Peru Privacy Policy

Updated: July 2024

1. INTRODUCTION

1.1. What does this Privacy Policy regulate?

This Privacy Policy (the "Policy") reflects our commitment to protect the privacy of individuals concerning their personal information.

This Policy applies to those who visit our Website, register to request information, business contact, or demonstrate our products. It also applies to those who use our Services (as defined below) by accessing PrometeoApi.

1.2. What is the purpose?

Provide the necessary information to ensure the protection of personal data. We explain what data we collect, and for what purposes, and detail the resources available to you.

About our Services, we clarify that it is not possible to provide the same without access to certain personal data, as detailed below.

2. INFORMATION ABOUT PROMETEO AND ITS ROLE REGARDING PERSONAL DATA

PROMEPE S.A.C. (hereinafter also as "Prometeo"), tax identification number 20609483785, is RESPONSIBLE for the processing of personal data of visitors to the Website and Customers (as defined below).

This data will be processed by the provisions of Law No. 29733, Personal Data Protection Law (hereinafter, "LPDP") and Supreme Decree No. 3-2013-JUS, Regulation of the Personal Data Protection Law (hereinafter, the "Regulation").

3. PURPOSE: Why do we process your data?

  • Manage the web browsing experience.
  • Manage any type of request, suggestion, or request about our services made by the interested parties.
  • Commercial communications: Treatment of your data to inform you about activities, articles of interest, and general information about our services via email.
  • To comply with the provision of the Services you have contracted (if you are a "Client").
  • To comply with your payment request (if you are an "End User").

4. MECHANISM: How do we collect personal data?

Prometeo may collect personal data in the following cases:

(a) When browsing the Website;

(b) When contracting and/or using the Services

(c) When personal data was received by other legitimate sources by applicable regulations.

5. PURPOSE: What personal data is processed?

If you are browsing our Website

We request and may collect personal information about visitors when they submit forms from our Website, such as their name, address, telephone number, and email address, as well as certain related information such as their company name, Website, and job title. The Web forms available on the site are as follows:

https://dashboard.prometeoapi.com/register-account/

https://share.hsforms.com/1vfZ4ObpXTcCsDXZ22yK4ug1upu8

https://prometeoapi.com/en/banks

https://prometeoapi.com/en/credits-loans

https://prometeoapi.com/en/ecommerce

https://prometeoapi.com/en/payment-gateway

https://prometeoapi.com/en/cash-management

https://prometeoapi.com/en/bank-account-verification

Prometeo may use cookies and other information-gathering technologies for a variety of purposes. These technologies may provide us with personal information, information about devices and networks that the visitor uses to access our Website, and other information related to your interactions with our Website.

In addition, it should be noted that it is possible to configure the browser used to be notified of the receipt of cookies by changing the preferences from the privacy section and/or preventing their installation, which will implement these changes from the browser you log in. That is, if you log in from another browser, you will have to perform the same steps, as we will give you our cookie warning again.

If you use our Services

When contracting and/or using our Services, we may collect the following data:

  • Individuals or natural persons: full name, number, and type of identification (identity card, DNI, or other, depending on the country of granting) and email.
  • Legal persons or companies: Company name, address, tax identification number and type, representative's data, e-mail.

In particular, for certain Services (Account-to-Account Payments/Treasury Management) we may collect in addition, always with your authorization:

  • From the Customer: Bank account number, account holder's name, credentials data (for certain Services that depend on access to your bank).
  • From the End User: Bank account number, credential data (for certain Services that depend on access to your bank).*

*This access data allows Prometeo to provide the Service you are requesting.

6. STORAGE

6.1. How long is your data stored?

They will be kept for the time necessary to fulfill the purpose of the treatment, according to the purposes previously mentioned, or if there are legal prescriptions that dictate their custody.

When their storage is no longer necessary, they will be deleted with appropriate security measures to ensure the anonymization of the data or their destruction.

