Version: 3.0
Creation: January 1, 2023
Last Updated: April 15, 2026

‍

1. What is the Global Privacy Policy, and what does it cover?

At Yuno and our affiliates worldwide (collectively, "Yuno," "we," or "our"), we are fully committed to maintaining the highest standards of privacy and personal data protection. This Global Privacy Policy (hereinafter the "Policy") explains how we collect, use, retain, and transfer your information through our websites (e.g., www.y.uno) (our "Sites") and our comprehensive payment orchestration platform and related services (our "Services"). Additionally, this Policy informs you about the entity responsible for your personal data and your rights regarding this information. This document is essential to allow you to clearly and informedly navigate our Sites and use our Services.

Yuno is a software platform that provides payment-orchestration technology (including dashboards, APIs, and routing tools) that enables Merchants to connect to and manage integrations with third-party payment and risk providers. Yuno does not hold, control, transmit, or settle funds; does not onboard End-Users for payment schemes; does not issue e-money; and does not operate payment systems. Payment authorization, settlement, and regulated payment processing are performed by Merchants and/or their selected payment service providers under their own legal and regulatory obligations.

This Policy establishes fundamental standards and the binding framework for personal data protection applicable to all entities within the Yuno Group globally (hereinafter, "Yuno Group"), including operations in Brazil, Colombia, India, the Kingdom of Saudi Arabia, Mexico, Qatar (QFC), Singapore, the United Kingdom, and the United States. Local Privacy Policies ("Local Policies") supplement and adapt this Policy to address and comply with specific legal obligations and particularities of the jurisdictions in which Yuno operates. In case of any doubt or direct interpretative conflict regarding definitions, rights, and purposes, the provisions of the Local Policies shall prevail over this Policy. We recommend that you carefully read the following Policy.

‍

‍2. What do I need to know to understand this Policy?

To ensure clarity and uniform interpretation throughout this Policy, the following capitalized terms shall have the meanings set forth below:

• Applicable Data Protection Laws: Refers to the set of binding international, national, federal, state, and local laws, regulations, standards, and regulatory guidelines concerning personal data protection, privacy, and security that are required for Yuno's global operations and data processing activities. This includes, without limitation, the European Union General Data Protection Regulation (GDPR), the United Kingdom General Data Protection Regulation (UK GDPR) and Data Protection Act 2018, Brazil's General Data Protection Law (LGPD), Colombia's Law 1581 of 2012, India's Digital Personal Data Protection Act, 2023 and Digital Personal Data Protection Rules, 2025 (DPDP Act), the Kingdom of Saudi Arabia's Personal Data Protection Law (PDPL, Royal Decree M/19) and its Implementing Regulations, Mexico's Federal Law on the Protection of Personal Data Held by Private Parties (LFPDPPP), the Qatar Financial Centre Data Protection Regulations 2021 (QFC DP Regulations), the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA), and Singapore's Personal Data Protection Act (PDPA). In cases of interpretative conflicts, ambiguities, or definitions of concepts and scope, the provisions set forth in each applicable Local Privacy Policy, aligned with the minimum standard of protection provided in this Policy, shall prevail.

• Data Controller: Refers to the entity that, alone or jointly with others, determines the purposes (the "why") and the means (the "how") of the processing of Personal Data.

• Data Subject: Refers to the natural person whose Personal Data is being processed. Within Yuno's context, this includes, among others, visitors to our Sites, representatives of our Merchants, Partners, and Providers, job applicants, Yuno employees, and End Users (customers of our Merchants) when Yuno processes their Personal Data as a Data Controller.

• End-User: Refers to an individual customer or consumer of a Yuno Merchant whose Personal Data is processed by Yuno on behalf and following the instructions of that Merchant.

• Merchant: Refers to a business customer or entity that uses Yuno's Services for payment orchestration. Merchants act as Data Controllers of their respective End-Users' Personal Data.

• Partner: Refers to a third-party entity distinct from Yuno, forming part of Yuno's payments or services ecosystem, including payment gateways, Payment Service Providers (PSPs), acquiring banks, fraud prevention services, and other complementary technology or service providers.

• Personal Data: Refers to any information relating to an identified or identifiable natural person (Data Subject). An identifiable person is someone whose identity can be determined directly or indirectly through any information, such as a name, identification number, location data, online identifier (such as IP addresses or cookie IDs), or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that person. This encompasses data collected both online and offline.

• Data Processor: Refers to a natural or legal person, public authority, agency, or other body that processes Personal Data exclusively on behalf, under documented instruction, and supervision of the Data Controller. The Data Processor does not determine the purposes or means of the Personal Data processing assigned to them, acting strictly within the scope, purposes, and requirements defined by the Controller.

• Data Processing: Refers to any operation or set of operations performed upon Personal Data, whether by automated or manual means, including collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, making available, alignment, combination, restriction, erasure, or destruction.

• Services: Refers to Yuno's proprietary payment orchestration platform, including all associated technologies, interfaces (such as dashboards), APIs, and any professional or technical services Yuno provides to Merchants.

• Sites: Refers to the corporate websites and domains owned by Yuno (e.g., www.y.uno).

• Yuno Group or Yuno: Collectively refers to Yuno Payments Limited (Cayman Islands) and all its direct and indirect subsidiaries and affiliates globally involved in the processing of Personal Data as stipulated in this Policy. This includes, but is not limited to, Yuno Intermediação de Serviços Ltda. (Brazil), Yuno Colombia S.A.S. (Colombia), Yuno Routing Solutions Pvt. Ltd. (India), Yuno Payments Arabia (Kingdom of Saudi Arabia), Yuno Tecnologías, S.A.P.I. de C.V. (Mexico), Yuno Al Saqr (Qatar, QFC), Smart Routing PTE. Ltd. (Singapore) and Yuno USA, LLC (United States).

• Data Processing Agreement (DPA):  Refers to the binding agreement between the Data Controller and the Data Processor that governs the terms, security measures, and obligations for Personal Data processing on the Controller's behalf.

‍

‍3. What is Yuno's Role and Responsibilities in Personal Data Processing?

Understanding Yuno's role in the processing of Personal Data is crucial to comprehending how your information is managed:

When Yuno Acts as a Data Controller:

Yuno acts as a Data Controller when we determine the purposes (the "why") and means (the "how") of Personal Data processing to achieve our own business objectives and fulfill our obligations. This includes scenarios such as:

• Managing relationships with representatives of our Merchants, Partners, and Providers.
• Recruitment and human resources management processes for job applicants and Yuno employees.
• Processing Personal Data of visitors to our Sites.
• Sending marketing communications, offers, and promotions.
• Managing sales and business development activities.
• Compliance with our legal and regulatory obligations.

In these cases, Yuno ensures that the processing of Personal Data complies with this Policy and Applicable Data Protection Laws.

When Yuno Acts as a Data Processor:

Yuno acts as a Data Processor when providing Services to Merchants. In this role:

• The Merchant is the Data Controller of their End-Users' Personal Data, determining the legal basis, purposes, and means for processing.
• Yuno processes End-Users’ Personal Data (e.g., transaction details, payment information) solely according to the documented instructions of the Merchant. This relationship and Yuno’s obligations as a Data Processor are governed by a binding Data Processing Agreement (DPA).
• If you are an End-User, the privacy policy provided by the Merchant with whom you have a direct relationship governs the collection and use of your Personal Data by that Merchant. Therefore, queries or requests concerning your rights should be directed directly to the Merchant.
• Yuno, as a Data Processor, assists Merchants in responding to these requests in accordance with our DPA and Applicable Data Protection Laws.
• Merchants must obtain the necessary consents or establish another valid legal basis for collecting and processing End-Users' Personal Data, including any further processing by Yuno as part of our Service provision..

‍

‍4. What Information do we collect?

When Yuno acts as a Data Controller, we may collect and process the following categories of Personal Data:

• Identification and Contact Data: Full name, email address (personal or corporate), phone number, mailing address, job title, corporate affiliation, nationality, government-issued identifiers (where legally required for Know Your Customer (KYC) or employment purposes).
• Academic and Recruitment Data: Resumes/CVs, academic background, employment history, interview notes, assessment results, references, and background verification information (when legally permitted and with prior consent).
• Employment Data: Corporate email, corporate phone number, appointment details, job position.
• Business Data: Information about your company, industry, contractual details with Yuno, billing, and payment information.
• Electronic Data: IP address, device identifiers, browser type and settings, operating system, usage patterns, browsing data (clickstream), pages visited, dates, and access times.
• Preference Data: Commercial or consumer preferences.
• Due Diligence Data: Information required for Know Your Customer/Know Your Business (KYC/KYB) processes, Anti-Money Laundering (AML) analyses, and other compliance verifications related to our Merchants, Partners, and significant Providers.

When Yuno acts as a Data Processor

Yuno processes End-User Personal Data necessary to deliver our Services strictly under Merchant instructions. Data categories are defined by the Merchant and may include:

• Payment Transaction Data: Transaction amount, currency, and transaction ID.
• Payment Instrument Data: Tokenized card numbers, bank account details, electronic wallet information.
• End-User Identification and Contact Data: Name, email address, and billing/shipping address.
• Electronic Data: IP address and device fingerprint.

Do We Process Special Categories of Personal Data or Data from Children and Adolescents?

Yuno does not generally process special categories of Personal Data for its own purposes as a Data Controller, except in strictly limited and legally permissible circumstances with explicit, verifiable consent or when Applicable Data Protection Laws permit or require it. In such cases, specific information about the purposes will be provided.

Concerning the Personal Data of children and adolescents (minors as defined by local laws and Applicable Data Protection Laws), Yuno only processes minors' Personal Data when acting as a Data Processor. In these cases, it is the Merchant's responsibility to obtain consent from the minor or their parents/legal guardians to process this Personal Data. If Yuno becomes aware that Personal Data from minors was collected without the appropriate consent, we will promptly take steps to delete this information.

‍

‍5. How Do We Use Your Information?

The purposes for processing your Personal Data outlined below provide a general framework of Yuno's operations. Specific purposes may vary, being broader or narrower, depending on the nature of your relationship with Yuno, the particular services you receive, and Applicable Data Protection Laws. To determine the precise purposes relevant to your situation, we encourage you to consult your jurisdiction's Local Privacy Policies.

‍

‍

6. Do We Share Your Information with Third Parties?

We do not sell, disclose, or share your collected Personal Data except as described in this Policy or as required or permitted by Applicable Data Protection Laws. Yuno may share your Personal Data with third parties under the following circumstances and purposes:

• Yuno Group Companies: For internal administrative purposes, data consolidation, service provision involving multiple group entities, or to offer integrated services.
• Service Providers (Our Data Processors): External providers contracted to perform services on our behalf, such as cloud hosting, IT support, CRM management, analytics, marketing tools, recruitment platforms, and background check providers. These providers are contractually bound to protect Personal Data and process it only according to our documented instructions under a Data Processing Agreement.
• Partners: When required to deliver or integrate Services requested by our Merchants, such as integrating with a selected Payment Service Provider (PSP).
• Government and Regulatory Authorities: Federal, state administrations; commissions; regulatory bodies; judicial or administrative authorities; governmental entities when mandated by Applicable Data Protection Laws for compliance with legal obligations, legal proceedings, or substantiated governmental requests; establishing, exercising, or defending legal rights; protecting vital interests of persons; or addressing fraud, security, or technical issues.
• Commercial Partners: For developing commercial actions and communicating offers and promotions. In such cases, Yuno will provide mechanisms for you to grant prior consent.

When Yuno acts as a Data Processor for Merchants (e.g., processing End-User transactions), we share End-User Personal Data with payment acquirers, PSPs, fraud prevention tools, and other entities within the payments ecosystem strictly following Merchant instructions and as necessary to process payment transactions and deliver contracted Services.

Yuno contractually requires all ecosystem Partners (payment gateways, PSPs, acquirers, processors, fraud prevention providers) to implement robust data protection measures aligned with current laws. Each Partner must maintain stringent security practices and strictly follow instructions from Yuno or the relevant Merchant. Yuno may disclose Personal Data to governmental or regulatory authorities as mandated by Applicable Data Protection Laws. If such a request originates from a jurisdiction different from the Data Subject's, we will assess compliance requirements and, if necessary, consult the issuing regulatory authority to confirm legality.

‍

‍7. Are International or Cross-border Transfers of Personal Data Conducted?

As a global organization, Yuno may transfer and process Personal Data under our responsibility (whether as a Controller or Processor acting on behalf of Merchants) in countries other than the Data Subject's residence. These countries may have differing data protection standards. Yuno is committed to ensuring all international transfers comply securely with Applicable Data Protection Laws. We implement appropriate contractual, technical, and organizational safeguards, such as:

• Transfers to countries formally recognized by competent authorities (e.g., the European Commission) as providing an adequate data protection level.
• Use of Standard Contractual Clauses (SCCs) approved by relevant regulatory authorities, complemented with supplementary measures where needed for transfers to countries without recognized adequacy.
• Implementation of Binding Corporate Rules (BCRs) for intra-group transfers, upon regulatory approval (if Yuno opts for this mechanism).
• Reliance on other legally recognized transfer mechanisms or specific derogations permitted by Applicable Data Protection Laws.
• Conducting Transfer Impact Assessments (TIAs) as necessary, particularly for transfers to countries lacking adequacy decisions, and implementing supplemental measures ensuring Personal Data protection substantially equivalent to the originating jurisdiction's standards.

Certain jurisdictions, including the Kingdom of Saudi Arabia and India, impose specific data localization requirements. Yuno ensures compliance with these requirements through appropriate infrastructure hosting arrangements. For details on jurisdiction-specific transfer mechanisms and data localization obligations, please refer to the applicable Local Privacy Policies.

‍

‍8. What Are Your Rights Regarding Your Personal Data?

The rights outlined below reflect Yuno's commitment to protecting your Personal Data. However, Applicable Data Protection Laws may specify broader, more detailed, or additional rights not listed here. Where applicable, the enumeration, scope, and specific conditions for exercising these rights will be detailed in your jurisdiction's Local Privacy Policies, which will prevail to ensure full compliance. You may exercise the following rights:

• Right of Access: Request a copy of your Personal Data and information on how it is processed, in an accessible format.
• Right to Rectification: Request correction of your Personal Data if inaccurate, incomplete, or outdated.
• Right to Erasure (Right to be Forgotten): Request deletion of your Personal Data when no longer necessary for its original purpose, processed unlawfully, or as otherwise specified by Applicable Data Protection Laws, subject to certain legal exceptions.
• Right to Restriction of Processing: Request restriction of your Personal Data processing under certain circumstances, such as when contesting accuracy or lawfulness of processing.
• Right to Data Portability: Receive your Personal Data in a structured, commonly used, machine-readable format and transmit it to another Data Controller, where technically feasible.
• Right to Object: Object to processing your Personal Data for specific purposes (e.g., direct marketing) or particular situations based on legitimate reasons unless overridden by legal obligations or compelling interests.
• Right to Withdraw Consent: Withdraw consent at any time for consent-based processing. Withdrawal does not affect lawfulness prior to withdrawal, but it may prevent Yuno from providing certain products or services.
• Rights Related to Automated Decisions: Request review of decisions based solely on automated processing affecting you significantly, including receiving clear information about the logic involved.
• Right to Lodge a Complaint: Submit complaints to your local data protection regulatory authority if your rights are infringed by Yuno.

‍‍

9. How Will Your Request be Handled?

To exercise your rights or address questions and concerns regarding this Policy or your Personal Data, contact us at: privacy@y.uno. Requests will be reviewed and addressed within timeframes established by Applicable Data Protection Laws. To process your request securely and ensure Personal Data is not disclosed to unauthorized parties, we may request specific information to verify your identity.

Note for End-Users: If you are an End-User seeking to exercise your rights, direct your request to the Merchant with whom you have a relationship. The Merchant, as the Data Controller, is responsible for determining processing purposes and means. Yuno, as Data Processor, will support the Merchant's handling of your requests according to our Data Processing Agreement and Applicable Data Protection Laws.

‍

‍10. How Do We Protect Your Personal Data?

Yuno maintains a comprehensive, risk-based information security program featuring administrative, technical, and physical safeguards to protect Personal Data from destruction, loss, alteration, unauthorized access, disclosure, or misuse, whether accidental or unlawful. Our commitment to security is demonstrated by certifications available in our Trust Center, including:

• ISO 27001 (Information Security Management)
• ISO 27701 (Privacy Information Management)
• PCI DSS Level 1 (Payment Card Industry Data Security Standard)
• SOC 2 Type II (Service Organization Control)

Key security measures include encryption, access controls, network security, vulnerability management, incident response protocols, employee training, and supplier risk management. Despite exhaustive measures, no system can guarantee absolute security. In case of a Personal Data Breach, Yuno will act in accordance with Applicable Data Protection Laws and our contractual commitments. Where Yuno acts as a Data Processor, Yuno will notify the relevant Data Controller (typically the Merchant or Counterparty) without undue delay and will support the Controller’s notifications to authorities and data subjects as required by law. Where Yuno acts as a Data Controller, Yuno will notify the competent authority and affected individuals where and as required by Applicable Data Protection Laws.

For your own protection, we advise against sending sensitive Personal Data or full financial information (such as full credit card numbers) via unsecured communications like standard emails. Instead, use secure channels provided by Yuno.

‍

‍11. How Long Do We Retain Your Information?

Your Personal Data will be retained only as long as necessary for the purposes it was collected, to meet legal, regulatory, contractual obligations, or for potential claims or rights protection. Yuno regularly reviews retention periods for each Personal Data category, considering its nature, processing purpose, applicable business or legal requirements, and Applicable Data Protection Laws. Detailed retention schedules may be provided in applicable Local Policies or contractual documentation.

‍

12. Do We Use Cookies or Similar Tracking Technologies?

Yuno uses cookies and similar tracking technologies on our Sites. These small files or code fragments stored on your device serve different purposes: strictly necessary cookies enable core site functionality; analytical cookies help us understand site performance and usage patterns; and preference cookies remember your browsing settings. Where Applicable Data Protection Laws require consent for non-essential cookies, we provide mechanisms to manage your cookie preferences on our Sites. For detailed information about the specific cookies we use and how to control them, please refer to our Cookie Policy available on our Sites.

‍

13. How and When is this Policy Updated?

Yuno reserves the right to modify or update this Policy anytime to reflect changes in business practices, laws, regulations, or technology use. For substantial changes, we will notify you via our Sites, platforms, or other appropriate communication methods, indicating the last updated date. We encourage periodic review to stay informed about our Personal Data protection practices.

‍

14. How Can You Contact Us?

For questions, concerns, or exercising your Personal Data protection rights, contact Yuno’s Privacy Team 

• Global Privacy Email: privacy@y.uno

• Global Address: Cráter 38, Jardines del Pedregal, Alvaro Obregón, Mexico City
• Local Addresses: Specific address information for the Yuno entity in your jurisdiction, along with relevant local contact details, are provided in your country-specific Privacy Policy or Privacy Notice.

