Uruguay Privacy Policy

1.1. What does this Privacy Policy regulate?

This Privacy Policy (the "Policy") reflects our commitment to protect the privacy of individuals concerning their personal information.

This Policy applies to those who visit our Website, register to request information, business contact, or demonstrate our products. It also applies to those who use our Services (as defined below) by accessing PrometeoApi.

1.2. What is the purpose?

Provide the necessary information to ensure the protection of personal data. We explain what data we collect, and for what purposes, and detail the resources available to you.

About our Services, we clarify that it is not possible to provide the same without access to certain personal data, as detailed below.

QUALIA FINTECH SAS (hereinafter also referred to as "Prometeo"), RUT number 218083910013, is RESPONSIBLE for the processing of personal data of visitors to the Website and Customers (as defined below).

This data will be treated according to the provisions of the Personal Data Protection Law No. 18.331 and its amendments and concordant, as well as the respective regulatory decrees.

Purpose

• Manage the web browsing experience.
• Manage any type of request, suggestion, or request about our services made by the interested parties.
• Commercial communications: Treatment of your data to inform you about activities, articles of interest, and general information about our services via email.
• To comply with the provision of the Services you have contracted (if you are a "Client").
• To comply with your payment request (if you are an "End User").

Transparency

In certain cases, Prometeo, acting as the data controller in the context of the account pre-validation service, processes certain personal data of natural persons (such as bank account holders) through its APIs. In compliance with applicable data protection laws, we strive to ensure transparency by communicating:

• Our identity and contact details,
• The categories of personal data processed,
• The purposes and legal basis for processing,
• The recipients of the data and any potential transfers,
• The rights available to data subjects.

When it’s not possible to provide this information directly, it will be made publicly available through this Privacy Policy.

For more information on how personal data is handled in the context of our services, please refer to the corresponding Data Processing Agreement (DPA).

Prometeo may collect personal data in the following cases:

(a) When browsing the Website;

(b) When contracting and/or using the Services

(c) When personal data was received by other legitimate sources by applicable regulations.

If you are browsing our Website:

We request and may collect personal information about visitors when they submit forms from our Website, such as their name, address, telephone number, and email address, as well as certain related information such as their company name, Website, and job title. The Web forms available on the site are as follows:

https://dashboard.prometeoapi.com/register-account/

https://share.hsforms.com/1vfZ4ObpXTcCsDXZ22yK4ug1upu8

https://prometeoapi.com/en/banks

https://prometeoapi.com/en/credits-loans

https://prometeoapi.com/en/ecommerce

https://prometeoapi.com/en/payment-gateway

https://prometeoapi.com/en/cash-management

https://prometeoapi.com/en/bank-account-verification

Prometeo may use cookies and other information-gathering technologies for a variety of purposes. These technologies may provide us with personal information, information about devices and networks that the visitor uses to access our Website, and other information related to your interactions with our Website.

In addition, it should be noted that it is possible to configure the browser used to be notified of the receipt of cookies by changing the preferences from the privacy section and/or preventing their installation, which will implement these changes from the browser you log in. That is, if you log in from another browser, you will have to perform the same steps, as we will give you our cookie warning again.

If you use our Services:

When contracting and/or using our Services, we may collect the following data:

• Individuals or natural persons: full name, number, and type of identification (identity card, DNI, or other, depending on the country of granting) and email.
• Legal persons or companies: Company name, address, tax identification number and type, representative's data, e-mail.

In particular, for certain Services (Account-to-Account Payments/Treasury Management) we may collect in addition, always with your authorization:

• From the Customer: Bank account number, account holder's name, credentials data (for certain Services that depend on access to your bank).
• From the End User: Bank account number, credential data (for certain Services that depend on access to your bank).*

*This access data allows Prometeo to provide the Service you are requesting.

6.1. How long is your data stored?

They will be kept for the time necessary to fulfill the purpose of the treatment, according to the purposes previously mentioned, or if there are legal prescriptions that dictate their custody.

When their storage is no longer necessary, they will be deleted with appropriate security measures to ensure the anonymization of the data or their destruction.

6.2. Who do we provide your data to?

No communication of personal data to third parties is foreseen except in the following cases provided that it is necessary for the development and execution of the purposes of the processing:

• To our service providers related to communications, with whom the RESPONSIBLE has signed the confidentiality and data processor contracts required by the privacy regulations in force.
• To the entities of the Prometeo group (affiliates, subsidiaries, and Holding), for the management and administration of the commercial agreement.
• To auditors, solely to comply with Prometeo's certifications and/or legal and regulatory obligations.
• To judicial or administrative authorities, upon written request.

7.1. What are your rights?

Right to information, access, rectification, updating, inclusion, and deletion of your data, as well as opposition to the processing.

7.2. How can you exercise them?

You can send a written request to the following e-mail address: datospersonales@prometeoapi.com detailing:

• Your name/company name, depending on whether you are an individual or a legal entity.
• Type and number of identification (you must attach a scan of the same)
• Your e-mail address

You can also do it at the following address:

PEATONAL SARANDÍ 594/203, Montevideo, Uruguay.

You also have the right to lodge a complaint with the supervisory authority (www.urcdp.gub.uy) if you consider that the processing does not comply with the regulations in force.

Visitors, End Users, and Clients, by checking the corresponding boxes and entering data in the fields marked with an asterisk (*) in the contact form or presented in download forms, expressly and freely and unequivocally accept that their data are necessary to fulfill their request, by the provider, being voluntary the inclusion of data in the remaining fields. Visitors, End Users, and the Client guarantee that the personal data provided to the RESPONSIBLE are truthful and are responsible for communicating any changes to them.

The RESPONSIBLE informs that all data requested through the Website are necessary for the provision of an optimal service. If all the data is not provided, there is no guarantee that the information and services provided will be completely tailored to your needs.

Following the provisions of the current regulations on personal data protection, the RESPONSIBLE is complying with all legal and regulatory provisions and manifestly with the principles described in Article 10 of Law 18.331, whereby the data are processed in a lawful, fair and transparent manner about the data owner and adequate, relevant and limited to what is necessary concerning the purposes for which they are processed.

The RESPONSIBLE guarantees that it has implemented appropriate technical and organizational policies to apply the security measures established by the aforementioned law, to protect the rights and freedoms of the USERS and has communicated the appropriate information to them so that they can exercise them.

For more information about privacy guarantees, you can contact the RESPONSIBLE through the following mailbox: datospersonales@prometeoapi.com.

In the case of an International Data Transfer to a country that does not have an adequate level of protection according to Article 23 of Law 18.331, it will be carried out by the provisions of URCDP Resolutions 63/023 and 70/023 or those that may amend them.

The contract must consider the application of Uruguayan data protection regulations, the purpose of the transfer, the categories of data affected, the identification of the different participants, a description of the processing operations, security measures, confidentiality obligations, URCDP’s jurisdiction, and particularly the adoption of the contractual clauses referred to in Resolution 41/021 of the mentioned agency, among other relevant aspects. In such cases, we will carry out the corresponding Impact Assessment.

Prometeo may modify this Policy at its sole discretion. If modified, the new version will be posted on the Website. Your use of our Services and/or browsing of the Website after such change will constitute acceptance of the new terms.

IMPORTANT: If you do not agree with this Policy, you must stop using our Services and/or accessing the Website.