Privacy Policy of Pomelo
This Privacy Policy (hereinafter, the “Privacy Policy”) applies to the use of the services provided by Pomelo Fintech Services S.A.S., tax ID No. 30-71714070-9, with registered address at Calle Canonigo Miguel Calixto del Corro 312, City of Córdoba, Province of Córdoba, Argentine Republic (hereinafter, “Pomelo”).
Pomelo will use and store the information provided by users, as defined below, and the information collected by Pomelo through various sources to offer identity as a service (IDaaS), account opening, and credit card issuance services (hereinafter, the “Services”) in accordance with the provisions of this Policy.
Acceptance of the Privacy Policy grants the status of Pomelo user (hereinafter, the “Users” jointly or the “User” individually and, together with Pomelo, the “Parties”) and expressly constitutes full and unreserved acceptance of each and every clause of the Privacy Policy in the version made available to the User at the time the User requests the use of the Services, together with its respective updates.
Consequently, the User understands and accepts that the Privacy Policy shall constitute a valid and binding agreement between the User and Pomelo in relation to privacy.
This Privacy Policy complies with the requirements set forth by Law No. 25,326 on the Protection of Personal Data, its regulations under Decree No. 1558/2001, amending Decree No. 1160/2010, and their amendatory rules, as well as Laws No. 24,766, 26,388, and 26,032; Pomelo being committed to safeguarding the privacy of Users, except for actions carried out by third parties in a manner contrary to what is established herein, for which Pomelo shall not be liable.
1. data controller of personal data. personal data processor.
1.1. pomelo may act, by virtue of the services provided, as the controller of the user's personal data, or as the processor of such data, depending on the extent of its relationship with its corporate clients.
1.2. in the event that pomelo acts as a processor of data on behalf and at the instruction of a third party, pomelo shall act in accordance with the provisions of this privacy policy and under the requirements of such third party. pomelo shall take all measures that are necessary and within its reach for the purpose of complying with requests made by personal data subjects, provided that applicable law so permits.
2. collection of user information. purposes
2.1. pomelo may request from the user such personal data as may be necessary for the provision of the services. in this regard, the user accepts that pomelo may request and process the data listed below by way of example only, without prejudice to others that may also be requested and/or processed in the future: (i) user's contact details (such as: first and last name, addresses, telephone number, email address); (ii) marital status; (iii) national identity document, unique tax identification code (cuit) or unique labor identification code (cuil); (iv) demographic data (such as: nationality, date and place of birth, age, sex); (v) user's profile photograph; (vi) user's banking information such as, but not limited to, the user's cbu or cvu; and (vii) geolocation data (hereinafter, the “personal data” or the “personal data”, as applicable).
2.2. the user undertakes to guarantee and be responsible for the truthfulness, accuracy, completeness, validity, authenticity and certainty of their personal data and any other information provided to pomelo, and must notify pomelo immediately of any update or modification as applicable. in the event that the personal data declared by the user contain any omission, distortion and/or falsehood, pomelo reserves the right to exercise all civil and legal actions to which it may be entitled by law and all those it deems appropriate in order to guarantee the security of the user and third parties.
2.3. the user accepts that pomelo may collect their information through cookies and/or tags or any other automated information detection method. the information collected by pomelo may include browsing behavior, ip address, logs and other types of information. likewise, pomelo may collect and/or store the users' ip (internet protocol) number or address for the sole purpose of improving the quality of the services. through the ip number, pomelo may identify users' devices when they access their personal accounts. likewise, such storage facilitates the diagnosis of any connection problems that may exist, improving the quality of the services.
3. use of the information collected
3.1. pomelo will use and store the information provided by users and the information collected by pomelo with the purpose of providing the services. for this purpose, pomelo will store the information for the maximum period established by the regulations applicable to the services and/or those that may replace them in the future.
pomelo may use the information provided by users and the information collected by pomelo for various purposes, including but not limited to:
i. provide pomelo's services;
ii. carry out the registration and validation of the user's identity with biometric service providers and government databases;
iii. compare personal data with credit risk and anti-money laundering and counter-terrorism financing lists in order to evaluate the granting of the services;
iv. develop internal studies on the user's interests, behaviors and demographics, in order to understand needs and interests and offer better products and/or services, as well as improve the user's experience;
v. collect documentation and other data that serve as support to justify any type of operation or transaction of the user;
vi. share personal data with public and/or private bodies that regulate the provision of the services, as well as with clients or third parties in order to comply with and/or prevent unlawful activities such as, but not limited to, money laundering, tax evasion and fraud.
3.2. with the purpose of providing and improving the quality of the services and complying with current regulations, pomelo may share information with other service companies or internet sites or similar, such as, but not limited to: (i) public and private financial institutions; (ii) public bodies (such as, for example, the federal administration of public revenues); (iii) credit card issuing companies; (iv) companies that provide mailing services, among others. pomelo will make all possible efforts to ensure that the privacy of the information shared is protected in accordance with the highest existing security standards.
3.3. in particular, the user gives their express consent for pomelo to compare their personal data with the database of the national registry of persons (“renaper”) in order to validate the user's identity and the validity of their national identity document. in this regard, in their capacity as owner of the personal data, the user gives their consent for pomelo, in its capacity as assignee, to compare the personal data arising from the user's national identity document (including facial recognition) with the renaper database, considering that:
a. the data will be processed exclusively for the purpose of validating the user's identity and verifying the validity of their national identity document for the provision of the services.
b. the compared data will be destroyed once the validity of the national identity document has been verified and validated, and may not be stored, unless there is a legal obligation to the contrary.
c. the data are provided on a mandatory basis, since it is essential to reliably identify the owner in order to ensure the correct identification process.
d. the user may exercise the rights of access, rectification and deletion of their data at any time and upon their sole request before renaper.