This Policy outlines Yuno’s global Personal Data protection approach. Country-specific privacy policies or appendices are adopted when required to comply with local Applicable Data Protection Laws. Local policies provide detailed jurisdiction-specific information, rights, and regulatory contacts. These specific policies are integral parts of this global policy, accessible via the links provided.

‍

15. Consent Framework

This Section complements Section 5 of the Global Privacy Policy by documenting the specific scenarios in which consent is Yuno's applicable lawful basis as a Data Controller, the mechanism through which consent is obtained and recorded in each case, and the procedure governing non-compliant processing instructions. For Yuno's full processing purposes and general lawful basis framework, see Section 5 of the Policy. For Yuno's obligations as a Data Processor, see the Data Processing Agreement.

1. When Consent Is the Applicable Basis

Across Yuno's Controller activities, the lawful basis is generally contract performance, legal obligation, or legitimate interests — as set out in the Section 5 table. Consent is the applicable basis only in the following specific scenarios:

In all other Controller activities, processing rests on contract, legal obligation, or legitimate interests, and no separate consent is sought from the data subject. Note on KSA and India. Under the KSA Personal Data Protection Law (Royal Decree M/19) and its Implementing Regulations, legitimate interests does not operate as a standalone basis equivalent to GDPR Art. 6(1)(f); Yuno maintains a documented assessment where this distinction is material. Under India's DPDP Act 2023, consent is the primary basis; employment and compliance-related processing falls under Art. 7 legitimate uses.

2. Consent Standards and Records

Consent is always obtained through a clear, affirmative, and unambiguous action. Yuno does not rely on pre-ticked boxes, silence, or inactivity.

Recruitment. A privacy notice is presented at the point of application submission. For CV retention outside an open application, specific consent is additionally requested and logged, including timestamp and scope.

Commercial forms. For any form submission where consent is the applicable basis, an explicit opt-in is required before the form is processed.

End-User transactional flows. Yuno acts as Data Processor in payment flows. The Merchant, as Data Controller, establishes the lawful basis for End-User personal data through acceptance of its own terms and conditions and privacy policy at checkout. Yuno does not independently collect or establish that lawful basis; this obligation rests exclusively with the Merchant under DPA Article 3.1.

Withdrawal. Data subjects may withdraw consent at any time by contacting privacy@y.uno. Withdrawal is processed without undue delay and does not affect the lawfulness of prior processing.

Records. Yuno maintains consent records capturing: the data subject's identity or pseudonymous identifier; the date, time, and mechanism of consent; the specific purpose(s); and the version of the privacy notice presented. Records are retained for the period required by Applicable Data Protection Laws or the duration of the processing activity, whichever is longer.

To request previous versions of this Policy, contact our Privacy Team at privacy@y.uno. 

‍

This Policy outlines Yuno’s global Personal Data protection approach. Country-specific privacy policies or appendices are adopted when required to comply with local Applicable Data Protection Laws. Local policies provide detailed jurisdiction-specific information, rights, and regulatory contacts. These specific policies are integral parts of this global policy, accessible via the links provided.

Seção 1. Introdução

‍

1.1. O presente Aviso de Privacidade descreve como a Yuno Intermediação de Serviços Ltda. ("Yuno Brasil", "nós", "nos" ou "nosso") coleta, utiliza, retém e transfere seus Dados Pessoais no âmbito da legislação brasileira. Estamos comprometidos em proteger sua privacidade em conformidade com a Lei Geral de Proteção de Dados Pessoais (LGPD) e demais leis aplicáveis.

‍

1.2. Este Aviso fornece um resumo de nossas práticas de tratamento de dados. Para informações mais detalhadas, consulte nossa Política de Privacidade completa da Yuno Brasil e a Política de Privacidade Global da Yuno, disponíveis em nosso website. O objetivo deste Aviso é fornecer informações essenciais sobre como tratamos seus Dados Pessoais.

‍

Seção 2. Quais Dados Pessoais Coletamos

‍

2.1. Quando a Yuno Brasil atua como Controladora de Dados, podemos coletar diversas categorias de Dados Pessoais sobre você. Estas categorias incluem principalmente: a) Dados de Identificação e Contato: Como seu nome completo, endereço de e-mail, número de telefone e endereço físico. b) Informações Financeiras: Incluindo detalhes de pagamento e informações de faturamento necessárias para as transações. c) Dados Técnicos e Eletrônicos: Informações relacionadas ao uso de nossos serviços, como endereços IP, identificadores de dispositivo e tipos de navegador. d) Informações Profissionais ou Empregatícias: Como seu cargo e afiliação corporativa, particularmente para nossos contatos comerciais. e) Informações Comerciais: Como registros de serviços adquiridos ou considerados.

‍

2.2. Quando a Yuno Brasil atua como Operadora de Dados em nome de nossos Comerciantes, tratamos os Dados Pessoais do Usuário Final estritamente de acordo com as instruções documentadas do Comerciante.

‍

Seção 3. Como Utilizamos Seus Dados Pessoais

‍

3.1. A Yuno Brasil trata seus Dados Pessoais para finalidades específicas, legítimas, explícitas e informadas ao titular. As finalidades primárias para as quais utilizamos seus Dados Pessoais incluem: a) Prestação e Gerenciamento de Serviços: Para fornecer, operar e gerenciar nossos Serviços de orquestração de pagamentos e manter nossas relações comerciais. b) Gerenciamento de Contas de Usuário: Para administrar contas de usuário, perfis e credenciais de acesso. c) Verificação e Segurança: Para autenticar identidades e proteger contra fraudes, acessos não autorizados e outros riscos de segurança. d) Cumprimento de Obrigações Legais e Regulatórias: Para cumprir com nossas obrigações legais, incluindo requisitos de manutenção de registros e apresentação de relatórios. e) Comunicação e Marketing: Para nos comunicarmos com você sobre nossos Serviços, enviar atualizações e, com seu consentimento ou onde permitido, fornecer informações de marketing. Você pode optar por não receber comunicações de marketing a qualquer momento.

‍

Seção 4. Compartilhamento dos Seus Dados Pessoais

‍

4.1. A Yuno Brasil não vende seus Dados Pessoais. Poderemos compartilhar seus Dados Pessoais apenas em circunstâncias limitadas e com as devidas salvaguardas. Isso inclui o compartilhamento com: a) Empresas do Grupo Yuno: Para fins administrativos internos, consolidação de dados e para oferecer serviços integrados. b) Prestadores de Serviços (Nossos Operadores de Dados): Com fornecedores terceirizados de confiança que realizam serviços em nosso nome, como hospedagem em nuvem, suporte de TI e análises. Esses fornecedores são contratualmente obrigados a proteger seus Dados Pessoais e a tratá-los apenas de acordo com nossas instruções. c) Parceiros do Ecossistema de Pagamentos: Quando necessário para processar transações e prestar nossos Serviços, os dados podem ser compartilhados com prestadores de serviços de pagamento, instituições financeiras e serviços de prevenção a fraudes, conforme instruído por nossos Comerciantes quando atuamos como Operadores. d) Autoridades Legais: Se exigido por lei, processo legal ou para responder a solicitações governamentais válidas.

‍

Seção 5. Seus Direitos de Privacidade

‍

5.1. De acordo com a LGPD, você possui certos direitos em relação aos seus Dados Pessoais. Estes direitos podem incluir: a) O direito de confirmação da existência de tratamento. b) O direito de acesso aos seus Dados Pessoais. c) O direito de correção de dados incompletos, inexatos ou desatualizados. d) O direito à anonimização, bloqueio ou eliminação de dados desnecessários, excessivos ou tratados em desconformidade com a LGPD. e) O direito à portabilidade dos dados a outro fornecedor de serviço ou produto, mediante requisição expressa. f) O direito à eliminação dos Dados Pessoais tratados com o consentimento do titular. g) O direito à informação das entidades públicas e privadas com as quais o controlador realizou uso compartilhado de dados. h) O direito à informação sobre a possibilidade de não fornecer consentimento e sobre as consequências da negativa. i) O direito à revogação do consentimento.

‍

5.2. Para informações detalhadas sobre seus direitos e como exercê-los, consulte nossa Política de Privacidade da Yuno Brasil ou entre em contato conosco.

‍

Seção 6. Transferências Internacionais de Dados

‍

6.1. Como uma organização global, a Yuno Brasil pode transferir seus Dados Pessoais para países diferentes do seu país de residência. Garantimos que tais transferências sejam realizadas em conformidade com a LGPD e que existam salvaguardas apropriadas para proteger seus Dados Pessoais, como Cláusulas Contratuais Padrão ou verificando se o país de destino proporciona grau de proteção de dados pessoais adequado ao previsto na LGPD.

‍

Seção 7. Segurança dos Dados

‍

7.1. A Yuno Brasil está empenhada em proteger a segurança de seus Dados Pessoais. Implementamos medidas de segurança técnicas, administrativas e físicas robustas, projetadas para prevenir o acesso, uso, divulgação, alteração ou destruição não autorizados de suas informações. Nossas práticas de segurança estão alinhadas com os padrões e certificações da indústria, conforme detalhado em nosso Trust Center.

‍

Seção 8. Atualizações deste Aviso de Privacidade

‍

9.1. A Yuno Brasil poderá atualizar este Aviso de Privacidade periodicamente para refletir mudanças em nossas práticas de dados, requisitos legais ou serviços. Publicaremos quaisquer alterações significativas em nosso website ou o notificaremos conforme exigido por lei. Recomendamos que você revise este Aviso periodicamente.

‍

Seção 10. Contato

‍

10.1. Se você tiver quaisquer perguntas ou preocupações sobre este Aviso de Privacidade, ou desejar exercer seus direitos de privacidade, entre em contato com a Equipe de Privacidade da Yuno exclusivamente por e-mail: E-mail: privacy@y.uno. 

‍

Sección 1. Introducción

‍

1.1. Este Aviso de Privacidad describe cómo Yuno y nuestras filiales en todo el mundo (colectivamente, "Yuno", "nosotros", o "nuestro") recopilamos, usamos, retenemos y transferimos sus Datos Personales. Estamos comprometidos con la protección de su privacidad en cumplimiento con las Leyes de Protección de Datos Aplicables.

‍

1.2. Este Aviso proporciona un resumen de nuestras prácticas de datos. Para obtener información más detallada, consulte nuestra Política de Privacidad Global completa de Yuno, disponible en nuestro sitio web. Este Aviso tiene como objetivo brindarle información clave sobre cómo manejamos sus Datos Personales.

‍

Sección 2. Qué Datos Personales Recopilamos

‍

2.1. Cuando Yuno actúa como Controlador de Datos, podemos recopilar diversas categorías de Datos Personales sobre usted. Estas categorías incluyen principalmente: a) Datos de Identificación y Contacto: Tales como su nombre completo, dirección de correo electrónico, número de teléfono y dirección física. b) Información Financiera: Incluyendo detalles de pago e información de facturación necesarios para las transacciones. c) Datos Técnicos y Electrónicos: Información relacionada con su uso de nuestros servicios, como direcciones IP, identificadores de dispositivos y tipos de navegador. d) Información Profesional o Laboral: Tales como su cargo y afiliación corporativa, particularmente para nuestros contactos comerciales. e) Información Comercial: Tales como registros de servicios adquiridos o considerados.

‍

2.2. Cuando Yuno actúa como Procesador de Datos en nombre de nuestros Comerciantes, procesamos los Datos Personales del Usuario Final estrictamente de acuerdo con las instrucciones del Comerciante.

‍

Sección 3. Cómo Usamos Sus Datos Personales

‍

3.1. Yuno procesa sus Datos Personales para fines específicos y legítimos. Los fines principales para los que usamos sus Datos Personales incluyen: a) Provisión y Gestión de Servicios: Para proporcionar, operar y gestionar nuestros Servicios de orquestación de pagos y mantener nuestras relaciones comerciales. b) Gestión de Cuentas de Usuario: Para administrar cuentas de usuario, perfiles y credenciales de acceso. c) Verificación y Seguridad: Para autenticar identidades y proteger contra el fraude, el acceso no autorizado y otros riesgos de seguridad. d) Cumplimiento Legal y Regulatorio: Para cumplir con nuestras obligaciones legales, incluyendo los requisitos de mantenimiento de registros y presentación de informes. e) Comunicación y Marketing: Para comunicarnos con usted sobre nuestros Servicios, enviar actualizaciones y, con su consentimiento o cuando esté permitido, proporcionar información de marketing. Puede optar por no recibir comunicaciones de marketing en cualquier momento.

‍

Sección 4. Intercambio de Sus Datos Personales

‍

4.1. Yuno no vende sus Datos Personales. Podemos compartir sus Datos Personales solo en circunstancias limitadas y con las debidas garantías. Esto incluye compartir con: a) Empresas del Grupo Yuno: Para fines administrativos internos, consolidación de datos y para ofrecer servicios integrados. b) Proveedores de Servicios (Nuestros Procesadores de Datos): Con proveedores externos de confianza que realizan servicios en nuestro nombre, como alojamiento en la nube, soporte de TI y análisis. Estos proveedores están contractualmente obligados a proteger sus Datos Personales. c) Socios del Ecosistema de Pagos: Cuando sea necesario para procesar transacciones y prestar nuestros Servicios, los datos pueden compartirse con proveedores de servicios de pago, instituciones financieras y servicios de prevención de fraude, según las indicaciones de nuestros Comerciantes cuando actuamos como Procesador. d) Autoridades Legales: Si así lo exige la ley, un proceso legal o para responder a solicitudes gubernamentales válidas.

‍

Sección 5. Sus Derechos de Privacidad

‍

5.1. Dependiendo de su jurisdicción y la ley aplicable, usted puede tener ciertos derechos con respecto a sus Datos Personales. Estos derechos pueden incluir: a) El derecho a acceder a sus Datos Personales. b) El derecho a rectificar Datos Personales inexactos. c) El derecho a solicitar la supresión de sus Datos Personales (el "derecho al olvido"). d) El derecho a restringir u oponerse al tratamiento de sus Datos Personales. e) El derecho a la portabilidad de los datos. f) El derecho a retirar el consentimiento, cuando el tratamiento se base en el consentimiento.

‍

5.2. Para obtener información detallada sobre sus derechos y cómo ejercerlos, consulte nuestra Política de Privacidad Global o contáctenos.

‍

Sección 6. Transferencias Internacionales de Datos

‍

6.1. Como organización global, Yuno puede transferir sus Datos Personales a países distintos de su país de residencia. Nos aseguramos de que dichas transferencias se realicen en cumplimiento con las Leyes de Protección de Datos Aplicables y de que existan las debidas garantías para proteger sus Datos Personales, como Cláusulas Contractuales Tipo o decisiones de adecuación.

‍

Sección 7. Seguridad de los Datos

‍

7.1. Yuno se compromete a proteger la seguridad de sus Datos Personales. Implementamos medidas de seguridad técnicas, administrativas y físicas robustas diseñadas para prevenir el acceso, uso, divulgación, alteración o destrucción no autorizados de su información. Nuestras prácticas de seguridad están alineadas con los estándares y certificaciones de la industria, según se detalla en nuestro Centro de Confianza.

‍

Sección 8. Cookies y Tecnologías de Seguimiento

‍

8.1. Utilizamos cookies y tecnologías de seguimiento similares en nuestros sitios web para mejorar la funcionalidad, analizar el rendimiento y personalizar su experiencia. Para obtener más información sobre nuestro uso de cookies y cómo puede gestionar sus preferencias, consulte nuestra Política de Cookies, accesible a través de nuestro sitio web, o la sección pertinente en nuestra Política de Privacidad Global.

‍

Sección 9. Actualizaciones de Este Aviso de Privacidad

‍

9.1. Yuno puede actualizar este Aviso de Privacidad periódicamente para reflejar cambios en nuestras prácticas de datos, requisitos legales o servicios. Publicaremos cualquier cambio significativo en nuestro sitio web o se lo notificaremos según lo exija la ley. Le recomendamos que revise este Aviso periódicamente.

‍

Sección 10. Contáctenos

‍

10.1. Si tiene alguna pregunta, inquietud sobre este Aviso de Privacidad o desea ejercer sus derechos de privacidad, comuníquese con el Equipo de Privacidad de Yuno únicamente por correo electrónico a: Correo electrónico: privacy@y.uno 

‍

In compliance with the provisions of the Federal Law on the Protection of Personal Data Held by Private Parties (hereinafter, the "LFPD") and other applicable regulations, we provide you with this Comprehensive Privacy Notice (hereinafter, the "Privacy Notice").

‍

Identity and address of the Controller

‍

We inform you that “Yuno Tecnologías, S.A.P.I. de C.V.” (hereinafter, “YUNO”) is responsible for the personal data of its respective clients and prospects.

YUNO designates as its address for hearing and receiving notifications the address located at Luz Saviñón 13, PH4, Colonia Del Valle, Benito Juárez Municipality, Postal Code 03103, Mexico City, Mexico.

‍

Personal data collected and processed

‍

In order to fulfill the purposes described in this Privacy Notice, YUNO may collect the following categories of personal data:

• Identification and contact information,
• Asset and/or financial data, and
• Electronic data.

‍

Personal data of third parties

‍

If you provide us with third-party personal data for the purposes identified in this Privacy Notice, you must inform them about the processing of their personal data and the content of this Privacy Notice. If you provide third-party personal data, you represent that you have the consent of the data subjects to provide their information to YUNO and that the data is accurate and complete.

‍

‍Sensitive personal data

‍

YUNO does not collect or process sensitive personal data. As the data subject, you should refrain from sharing this type of information with YUNO.

‍

Purposes of the treatment

We may process your personal data for the following purposes:

‍

a) Primary purposes:

1. Provide applicants with information about the services provided by YUNO, including their terms and prices, where applicable.
2. Facilitate the contracting of services offered by YUNO.
3. Management, control, administration, and updating of personal data related to YUNO Users: individuals and legal representatives or contacts designated by legal entities.
4. Management, control, administration and security of user profiles, identifiers and passwords.
5. Personal, direct, or indirect collection of documents, references, background information, and supporting information for user and prospect files.
6. Provide the services and carry out the activities that have been contracted with YUNO.
7. Authenticate and verify data to validate, mitigate, and protect against identity theft or fraud.
8. Management, control and administration of communications between YUNO and its users.
9. Billing for services and products provided, as well as their judicial or extrajudicial collection.
10. Use the data for internal administrative or commercial purposes.
11. Monitoring and improving service and customer service by YUNO.
12. Compliance with legal duties and obligations.
13. Statistics and historical record of clients.

‍

b) Secondary purposes

1. Sending promotional messages by YUNO.
2. Data analysis using analytics, artificial intelligence, and/or big data technologies to evaluate the use of our services and the information we provide on our website, in order to improve functionality and/or correct errors.