6.2. Who do we provide your data to?

No communication of personal data to third parties is foreseen except in the following cases provided that it is necessary for the development and execution of the purposes of the processing:

  • To our service providers related to communications, with whom the RESPONSIBLE has signed the confidentiality and data processor contracts required by the privacy regulations in force.
  • To the entities of the Prometeo group (affiliates, subsidiaries, and Holding), for the management and administration of the commercial agreement.
  • To auditors, solely to comply with Prometeo's certifications and/or legal and regulatory obligations.
  • To judicial or administrative authorities, upon written request.

7. RIGHTS: What are they and how can you exercise them?

7.1. What are your rights?

Right to information, access, rectification, updating, inclusion, and deletion of your data, as well as opposition to the processing.

7.2. How can you exercise them?

To exercise the rights mentioned in this section, you must send your request in the terms established in the Regulations of Law No. 29733, to the following e-mail address: datospersonales@prometeoapi.com, including:

  • Your name/company name, depending on whether you are an individual or a legal entity.
  • Type and number of identification (you must attach a scan of the same)
  • Your e-mail address

If you consider that you have not been assisted in the exercise of your rights, you may file a complaint with the National Authority for the Protection of Personal Data, by contacting the Mesa de Partes of the Ministry of Justice and Human Rights: Calle Scipion Llona 350, Miraflores, Lima, Peru.

8. MANDATORY OR OPTIONAL NATURE OF THE INFORMATION PROVIDED

Visitors, End Users, and Clients, by checking the corresponding boxes and entering data in the fields marked with an asterisk (*) in the contact form or presented in download forms, expressly and freely and unequivocally accept that their data are necessary to fulfill their request, by the provider, being voluntary the inclusion of data in the remaining fields. Visitors, End Users, and the Client guarantee that the personal data provided to the RESPONSIBLE are truthful and are responsible for communicating any changes to them.

The RESPONSIBLE informs that all data requested through the Website are necessary for the provision of an optimal service. If all the data is not provided, there is no guarantee that the information and services provided will be completely tailored to your needs.

9. SECURITY MEASURES

Following the provisions of the current regulations on personal data protection, the RESPONSIBLE is complying with all legal and regulatory provisions and manifestly with the principles described in Article 10 of Law 18.331, whereby the data are processed in a lawful, fair and transparent manner about the data owner and adequate, relevant and limited to what is necessary concerning the purposes for which they are processed.

The RESPONSIBLE guarantees that it has implemented appropriate technical and organizational policies to apply the security measures established by the aforementioned law, to protect the rights and freedoms of the USERS and has communicated the appropriate information to them so that they can exercise them.

For more information about privacy guarantees, you can contact the RESPONSIBLE through the following mailbox: datospersonales@prometeoapi.com.

10. INTERNATIONAL TRANSFER OF DATA

In the case of an International Data Transfer to a recipient country that does not have an adequate level of protection, the sender shall ensure that the processing is carried out by the provisions of the LPDP, in which case and following the provisions of Article 25 of the Supreme Decree, contractual clauses or other legal instruments shall be used to establish the obligations of both parties (sender country and recipient country).

11. DEFINITIONS

Client

It is the legal entity that contracted with Prometeo for any of the Services.

Contact

Whoever processes personal data on behalf of the data controller.

Responsible

Who decides on the processing of personal data.

Services

Services available from the API owned by Prometeo, such as (but not limited to): Bank Account Verification, Account-to-Account Payments, and Cash Management.

Website

It shall refer collectively to "https://prometeoapi.com" as well as to other websites that Prometeo Group operates that relate to this Policy, such as promotional landings, forums, or more specific sites.

End User

It is the natural or legal person who contracts products or services directly to the Client, and who consequently uses any of the Services.

12. CHANGES TO THIS POLICY AND COMPLIANCE

Prometeo may modify this Policy at its sole discretion. If modified, the new version will be posted on the Website. Your use of our Services and/or browsing of the Website after such change will constitute acceptance of the new terms.

IMPORTANT: If you do not agree with this Policy, you must stop using our Services and/or accessing the Website.

2024 Prometeo Open Banking
Contact: +598 9672 6320