3.4. in no event shall pomelo be liable for damages caused by third parties other than pomelo mentioned in the preceding paragraphs, with respect to their duty of protection, confidentiality and privacy of the data they handle.
3.5. the user understands and accepts that, in the provision of the services, pomelo may redirect the user to sites whose owners are not linked to pomelo and, therefore, are not governed by this policy. in such cases, pomelo shall not be responsible for the actions of such sites. the presence of links to other websites does not imply a partnership, relationship, approval or endorsement by pomelo with and/or of such sites and their contents. therefore, pomelo recommends reviewing the privacy policy applicable to them in order to understand the procedures for collecting and protecting information. pomelo shall not be responsible for the privacy policies of such sites or for the cookies they may store on the user's device.
4. confidentiality and security of information
4.1. pomelo shall adopt all reasonable security measures in order to protect users' information and prevent access by third parties not authorized by pomelo. the information collected by pomelo shall be kept strictly confidential. access is limited solely to pomelo's employees, representatives, suppliers and clients who need to know the personal data in order to perform their functions and/or provide or improve the services in accordance with the purposes of their collection and processing mentioned above. pomelo requires such third parties to comply with the same or higher standards of security and confidentiality.
4.2. the information provided to and collected by pomelo may be disclosed to those third parties that maintain an ongoing relationship with pomelo, provided that its use is strictly necessary for the fulfillment of the purposes detailed in this privacy policy.
5. users' rights
5.1. pomelo shall, by all means within its reach, seek to facilitate for users from whom it has collected or stored personal information, access to, rectification, deletion or updating of their personal data, except where pomelo may deny such requests due to a legal obligation to retain such personal data in accordance with applicable law.
5.2. in order to exercise the rights provided for in clause 5.1, users must send an email to [email protected] from the user's email account registered with pomelo, requesting access to, updating, deletion or correction of their personal data. pomelo may require such user to identify themselves with their national identity document and a photograph in order to verify their identity.
5.3. pomelo will provide access to the requested personal data within ten (10) calendar days of having received the request email and verified the user's identity. access to personal information shall be free of charge and may be exercised at intervals of no less than 6 (six) months, unless a legitimate interest is proven for that purpose.
5.4. for the deletion and correction of personal data, pomelo will respond to the user's request within 5 (five) business days of verification of their identity by contacting the email address referred to above. in any event, data deletion shall not proceed when it could cause harm to the legitimate rights or interests of third parties, or when it may be necessary for pomelo in the event of disputes or claims, or when there is a legal obligation to retain it.
5.5. in compliance with applicable regulations, it is hereby clarified that the owner of the personal data has the right to exercise the right of access thereto free of charge at intervals of no less than six months, unless a legitimate interest is proven for that purpose, as established in article 14, subsection 3 of law no. 25,326.
the agency for access to public information, in its capacity as the supervisory authority of law no. 25,326, has the authority to handle complaints and claims filed by those whose rights are affected by non-compliance with the regulations in force regarding the protection of personal data. the user may contact the agency for access to public information through the following addresses: located at: av. pte. julio a. roca 710, 2nd floor - city of buenos aires url www.argentina.gob.ar/aaip email: [email protected] tel. + 5411-2821-0047
6. international transfer of personal data
6.1. solely for the purpose of fulfilling the purposes established in this privacy policy and in order to provide the services, pomelo may transfer personal data and/or personal information to pomelo's authorities, clients, suppliers and subcontractors and other third parties, such as, for example, those service providers used for the provision of the services.
6.2. in some cases, personal information may be transferred outside the country to countries with different levels of protection. in the event that personal information is transferred to countries with lower levels of protection, pomelo will carry out such transfers subject to appropriate safeguards and security measures, such as the standard data protection clauses adopted in the respective agreements or approved by the applicable legal authority.
6.3. consequently, the user understands, consents and accepts, through this privacy policy, that their personal data may be transferred to other countries, whether or not they have an adequate standard of protection in accordance with current legal regulations. the withdrawal of consent by the user shall not invalidate pomelo's previous actions, nor shall it make pomelo legally liable in any way.
7. minors
7.1. pomelo's services shall be provided and/or made available only to those over 18 years of age, who have full legal capacity to contract and are not legally prohibited or otherwise barred from performing legal acts, rights and/or obligations.
8. changes in corporate structure
8.1. pomelo may transfer the information collected from users in the event of a sale, merger or acquisition of its principal assets or any other form of transfer that pomelo may undergo in the future. should any of these circumstances arise, pomelo undertakes to adopt reasonable measures in order to ensure that such information is used in a manner consistent with this privacy policy.
9. exceptions
9.1. notwithstanding the provisions set forth in this privacy policy, pomelo may disclose certain personal data of users when it believes in good faith that such disclosure is reasonably necessary to: (i) comply with a legal requirement, such as, but not limited to, a search warrant, subpoena or court order; (ii) comply with a request from a governmental or regulatory authority; and/or (iii) protect the rights, property or safety of pomelo, users, or a third party.
10. amendments
10.1. pomelo may amend this privacy policy whenever it deems appropriate at its sole discretion. in the event that the amendments are substantial in relation to the processing of personal data collected through the use of the services, they shall be notified by sending an email to the address provided by the user
11. contact
11.1. if the user has any questions about the privacy policy, or about its application, they must contact pomelo, at any time, via email at [email protected]