‍

YUNO will provide the necessary means (such as checkboxes) so that you can express your opposition to the processing of your personal data for the secondary purposes indicated above, without prejudice to your right to object if you wish to change your mind at any time, if you have consented to the processing of your personal data for such purposes.

‍

Transfers of personal data

‍

YUNO may transfer your personal data within Mexico or abroad to the following categories of recipients for the purposes identified below:

• To our parent company and/or controlling companies, affiliates and/or subsidiaries and/or any company of the same corporate group as YUNO that operates under the same internal processes and policies, for the purposes of management, administration, and centralized safeguarding of information; compliance with obligations arising from applicable legislation or international treaties; and statistical and historical record-keeping purposes.
• Authorities, agencies or government entities; in compliance with the obligations contemplated in the applicable legislation and/or in compliance with the requirements made by the same.
• Third parties, when such transfer is essential for the provision of YUNO services.
• Collection agencies, for the recovery of unpaid debts and their judicial or extrajudicial collection.

‍

The LFPD establishes that the aforementioned data transfers do not require your consent. Any transfer of your personal data that does require your consent will be notified in advance, through the communication and updating of this Privacy Notice and prior to the transfer of said data.

‍

ARCO Rights

The LFPD regulates the ARCO Rights you have as a personal data subject. These rights include:

• Access: the right to know what personal data we process about you, as well as information regarding the conditions and generalities of the processing.
• Rectification: the right to request at any time the rectification of your data that is inaccurate or incomplete.
• Cancellation: the right to have us stop processing your personal data, by blocking it and then deleting it.
• Opposition: the right to object, for legitimate reasons, to the processing of your personal data.

‍

To exercise any of your ARCO Rights, you must submit a request to our Personal Data Department through any of the following channels:

a. By sending a request to the email: datospersonales@y.uno the

b. By sending a duly signed application to the address: Luz Saviñon 13, PH4, Colonia Del Valle, Benito Juárez Mayor's Office, Postal Code 03103, Mexico City, Mexico.

‍

The application must contain or be accompanied by:

1. Your full name and address, or other means to communicate the response to your request;
2. A copy of a document that proves your identity and, if applicable, legal representation if someone exercises the right on your behalf.
3. A clear and precise description of the personal data in respect of which you seek to exercise any of the ARCO rights, unless it is the right of access;
4. The description of the ARCO right that is intended to be exercised, or what the holder requests, and
5. If applicable, any other information or document that helps us locate your personal data.

‍

YUNO will respond to your request within 20 (twenty) business days following the date it is sent and received. If the request is deemed admissible, we will process it within 15 (fifteen) business days following the date you communicate the response.

‍

If the information and/or documentation provided in your application is incomplete, erroneous, and/or insufficient, or if the necessary documents to prove your identity or corresponding legal representation are missing, YUNO will request that the deficiencies be corrected and rectified in order to process your application. You will have 10 (ten) business days to address the request and correct the application; otherwise, it will be considered not submitted.

‍

The use of electronic means to exercise ARCO Rights authorizes YUNO to respond to the corresponding request through the same means, unless you clearly and expressly indicate another means of contact in your request.

‍

The right to erasure is not absolute. Please note that YUNO must retain information to comply with various legal obligations and may share your personal data with other entities or organizations to do so. In such cases, the right to erasure may need to be requested from the entity that received your personal data.

‍

Revocation of consent

‍

You may revoke your consent to the processing of your personal data, without retroactive effect, in all cases where such revocation does not make it impossible to fulfill obligations arising from a current legal relationship between you and YUNO.

The procedure for revoking consent, if applicable, will be the same as that established in the section for exercising ARCO rights.

‍

Limitations on the use and disclosure of your personal data

‍

You may limit the use or disclosure of your personal data by submitting a request to our Personal Data Department. The requirements for proving your identity, as well as the procedure for processing your request, will be the same as those outlined in the "Exercise of ARCO Rights" section.

YUNO has the means and procedures to ensure the inclusion of some of your data on its own exclusion lists, when you expressly request inclusion. YUNO will provide registered owners with the corresponding registration certificate.

‍

Automatic means of collecting personal data

‍

We use cookies to facilitate navigation on the website https://www.y.uno/The electronic services provided by YUNO allow us to collect, analyze, and store technical information related to user habits. This information is collected automatically when the user uses our electronic services.

In certain cases, we link this information to specific users or personal accounts. YUNO merely generates and analyzes statistics that allow us to improve the services offered and, where appropriate, design new ones. For more detailed information about cookies, we recommend visiting www.allabout
cookies.org.

‍

Changes to our Privacy Notice

‍

YUNO may modify, update, extend, or otherwise change the content and scope of this Privacy Notice at any time and at its sole discretion. In such cases, we will post such changes on the website https://www.y.uno/. 

Changes to this Privacy Notice may also be communicated via email, when that means has been established as the communication channel between you and YUNO, during the term of the legal relationship.

‍

Section 1. Introduction

‍

1.1. This Privacy Notice outlines how Yuno and our affiliates worldwide (collectively, "Yuno," "we," "us," or "our") collect, use, retain, and transfer your Personal Data. We are committed to protecting your privacy in compliance with Applicable Data Protection Laws.

‍

1.2. This Notice provides a summary of our data practices. For more detailed information, please refer to our full Yuno Global Privacy Policy, available on our website. This Notice is intended to give you key information about how we handle your Personal Data.

‍

Section 2. What Personal Data We Collect

‍

2.1. When Yuno acts as a Data Controller, we may collect various categories of Personal Data about you. These categories primarily include: a) Identification and Contact Data: Such as your full name, email address, phone number, and physical address. b) Financial Information: Including payment details and billing information necessary for transactions. c) Technical and Electronic Data: Information related to your use of our services, such as IP addresses, device identifiers, and browser types. d) Professional or Employment-Related Information: Such as your job title and company affiliation, particularly for our business contacts. e) Commercial Information: Such as records of services purchased or considered.

‍

2.2. When Yuno acts as a Data Processor on behalf of our Merchants, we process End-User Personal Data strictly according to the Merchant's instructions.

‍

Section 3. How We Use Your Personal Data

‍

3.1. Yuno processes your Personal Data for specific and legitimate purposes. The primary purposes for which we use your Personal Data include: a) Service Provision and Management: To provide, operate, and manage our payment orchestration Services and maintain our business relationships. b) User Account Management: To administer user accounts, profiles, and access credentials. c) Verification and Security: To authenticate identities and protect against fraud, unauthorized access, and other security risks. d) Legal and Regulatory Compliance: To comply with our legal obligations, including record-keeping and reporting requirements. e) Communication and Marketing: To communicate with you about our Services, send updates, and, with your consent or where permitted, provide marketing information. You may opt-out of marketing communications at any time.

‍

Section 4. Sharing Your Personal Data

‍

4.1. Yuno does not sell your Personal Data. We may share your Personal Data only in limited circumstances and with appropriate safeguards. This includes sharing with: a) Yuno Group Companies: For internal administrative purposes, data consolidation, and to offer integrated services. b) Service Providers (Our Data Processors): With trusted third-party vendors who perform services on our behalf, such as cloud hosting, IT support, and analytics. These providers are contractually bound to protect your Personal Data. c) Payment Ecosystem Partners: When necessary to process transactions and deliver our Services, data may be shared with payment service providers, financial institutions, and fraud prevention services, as directed by our Merchants when we act as a Processor. d) Legal Authorities: If required by law, legal process, or to respond to valid governmental requests.

‍

Section 5. Your Privacy Rights

‍

5.1. Depending on your jurisdiction and applicable law, you may have certain rights regarding your Personal Data. These rights may include: a) The right to access your Personal Data. b) The right to rectify inaccurate Personal Data. c) The right to request erasure of your Personal Data (the "right to be forgotten"). d) The right to restrict or object to the processing of your Personal Data. e) The right to data portability. f) The right to withdraw consent, where processing is based on consent.

‍

5.2. For detailed information on your rights and how to exercise them, please consult our Global Privacy Policy or contact us.

‍

Section 6. International Data Transfers

‍

6.1. As a global organization, Yuno may transfer your Personal Data to countries other than your country of residence. We ensure that such transfers are conducted in compliance with Applicable Data Protection Laws and that appropriate safeguards are in place to protect your Personal Data, such as Standard Contractual Clauses or adequacy decisions.

‍

Section 7. Data Security

‍

7.1. Yuno is committed to protecting the security of your Personal Data. We implement robust technical, administrative, and physical security measures designed to prevent unauthorized access, use, disclosure, alteration, or destruction of your information. Our security practices are aligned with industry standards and certifications, as detailed in our Trust Center.

‍

Section 8. Cookies and Tracking Technologies

‍

8.1. We use cookies and similar tracking technologies on our websites to enhance functionality, analyze performance, and personalize your experience. For more information about our use of cookies and how you can manage your preferences, please refer to our Cookie Policy, accessible via our website, or the relevant section in our Global Privacy Policy.

‍

Section 9. Updates to This Privacy Notice

‍

9.1. Yuno may update this Privacy Notice from time to time to reflect changes in our data practices, legal requirements, or services. We will post any significant changes on our website or notify you as required by law. We encourage you to review this Notice periodically.

‍

Section 10. Contact Us

‍

10.1. If you have any questions, concerns about this Privacy Notice, or wish to exercise your privacy rights, please contact Yuno’s Privacy Team solely via email at: Email: privacy@y.uno 

‍

Section 1. Introduction

‍

1.1. This Privacy Notice outlines how Yuno and our affiliates worldwide (collectively, "Yuno," "we," "us," or "our") collect, use, retain, and transfer your Personal Data. We are committed to protecting your privacy in compliance with Applicable Data Protection Laws.

‍

1.2. This Notice provides a summary of our data practices. For more detailed information, please refer to our full Yuno Global Privacy Policy, available on our website. This Notice is intended to give you key information about how we handle your Personal Data.

‍

Section 2. What Personal Data We Collect

‍

2.1. When Yuno acts as a Data Controller, we may collect various categories of Personal Data about you. These categories primarily include: a) Identification and Contact Data: Such as your full name, email address, phone number, and physical address. b) Financial Information: Including payment details and billing information necessary for transactions. c) Technical and Electronic Data: Information related to your use of our services, such as IP addresses, device identifiers, and browser types. d) Professional or Employment-Related Information: Such as your job title and company affiliation, particularly for our business contacts. e) Commercial Information: Such as records of services purchased or considered.

‍

2.2. When Yuno acts as a Data Processor on behalf of our Merchants, we process End-User Personal Data strictly according to the Merchant's instructions.

‍

Section 3. How We Use Your Personal Data

‍

3.1. Yuno processes your Personal Data for specific and legitimate purposes. The primary purposes for which we use your Personal Data include: a) Service Provision and Management: To provide, operate, and manage our payment orchestration Services and maintain our business relationships. b) User Account Management: To administer user accounts, profiles, and access credentials. c) Verification and Security: To authenticate identities and protect against fraud, unauthorized access, and other security risks. d) Legal and Regulatory Compliance: To comply with our legal obligations, including record-keeping and reporting requirements. e) Communication and Marketing: To communicate with you about our Services, send updates, and, with your consent or where permitted, provide marketing information. You may opt-out of marketing communications at any time.

‍

Section 4. Sharing Your Personal Data

‍

4.1. Yuno does not sell your Personal Data. We may share your Personal Data only in limited circumstances and with appropriate safeguards. This includes sharing with: a) Yuno Group Companies: For internal administrative purposes, data consolidation, and to offer integrated services. b) Service Providers (Our Data Processors): With trusted third-party vendors who perform services on our behalf, such as cloud hosting, IT support, and analytics. These providers are contractually bound to protect your Personal Data. c) Payment Ecosystem Partners: When necessary to process transactions and deliver our Services, data may be shared with payment service providers, financial institutions, and fraud prevention services, as directed by our Merchants when we act as a Processor. d) Legal Authorities: If required by law, legal process, or to respond to valid governmental requests.

‍

Section 5. Your Privacy Rights

‍

5.1. Depending on your jurisdiction and applicable law, you may have certain rights regarding your Personal Data. These rights may include: a) The right to access your Personal Data. b) The right to rectify inaccurate Personal Data. c) The right to request erasure of your Personal Data (the "right to be forgotten"). d) The right to restrict or object to the processing of your Personal Data. e) The right to data portability. f) The right to withdraw consent, where processing is based on consent.

‍

5.2. For detailed information on your rights and how to exercise them, please consult our Global Privacy Policy or contact us.

‍

Section 6. International Data Transfers

‍

6.1. As a global organization, Yuno may transfer your Personal Data to countries other than your country of residence. We ensure that such transfers are conducted in compliance with Applicable Data Protection Laws and that appropriate safeguards are in place to protect your Personal Data, such as Standard Contractual Clauses or adequacy decisions.

‍

Section 7. Data Security

‍

7.1. Yuno is committed to protecting the security of your Personal Data. We implement robust technical, administrative, and physical security measures designed to prevent unauthorized access, use, disclosure, alteration, or destruction of your information. Our security practices are aligned with industry standards and certifications, as detailed in our Trust Center.

‍

Section 8. Cookies and Tracking Technologies

‍

8.1. We use cookies and similar tracking technologies on our websites to enhance functionality, analyze performance, and personalize your experience. For more information about our use of cookies and how you can manage your preferences, please refer to our Cookie Policy, accessible via our website, or the relevant section in our Global Privacy Policy.

‍

Section 9. Updates to This Privacy Notice

‍

9.1. Yuno may update this Privacy Notice from time to time to reflect changes in our data practices, legal requirements, or services. We will post any significant changes on our website or notify you as required by law. We encourage you to review this Notice periodically.

‍

Section 10. Contact Us

‍

10.1. If you have any questions, concerns about this Privacy Notice, or wish to exercise your privacy rights, please contact Yuno’s Privacy Team solely via email at: Email: privacy@y.uno

‍

A presente Política de Privacidade (“Política”) tem o objetivo de informar, de forma clara e completa, sobre como se dará o Tratamento de Dados Pessoais, em decorrência da utilização dos serviços prestados pela YUNO INTERMEDIAÇÃO DE SERVIÇOS LTDA. (“YUNO”), inscrita no CNPJ nº 47.153.327/0001-67 de acordo com as legislações aplicáveis. 

‍

Ao utilizar os serviços da YUNO, o Titular dos Dados Pessoais (“Usuário”) concorda com os termos desta Política. Caso o Usuário não concorde, deverá se abster de utilizar os serviços da Yuno.

‍

1. DISPOSIÇÕES GERAIS

‍

1.1. Legislação aplicável. Esta Política incorpora as disposições contidas na Lei nº 13.709/2018 - Lei Geral de Proteção de Dados Pessoais (“LGPD”) e outras legislações e normas brasileiras relacionados à privacidade e proteção de dados pessoais. Ademais, esta Política está alinhada com os princípios de tratamento previstos na LGPD, permitindo que a YUNO acesse e trate informações, inclusive em virtude de uma transferência internacional de dados, conforme os termos da referida legislação. Esta Política também considera padrões internacionais, como a ISO/IEC 27001 para gestão da segurança da informação e normas de cibersegurança, quando aplicáveis (https://security.y.uno/). 

‍

1.2. Âmbito de aplicação. Esta Política abrange todas as atividades de Tratamento de Dados Pessoais realizadas pela YUNO, ou por quem a YUNO designe, na qualidade de Controlador ou Operador, nos termos da lei.

‍

1.3. Definições. seguintes definições devem ser consideradas para interpretação desta Política, sendo aplicáveis no singular ou plural sem alteração de seu significado:

‍‍

A) "YUNO": Sociedade brasileira, registrada sob o CNPJ/ME 47.153.327/0001-67, com sed na Avenida Nove de Julho, 3228, sala 604 – Ed. First Office Flat, CEP 01406-000, que atua como Controladora e/ou Operadora no Tratamento de Dados Pessoais, conforme aplicável de acordo com a legislação.

B) "Consentimento": Autorização prévia, livre, inequívoca e informada do Titular para a realização do Tratamento de Dados Pessoais para finalidades específicas.

C) "Base de Dados Pessoais": Conjunto organizado de Dados Pessoais objeto de Tratamento pela YUNO, ou por quem lhe designe, na qualidade de Controlador ou Operador.‍

D) "Dado Pessoal": Informação relacionada a pessoa natural identificada ou identificável.

E) "Dados de Crianças e Adolescentes": Dados Pessoais de Titulares menores de idade, ou seja, pessoas com idade inferior a 18 anos, cujo Tratamento deve assegurar a prevalência de seus direitos fundamentais.

F) "Dados Sensíveis": Dados que podem revelar origem racial ou étnica, convicções religiosas, opinião política, filiação a sindicato ou organização de caráter religioso, filosófico ou político, bem como dados referentes à saúde, vida sexual, dados genéticos ou biométricos.‍

G) "Operador": Pessoa natural ou jurídica, pública ou privada, que realiza o Tratamento de Dados Pessoais em nome do Controlador.

H) "Site da YUNO": O site por meio do qual a YUNO divulga seus serviços prestados e demais informações, localizado no URL: https://www.y.uno/.‍

I) "Política": A Política e os procedimentos para o Tratamento de Dados Pessoais adotados pela YUNO.

J) "Controlador": Pessoa natural ou jurídica, pública ou privada, que decide sobre os elementos essenciais relacionados ao Tratamento de Dados Pessoais.

k) "ANPD": Autoridade Nacional de Proteção de Dados, órgão administrativo responsável pela fiscalização e regulação da proteção de dados pessoais no Brasil - https://www.gov.br/anpd/pt-br.

L) "Titular": Pessoa natural a quem os Dados Pessoais se referem.

M) "Transferência": Envio de Dados Pessoais pelo Controlador ou Operador a um terceiro localizado dentro ou fora do território nacional.

N) "Compartilhamento": Comunicação ou disponibilização de Dados Pessoais entre o Controlador e/ou Operador e terceiros.

O) "Tratamento": Qualquer operação realizada com Dados Pessoais, como coleta, armazenamento, uso, compartilhamento ou eliminação.

