At Evertec® we are committed to provide the highest quality payment processing services and solutions, adding value and efficiency to the institutions we serve. In doing so, we place the highest importance on respecting and protecting the privacy and confidentiality of the information shared with us. This Privacy Statement applies to the information collected through our webpage www.evertecinc.com, ath.com,athclientes.com the ATH Móvil® and ATH Business® applications, our services and functionalities, including but not limited to Botón de Pago, and through online ordering available in the webpages of businesses that use pvot by evertec® (“pvot”). The ATH Móvil websites (www.athmovil.com and ath.business) are only informative and do not have any application functionalities available. The webpage athclientes.com will be available to share information bulletins related to the ATH Network, operating rules and other type of guidance with financial institutions that are members of the ATH Network and their authorized employees. Our services include products, services, functionalities, technology and applications offered to ATH Móvil, ATH Business and/or pvot users. We provide this Privacy Policy Statement to inform users what type of information we may collect and also how we collect, use, share and protect your Personally Identifiable Information (PII). We also inform you the choices you can make about the way your information is collected and how that information is used. This information is very important so we hope you can take the time to review the following Privacy Policy Statement carefully.
The evertecinc.com. ath.com, athmovil.com and ath.business websites, and their mobile applications and functionalities, pvot and its functionalities, are owned by Evertec Group LLC., who is responsible for your information and has its principal place of business at Hwy 176 Km 1.3 Cupey, San Juan, P.R. 00926
Our subsidiaries in Colombia also have their own Personal Data Protection Manual in compliance with the applicable local legal requirements.
DEFINED TERMS
Affiliates – refers to companies controlled by a common owner. These can be financial or non-financial companies. Refers to related companies under the same corporate entity.
Cookie – text files that are stored on your computer browser to record your preferences. When visiting the ATH Móvil or ATH Business websites, and/or online ordering on the webpages of businesses who use pvot, we may collect your IP address, among other information, through “cookies”. These do not contain your email address or other personally identifiable information, unless you choose to provide this information to us.
Data Protection Authority – independent public authorities that supervise, through investigative and corrective powers, the application of the data protection law. They provide expert advice on data protection issues and handle complaints lodged against violations of the General Data Protection Regulation (GDPR) and the relevant national laws. There is one Data Protection Authority in each EU Member State.
Non-affiliates – refers to companies not controlled by a common owner. These can be financial or non- financial companies. Refers to entities that are not related between them and do not belong to the same corporate entity.
Personally Identifiable Information (PII) – (common term in the United States) refers to information which can be used to distinguish or trace an individual’s identity, such as their name, social security number, biometric records, etc. alone or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, mother’s maiden name, etc. Personal information does not include de-identified data which cannot be associated with a specific individual.
Personal data – (common term in the European Union) refers to information relating to an identified or identifiable natural person. Personal data includes but it is not limited to, name and last name, physical address, email address, national identity card number, internet protocol (IP) address and other factors specific to the physical, physiological, genetics, cultural, religious, location or social identity of that person.
Secure Sockets Layer (SSL) encryption technology – secure protocol developed to ensure that the transmission of data between a server and a user, or vice versa, is completely safe and protected. When you visit a website starting with “https”, the “s” after the “http” indicates the website is secure.
Third party – a person who is not a party to a contract or transaction.
INFORMATION WE COLLECT FROM OUR USERS
We may collect nonpublic Personally Identifiable Information (PII) from you in order to operate our websites www.evertecinc.com, www.ath.com, www.athmovil.com and www.ath.business , including its mobile applications, and to provide you with our ATH Móvil and ATH Business services, the functionality of Botón de Pago and online ordering at businesses who use our product pvot. Personal information is data that identifies you or that makes you identifiable. We collect information that you voluntarily provide us when you visit our website, send us your resume as part of an employment application or when you create an ATH Móvil or ATH Business account or when you use our ATH Móvil or ATH Business services and functionalities. We may also collect transaction information when you use our ATH Móvil, ATH Business, the Botón de Pago functionality and/or online ordering on the websites of businesses that use our product pvot. When you send us your resume, or when you use our products, services and functionalities, you provide your consent to our privacy practices as described in this Privacy Statement. If you, as user, do not provide us your information, we will not be able to provide our products, services and functionalities and our ability to evaluate your employment application would be limited. We do not sell or rent the personal information we collect. The type of nonpublic PII that we may collect includes, but is not limited to:
USE AND SHARING OF INFORMATION
Information submitted for a specific purpose will be used for that purpose only and in accordance with applicable contracts, laws and regulations. Generally, we use your information to be able to evaluate your employment application, to effectively provide our services directly or through our subsidiaries, affiliates or third parties. For example, to allow you to initiate a payment transaction through the ATH Móvil application or through the functionality of Botón de Pago to pay at a merchant’s webpage, to transfer money to another individual, to make a donation or to manage your business transactions through the ATH Business application. We may also use your information to authenticate your access to your ATH Móvil or ATH Business account or to communicate with you in response to a previous message from you about your account, this site or our services. Your information could also be used to manage business needs and to improve our services.
