, suggestion, or inquiry about our services made by interested parties.
  • Commercial communications: Processing your data to inform you about activities, articles of interest, and general information about our services via email.
  • To fulfill the Service you have contracted (if you are a "Client").
  • To process your payment request (if you are an “End User”).

4. MECHANISM: How do we collect personal data?

Prometeo may collect personal data in the following cases:

(a) When browsing the Website;

(b) When contracting and/or using the Services;

(c) When personal data was received by other legitimate sources by applicable regulations.

5. PURPOSE: What personal data is processed?

If you are browsing our Website

We request and may collect personal information about visitors when they submit forms from our Website, such as their name, address, telephone number, and email address, as well as certain related information such as their company name, Website, and job title. The Web forms available on the site are as follows:

https://dashboard.prometeoapi.com/register-account/

https://share.hsforms.com/1vfZ4ObpXTcCsDXZ22yK4ug1upu8

https://prometeoapi.com/en/banks

https://prometeoapi.com/en/credits-loans

https://prometeoapi.com/en/ecommerce

https://prometeoapi.com/en/payment-gateway

https://prometeoapi.com/en/cash-management

https://prometeoapi.com/en/bank-account-verification

Prometeo may use cookies and other information-gathering technologies for a variety of purposes. These technologies may provide us with personal information, information about devices and networks that the visitor uses to access our Website, and other information related to your interactions with our Website.

In addition, it should be noted that it is possible to configure the browser used to be notified of the receipt of cookies by changing the preferences from the privacy section and/or preventing their installation, which will implement these changes from the browser you log in. That is, if you log in from another browser, you will have to perform the same steps, as we will give you our cookie warning again.

If you use our Services:

When contracting and/or using our Services, we may collect the following data:

  • Individuals: Full name, type and number of ID (e.g., cédula, DNI, or another, depending on the country of issuance), and email.
  • Entities: Corporate name, address, type and number of tax identification, representative’s details, and email.

Specifically, for certain Services (Account-to-Account Payments/Treasury Management), with your authorization, we may also collect:

  • From the Client: Bank account number, account holder's name, and credential data (for certain Services requiring bank access).
  • From the End User: Bank account number and credential data (for certain Services requiring bank access).*

(*) This access data enables Prometeo to provide the Service you are requesting.

6. STORAGE

6.1 How long will your data be kept?

Data will be retained for as long as necessary to fulfill the purpose of processing, according to the purposes mentioned above, or if legal obligations dictate its retention.
Once storage is no longer necessary, data will be deleted with appropriate security measures to ensure anonymization or total destruction.

6.2 Who do we share your personal data with?

Your personal data will not be shared with third parties unless it is necessary for the development and execution of the purposes of processing, in the following cases:

  • With our service providers related to communications, with whom the CONTROLLER has signed confidentiality agreements as required by current privacy regulations.
  • With Prometeo group entities (affiliates, subsidiaries, and the Holding company) for the management and administration of the commercial agreement.
  • With auditors, only to fulfill Prometeo's legal and regulatory obligations.
  • With judicial or administrative authorities upon written request.

7. RIGHTS: What are they and how can you exercise them?

7.1 What are your rights?

Known as “ARCO” rights: Access, Rectification, Cancellation, and Opposition.

You have the right to:

  • Access your personal data in our possession.
  • Rectify incorrect or outdated data.
  • Request the deletion of data when you consider it unnecessary for the stated purposes.
  • Object to the use of your data for specific purposes.

7.2 How can you exercise them?

You can send a written request to the following email: datospersonales@prometeoapi.com, detailing:

  • Your name or corporate name, depending on whether you are an individual or entity.
  • Type and number of identification (attach a scan).
  • Email address.

Alternatively, you can do so at the following address:
Av. Insurgentes Sur 1605, 15th Floor, Module IV, San José Insurgentes, Benito Juárez, Mexico City.
Responses will be sent to the email provided by the requester within 20 business days.

7.3 Options to limit the use or disclosure of personal data:

If you wish to revoke the consent granted for the processing of your personal data or limit its disclosure, you can submit your request via the following email: datospersonales@prometeoapi.com.
Responses will be sent within 20 business days to the email address provided by the requester.

8. MANDATORY OR OPTIONAL NATURE OF THE INFORMATION PROVIDED

Visitors, End Users, and Clients, by checking the appropriate boxes and entering data in the fields marked with an asterisk (*) on contact forms or download forms, expressly and freely accept that their data is necessary for the service request. Providing data in the remaining fields is voluntary. Visitors, End Users, and Clients guarantee that the personal data provided to the CONTROLLER is truthful and are responsible for informing any changes.

The CONTROLLER informs that all data requested through the website is necessary for optimal service provision. If all data is not provided, the information and services may not fully meet your needs.

9. SECURITY MEASURES

In accordance with current personal data protection regulations, the CONTROLLER complies with all legal and regulatory provisions, specifically those described in article 10 of Law 18.331, ensuring that data is processed lawfully, fairly, and transparently in relation to the data subject, and is adequate, relevant, and limited to what is necessary for the purposes for which it is processed.

The CONTROLLER guarantees that appropriate technical and organizational policies have been implemented to ensure the security measures required by law, aiming to protect USERS' rights and freedoms, and has communicated adequate information to enable them to exercise their rights.

For more information on privacy guarantees, you can contact the CONTROLLER at datospersonales@prometeoapi.com.

10. INTERNATIONAL TRANSFER OF DATA

Under the Federal Law on Protection of Personal Data Held by Private Parties and its regulations, we inform you that your personal data may be transferred and processed outside of Mexico by third parties, such as affiliates, subsidiaries, technology service providers, or business partners, to fulfill the purposes described in this Privacy Notice.

Transfers will only be made to countries with equivalent or superior personal data protection levels as established by Mexican legislation or countries with adequate mechanisms to guarantee data protection.

If it is necessary to transfer your personal data to a country that does not meet these conditions, we will request your express prior consent unless the transfer is required to fulfill a legal or contractual obligation.

By accepting this Privacy Notice, you expressly consent to the transfer of your personal data under the terms and conditions set out in this document, including international transfers, provided the necessary security measures are in place to protect your data. If you do not express opposition to such transfers, we will assume that consent has been granted.

11. DEFINITIONS

Client

It is the legal entity that contracted with Prometeo for any of the Services.

Contact

Whoever processes personal data on behalf of the data controller.

Responsible

Who decides on the processing of personal data.

Services

Services available from the API owned by Prometeo, such as (but not limited to): Bank Account Verification, Account-to-Account Payments, and Cash Management.

Website

It shall refer collectively to "https://prometeoapi.com" as well as to other websites that Prometeo Group operates that relate to this Policy, such as promotional landings, forums, or more specific sites.

End User

It is the natural or legal person who contracts products or services directly to the Client, and who consequently uses any of the Services.

12. CHANGES TO THIS POLICY AND COMPLIANCE

Prometeo may modify this Notice at its sole discretion. If modified, the new version will be published on the Website. Your continued use of our Services and/or browsing of the Website after such changes will constitute acceptance of the new terms.

IMPORTANT: If you do not agree with this Notice, you must stop using our services and/or accessing the Website.

2024 Prometeo Open Banking
Contact: +598 9672 6320