‍

1.4. Objeto. Esta Política tem como objetivo estabelecer as diretrizes e regular os procedimentos relacionados à coleta, gerenciamento e, de forma geral, ao Tratamento de Dados Pessoais realizado pela YUNO ou por terceiros por ela designados, assegurando a proteção e o respeito aos direitos dos Titulares

‍

1.5. Princípios. Os seguintes princípios orientam e constituem o marco geral para o cumprimento das disposições previstas nesta Política:

‍‍

a) Princípio da Finalidade. O Tratamento deve ser realizado para fins legítimos, específicos, explícitos e informados ao Titular, em conformidade com a Constituição e a legislação aplicável.

b) Princípio da Qualidade dos Dados. As informações submetidas ao Tratamento devem ser exatas, claras, relevantes e atualizadas, sendo vedado o Tratamento de dados incompletos, imprecisos ou que possam induzir a erro.‍

c) Princípio da Transparência. Deve-se garantir ao Titular o direito de obter, a qualquer momento e sem restrições, informações sobre a existência, o Tratamento e os Dados Pessoais que lhe dizem respeito.

d) Princípio da Segurança. O Tratamento deve ser realizado com medidas técnicas e administrativas adequadas para proteger os Dados Pessoais contra acessos não autorizados, bem como contra destruição, perda, alteração, comunicação ou difusão, seja acidental ou ilícita.

e) Princípio da Confidencialidade. Todas as pessoas envolvidas no Tratamento de Dados Pessoais têm o dever de manter a confidencialidade das informações, inclusive após o término de sua relação com as atividades de Tratamento.

f) Proteção de Dados Sensíveis. A YUNO, ou quem esta designar, não coletará ou tratará Dados Sensíveis sem o consentimento expresso do Titular, salvo nas hipóteses previstas por lei ou outra base legal aplicável.

g) Proteção de Dados de Crianças e Adolescentes. Esta Política assegura a proteção especial aos direitos fundamentais de menores de idade, em conformidade com a legislação brasileira, garantindo o respeito à sua privacidade e segurança.

h) Princípio da não discriminação. Dados Pessoais não poderão ser utilizados para fins discriminatórios, ilícitos ou abusivos, em nenhuma hipótese.

‍

1.6. Bases Legais para o Tratamento de Dados Pessoais. A YUNO realizará o Tratamento de Dados Pessoais dos Titulares com base nas hipóteses legais previstas na Lei Geral de Proteção de Dados Pessoais (LGPD), O Tratamento será realizado nas seguintes bases legais:

‍‍

a) Consentimento do Titular: Quando o Titular expressar sua autorização de forma clara, informada e inequívoca, para o Tratamento de seus Dados Pessoais para finalidades específicas.‍

b) Cumprimento de obrigação legal ou regulatória: Quando o Tratamento for necessário para atender a obrigações legais ou regulatórias a que a YUNO esteja sujeita.‍

c) Execução de contrato ou de procedimentos preliminares relacionados a contrato: Quando o Tratamento for necessário para a execução de um contrato ou de medidas preliminares solicitadas pelo Titular antes da celebração de um contrato.‍

d) Legítimo interesse: Quando o Tratamento for necessário para atender aos interesses legítimos da YUNO ou de terceiros, desde que respeitados os direitos e liberdades fundamentais do Titular. A YUNO realizará uma análise de impacto para assegurar que esse legítimo interesse não prejudique os direitos dos Titulares.‍

e) Proteção da vida ou da incolumidade física do Titular ou de terceiros: Quando necessário para proteger a vida ou a integridade física do Titular ou de terceiros.‍

f) Execução de políticas públicas: Quando o Tratamento for necessário para a execução de políticas públicas previstas em leis ou regulamentos.‍

g) Exercício regular de direitos: Quando o Tratamento for necessário para a defesa de direitos em processos judiciais, administrativos ou arbitrais.

‍

1.7. Finalidades do Tratamento. Os Dados Pessoais coletados serão tratados de acordo com as finalidades informadas ao Titular no momento da coleta e conforme as necessidades do cumprimento das bases legais acima mencionadas. Tais finalidades podem incluir, mas não se limitam a, fornecer serviços contratados, cumprimento de obrigações legais e regulatórias, comunicação com o Titular, melhorias nos serviços, e outros fins legítimos necessários para a operação da YUNO.

‍

2. DIREITOS DOS TITULARES

‍

2.1. Direitos dos Titulares. Os Titulares dos Dados Pessoais constantes nas Bases de Dados da YUNO possuem os seguintes direitos, assegurados pela legislação brasileira, sem prejuízo de outros previstos:

‍

A) Direito de Acesso. O Titular tem o direito de obter informações sobre seus Dados Pessoais, incluindo a finalidade do Tratamento, a localização das Bases de Dados, bem como sobre qualquer compartilhamento ou transferência de seus dados.

B) Direito de Atualização. O Titular pode solicitar a atualização de seus Dados Pessoais sempre que houver alterações, para manter as informações precisas e atualizadas.

C) Direito de Retificação. O Titular tem o direito de corrigir Dados Pessoais inexatos, incompletos ou desatualizados.

D) Direito de Eliminação. O Titular pode solicitar a exclusão de seus Dados Pessoais quando considerados excessivos, desnecessários ou tratados em desconformidade com a legislação aplicável, salvo exceções previstas em lei que justifiquem sua manutenção.

E) Direito de Revogação do Consentimento. O Titular pode revogar o consentimento dado para o Tratamento, salvo nas hipóteses em que obrigações legais ou contratuais exigirem a continuidade do Tratamento.

F) Direito de Reclamação. O Titular pode apresentar reclamações ou reivindicações junto à ANPD ou outras autoridades competentes, caso identifique descumprimento das normas de proteção de dados pessoais.

G) Direito à Portabilidade: O Titular pode solicitar a transferência de seus Dados Pessoais para outro Controlador, desde que seja tecnicamente viável e realizada em formato estruturado, nos termos da legislação aplicável.

‍

2.2. O exercício desses direitos será gratuito e ilimitado, sendo realizado exclusivamente pelo Titular, salvo exceções previstas em lei.

‍

3. OBRIGAÇÕES DA YUNO

‍

3.1. Obrigações da YUNO como Controladora. A YUNO, na qualidade de Controladora dos Dados Pessoais, assume as seguintes responsabilidades:

‍

3.1.1. Garantia de Direitos: Assegurar ao Titular o pleno e efetivo exercício de todos os direitos previstos nesta Política e na legislação aplicável.

3.1.2. Consentimento: Solicitar, obter e conservar o Consentimento fornecido pelo Titular, quando necessário, em conformidade com os requisitos legais.

3.1.3. Finalidade Informada: Informar claramente ao Titular a finalidade específica para a coleta e o Tratamento de seus Dados Pessoais.

3.1.4. Segurança: Implementar e manter medidas de segurança técnicas e administrativas adequadas para proteger os Dados Pessoais contra adulteração, perda, consulta, uso ou acesso não autorizado.

3.1.5. Veracidade das Informações: Garantir que os Dados Pessoais compartilhados com o Operador sejam verdadeiros, completos e atualizados.

3.1.6. Atualizações: Atualizar prontamente as informações relacionadas aos Dados Pessoais e comunicar tais atualizações ao Operador.

3.1.7. Correções: Corrigir qualquer informação incorreta e notificar o Operador sobre as retificações realizadas.

3.1.8. Autorização Prévia: Fornecer ao Operador apenas Dados Pessoais cujo Tratamento tenha sido autorizado previamente pelo Titular ou pela legislação aplicável.

3.1.9. Exigência de Segurança do Operador: Exigir que o Operador adote condições adequadas de segurança e privacidade no Tratamento dos Dados Pessoais compartilhados.

3.1.10. Processamento de Reclamações: Processar consultas e reclamações apresentadas pelos Titulares, conforme os termos desta Política e da legislação vigente.

3.1.11. Disputas com Dados Pessoais: Informar o Operador sobre qualquer disputa ou controvérsia relacionada aos Dados Pessoais sob Tratamento.

3.1.12. Conformidade com a ANPD: Cumprir prontamente determinações, solicitações ou orientações emitidas pela Autoridade Nacional de Proteção de Dados (ANPD).

‍

3.2. Obrigações da YUNO como Operadora. Ao atuar como Operadora, a YUNO assume as seguintes responsabilidades:

‍

3.2.1. Garantia de Direitos: Assegurar que os direitos do Titular sejam plenamente respeitados e garantidos, em conformidade com as orientações do Controlador e a legislação aplicável.

3.2.2. Armazenamento Seguro: Armazenar os Dados Pessoais sob condições técnicas e organizacionais adequadas para garantir a segurança contra acessos não autorizados, perda, alteração ou qualquer uso indevido.

3.2.3. Atualização, Correção e Eliminação: Atualizar, corrigir ou eliminar Dados Pessoais de forma diligente e conforme solicitado pelo Controlador.

3.2.4. Notificação de Atualizações: Informar ao Controlador quaisquer alterações realizadas nos Dados Pessoais no prazo máximo de cinco (5) dias úteis após o recebimento de tal solicitação ou atualização.

3.2.5. Acesso Restrito: Assegurar que o acesso aos Dados Pessoais seja restrito a pessoas autorizadas e exclusivamente para as finalidades instruídas pelo Controlador.

3.2.6. Conformidade com a ANPD: Cumprir prontamente todas as determinações, solicitações ou orientações emitidas pela Autoridade Nacional de Proteção de Dados (ANPD), observando o papel de Operadora e as instruções do Controlador.

‍

3.3. Dados Pessoais coletados. A YUNO poderá coletar os seguintes Dados Pessoais, conforme aplicável: 

‍

3.3.1. Informações Pessoais: Nome e sobrenome, número de identificação, endereço, país de residência, nacionalidade, estado civil, data de nascimento, data de ingresso, gênero, número de telefone celular e e-mail (pessoal e corporativo).

‍

3.3.2. Informações Bancárias e Financeiras: Dados de conta bancária, instituição financeira, tipo de conta, informações de cartões de débito ou crédito, números de contas e informações transacionais (como nome do estabelecimento, data da compra e valor da transação).

3.3.3. Informações Profissionais e Educacionais: Cargo, nível educacional, informações de filiação a EPS, ARL ou caixa de compensação.

‍

3.3.4. Outras Informações: Quaisquer outros Dados Pessoais fornecidos pelo Titular, dependendo do formulário preenchido.

3.4. Nos casos em que a YUNO solicitar e coletar Dados Sensíveis, será informado ao Titular as finalidades específicas para o uso dessas informações, esclarecendo que o fornecimento é opcional, conforme previsto na legislação vigente.

‍

3.5. Os Dados Pessoais fornecidos pelo Titular serão utilizados exclusivamente para a prestação de serviços contratados com a YUNO e seus parceiros comerciais, respeitando-se os limites legais e contratuais aplicáveis.

‍

3.6. Transmissão de Dados Pessoais. A YUNO se compromete a adotar as medidas necessárias para garantir que a transmissão de Dados Pessoais para terceiros, seja para cumprir as finalidades do tratamento ou para delegar o tratamento a outros, seja feita de acordo com a política interna e os direitos dos titulares dos dados.

‍

3.7. Transferência de Dados Pessoais. Quando a YUNO transferir temporária ou definitivamente Dados Pessoais a terceiros, dentro ou fora do Brasil, esses terceiros se tornarão novos Controladores dos Dados Pessoais. Nesse caso, a YUNO adotará as medidas necessárias para preservar os direitos dos Titulares durante a transferência, de acordo com as disposições da autorização de uso de dados, se houver, e conforme previsto na legislação.

‍

3.8. Temporalidade no Tratamento. A YUNO manterá os Dados Pessoais apenas pelo tempo necessário para cumprir as finalidades descritas na política de privacidade. Uma vez que esses dados não sejam mais necessários, devem ser eliminados ou anonimizados.

‍

3.9. Tratamento especial aos Dados Pessoais de Menores de Idade. O Tratamento de Dados Pessoais de menores de idade será realizado considerando os direitos prevalentes das crianças e adolescentes, em conformidade com a legislação brasileira.

‍

3.10. Confidencialidade. YUNO se compromete a proteger a privacidade das informações dos usuários. Contudo, em casos em que existam ordens judiciais ou exigências legais, poderá ser necessário revelar essas informações para autoridades competentes, respeitando as disposições da lei

‍

3.11. Comunicação de informações. A YUNO poderá comunicar, transmitir ou transferir Dados Pessoais a terceiros localizados dentro ou fora do Brasil. Quando isso ocorrer, YUNO garante que as comunicações serão feitas em conformidade com a legislação vigente, tomando as medidas adequadas para garantir a segurança dos dados, como estabelecer garantias para o destino dos dados e assegurar que as transferências sejam feitas de maneira segura

‍

3.12. Os Dados Pessoais poderão ser compartilhados com empresas que fazem parte do mesmo grupo econômico da YUNO (especialmente com a empresa mexicana Yuno Tecnologias S.A.P.I. de C.V. e a empresa colombiana YUNO COLOMBIA S.A.S), estabelecimentos comerciais e parceiros com os quais a YUNO mantém uma relação contratual. Também pode haver compartilhamento de dados com terceiros que precisem desses dados para realizar o tratamento conforme as finalidades estabelecidas na política de privacidade

‍

3.13. Segurança. A YUNO garante que cumprirá o dever de confidencialidade sobre os Dados Pessoais e os armazenará enquanto houver obrigações legais ou contratuais que justifiquem sua manutenção, conforme a legislação aplicável. Medidas de segurança apropriadas serão implementadas para evitar alterações, perdas, acessos não autorizados ou Tratamento inadequado dos Dados Pessoais, sempre respeitando o estado da tecnologia disponível.

‍

3.14. A YUNO adota precauções para proteger as informações pessoais dos Titulares, tanto em ambiente online quanto offline. Sempre que informações confidenciais forem tratadas, serão aplicados protocolos de segurança de rede. A YUNO possui certificação Payment Card Industry Data Security Standard (PCI DSS), que assegura altos níveis de proteção.

‍

3.15. Para proteger a integridade dos dados, apenas colaboradores ou terceiros devidamente autorizados terão acesso às informações, limitados às atividades específicas que precisarem realizar. Os servidores onde a YUNO armazena os dados estão localizados em ambientes protegidos. Os Titulares estão cientes de que seus dados podem ser processados em servidores localizados dentro ou fora de seu país de residência.

‍‍

3.16. Mecanismos para obtenção do Consentimento. O Consentimento do Titular será obtido por meio de documento físico, eletrônico ou qualquer outro formato que permita sua posterior consulta. Ao atuar como Controladora, a YUNO garantirá que o Titular tenha conhecimento desta Política e dos direitos que lhe assistem.

‍‍

3.17. Prova do Consentimento. A YUNO adotará medidas para manter registros de quando e como o Consentimento foi obtido, assegurando sua rastreabilidade.

‍

4. PROCEDIMENTOS ESTABELECIDOS PARA GARANTIR O EXERCÍCIO DOS DIREITOS DOS TITULARES

‍

4.1. Atendimento de consultas e reclamações. Para qualquer questão relacionada a esta Política ou ao exercício de seus direitos, o Titular pode entrar em contato com a YUNO via e-mail para privacy@y.uno. Esses canais são administrados pelas áreas responsáveis por garantir a proteção dos direitos previstos no regime de proteção de Dados Pessoais

‍

4.2. Procedimento para consultas. Os Titulares ou seus representantes legais podem realizar consultas sobre seus Dados Pessoais registrados nas Bases de Dados, seja por escrito ou por meios eletrônicos descritos na cláusula anterior. A YUNO garantirá o direito de consulta, fornecendo todas as informações associadas ao Titular. As consultas serão respondidas no prazo máximo de dez (10) dias úteis a partir da data de recebimento. Caso não seja possível atender dentro desse prazo, o Titular será informado sobre os motivos do atraso e a nova data de resposta, que não poderá exceder cinco (5) dias úteis após o vencimento do prazo inicial.

‍

4.3. Procedimento para reclamações. Os Titulares ou seus representantes que considerarem que as informações contidas na Base de Dados estão incorretas, desatualizadas ou devem ser excluídas, ou que identificarem descumprimento de qualquer disposição legal ou desta Política, poderão apresentar uma reclamação. A reclamação deverá conter: (i) identificação do Titular; (ii) descrição detalhada dos fatos que fundamentam a reclamação; (iii) endereço para notificações; e (iv) documentos que comprovem os fatos alegados. Caso a reclamação seja apresentada de forma incompleta, o Titular será notificado para corrigi-la em até cinco (5) dias úteis. O não atendimento da notificação no prazo estabelecido implicará na desistência da reclamação. Reclamações completas serão processadas no prazo máximo de quinze (15) dias úteis. Caso não seja possível atender à reclamação dentro desse prazo, será informada uma nova data de resposta, que não poderá ultrapassar oito (8) dias úteis adicionais

‍

4.4. Queixas à ANPD. Antes de apresentar qualquer queixa à ANPD, o Titular ou seu representante deve esgotar os procedimentos de consulta e reclamação diretamente com a YUNO. 

‍

4.5. Notificação de Violação. A YUNO se compromete a notificar o Titular e a Autoridade Nacional de Proteção de Dados (ANPD) sobre qualquer incidente de segurança que possa acarretar risco ou dano aos Dados Pessoais, conforme exigido pela LGPD. A notificação será feita dentro dos prazos estabelecidos pela legislação

‍

5. FINALIDADE E VIGÊNCIA DA POLÍTICA

‍

5.1. Finalidade do Tratamento de Dados Pessoais. A YUNO poderá utilizar Dados Pessoais para fins laborais, comerciais, contratuais e financeiros, bem como para atividades relacionadas ao seu objeto social, incluindo: (i) Coletar Dados Pessoais e incluí-los em suas Bases de Dados; (ii) Facilitar o fluxo transacional entre atores no processo de pagamento e auxiliar no processamento das transações; (iii) Fornecer serviços contratados com a YUNO; (iv) Autenticar dados para mitigar fraudes; (v) Enviar mensagens promocionais e comunicações da YUNO; (vi) Desenvolver novos produtos ou serviços; (vii) Realizar operações administrativas; (viii) Emitir documentos fiscais e contábeis; (ix) Gerir recursos humanos; (x) Firmar contratos; (xi) Utilizar dados para fins internos ou comerciais; (xii) Estudar e melhorar seus serviços; (xiii) Cumprir obrigações legais.

‍

5.2. Vigência. Esta Política entra em vigor a partir da data de sua publicação. O período de vigência das Bases de Dados será regulado pelos princípios de finalidade e temporalidade.

‍

5.3. Alterações na Política. A YUNO poderá revisar e alterar esta Política conforme necessário. A versão mais recente estará disponível no site da YUNO e será comunicada aos Titulares em caso de alterações significativas.

‍

5.4. Encarregado pela Proteção de Dados Pessoais. A YUNO designou um Encarregado pela Proteção de Dados, disponível para contato pelo e-mail privacy@y.uno.

‍‍

5.5. Atualização da Política. Esta Política foi atualizada pela última vez em Dezembro de 2024 e será revisada anualmente. A versão mais recente está disponível no site: https://www.y.uno/privacy.

‍

1. ¿QUIÉNES SOMOS? 

‍

YUNO COLOMBIA S.A.S., sociedad comercial con NIT No. 901.568.211-4 (en adelante “YUNO” o la “Compañía” o “Nosotros”), es una compañía especializada en orquestación de pagos digitales para empresas a nivel global que a través de su plataforma permite integrar distintos métodos de pago de forma rápida, segura y eficiente.