The information we receive as part of an employment application and through the recruitment process will be used as permitted by applicable law for the following purposes:
In the event that you are hired by Evertec, the personal information collected as part of your employment application and recruitment process will be included in our human resources system and will be used to manage the new-hire process. The information may become part of your employee file and may be used for other employment related purposes. Evertec does not make automated decisions related to the application and recruitment processes without human involvement.
We may share your PII in order to carry out our daily operations. We may share information of our job applicants with our affiliates that are involved in the talent recruitment process for available positions. If we do so, Evertec is responsible for the information shared with our affiliates. We may also share personal information to comply with law enforcement authorities pursuant to a subpoena, a court order or any other legal process or requirement. There are Federal laws that grant consumers the right to limit some, but not all, of the information that may be shared. Federal law only grants you the right to limit:
If you wish to limit the sharing of your personal information, please send your request to everteccompliance@evertecinc.com or you may click on “Unsubscribe” on any of our promotional communications.
The following sets forth the ways in which we may share your personal information and whether or not you may limit what is shared according to Federal law:
Ways in which we may share your personal information | Does Evertec share your personal information? | Can you limit what we share? |
---|---|---|
We share your personally identifiable information in order to carry out our daily operations; such as processing transactions, offering service related information and responding to court requests and legal investigations. | Yes | No |
For the purpose of conducting our affiliates’ daily operations - information about your transactions and experience with us. | Yes | No |
Sharing of information between affiliates for the purpose of daily operations which pertain to your credit capacity. | Information on credit capacity is not collected by Evertec for daily operation purposes | We do not share |
We do not share your personal information for marketing purposes, for our affiliates or non- affiliates to send you marketing offers. | No | We do not share |
If you live in California, California law gives you the right to ask if we disclose your personal information to third parties for their direct marketing purposes (we do not disclose your personal information for others’ direct marketing purposes). It also gives you the right to ask if we sell your personal information to third parties (we do not sell your personal information). California residents have a right to request access to certain personal information collected about them over the past 12 months, or to request deletion of their personal information, subject to certain exceptions, and may not be discriminated against because they exercise any of their rights under the California Consumer Privacy Act (CCPA).
Sharing with third-party service providers. We may share personal information with third-party service providers who perform services on our behalf as part of our daily operations.
During the recruiting process we may share personal information with third-parties or service providers like recruiting agencies, consultants and background screening services. Personal information will only be shared on a need-to-know basis in order to perform the required services and functions. Evertec will not allow third-parties or other service providers to use your personal information for their own purposes.
We share information with our service providers that accurately reflects our privacy policies and practices. We also have contractual agreements with our service providers that prohibit third parties from disclosing or using the shared information other than to carry out the business purposes for which it was shared. Our service providers are also required to maintain information security programs in place that includeadministrative, technical and physical safeguards to protect the security and confidentiality of personal information.
Sharing when required by law. We may disclose personal information to law enforcement and government authorities, if Evertec is compelled to do so by a subpoena, court order or similar legal procedure, or as otherwise required by law. We may share information in relation to a reorganization, merger, joint venture or similar processes.
Sharing information for safety reasons and fraud prevention. We may share personal information, including but not limited to, name and telephone number, with financial institutions participating in ATH Móvil, to protect or prevent against actual or potential fraud, unauthorized transactions, claims or similar risks. We may also share, as necessary, to protect your vital interests in the event of an emergency or for health and safety reasons if they occur, for example, while you were attending a job interview at our premises.