‍

Nosotros somos Responsables (quién determina qué se hace con tus datos personales y como serán Tratados) del Tratamiento de tus Datos Personales a través de nuestro sitio web, procesamiento electrónico de datos que requieren el uso de nuestros servicios, nuestros procesos internos y a través de nuestros canales de atención dispuestos por YUNO.

‍

A continuación, nuestra información para tu conocimiento:

‍

Razón Social: YUNO COLOMBIA S.A.S.

NIT: 901.568.211-4

Dirección: Carrera 7 #73 – 55, Oficina 1202 Bogotá D.C. 

Correo Electrónico: privacy@y.uno

Sitio Web: https://www.y.uno/es

‍

2. ¿CUÁLES SON LAS NORMAS QUE RIGEN EL TRATAMIENTO DE TUS DATOS PERSONALES?

‍

Esta Política para el Tratamiento de Datos Personales (“Política”) de YUNO incorpora los mandatos contenidos en el Artículo 15 de la Constitución Política de Colombia, la Ley Estatutaria 1581 de 2012, el Decreto Único Reglamentario 1074 de 2015, la Ley 2300 de 2023, el Título V de la Circular Única de la Superintendencia de Industria y Comercio (“SIC”) y demás normas que las complementen, modifiquen o deroguen en materia de protección de datos personales (“RGPD”). 

‍

Esta Política complementa la Política Global de Privacidad de Yuno (“Política Global”), que establece los estándares mundiales de protección de datos personales para todas las entidades del Grupo Yuno. Solo en los aspectos no regulados y establecidos en esta Política, se aplicará la Política Global. Te recomendamos la lectura conjunta de ambas políticas. 

‍

En adición al cumplimiento con el RGPD, nuestras prácticas se alinean con estándares internacionales como el Reglamento General de Protección de Datos Personales de la Unión Europea (“GDPR”) para transmisiones internacionales y con la ISO/IEC 27001 para la gestión de la seguridad de la información.

‍

3. ¿CUÁL ES EL OBJETO DE ESTA POLÍTICA?

‍

Esta Política tiene como finalidad informarte como titular de los datos personales todos los aspectos relacionados con el tratamiento de tus datos personales, y la forma como YUNO garantiza tu derecho fundamental de habeas data. En esta Política podrás consultar: (i) Quién es el responsable del tratamiento de tus datos personales, (ii) el tratamiento al cual serán sometidos y las finalidades del mismo, (iii) los derechos que te asisten como titular de los datos personales, (iv) el área responsable encargada de atender las peticiones, consultas y reclamos de los titulares, (v) el procedimiento para que puedas ejercer tus derechos y (vi) la fecha de entrada en vigencia de la Política.  

‍

4. ¿A QUÉ Y A QUIÉNES APLICA ESTA POLÍTICA?

‍

Esta Política aplica al tratamiento de los datos personales que sean recolectados, almacenados, usados, transmitidos o transferidos por YUNO o por terceros designados por este, ya sea en calidad de Responsable y/o Encargado del tratamiento.  Los lineamientos de esta Política aplican al tratamiento de los datos personales de clientes, empleados y exempleados, candidatos, aliados comerciales, proveedores y cualquier persona natural cuyos datos sean tratados por YUNO.

‍

YUNO se compromete a que toda la información recopilada será tratada bajo un enfoque de minimización de datos, es decir, solo se capturarán aquellos datos estrictamente necesarios para cumplir con las finalidades establecidas en esta Política.

‍

Esta Política complementa la Política Global de Yuno, donde se definen los roles específicos de Yuno como Responsable (datos corporativos) y Encargado (datos de usuarios finales de merchants). 

‍

5. ¿CUÁLES SON LOS PRINCIPIOS QUE RIGEN EL TRATAMIENTO DE TUS DATOS PERSONALES?

‍

5.1. De conformidad con el RGPD y la Política Global de YUNO, estos son los principios que aplican al Tratamiento de Datos Personales: 

‍

1. Principio de legalidad. El Tratamiento de datos personales es una actividad reglada que debe sujetarse a lo establecido en la Ley 1581 de 2012, el Decreto 1377 de 2013, el Decreto 1074 de 2015 y en las demás disposiciones que la desarrollen, modifiquen o complementen.
2. Principio de finalidad. Los Datos Personales solo serán tratados para las finalidades legítimas e informadas al titular.
3. Principio de libertad. El Tratamiento se realizará con el consentimiento previo, expreso e informado del titular, salvo las excepciones previstas en la ley.
4. Principio de veracidad o calidad. La información sujeta a tratamiento será veraz, completa, exacta, actualizada, comprobable y comprensible.
5. Principio de transparencia. Se garantizará el derecho del titular a obtener información sobre sus datos Personales y su tratamiento en cualquier momento.
6. Principio de acceso y circulación restringida. El tratamiento se sujeta a los límites que impone la ley y solo podrán acceder a los datos las personas autorizadas.
7. Principio de seguridad. YUNO implementará medidas de seguridad técnicas, humanas y administrativas para garantizar la protección de los datos personales.
8. Principio de confidencialidad. Todas las personas que intervengan en el tratamiento de datos personales están obligadas a garantizar la reserva de la información, incluso después de finalizada su relación con las labores que comprenden el tratamiento.
9. Principio de Responsabilidad Demostrada: Aquel que se basa en el enfoque del reconocimiento y del compromiso de las organizaciones a los efectos de incrementar los estándares de protección para procurar y garantizar a las personas un tratamiento adecuado de tus Datos Personales. Este principio comporta para nosotros una obligación de rendir cuentas sobre tus actividades en materia de protección de datos personales, aceptar responsabilidad sobre ellas y divulgar los resultados de manera transparente.
10. Principio de protección de Datos Personales Sensibles. Solo se realizará Tratamiento de Datos Sensibles cuando sea estrictamente necesario y con la autorización del Titular, garantizando medidas adicionales de seguridad.
11. Principio de protección de Datos Personales de Menores de Edad. El Tratamiento de datos de menores se efectuará respetando sus derechos prevalentes y con autorización expresa de sus representantes legales.
12. Principio de temporalidad: El periodo de conservación de los datos personales será el necesario para alcanzar la finalidad para la cual se han recolectado.
13. Principio de proporcionalidad: Los datos personales que se recolecten y traten deberán ser adecuados, pertinentes y limitados a lo necesario en relación con las finalidades para las que son tratados.

‍

6. ¿CUÁLES SON TUS DERECHOS COMO TITULAR?

‍

6.1. Como titular de los datos personales tienes los siguientes derechos:

‍

1. Derecho de acceder de forma gratuita a los datos proporcionados que hayan sido objeto de tratamiento. El acceso está permitido solamente a los titulares de datos personales que correspondan a las personas naturales a los que se refieren, previa acreditación de tu identidad como titular, legitimidad, o capacidad de tu representante legal, poniendo a disposición tuya, sin costo alguno, de manera pormenorizada y detallada, los respectivos datos personales tratados, a través de cualquier medio de comunicación, incluyendo los electrónicos. El acceso se garantizará sujeto a los límites establecidos en el artículo 21 del Decreto 1377 de 2013.  

‍

2. Consulta. En tu calidad de Titular puedes consultar tus datos personales que se encuentren en nuestras bases de datos. Por ello, garantizamos tu derecho de consulta conforme a lo dispuesto en el RGPD. Para efectos de proceder con la consulta, realizaremos una autenticación que permita identificarte de manera segura antes de revelar cualquier información de carácter personal. 

‍

3. Derecho de rectificación y actualización. YUNO se obliga a rectificar y actualizar tu información personal incompleta o inexacta de conformidad con el procedimiento y los términos señalados en la Sección 7 de esta Política. Lo anterior, siempre y cuando, no se trate de datos contenidos en los registros públicos. Al respecto, tendremos en cuenta lo siguiente: 1. en las solicitudes de rectificación y actualización de Datos Personales, debes indicar las correcciones a realizar y aportar la documentación que avale tu petición; 2. tenemos plena libertad de habilitar mecanismos que faciliten el ejercicio de este derecho, siempre y cuando lo beneficien como titular de los Datos Personales. En consecuencia, podremos habilitar medios electrónicos u otros que consideremos pertinentes y seguros para un mejor ejercicio de tus derechos.  

‍

4. Derecho de supresión. Tienes el derecho en todo momento a solicitarnos la supresión de tus datos personales, siempre y cuando, no lo impida un deber legal o contractual. 

‍

5. Derecho de revocatoria de la autorización.   Puedes revocar en cualquier momento, el consentimiento al tratamiento de éstos, siempre y cuando, no lo impida una disposición legal o contractual. 

‍

6. Derecho a presentar quejas y reclamaciones o a ejercer acciones en torno al Tratamiento de sus Datos Personales.  Tienes derecho a presentar quejas ante la Superintendencia de Industria y Comercio por las infracciones al RGPD.

‍‍

7. Derecho a solicitar prueba de la autorización otorgada. Tienes derecho a solicitar prueba de la autorización para el tratamiento de tus datos personales sin costo alguno a través de nuestros canales de atención. Es importante que tengas en cuenta que existen algunas excepciones en las cuales no se requiere tu autorización como emergencia médica o sanitaria, datos públicos, requerimiento de entidades administrativas o jueves por lo cual en estos casos si tus datos se trataron de esta forma no tendremos copia de la autorización. Sin embargo, es algo excepcional.

‍

8. Abstenerte de responder las preguntas sobre datos sensibles o de menores edad. Tendrá carácter facultativo las respuestas que versen sobre datos sensibles o sobre datos de las niñas, niños y adolescentes.

‍

9. Ser informado por YUNO, respecto del uso que le ha dado a sus Datos Personales.

‍

7. ¿CÓMO PUEDES EJERCER TUS DERECHOS?

‍

7.1. Requisitos Generales

‍

En desarrollo de la garantía constitucional de Habeas Data, tus derechos pueden ser ejercidos por:

‍

1. El titular de los datos personales, 
2. Los causahabientes de los titulares quienes deberán acreditar dicha calidad,
3. Por el representante legal y/o apoderado del titular de la información, quien deberá acreditar dicha calidad y/o,
4. Por quienes ejerzan representación legal del menor, quienes deberán acreditar dicha calidad. 

‍

Así, en cumplimiento de las normas sobre protección de datos personales, YUNO presenta el procedimiento y requisitos mínimos para el ejercicio de tus derechos. 

‍

En todo momento puedes ejercer tus derechos antes descritos, enviando una solicitud cualquier de los siguientes canales de contacto: 

‍

• Dirección: Carrera 7 #73-55, Bogotá D.C., Colombia.
• Correo Electrónico: privacy@y.uno.
• Sitio Web: https://www.y.uno/es

‍

El asunto de la solicitud debe ir señalada como "Ejercicio Derechos Habeas Data" y debe contener la siguiente información:

‍

• Nombre completo y apellidos.
• Datos de contacto (dirección física y/o electrónica y teléfonos de contacto).
• Medios para recibir respuesta a su solicitud.
• Los documentos que acrediten tu identidad o, en su caso, la representación legal de aquella persona que ejerza el derecho en tu nombre.
• Motivo(s)/hecho(s) que dan lugar al reclamo con una breve descripción del hecho que deseas ejercer (conocer, actualizar, rectificar, solicitar prueba de la autorización otorgada, revocarla, suprimir, acceder a la información).
• Firma (si aplica) y número de identificación. 
• Cualquier otro elemento o documento que facilite la localización de tus datos personales.

‍

En cada caso en el canal de atención se indicará la información necesaria para dar trámite al ejercicio de tus derechos. Nos autorizas a brindarte respuesta al correo electrónico que nos compartas en tu solicitud. 

‍

Es tu responsabilidad comunicar cualquier cambio en tus datos personales para que sea tomado en cuenta y mantener tus datos debidamente actualizados, con la finalidad de asegurar la calidad de los datos personales y garantizar que sean exactos.

‍

7.2. Particularidades de cada trámite

‍

1. Consultas

‍

Podrás presentar una consulta para conocer tu información personal que reposa en cualquier base de datos de YUNO.

‍

YUNO te comunicará la decisión a tu consulta en un plazo máximo de diez (10) días hábiles una vez recibida tu consulta. Cuando no sea posible atender la consulta en este plazo, te informaremos señalando los motivos de la demora y se atenderá en un plazo adicional no mayor a cinco (5) días hábiles.

‍

2. Reclamos (rectificación, actualización, supresión o revocación)

‍

Cuando consideres que tu información contenida en una base de datos de YUNO debe ser objeto de corrección, actualización, supresión o revocatoria, o adviertas un posible incumplimiento respecto del tratamiento de tus datos personales podrás presentar un reclamo.

‍

Daremos respuesta a tu reclamo dentro de los quince (15) días hábiles a partir de la fecha en la que recibas tu solicitud. Cuando no sea posible atender el reclamo en este plazo, te informaremos señalando los motivos de la demora y se atenderá en un plazo adicional no mayor a (8) días hábiles.

‍

En caso de que el reclamo sea incompleto, te comunicaremos dentro de los cinco (5) días hábiles para que corrijas, aclares o subsanes tu solicitud. En este caso, tendrás dos (2) meses para subsanar tu solicitud o de lo contrario se entenderá que desististe de tu reclamo.

‍

Cuando no seamos la entidad competente para resolver el reclamo, se dará traslado a quien corresponda en un término máximo de dos (2) días hábiles y se te informará de dicha situación.

‍

En caso de solicitar la supresión de tus datos personales, YUNO analizará tu solicitud y verificará si es procedente, en tanto exista un deber contractual o legal de permanecer en la base de datos. Así mismo, respecto de la revocatoria de la autorización para el tratamiento de datos personales YUNO analizará si existe un deber contractual o legal de permanecer en la base de datos. 

‍

En caso de que no los podamos eliminar por completo tus datos personales, por existir una obligación legal o contractual o para fines de defensa judicial (actual o futura), tomaremos las medidas necesarias para minimizar tu asociación con los datos personales y únicamente los trataremos para fines estrictamente relacionados con el cumplimiento de obligaciones legales o contractuales, y de defensa judicial. 

‍

Todas las referencias a la supresión de datos personales y revocatoria de la autorización se aplican también a los encargados de datos personales contratados por YUNO que tengan acceso a tus datos personales.

‍

3. Suplantaciones

‍

En el caso de que consideres ser víctima del delito de falsedad personal contemplado en el código penal puedes presentar una petición de corrección adjuntando los soportes correspondientes. Una vez se reciba la solicitud, dentro de los diez (10) días siguientes cotejaremos los documentos e información en Nuestros sistemas, con los documentos e información que nos compartas en tu solicitud, los cuales se tendrán como prueba sumaria para probar la falsedad. En caso de validarse la presunta suplantación se incluirá la leyenda “víctima de falsedad personal”.

‍

8. ¿CUÁLES SON LAS OBLIGACIONES DE YUNO COMO RESPONSABLE?

‍

8.1 Cuando YUNO actué como responsable por el tratamiento de tus datos personales cumplirá con las siguientes obligaciones:

‍

1. Garantizar al titular, en todo tiempo, el pleno y efectivo ejercicio del derecho de Hábeas Data; 
2. Solicitar y conservar, en las condiciones previstas en la presente ley, copia de la respectiva autorización otorgada por el titular. 
3. Informar debidamente al titular sobre la finalidad de la recolección y los derechos que le asisten por virtud de la autorización otorgada; 
4. Conservar la información bajo las condiciones de seguridad necesarias para impedir su adulteración, pérdida, consulta, uso o acceso no autorizado o fraudulento; 
5. Garantizar que la información que se suministre al encargado del tratamiento sea veraz, completa, exacta, actualizada, comprobable y comprensible; actualizar la información, comunicando de forma oportuna al encargado del tratamiento, todas las novedades respecto de los datos que previamente le haya suministrado y adoptar las demás medidas necesarias para que la información suministrada a este se mantenga actualizada; 
6. Rectificar la información cuando sea incorrecta y comunicar lo pertinente al encargado del tratamiento; 
7. Suministrar al encargado del tratamiento, según el caso, únicamente datos cuyo tratamiento esté previamente autorizado de conformidad con lo previsto en la RGPD;
8. Exigir al encargado del tratamiento en todo momento, el respeto a las condiciones de seguridad y privacidad de la información del titular; 
9. Tramitar las consultas y reclamos formulados en los términos señalados en la RGPD; 
10. Adoptar un manual interno de políticas y procedimientos para garantizar el adecuado cumplimiento de la RGPD y en especial, para la atención de consultas y reclamos; 
11. Informar al encargado del tratamiento cuando determinada información se encuentra en discusión por parte del titular, una vez se haya presentado la reclamación y no haya finalizado el trámite respectivo; 
12. Informar a solicitud del titular sobre el uso dado a tus datos; 
13. Informar a la autoridad de protección de datos SIC cuando se presenten violaciones a los códigos de seguridad y existan riesgos en la administración de la información de los titulares. 
14. Cumplir las instrucciones y requerimientos que imparta la SIC.

‍

9. ¿CUÁLES SON LAS OBLIGACIONES DE YUNO COMO ENCARGADO?

‍

9.1. Cuando YUNO actué como encargado por el tratamiento de tus datos personales cumplirá con las siguientes obligaciones:

‍

1. Garantizar al titular, en todo tiempo, el pleno y efectivo ejercicio del derecho de hábeas data.
2. Conservar la información bajo las condiciones de seguridad necesarias para impedir su adulteración, pérdida, consulta, uso o acceso no autorizado o fraudulento.
3. Realizar oportunamente la actualización, rectificación o supresión de los Datos Personales en los términos de la ley.
4. Actualizar la información reportada por el Responsable del Tratamiento dentro de los quince (15) días hábiles siguientes contados a partir de su recibo.
5. Tramitar las consultas y los reclamos formulados por los Titulares en los términos señalados en la Política y en la ley.
6. Registrar en la Base de Datos Personales la leyenda “reclamo en trámite” en la forma como lo regula la ley, respecto de aquellas consultas, quejas
7. Anotar en la Base de Datos Personales la leyenda “información en discusión judicial” una vez notificado por parte de la autoridad competente sobre procesos judiciales relacionados con la calidad del Dato Personal.  
8. Abstenerse de circular información que esté siendo controvertida por el Titular y cuyo bloqueo haya sido ordenado por la SIC.  
9. Permitir el acceso a la información únicamente a las personas que pueden tener acceso a ella. 
10. Informar a la SIC cuando se presenten violaciones a los códigos de seguridad y existan riesgos en la administración de la información de los titulares.  
11. Cumplir las instrucciones y requerimientos que imparta la SIC.  

‍

10. ¿CÓMO OBTENEMOS LA AUTORIZACIÓN PARA EL TRATAMIENTO DE TUS DATOS PERSONALES?

‍

10.1. Obtendremos tu Autorización mediante documento físico, electrónico o en cualquier otro formato que permita garantizar su posterior consulta. Cuando actuemos como Responsable, la Autorización la otorgará el Titular a YUNO, o a quien éste designe, y garantizaremos que se informe esta Política y los derechos que te asisten como titular de la información personal. Solo trataremos datos personales sin tu autorización cuanto exista una excepción establecida en el RGPD, lo cual es excepcional.  

‍

10.2. YUNO, y/o a quien éste designe, adoptará las medidas que sean necesarias para mantener registros de cuándo y cómo obtuvo tu autorización para el tratamiento de los datos personales.

‍

11. ¿CÓMO PODREMOS RECOLECTAR O TRATAR TUS DATOS PERSONALES?

‍

11.1. Tratamiento de tus Datos Personales

‍

YUNO, en su calidad de responsable de la información personal, podrá recoger y procesar los datos personales de forma manual o automatizada tales como nombres y apellido, número de identificación, dirección, país de residencia, nacionalidad, estado civil, fecha de nacimiento, fechas de ingreso, género, número celular, correo electrónico (personal y corporativo), información bancaria y financiera (entre la cual se incluye datos de cuenta bancaria, entidad financiera, tipo de cuenta, información de tarjeta débito o crédito, números de cuentas), información transaccional (entre la cual se incluye el nombre del comercio, fecha de la compra y monto de la transacción), información de afiliación a EPS, ARL o caja de compensación, cargo, nivel de estudios y cualquier otro dato personal suministrado. Dependiendo del formulario al que acuda el usuario, esta información puede o no ser requerida.  

‍

Los Datos Personales entregados por el Titular serán usados para efectos de prestar los servicios que estos contraten con YUNO y sus establecimientos comerciales aliados.  

‍

11.2. Tratamiento de Datos Personales Sensibles

‍

Solo trataremos datos personales sensibles para lo estrictamente necesario, solicitando el consentimiento previo y explícito a los titulares (representantes legales, apoderados, causahabientes) e informándoles sobre la finalidad exclusiva para su tratamiento. Trataremos datos de tipo sensible en las siguientes circunstancias: 

‍

1. El tratamiento haya sido autorizado expresamente por el titular de los datos sensibles, salvo en los casos que, por Ley, no se requiera el otorgamiento de dicha autorización.
2. El tratamiento sea necesario para salvaguardar el interés vital del titular y éste se encuentre física o jurídicamente incapacitado. En estos eventos, los representantes legales deberán otorgar la autorización. 
3. El tratamiento se refiera a datos que sean necesarios para el reconocimiento, ejercicio o defensa de un derecho en un proceso judicial;
4. El tratamiento que tenga una finalidad histórica, estadística o científica o, dentro del marco de procesos de mejoramiento; este último, siempre y cuando se adopten las medidas conducentes a la supresión de identidad de los titulares o el dato este disociado, es decir, el dato sensible sea separado de la identidad del titular y no sea identificable o no se logre identificar a la persona titular del dato o datos sensibles.

‍

YUNO siempre: 

‍

1. Informa que por tratarse de datos sensibles no está obligado a autorizar su tratamiento.
2. Informa de forma explícita y previa, además de los requisitos generales de la autorización para la recolección de cualquier tipo de dato personal, cuáles datos objeto de tratamiento son de carácter sensible, la finalidad aplicada, y obtener tu consentimiento explícito.
3. No condicionar ninguna actividad a que nos suministre datos personales sensibles (salvo que exista una causa legal o contractual para hacerlo).

‍

11.3. Tratamiento de tus Datos Personales de Menores de Edad

‍

YUNO solo tratará los datos personales de menores de edad cuando: (i) Sean de naturaleza pública, (ii) provengan de la información suministrada por empleados o contratistas, (iii) cuando su tratamiento se encuentre debidamente autorizado por los padres o representantes legales de la niña, niño o adolescente. 

‍

El tratamiento siempre cumplirá con los siguientes parámetros y requisitos:  

‍

1. Que responda y respete el interés superior de los niños, niñas y adolescentes.
2. Que se asegure el respeto de sus derechos fundamentales.

‍

12. ¿PARA QUÉ FINALIDADES USAMOS TUS DATOS PERSONALES?

‍

12.1. Finalidades Generales del Tratamiento de Datos Personales  

‍

Los Datos Personales de todos los Titulares que sean tratados por YUNO serán tratados para las siguientes finalidades:

‍

1. Cumplir con las obligaciones derivadas de la relación jurídica o vínculo comercial que tenga con YUNO.
2. Llevar a cabo actividades de gestión de administración, cumplimiento de obligaciones legales, venta, recaudo y cobro de sus obligaciones con YUNO.
3. Recabar, tener, manejar y utilizar la información para realizar control y prevención del fraude, control y prevención de lavado de activos y financiación del terrorismo, programas de transparencia y ética empresarial, y otros controles de responsabilidad empresarial. 
4. Gestionar, administrar y mantener actualizadas nuestras bases de datos, lo cual incluye gestiones de actualización de datos a través de correo electrónico, WhatsApp, SMS, Facebook, Messenger, Instagram, mensajes push, llamadas y videollamadas atendidas por agentes humanos y/o digitales.  
5. Para la grabación, transmisión, almacenamiento, conservación o reproducción en tiempo real o posterior de imágenes por sistemas de videovigilancia, controles de acceso, circuitos cerrados de televisión con el fin de garantizar la seguridad de los bienes y las personas en las instalaciones o sedes de YUNO.
6. Cumplimiento de deberes y obligaciones legales de YUNO.
7. Transmitir la información recolectada a terceros dentro y fuera del territorio nacional, ya sean o sociedades afiliadas o vinculadas económicamente con YUNO y los prestadores de servicios con los que YUNO contrate el almacenamiento, procesamiento y administración de los datos personales, bajo los estándares de seguridad y confidencialidad de YUNO.
8. Transferir los datos personales a terceros, aliados, sociedades afiliadas o vinculadas económicamente con YUNO, ubicados en cualquier país, que brinde un nivel de protección de datos personales igual o mayor al de Colombia.

‍

12.2. Finalidades particulares para Clientes de YUNO

‍

1. Facilitar la gestión de relaciones comerciales, administrar la información para fines de contacto comercial, atención al cliente, soporte y cumplimiento contractual.
2. Registrar, dar seguimiento y trazabilidad al ciclo de prospección comercial a través de nuestros aliados, o directamente mediante ferias, eventos de correo electrónico, WhatsApp, SMS, Facebook, Messenger, Instagram, mensajes push, llamadas y videollamadas atendidas por agentes humanos y/o digitales.
3. Analizar características, comportamientos e intereses para la identificación de oportunidades de negocio.
4. Enviar propuestas y realizar seguimiento a oportunidades de negocio.
5. Utilizar los datos para fines administrativos internos o comerciales tales como: elaboración y presentación de cotizaciones, facturas, referencias comerciales de experiencia, investigación de mercados y análisis estadísticos.  
6. Contactarlo para brindarle asesoría, actividades promocionales, de mercadeo, fidelización, publicidad, encuestas de satisfacción y otra información basada en el perfil y preferencias, a nombre nuestro o de nuestros aliados  a través de correo electrónico, WhatsApp, SMS, Facebook, Messenger, Instagram, mensajes push, llamadas y videollamadas atendidas por agentes humanos y/o digitales.
7. Segmentar estratégicamente el mercado según los criterios comerciales de YUNO para mejorar los procesos de venta.
8. Desarrollo de nuevos productos de YUNO.
9. Realizar transacciones, cobros y pagos para el cumplimiento de las obligaciones contractuales con YUNO.
10. Adelantar gestiones de cobro a través de correo electrónico, WhatsApp, SMS, Facebook, Messenger, Instagram, mensajes push, llamadas y videollamadas atendidas por agentes humanos y/o digitales.

‍

12.3. Finalidades particulares para Candidatos a Empleo de YUNO

‍

1. Dar trámite al proceso de evaluación y selección, para lo cual analizaremos tus datos de identificación, datos de contacto, ubicación personal y profesional, referencias personales y profesionales, y nivel académico para determinar tu aptitud conforme al perfil requerido.
2. La consulta y reporte en listas restrictivas y las listas vinculantes para Colombia, listas de personas expuestas políticamente y a operadores de información, para la prevención y mitigación de lavado de activos, financiación de terrorismo, corrupción, soborno transnacional, riesgos financieros, de suplantación y/o fraude. 
3. La consulta a información sobre tu historial financiero, comercial, crediticio ante operadores de bases de datos, e información relacionada con tu situación laboral e ingresos salariales en operadores de información crediticia, PILA, de seguridad social, administradoras de fondos y cesantías, actualización de tus datos o verificar tus datos.

‍

12.4.  Finalidades particulares para Empleados y Exempleados de YUNO

‍

1. La consulta y reporte en listas restrictivas y las listas vinculantes para Colombia, listas de personas expuestas políticamente y a operadores de información, para la prevención y mitigación de lavado de activos, financiación de terrorismo, corrupción, soborno transnacional, riesgos financieros, de suplantación y/o fraude.
2. La consulta a información sobre tu historial financiero, comercial, crediticio ante operadores de bases de datos, e información relacionada con tu situación laboral e ingresos salariales en operadores de información crediticia, PILA, de seguridad social, administradoras de fondos y cesantías, actualización de tus datos o verificar tus datos.
3. Desarrollar y gestionar la relación laboral, como registro de días trabajados, incapacidades, vacaciones, permisos, realizar pagos conforme a la legislación laboral y tu contrato de trabajo, beneficios extralegales y otros conceptos, evaluaciones de desempeño.
4. Administración y control de acceso a instalaciones físicas, información de usuarios y contraseñas, acceso y uso de herramientas de trabajo y sistemas de información para validación de identidad. Recuerda que no estás obligado a entregar datos personales de carácter sensible. 
5. Realizar los aportes y reportes al sistema de seguridad social. Esto puede incluir la información de tu núcleo familiar, y en caso de contener datos de menores de edad se dará aplicación a la autorización y el tratamiento correspondiente a los datos de esta naturaleza. Recuerda que no estás obligado a entregar datos sobre menores de edad. 
6. Actividades de formación acordes a tu perfil, o en las cuales decidas participar, gestión de programas de beneficios, y actividades de prevención y administración de riegos profesionales. 
7. Contactarte para gestionar la relación laboral a través de Whatsapp, correo electrónico, mensajería instantánea, teléfono, SMS y dirección física a los datos de contacto que nos compartas. 
8. Atender emergencias médicas, sanitarias o de carácter general que se puedan presentar en el sitio de trabajo o con ocasión de tus labores. 
9. Compartir tus datos personales con terceros aliados para gestionar la relación laboral, como liquidaciones en PILA y gestión de nómina.
10. Compartir tus datos personales con terceros aliados que ofrezcan beneficios a Nuestros trabajadores activos. 
11. Mantener en Nuestro archivo la información estrictamente necesaria para el cumplimiento de nuestras obligaciones legales como empleador.

‍

12.5. Finalidades particulares para Proveedores de YUNO

‍

1. Administrar la evaluación, selección, vinculación y cumplimiento contractual con proveedores.
2. Cumplir con las obligaciones derivadas de la relación jurídica o vínculo comercial que se tenga o llegue a tener con YUNO.
3. Como parte de la gestión de nuestras bases de datos, registrarlo como proveedor, aliado, contratista y otro carácter que pueda tener con base en la relación jurídica o vínculo comercial que pueda tener con YUNO.
4. Gestionar procesos de cobro, facturación, registro de operaciones contables y cumplimiento de obligaciones tributarias.
5. Realizar una validación de identidad, perfil financiero y comercial, validación de sus licencias, habilitaciones y otras autorizaciones que requiera para la prestación de sus servicios.
6. Contactarlo respecto de la ejecución de la relación jurídica o vínculo comercial que se tenga o se llegue a tener con YUNO a través de correo electrónico.
7. Proporcionar acceso a las instalaciones de YUNO.

‍

13. TRANSMISIÓN DE DATOS PERSONALES A TERCEROS

‍

No entregaremos tus datos personales a otras entidades sin antes obtener tu previo consentimiento. Ahora bien, se podrá realizar la transmisión cuando:

‍

• La transmisión de tus datos personales fuese necesaria para la prestación efectiva y cumplimiento de nuestras obligaciones contractuales;
• Sea necesaria para permitir a los proveedores, contratistas o colaboradores prestar los servicios encomendados;
• Sea necesario para permitir que terceros que prestan servicios de marketing a nuestro nombre o a otras entidades con las cuales tengamos acuerdos de mercado conjunto;
• Sea requerido o permitido por la ley.

‍

Sin perjuicio de lo anterior, para realizar una transmisión de tus datos personales a terceros encargados ubicados en Colombia o en el exterior, debe existir: (i) una autorización previa, expresa e informada por parte suya, o (ii) un contrato de transmisión de datos personales que contenga por lo menos lo siguiente:

‍

• Los alcances de las obligaciones del encargado del tratamiento de datos personales.
• Las actividades que el encargado deberá realizar por nuestra cuenta con tu información personal.
• Las obligaciones del encargado con respecto al titular y YUNO.
• La obligación del encargado de dar cumplimiento a las obligaciones contempladas en el aviso de privacidad y el manual interno de políticas y nuestros procedimientos.
• La obligación del encargado de realizar el tratamiento de los datos personales de acuerdo con las finalidades autorizadas por los titulares y con legislación aplicable.
• La obligación del encargado de dar tratamiento, por cuenta del responsable, a los datos personales conforme a los principios que los tutelan.
• La obligación del encargado de salvaguardar la seguridad de las bases de datos en los que se contengan datos personales.
• La obligación del encargado de guardar confidencialidad respecto del tratamiento de los datos personales.

‍

14. TRANFERENCIA DE DATOS PERSONALES A TERCEROS PAISES

‍

Se considera una transferencia internacional cualquier Tratamiento que suponga un envío de datos personales fuera del territorio colombiano. La transferencia de tus datos personales a terceros países solamente se realizará cuando exista autorización previa, expresa e informada del Titular, y el país cuente con un nivel adecuando de protección de Datos Personales de conformidad con la SIC.

‍

Sin embargo, cuando ocurra cualquiera de las siguientes circunstancias se podrá enviar los Datos Personales a países que no cuenten con un nivel adecuado de Datos Personales cuando:

‍

1. Se tenga autorización previa, expresa, informada e inequívoca del Titular.
2. Intercambio de datos personales de carácter médico cuando exista una emergencia que así lo exija.
3. Transferencias bancarias o bursátiles, conforme a la legislación que les resulte aplicable.
4. Transferencias acordadas en el marco de tratados internacionales en los cuales la República de Colombia sea parte, con fundamento en el principio de reciprocidad.
5. Transferencias necesarias para la ejecución de medidas precontractuales siempre y cuando se cuente con la autorización del Titular.
6. Transferencias legalmente exigidas para la salvaguardia del interés público, o para el reconocimiento, ejercicio o defensa de un derecho en un proceso judicial.
7. Cuando la SIC emita una declaración de conformidad.

‍

Tus Datos Personales podrán ser transferidos o transmitidos a otras entidades que componen el Grupo Yuno, (es decir, Yuno Payments Limited (Islas Caimán) y sus subsidiarias directas e indirectas, incluyendo Yuno Payments LLC (EE. UU.), Smart Routing Pte Ltd (Singapur), Yuno USA LLC (EE. UU.), Yuno Tecnologías SAPI de CV (México), Yuno Colombia SAS (Colombia), y Yuno Intermediações de Serviços Ltda (Brasil)), así como a los establecimientos de comercio (Comercios) y aliados comerciales (Aliados) con los que YUNO Colombia tenga una relación contractual vigente, y a terceros Encargados que requieran la información para su Tratamiento de acuerdo con las finalidades contenidas en la presente Política y los contratos respectivos.

‍

15. ¿POR CUÁNTO TIEMPO TRATAREMOS TUS DATOS PERSONALES?

‍

Los Datos Personales recolectados por YUNO serán tratados únicamente durante el tiempo necesario para cumplir con las finalidades descritas en esta Política. Una vez cumplidas dichas finalidades, los datos serán suprimidos, salvo que exista una obligación legal que requiera su conservación.

‍

16. ¿CÓMO GARANTIZAMOS LA SEGURIDAD DE TUS DATOS PERSONALES?

‍

YUNO garantiza que cumplirá con el deber de confidencialidad sobre los datos del usuario y los conservará hasta que el usuario comunique su voluntad de darse de baja o mientras existan obligaciones legales o contractuales que justifiquen mantener los datos, de acuerdo con la normativa vigente. YUNO adoptará las medidas de seguridad exigidas por la legislación aplicable para evitar, en relación con los datos personales del Titular, su alteración, pérdida, tratamiento o acceso no autorizado, siempre de acuerdo con el estado de la tecnología disponible.  

‍

YUNO toma precauciones para proteger la información personal de los Titulares, la cual es objeto de salvaguarda tanto on-line como off-line. El Titular acepta y reconoce que cada vez que YUNO recopila información personal, la cual tendrá connotación confidencial en sus sistemas, esa información es entregada y Tratada de forma segura mediante protocolos de seguridad de red. Para tal fin, se informa que YUNO cuenta con una certificación Payment Card Industry Data Security Standard (PCI DSS), versión 3.2.1, el cual es un estándar de seguridad de datos en la industria de pagos que acredita que la compañía ha adoptado altos niveles de protección.  

‍

Para proteger la integridad de la información, solo los empleados que lo necesiten, o terceros debidamente habilitados, tendrán acceso a ella en atención a los trabajos específicos que deban adelantar. Las computadoras y servidores en los que YUNO almacena la información se mantienen en un entorno seguro de protección. El Titular acepta y reconoce que YUNO puede procesar, mediante encargos, la información personal del Titular en un servidor ubicado dentro o fuera del país en donde reside.  

‍

Las violaciones de seguridad que constituyan riesgo para los derechos de los titulares serán notificadas a la SIC dentro de 72 horas conforme al artículo 17 de la Ley 1581 de 2012.

‍

17. ACTUALIZACIÓN DE LA POLÍTICA

‍

YUNO podrá revisar las disposiciones contenidas en esta Política y realizar las modificaciones que estime pertinentes. Cuando se realice un cambio sustancial en esta Política que pueda afectar el contenido de la Autorización, YUNO te comunicará estos cambios antes de que sean implementados. Cuando exista un cambio en las finalidades del tratamiento obtendremos una nueva autorización antes de implementar el cambio.   

‍

18. VIGENCIA

‍

Esta Política se actualizó por última vez en 01 de 07 de 2025. La versión más actualizada de la Política estará vigente en la Página Web de https://www.y.uno/privacy 

‍

El presente Política entra en vigor a partir del 01 de 08 de 2025. El periodo de vigencia de las bases de datos se regirá por las disposiciones que rigen la materia conforme a los principios de finalidad y temporalidad de la información.  