Sharing information with businesses affiliated to ATH Business. Businesses affiliated to ATH Business have access to certain information from ATH Móvil users that make payments to their business. For example, the business may have access to information that includes, but is not limited to, telephone numbers, email addresses, name, debit card number and comments, if any.
Sharing information between ATH Móvil users in a transaction. Businesses affiliated to ATH Business have access to certain information from ATH Móvil users that make payments to their business. For example, the business may have access to information that includes, but is not limited to, telephone numbers, email addresses, name, debit card number and comments, if any.
Your information may be transferred to and maintained in whole or in part on computer networks which may be located outside of the state, province, country or other governmental jurisdiction in which you reside, and may be stored on equipment or in facilities leased or licensed from third parties. Unless required to be disclosed in response to a legal process, such as a court order or subpoena, or to a law enforcement agency’s request, we will not share the collected information with third parties other than as set forth in this notice.
We use appropriate technology and well-defined employee practices to process the PII promptly and accurately. We will not keep personal data longer than is necessary, except as otherwise required by applicable law. If your ATH Móvil or ATH Business account is closed, we reserve our right to retain access to the data for as long as needed to comply with applicable laws. We will continue to use and disclose such personal data in accordance with this Privacy Policy Statement.
ACCESS TO YOUR PERSONAL DATA
You have a right to request a copy of the personal information we collect from you through our websites, applications, services and/or functionalities. You may send your request through the email everteccompliance@evertecinc.com. We will require proof of your identity before providing any personal information. You can also review and update your personal information in your account settings at any time by logging in to your account, when you have created an ATH Móvil account or an employment application profile. If you wish to change any information in an employment application that was already submitted for our consideration, you may update your profile and submit your application again. We encourage you to update your personal information if there are any changes in the information provided during the application or recruitment processes.
Where appropriate, you may have the personal data erased, corrected, amended or completed. We reserve the right to refuse to provide our users with a copy of their personal data but will provide the reasons for our refusal. You will be able to challenge our decision to refuse to provide a copy of your personal data.
USE OF COOKIES
In order to better serve you through the internet, we may use Cookies in our webpages. A Cookie is a small piece of information which a web server may place on your device when you visit a web site. This is useful for having your browser remember some specific information (for example, pre-filled or pre-selected areas) which the web server can later retrieve. A Cookie allows your browser to remember you as a previous visitor and could improve the way you use the site because it remembers your preferences while you visit the site. When accessing some of the restricted areas at our website, your web browser sends an identifier of your device to our web servers. This information is collected to identify your device. If you wish to disable these Cookies, the “help” portion of the toolbar on most browsers will tell you how. However, if you set your browser to disable cookies, you may not be able to access certain areas or features of our webpages.
ABOUT SECURITY
Once we receive your PII, Evertec has security measures in place to help protect against the loss, misuse, unauthorized modification or destruction of the information under our control. We use industry-recognized security safeguards, such as firewalls, anti-virus, intrusion detection systems, and operational procedures to detect and preclude unauthorized parties from accessing our systems. We urge you to take adequate precautions to protect your personal information as well, including never sharing your personal or access information with anyone.
Our operational procedures include restricted access to customer’s non-public PII to those employees who have been trained to manage and safeguard this type of information. All employees, agents and contractors who have access to your PII are required to protect this information in compliance with our Privacy Policy. We hold our employees responsible for complying with our Privacy Policy and its principles, and we take the appropriate measures to enforce our employees’ responsibilities, as specified in our Code of Ethics. Additionally, we use internal and external resources to review the adequacy of our security procedures.
We use Secure Sockets Layer (SSL) encryption technology to safeguard the information shared with us in the restricted areas found in our website. SSL is the standard security technology for creating an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and intact. Adding SSL encryption to our web pages ensures end-to-end encryption for the duration of the session. You can verify this by looking for a lock icon in the address bar and looking for “https” at the beginning of the webpage’s internet address.
While we use encryption to protect sensitive information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job are granted access to PII. We also maintain physical and electronic security measures necessary to safeguard the confidentiality of your PII as required by law and by our Privacy Policy. These measures include restricting access to computers, archives and buildings. The computers and servers in which we store PII are kept in a secure environment.