‍

Anexo No.1

Definiciones

‍

Las siguientes definiciones se deberán tener en cuenta para la interpretación de esta Política y se usarán indistintamente en singular o plural sin que por ello se altere su significado:

‍

1. Autorización. Consentimiento previo, expreso e informado del Titular para llevar a cabo el Tratamiento de los Datos Personales.
2. Base de Datos Personales. Conjunto organizado de Datos Personales tratados por YUNO o quien este designe.
3. Consentimiento. Es una manifestación de voluntad, informada, libre e inequívoca, a través de la cual el Titular de los datos de carácter personal autoriza a un tercero a tratar sus Datos Personales.
4. Consulta. El derecho de los Titulares o sus causahabientes a consultar los Datos Personales del Titular que repose en cualquier base de datos. El Responsable del Tratamiento o el Encargado del Tratamiento deberán suministrar la información contenida en el registro individual o que esté vinculada con la identificación del Titular.
5. Dato Personal. Cualquier información vinculada o que pueda asociarse a una o varias personas naturales determinadas o determinables.
6. Dato Personal Público. Información considerada pública por disposición legal, como el estado civil de las personas, su profesión u oficio, su calidad de comerciante o servidor público, entre otros.
7. Dato Personal Semiprivado. Es semiprivado el dato que no tiene naturaleza íntima, reservada, ni pública y cuyo conocimiento o divulgación puede interesar no sólo a su Titular sino a cierto sector o grupo de personas o a la sociedad en general, como el dato financiero y crediticio de actividad comercial o de servicios.
8. Dato Personal Privado. Es el dato que por su naturaleza íntima o reservada solo es relevante para el Titular.
9. Dato Personal Sensible. Información que puede afectar la intimidad del Titular o cuyo uso indebido puede generar discriminación, tales como origen racial o étnico, orientación política, convicciones religiosas, datos de salud, datos biométricos, entre otros.
10. Encargado del Tratamiento. Persona natural o jurídica que realice el Tratamiento de Datos Personales por cuenta de un Responsable.
11. Política. Documento que establece los lineamientos para el Tratamiento de Datos Personales adoptados por YUNO.
12. Responsable del Tratamiento. Persona natural o jurídica que decide sobre la Base de Datos y/o el Tratamiento de los Datos Personales.
13. RGPD. Artículo 15 de la Constitución Política de Colombia, Ley 1581 de 2012, Ley 2300 de 2023, Decreto 1074 de 2015 y el Título V de la Circular Única de la SIC.
14. SIC. Superintendencia de Industria y Comercio, autoridad administrativa en materia de protección de datos personales en Colombia.
15. Titular. Persona natural cuyos Datos Personales son objeto de Tratamiento.
16. Transferencia. Envío de Datos Personales a un tercero dentro o fuera del país, que a su vez asume el rol de Responsable del Tratamiento.
17. Transmisión. Comunicación o envío de Datos Personales dentro o fuera de Colombia, realizado por el Responsable a un Encargado para su Tratamiento.
18. Tratamiento. Cualquier operación sobre los Datos Personales, como la recolección, almacenamiento, uso, circulación o supresión.

‍

‍

‍

1. Introduction

‍

As part of its business activities, YUNO Tecnologías, S.A.P.I. de C.V. (“YUNO”) processes a large volume of personal data, an asset of great value to the company. YUNO therefore pays special attention to protecting this data in order to maximize its usefulness and comply with the applicable Mexican legislation. Because the social, digital, and legal landscape is constantly evolving, this Personal Data Protection Policy (“Policy”) may be adjusted or amended from time to time. Any changes will be communicated with reasonable advance notice and in sufficient detail to allow proper implementation.

‍

The main goal of this Policy is to establish the principles and guidelines that all YUNO employees must follow when processing personal data in the course of their employment or duties.

‍

2. Objectives

‍

YUNO’s overarching objective is clear: to provide a high level of protection for the personal data it processes and to demonstrate that commitment. Accordingly, YUNO will ensure that all personal data it collects are processed lawfully and will implement the measures set out in this Policy to meet the requirements of the Federal Law on the Protection of Personal Data Held by Private Parties (Ley Federal de Protección de Datos Personales en Posesión de los Particulares, “LFPDPPP”) and its Regulations. Specific objectives of this Policy are to:

• Establish the foundational principles for YUNO’s data-protection program.
• Set unified data-processing standards across the company.
• Define the procedures for exercising ARCO Rights (Access, Rectification, Cancellation, and Opposition).
•  Ensure full compliance with the LFPDPPP and its Regulations.

‍

3. Scope

‍

Regulatory scope. The following rules apply within the United Mexican States:

• Federal Law on the Protection of Personal Data Held by Private Parties (LFPDPPP).
• Regulations of the LFPDPPP.

‍

4. Effective Date

‍

This Policy has been in force since February 2024.

‍

5. Definitions

‍

For purposes of this Policy, the following terms have the meanings set out below:

‍

6. General Provisions

‍

This Personal Data Protection Policy is mandatory and applies to any data processing activities carried out by or on behalf of YUNO, including by processors located inside or outside of Mexico.

‍

Exceptions apply to the processing of data related to legal entities, individuals in their capacity as merchants or professionals, or individuals providing services on behalf of a legal entity or self-employed individual, where the data processed are limited to their full name, job title or function, and the following professional contact details: physical address, email address, phone number, and fax number; provided such information is processed solely for the purpose of representing the employer or contractor.

‍

YUNO is responsible for personal data under its custody or that it has disclosed to a processor, regardless of whether such processor is located within Mexican territory.

‍

7. Sensitive Personal Data

‍

YUNO may collect sensitive personal data from its employees or job applicants when necessary to fulfill employment-related purposes, such as compliance with social security or labor regulations, benefits administration, or completion of medical or health questionnaires. In such cases, YUNO will obtain the express, written consent of the data subject.

YUNO will review and, if necessary, update its internal records annually.

‍

8. Security Measures

‍

YUNO has implemented physical, technical, and administrative security measures to minimize risks of loss, misuse, unauthorized access, disclosure, or alteration of personal data. These measures include firewalls, physical access controls to data centers, and user access authorization mechanisms.

‍

In the event of a security breach involving personal data, YUNO will notify the data subjects of:

• the breach incident,
• the personal data involved,
•  recommendations to protect their interests,
• mitigation and prevention actions taken by YUNO, and
• contact methods to obtain more information.

YUNO will also notify the Secretaría de Anticorrupción y Buen Gobierno without undue delay and no later than 72 hours after the breach is confirmed, in accordance with Article 38 of the LFPDPPP 2025 and its Global Privacy Policy.

‍

9. Personal Data Transfers

‍

Any national or international transfer of personal data requires the prior consent of the data subject and must be disclosed in YUNO’s Privacy Notices according to the purposes stated therein.

‍

Consent will not be required for transfers covered under exceptions provided by law. Transfers to YUNO's affiliates, subsidiaries, or related entities under common control—or to its parent company—are permitted provided that the receiving entity has binding internal data protection rules aligned with the LFPDPPP and its Regulations.

‍

Domestic transfers must include prior communication from the responsible YUNO department to the recipient, including the applicable Privacy Notice and purposes of the transfer. The recipient may not process the data for purposes other than those specified.

‍

Legal measures must be taken to ensure the recipient assumes the same obligations as YUNO regarding data protection. This includes processing data in accordance with the terms outlined in YUNO’s Privacy Notices.

‍

YUNO staff must formalize the necessary documentation to demonstrate that the Privacy Notice and the consent conditions were properly communicated to the recipient.

‍

International transfers are allowed only when the recipient assumes the same obligations as YUNO, as outlined in a legally binding instrument covering data protection responsibilities and the conditions under which the data subject consented.‍

‍

10. ARCO Rights

‍

YUNO’s Personal Data Department will verify that any request to exercise ARCO Rights is made by the data subject or their legal representative, and supporting documentation must be obtained.

‍

All formats, systems, and mechanisms developed by YUNO for exercising ARCO Rights must ensure a simplified process for data subjects while safeguarding their personal data.

‍

ARCO requests must be submitted according to the procedure described in the Privacy Notices.

Requests may be sent to: privacy@y.uno 

‍

11. Relations with the Secretariat

‍

YUNO’s Personal Data Department is responsible for all institutional communications with the Secretariat. If any YUNO department receives a request from the Secretariat, it must immediately inform the Personal Data Department.

‍

If YUNO is subject to a verification visit under Article 128 of the LFPDPPP Regulations, the Personal Data Department will designate a legal representative to be present during the visit. The visit may not proceed without their presence unless delaying it would constitute obstruction.

‍

The designated staff must allow the visit if failure to do so could unjustifiably delay the process and be deemed obstruction under Article 58, Section XIV of the LFPDPPP.

‍

Secretariat personnel must be granted access to YUNO premises housing databases or IT systems, provided they comply with Articles 133 and 134 of the Regulations.

‍

12. Verification Visits

‍

Artículo 133. El personal del Instituto que lleve a cabo las visitas de verificación deberá estar provisto de orden escrita fundada y motivada con firma autógrafa de la autoridad competente del Instituto, en la que deberá precisarse el lugar en donde se encuentra el establecimiento del responsable, o bien en donde se encuentren las bases de datos objeto de la verificación, el objeto de la visita, el alcance que deba tener la misma y las disposiciones legales que lo fundamenten.

‍

13. Verification Personnel Identification

‍

Artículo 134. Al iniciar la visita, el personal verificador deberá exhibir credencial vigente con fotografía, expedida por el Instituto que lo acredite para desempeñar dicha función, así como la orden escrita fundada y motivada a la que se refiere el artículo anterior, de la que deberá dejar copia con quien se entendió la visita.

‍

If the Secretariat initiates a Rights Protection Procedure, it must forward the documentation to the Personal Data Department, including the date the administrative notice was received.

‍

The Department will coordinate with functional and operational areas to gather any required information, and it will be responsible for submitting the response to the authority, with internal or external legal support as needed.

‍

‍14. Internal Control

‍

All YUNO departments are responsible for implementing internal control mechanisms that ensure compliance with this Policy by their employees.

‍

Such controls must guarantee that the processing of personal data is aligned with internal policies, procedures, and templates and complies with applicable regulations.

‍

The Personal Data Department will oversee and evaluate compliance with this Policy.

‍

15. Third Parties Processing

‍

When personal data processing is outsourced to another YUNO entity or an external service provider, a Data Processing Agreement must be executed. The agreement must outline the terms, conditions, and obligations of both parties to ensure adequate protection of the data.

‍

16. Training

‍

YUNO is committed to ensuring that this Personal Data Protection Policy is effectively implemented across the organization. To that end, YUNO has adopted a data protection training program aimed at ensuring that its employees understand the principles and procedures established under this Policy.

‍

The training program is designed to provide YUNO personnel with:

• A common foundation of knowledge about what personal data is and why it matters;
• The principles applicable to personal data processing;
• The measures implemented by YUNO for processing and protecting personal data;
• The appropriate actions to take in the event of a personal data breach;
•  Specific training tailored to different roles within the organization.

‍

The program will ensure that adequate training is provided particularly to employees who regularly access personal data or who are involved in collecting personal data and developing tools used in data processing.

‍

YUNO is also committed to fostering a strong data protection culture throughout the organization.

‍

17. Audit

‍

YUNO undertakes to include in its audit program a review of compliance with this Personal Data Protection Policy. The audit program will define:

• A reasonable schedule for conducting audits;
• The expected scope of the audits;
• The team responsible for conducting the audits.

Audits may be conducted regularly by an independent audit team, whether internal or external.

The audit program referenced in this section will be defined in accordance with the standards set forth in YUNO’s Personal Data Protection Policy.

‍

18. Updates to the Personal Data Protection Policy

‍

This Policy may be updated occasionally or when necessary. When such updates involve significant changes, YUNO will inform, as needed:

• YUNO employees and staff;
• Data processors.

Notice of material changes will be provided in a timely manner to ensure that clients and data subjects are aware of the modifications and can take appropriate actions if necessary.

‍

ANNEX A

ARCO RIGHTS PROCESS

This procedure outlines the steps a data subject must take to exercise their rights of Access, Rectification, Cancellation, and Opposition (“ARCO Rights”) in relation to personal data provided to YUNO and/or its subsidiaries.

‍

‍

‍

Ordinary internal deadlines for handling ARCO Rights requests (business days):

‍

1. Upon receipt of the request by any YUNO department, it must be forwarded to the Personal Data Department no later than the next business day (which marks the start of the legal deadline calculation).
2. Within the following 4 (four) business days, the Personal Data Department will review the request to determine whether it complies with the formal requirements set forth by the LFPDPPP and its Regulations.
3. If the request meets all applicable requirements, the Department will forward it by email—marked as urgent—to each Functional Owner of the relevant Databases (Departments or Management Units with primary control over YUNO's databases).
4. Functional Owners will have 12 (twelve) business days from the receipt of the request to review, process, and compile the data of the requesting data subject. During this time, they must:
5. Analyze whether the request is legitimate and whether it is possible and appropriate to:
   
   1.  Provide access to the data;
   2. Rectify the data;
   3. Cancel the data; or
   4. Object to the processing of the data;
   5. Conduct manual and electronic searches across databases to identify the requested data;
   6.  If applicable, identify relevant data in non-automated databases.
6. Once this task is completed, and within the stated period (twelve business days), each Functional Owner must submit to the Personal Data Department the information/documentation containing the personal data of the requesting data subject.
   
   1. The submission must clearly indicate whether:
   2. Access is possible based on the data provided;
   3. Rectification is applicable and can be executed;
   4. Cancellation is applicable and can be executed;
   5.  Objection to processing is applicable and can be executed.
7. After reviewing and validating the information received, the Personal Data Department will have 3 (three) business days to inform the data subject of the final resolution.
8. If the request is granted, the Department must coordinate with the relevant Functional Owners to ensure the resolution is implemented within 15 (fifteen) business days from the date the response was communicated.

‍

ANNEX B

YUNO’s Privacy Notices are available for consultation at:

📎 https://www.y.uno/es/privacidad 

‍

ANNEX C
ARCO Rights Request — Instructions

Any data subject who has shared personal data with YUNO may exercise their ARCO Rights (Access, Rectification, Cancellation, and Opposition) by using the request form included in this document and following the instructions provided below. Instructions:

‍

ARCO Rights requests may be submitted via email to: 📧 privacy@y.uno 

‍

The request must include:

• Full name and mailing address (or another means of contact for receiving a response);
• A copy of an official ID (or a power of attorney if someone is acting on behalf of the data subject);
• A clear and precise description of the personal data involved (except for access requests);
• A description of the specific ARCO Right being exercised, or a clear indication of the action being requested;
• Any additional information the requester considers relevant to help locate their data.

‍

In all cases, the request must be signed and either sent by email to privacy@y.uno or physically submitted to the address designated by YUNO for notifications, addressed to the Personal Data Department.

‍

‍

This Privacy Policy (“Policy”) aims to provide clear and comprehensive information about how SMART ROUTING PTE. LTD. ("SMART ROUTING", operating globally as “YUNO”), incorporated in Singapore under UEN 202438195M and located at 1 Raffles Place, #34-04, One Raffles Place, Singapore (048616), handles the Processing of Personal Data in connection with the use of its services in compliance with Applicable Legislation, especially Singapore’s Personal Data Protection Act (PDPA) and applicable international standards.

‍

By using YUNO’s Software-as-a-Service platform, which integrates different types of existing payment methods, anti-fraud providers, and other industry solutions (hereinafter the "Services")  the individual or entity accessing or utilizing the Services as the data subject to whom the Personal Data relates (“User” or “Data Subject”) acknowledges and consents to the terms outlined in this Policy. If the User does not agree, they should refrain from using the Services. The User is responsible for regularly reviewing this Policy for any updates or modifications.

‍

1. GENERAL PROVISIONS

‍

1.1. Applicable Legislation. This Policy incorporates and is governed by the provisions of Singapore’s Personal Data Protection Act 2012 (“PDPA”) and aligns with international standards including but not limited to ISO/IEC 27001 for information security management and relevant cybersecurity frameworks, where applicable. YUNO is committed to Processing Personal Data responsibly and in compliance with these regulations, including ensuring appropriate safeguards during international data Transfers.

‍‍

1.2. Scope of Application. This Policy applies to all Personal Data processing activities involving the Processing of Personal Data carried out by YUNO or its designated entities in their capacity as Data Controllers or Data Intermediaries under Applicable Legislation.

‍

1.3. Definitions. The following definitions apply to this Policy and should be interpreted consistently across singular or plural uses:

‍

A) YUNO: SMART ROUTING PTE. LTD. and its designated third-party service providers, subcontractors, or affiliates authorized to Process Personal Data on behalf of YUNO , operating globally and acting as a Data Controller or Data Intermediary in the handling of Personal Data, as applicable under Applicable Legislation. 

B) Consent: Express, deemed, or implied authorization given by the User for the Processing of Personal Data for specific purposes, as defined under Sections 13-15A of the PDPA.

C) Deemed Consent. Consent that an organization can deem an individual to have given in certain circumstances, as defined under Sections 15 and 15A of the PDPA. YUNO may rely on Deemed Consent under Sections 15 and 15A of the PDPA. This includes scenarios where Consent is inferred from the voluntary provision of Personal Data or where it is necessary to fulfill a contractual obligation. Additionally, Deemed Consent applies when Processing is necessary for legitimate business purposes and YUNO has assessed that these purposes do not override the User’s fundamental rights or freedoms.

D) Personal Data: Information or data relating to an identified or identifiable natural person.

E) Sensitive Data: Information or data revealing racial or ethnic origin, religious beliefs, political opinions, health data, sexual orientation, or biometric details, as defined by the Applicable Legislation and PDPA.

F) Processing: Any operation performed on Personal Data, including collection, storage, management, use, disclosure, or deletion.

G) Transfer: The movement of Personal Data from YUNO to a third party, within or outside Singapore.

‍H) Sharing: The communication or availability of Personal Data between the Controller/Intermediary and third parties.

‍

1.4. Objective. This Policy aims to establish clear guidelines and regulate the procedures related to the overall Processing of Personal Data by YUNO, ensuring the protection and respect of Users’ rights and maintaining transparency in data handling practices.

‍

1.5. Principles. The following principles serve as the foundation for compliance with this Policy:

‍

a) Purpose Limitation: Personal Data must be processed for legitimate, specific, and clearly informed purposes consistent with Singapore’s regulatory framework and international best practices and disclosed transparently.

b) Data Accuracy: Personal Data Processed must be accurate, complete, clear, relevant, and updated regularly where necessary. Processing incomplete or misleading Personal Data is strictly prohibited.

c) Transparency: Users have the right to obtain information about the existence, Processing, and specifics of their Personal Data at any time.