MONITORING AND ENFORCEMENT
The services and functionalities of ATH Móvil, ATH Business, Botón de Pago, pvot and Evertec employees may only process your PII in accordance with this Privacy Policy Statement. We conduct training and periodic reviews of our compliance. Employees who do not comply with our Privacy Policy may be subject to disciplinary action, up to and including employment termination. Employees are expected to report any violations to our Privacy Policy to their managers, the Privacy Officer, the Compliance Director or Compliance Officer, the Legal Department or through the confidential Ethics Line at www.evertecethicsline.com. The Compliance Division will perform periodic monitoring to ensure compliance with this Privacy Policy.
NO SPAM
Evertec, ATH Móvil or ATH Business will not send unsolicited text messages, or emails, requesting usernames, passwords, or any type of sensitive information. We will use e-mail to respond to e-mail messages received from you, to inform about service improvements, changes in terms and conditions applicable to our services or to engage in other communications which you have expressly permitted.
LINKS TO OTHER WEB SITES
Our applications and/or webpages may contain links to other webpages whose information sharing practices may be different from ours. We encourage our users to be aware when they leave our sites and/or applications and to review the terms and conditions and privacy notices of any other webpages and/or applications since we cannot assume any responsibility for the content or privacy policies of those other sites and/or applications.
CHILDREN’S PRIVACY
Evertec is committed to the protection of children’s online privacy under the Children’s Online Privacy Protection Act (COPPA). We encourage parents and guardians to take an active role in their children’s online activities and interests. Evertec does not knowingly collect information from children under 13 years of age. Our webpages, ATH Móvil and ATH Business applications, our services and functionalities including, but not limited to, Botón de Pago, and online ordering on the webpage of businesses that use our product Pvot, are not targeted to children under 13. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, the parent or guardian should contact us. Once notified, we will delete such information from our files as soon as reasonably practicable unless we are legally obligated to retain such data. Please contact us if you believe that we have mistakenly or unintentionally collected information from a child under the age of 13. If you are a child under 13, you may not use our services. Our services are not directed to children under the age of 13. If we unintentionally collected your data and later learn you are a child under the age of 13, we will delete the data as soon as possible.
CAMBIOS A LA DECLARACIÓN DE NUESTRA POLÍTICA DE PRIVACIDAD
Revisamos la Declaración de Nuestra Política de Privacidad frecuentemente y podemos modificarla de ser necesario. Algunas modificaciones responden a cambios en nuestro negocio, la página web y aplicaciones de ATH Móvil o ATH Business, nuestros servicios, proceso de solicitud de empleo o reclutamiento, cambio en funcionalidades o leyes y regulaciones aplicables. La Declaración de Nuestra Política de Privacidad según sea enmendada, será publicada en nuestras páginas web, aplicaciones y/o funcionalidades. Le exhortamos a que periódicamente revise nuestra Declaración para que esté siempre al tanto de nuestras prácticas de Privacidad. La fecha de la última revisión será publicada al inicio de la Declaración en la esquina superior derecha.
Employment applicant’s consent
When you apply for an employment opportunity at Evertec and provide your personal information as part of the application and recruitment processes, you express your consent to the use and sharing of your personal information as described in this Privacy Statement.
CONTACT EVERTEC WITH QUESTIONS REGARDING THIS PRIVACY STATEMENT
Individuals may address their privacy related concerns by contacting Evertec at everteccompliance@evertecinc.com. Please note that said email should only be used for privacy related concerns. For any other comments or concerns related to our services, you may contact our Customer Service Call Center at 787-775-2846 for ATH Móvil; 787-773-5466 for ATH Business; 787-773-5310 for Pvot; and 787-759-9999 for general information or comments. Please contact us if you have any questions about this Privacy Policy Statement, our privacy practices, your interactions on our webpages, our services or if you feel we are not complying with this Privacy Policy Statement. Every privacy-related question or comment will be acknowledged, evaluated and investigated, and the results of the investigation will be provided. If a complaint is found to be justified, appropriate corrective measures will be taken.
If you are a resident of the European Union, and have an unresolved privacy or personal information collection, use or disclosure concern that we have not satisfactorily addressed, please be aware that you may address your concern to your local Data Protection Authority, who may decide to further investigate the matter. Evertec will always fully cooperate with any regulatory request.