‍d) Security: Processing activities must implement reasonable security arrangements to protect Personal Data against unauthorized access, collection, use, disclosure, copying, modification, disposal or similar risks.

e) Confidentiality: All individuals involved in Processing Personal Data must adhere to confidentiality obligations during and after their engagement with YUNO.

‍

1.6. Legal Bases for Data Processing. YUNO processes Personal Data under the following legal bases and justifications:

‍

a) Consent: Where the User has explicitly authorized specific Processing activities, to the Controller, Joint Controllert or the Processor.

‍b) Legal or Regulatory Compliance: Where Processing is required to fulfill obligations under Singaporean or international laws and regulations.

c) Contractual Necessity: Where Processing is essential to execute a contract or comply with pre-contractual arrangements requested by the User.

d) Legitimate Interests: Where Processing is necessary for YUNO’s legitimate business interests, provided such interests do not override the fundamental rights and freedoms of the User. Assessments are conducted to ensure compliance.

e) Protection of Vital Interests: Where Processing is required to protect the life or physical integrity of the User or other individuals.

‍

1.7. Purposes of Data Processing. YUNO Processes Personal Data for the following purposes:

‍

a) Service Provision: Yuno's provision of its Services.

b) Regulatory Compliance: Ensuring adherence to legal and regulatory obligations.

c) Communication: Notifying Users of updates, security alerts, or relevant service modifications.

d) Business Development: Conducting analytics, improving services, and managing partnerships.

e) Security and Fraud Prevention: Protecting against fraudulent activities and ensuring secure transactions

‍

2. RIGHTS OF USERS

‍

2.1. Rights of Users. Users whose Personal Data is held within YUNO’s databases are entitled to the following rights, as established under Singapore’s Personal Data Protection Act (PDPA):

‍

A) Right to Access. Users have the right to obtain information regarding their Personal Data, including the purposes for which it is processed, the location of databases, and any Sharing or Transfers of their data.

B) Right to Correction. Users may request updates to their Personal Data whenever there are changes to ensure accuracy and relevancy.

C) Right to Accuracy and Completeness. Users have the right to correct inaccurate, incomplete, or outdated Personal Data.

D) Right to Withdrawal of Consent. Users may withdraw Consent for Processing their Personal Data, subject to legal or contractual requirements mandating continued Processing.

E) Right to Portability. Users may request that their Personal Data be Transferred to another data controller, provided such Transfer is technically feasible and carried out in a structured format as prescribed under the PDPA.

F) Right to Lodge Complaints. Users may submit complaints to the Personal Data Protection Commission (PDPC) or other relevant authorities if they identify breaches of data protection laws.

‍

2.2. The exercise of these rights shall be free of charge and without limitation, exclusively carried out by the User in accordance with Clause 4.1., except as otherwise prescribed by law.

‍

3. YUNO’S OBLIGATIONS

‍

3.1. Obligations of YUNO as a Data Controller. YUNO, in its capacity as a Data Controller of Personal Data, assumes the following responsibilities:

‍

3.1.1. Guaranteeing Rights: Ensure Users can fully and effectively exercise all rights outlined in this Policy and Applicable Legislation.

3.1.2. Consent: Obtain, document, and maintain Consent provided by the Users, where required, in compliance with legal requirements.

3.1.3. Informed Purpose: Clearly inform the User about the specific purpose for collecting and Processing their Personal Data.

3.1.4. Security: Implement and maintain technical and administrative security measures to safeguard Personal Data from alteration, loss, access, use, or unauthorized consultation.

3.1.5. Accuracy of Information: Ensure that Personal Data shared with processors or third parties is accurate, complete, and up-to-date.

3.1.6. Updates: Promptly update information related to Personal Data and notify the relevant processor or third party of such updates.

3.1.7. Corrections: Correct any inaccurate information and notify the processor about the rectifications made.

3.1.8. Prior Authorization: Only provide processors with Personal Data authorized by the User or permitted by Applicable Legislation.

3.1.9. Security Standards for Processors: Require that processors adopt adequate security and privacy measures when handling shared Personal Data.

3.1.10. Complaint Processing: Handle inquiries and complaints from Users in accordance with the terms of this Policy and Applicable Legislation.

3.1.11. Disputes Regarding Personal Data: Inform processors of any disputes or controversies related to Personal Data under Processing.

3.1.12. Compliance with the PDPC: Promptly comply with determinations, requests, or guidelines issued by the Personal Data Protection Commission (PDPC).

‍

3.2. Obligations of YUNO as a Data Processor. When acting as a Data Processor, YUNO assumes the following responsibilities:

‍

3.2.1. Guaranteeing Rights: Ensure that the User’s rights are fully respected and upheld in compliance with the Controller’s instructions and Applicable Legislation.

3.2.2. Secure Storage: Store Personal Data under appropriate technical and organizational conditions to protect against unauthorized access, loss, alteration, or misuse.

3.2.3. Updating, Correcting, and Deleting Data: Update, correct, or delete Personal Data promptly as directed by the Controller.

3.2.4. Notification of Updates: Notify the Controller of any changes made to Personal Data within five (5) business days of receiving such a request or update.

3.2.5. Restricted Access: Ensure that access to Personal Data is limited to authorized individuals and exclusively for purposes instructed by the Controller.

3.2.6. Compliance with the PDPC: Fully comply with all determinations, requests, or guidelines issued by the Personal Data Protection Commission (PDPC), adhering to the Processor’s role and the Controller’s instructions.

‍

3.3. Personal Data Collected. YUNO may collect the following categories of Personal Data, as applicable:

‍

3.3.1. Personal Information: Full name, identification number, address, country of residence, nationality, marital status, date of birth, date of employment or contract initiation, gender, mobile phone number, and email address (personal and business).

3.3.2. Banking and Financial Information: Bank account details, financial institution, account type, debit or credit card information, account numbers, and transaction data (e.g., merchant name, transaction date, and amount).

3.3.3. Professional and Educational Information: Job title, education level, and affiliation with employee benefits entities such as insurance providers, health agencies, or compensation funds. 

3.3.4. Other Information: Any additional Personal Data provided by the User, depending on the forms or processes completed.

‍

3.4. When and if YUNO collects sensitive Personal Data, such as information on racial or ethnic origin, religious beliefs, health conditions, sexual orientation, or biometric data, it communicates the specific purposes to the User and explicitly obtains Consent unless otherwise permitted under Section 17 of the PDPA. Providing Sensitive Data is optional unless required by law or necessary for contractual obligations.

‍

3.5. Transmission of Personal Data. YUNO ensures that Personal Data transmissions to third parties comply with internal policies and PDPA requirements. Such transmissions are made to fulfill contractual obligations or delegate Processing activities. Third parties are contractually obligated to implement adequate security measures in accordance with Section 24 of the PDPA. For cross-border Transfers, YUNO implements safeguards under Section 26 of the PDPA, ensuring comparable protection levels.

‍

3.6. Transfer of Personal Data. When Transferring Personal Data within or outside Singapore, YUNO ensures the preservation of Users rights. Transfers outside Singapore occur only after obtaining consent, unless exemptions under Section 26 of the PDPA apply, such as when necessary for contractual purposes. Legally enforceable mechanisms, like binding corporate rules or contractual clauses, are used to ensure protection. The receiving entity ensures comparable data protection standards

‍

3.7. Data Retention Scope. YUNO retains Personal Data only as long as necessary to fulfill the purposes for which it was collected or to comply with legal or regulatory obligations. Once no longer needed or upon expiration of retention periods, Personal Data shall be securely deleted or anonymized, as required by Section 25 of the PDPA.

‍

3.8. Processing Personal Data of Minors. YUNO processes minors’ (“children” under 18 years) Personal Data in compliance with Section 13(3) of the PDPA, obtaining verifiable parental or legal guardian Consent. Processing is strictly limited to necessary purposes, ensuring children’s rights are safeguarded.

‍

3.9. Confidentiality. YUNO restricts access to Personal Data to authorized personnel or third parties with a legitimate purpose. Disclosures required by law or court order comply strictly with Section 21 of the PDPA and are limited to what is necessary.

‍

3.10. Communication of Personal Data. YUNO may disclose Personal Data to entities in its corporate group, including Yuno Colombia S.A.S., Yuno Intermediacao de Servicios Ltda. and Yuno Tecnologias S.A.P.I. de C.V., or with trusted partners for legitimate business purposes, such as payment processing. Robust safeguards, including contractual obligations and technical measures, ensure compliance with the PDPA.

‍

3.11. Security. YUNO implements strong security measures, including encryption for data in transit and at rest, regular security audits to assess and mitigate potential risks, firewalls, and intrusion detection, to safeguard Personal Data. Certified under Payment Card Industry Data Security Standard (PCI DSS) ensuring the secure Processing of payment-related data, YUNO ensures data protection at the highest levels. Access is restricted to authorized personnel on a need-to-know basis, and confidentiality agreements are enforced.

‍

3.12. YUNO adopts measures to safeguard the Personal Data of Users both online and offline. Whenever sensitive or confidential information is processed, the following security protocols apply: robust network security protocols, stringent access controls, and adherence to industry standards such as Payment Card Industry Data Security Standard (PCI DSS), ensuring high levels of protection.

‍

3.13. To maintain data integrity, only authorized employees or third parties with verified roles will access information, restricted to the specific activities requiring such access. YUNO's servers are hosted in secure environments, complying with Singapore’s PDPA requirements for ensuring reasonable security arrangements under Section 24 of the Act​. The Users are aware that their data may be processed on servers located either within Singapore or internationally, provided that any cross-border Transfers comply with Section 26 of the PDPA, ensuring a comparable level of data protection​.

‍

3.14. Mechanisms for Obtaining Consent. Consent from Users will be collected through clear and accessible formats, such as electronic documents, physical forms, or other means that allow for subsequent reference. YUNO guarantees transparency in its processes, ensuring that Users are fully aware of this Policy and their rights under it.

‍

3.15. Proof of Consent. YUNO maintains verifiable records of when and how Consent was obtained. These records are securely stored and comply with Section 12(d) of the PDPA, which requires organizations to implement policies and practices necessary to comply with the Act​. 

‍

4. PROCEDURES TO ENSURE THE EXERCISE OF USERS’ RIGHTS

‍

4.1. Addressing Inquiries and Complaints. For any questions related to this Policy or the exercise of rights under Singapore’s PDPA, Users may contact YUNO via email at privacy@y.uno. This channel is managed by designated teams responsible for ensuring the protection of Users rights in compliance with the PDPA.

‍

4.2. Procedure for Inquiries. Users or their authorized representatives may submit inquiries regarding their Personal Data stored in YUNO’s databases, either in writing or through electronic means specified above. YUNO guarantees the right to access and will provide all relevant information associated with the Users. Inquiries will be responded to within ten (10) business days of receipt. If YUNO is unable to meet this timeframe, the User will be informed of the reason for the delay and provided a new resolution date, which will not exceed five (5) additional business days.

‍

4.3. Procedure for Complaints.   Users or their representatives who believe that the information contained in YUNO’s databases is incorrect, outdated, or should be deleted—or who identify non-compliance with any legal provisions or this Policy—may submit a formal complaint. The complaint must include:

‍
(i) Identification of the Users;
(ii) A detailed description of the facts supporting the complaint;
(iii) Contact details for notifications; and
(iv) Supporting documents substantiating the complaint.

‍

If the complaint is incomplete, the User will be notified to amend it within five (5) business days. Failure to do so will result in the complaint being considered withdrawn. Complete complaints will be addressed within fifteen (15) business days. If resolution within this timeframe is not feasible, YUNO will provide the reason for the delay and a new resolution date, which will not exceed eight (8) additional business days.

‍

4.4. Escalating Complaints to the PDPC. Before lodging a complaint with the Personal Data Protection Commission (PDPC), Users or their representatives are required to exhaust YUNO’s internal inquiry and complaint procedures.

‍

4.5. Data Breach Notification. YUNO commits to notifying Users and the PDPC of any security incident that may result in harm or risk to Personal Data, as required by Section 26D of the PDPA. Notifications will be made promptly and within three (3) calendar days of determining that the breach is notifiable. Users will be informed reasonably and provided with sufficient details of the breach, except where exemptions apply, such as instructions from law enforcement or when technological safeguards mitigate risks.

‍

5. PURPOSE AND VALIDITY OF THE POLICY

‍

5.1. Purpose and Validity of the Policy. YUNO processes Personal Data to support its employment, commercial, contractual, and financial activities, as well as operations aligned with its corporate objectives. This includes collecting Personal Data for inclusion in databases, facilitating transactional flows among parties in the payment process, and assisting with transaction processing. It is also used to provide contracted services, authenticate data to mitigate fraud, and send promotional communications. Additional purposes include developing new products or services, conducting administrative operations, issuing tax and accounting documents, managing human resources, executing contracts, utilizing data for internal or commercial purposes, researching and improving services, and fulfilling legal obligations. These activities are conducted in compliance with Section 18 of the PDPA, ensuring all purposes are reasonable and appropriate.

‍

5.2. Effect. This Policy takes effect as of its publication date. The retention period for Personal Data adheres to the principles of purpose limitation and retention minimization, as outlined in Section 25 of the PDPA. Personal Data is retained only as long as necessary to fulfill the purposes for which it was collected or to meet legal and business obligations, after which it is securely deleted or anonymized.

‍

5.3. Updated and Editions. YUNO reserves the right to amend or revise this Policy as required. The most recent version will always be available on YUNO’s website, and significant updates will be communicated to Users appropriately. This Policy is subject to annual review and regular updates. The most recent version is accessible at https://www.y.uno/privacy.

‍

5.4. Data Protection Officer. To oversee compliance with the PDPA, YUNO has designated a Data Protection Officer (DPO). The DPO can be contacted at privacy@y.uno for inquiries or concerns related to this Policy.

‍

‍

Section 1. Introduction and Purpose

‍

1.1. This Privacy Policy describes how Yuno USA LLC, a Delaware limited liability company ("Yuno USA," "we," "us," or "our"), collects, uses, retains, and transfers Personal Data within the United States regulatory framework. We are committed to maintaining the highest standards of data protection while complying with applicable US federal and state laws.

‍

1.2. This Policy should be read in conjunction with the Yuno Global Privacy Policy, which establishes foundational data protection standards for the entire Yuno Group. This US-specific Policy operationalizes those global principles within the American legal landscape and provides detailed information about your rights as a data subject under US law.

‍

1.3. This Policy applies to all Personal Data processing activities conducted by Yuno USA LLC, including through our US-facing websites, payment orchestration platform, and related services provided to merchants and partners operating in the United States.

‍

Section 2. Definitions and Key Terms

‍

To ensure clarity and consistent interpretation throughout this Policy, the following terms have specific meanings:

‍

"Applicable Data Protection Laws" means all applicable federal and state laws, regulations, and guidelines relating to data protection, privacy, and data security, including but not limited to the CCPA/CPRA, GLBA, state data breach notification laws, and sector-specific regulations applicable to our operations.

‍

"Business" has the meaning defined under the CCPA/CPRA and refers to Yuno USA when we determine the purposes and means of processing Personal Information.

‍

"Consumer" has the meaning defined under the CCPA/CPRA and refers to a natural person who is a California resident.

‍

"Data Controller" means the entity that determines the purposes and means of processing Personal Data, analogous to a "Business" under CCPA/CPRA.

‍

"Data Processor" means the entity that processes Personal Data on behalf of and under the instruction of a Data Controller, analogous to a "Service Provider" under CCPA/CPRA.

‍

"End-User" means an individual customer or consumer of a Merchant whose Personal Data is processed by Yuno USA on behalf of such Merchant.

‍

"Merchant" means a business entity that uses Yuno's payment orchestration services and acts as the Data Controller for its End-Users' Personal Data.

‍

"Personal Data" or "Personal Information" means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular Consumer or household, as defined under applicable US privacy laws.

‍

"Service Provider" has the meaning defined under the CCPA/CPRA and refers to Yuno USA when we process Personal Information on behalf of a Business pursuant to a written contract.

‍

"Sensitive Personal Information" has the meaning defined under the CCPA/CPRA, including government identifiers, financial account information with access credentials, precise geolocation, racial or ethnic origin, religious or philosophical beliefs, union membership, genetic data, biometric data, health data, sex life or sexual orientation information, and content of private communications.

‍

Section 3. Yuno USA's Roles and Responsibilities

‍

Yuno USA operates in distinct capacities regarding Personal Data processing, each carrying specific legal obligations:

3.1. When Yuno USA Acts as a Business/Data Controller

Yuno USA acts as a Business under CCPA/CPRA and Data Controller when we determine the purposes and means of processing Personal Information for our own business objectives, including:

‍

• Website Operations: Processing data from visitors to our US-facing websites and digital platforms
• Business Relationships: Managing relationships with representatives of US-based Merchants, Partners, and service providers
• Human Resources: Recruitment, employment, and workforce management for US-based personnel
• Marketing and Sales: Conducting business development, marketing communications, and promotional activities
• Compliance Operations: Fulfilling our legal, regulatory, and contractual obligations

3.2. When Yuno USA Acts as a Service Provider/Data Processor

Yuno USA acts as a Service Provider under CCPA/CPRA and Data Processor when providing payment orchestration services to Merchants. In this capacity:

• Limited Processing: We process End-User Personal Information solely according to Merchants' documented instructions
• Contractual Framework: Our processing relationship is governed by Data Processing Agreements (DPAs) with each Merchant
• No Independent Use: We do not use End-User Personal Information for our own commercial purposes
• Merchant Responsibility: Merchants retain primary responsibility for End-User data rights and compliance obligations

‍‍

Section 4. Personal Information We Collect

‍

When acting as a Business/Data Controller, Yuno USA may collect the following categories of Personal Information, organized by CCPA/CPRA classifications:

4.1. Identifiers

• Real name, alias, postal address, unique personal identifier
• Online identifiers (IP address, cookie IDs, mobile advertising IDs)
• Email address, account names, usernames
• Government identifiers (SSN, driver's license, passport) when legally required for KYC/employment

Primary Purposes: Account management, service provision, communication, website functionality, compliance obligations, recruitment, marketing

4.2. Personal Information Categories (Cal. Civ. Code § 1798.80(e))

• Name, signature, physical characteristics, address, telephone number
• Education, employment history, financial information
• Insurance policy numbers, medical information (employment context only)

Primary Purposes: Merchant/Partner onboarding, billing, payment processing, employment administration

4.3. Commercial Information

• Records of services purchased or considered
• Purchasing or consuming histories related to Yuno services
• Transaction records and payment patterns

Primary Purposes: Service enhancement, business analytics, customer support, business development

4.4. Internet/Network Activity Information

• Browsing history on Yuno websites
• Search history, interaction data with websites/applications
• Information regarding interaction with advertisements

Primary Purposes: Website analytics, performance monitoring, user experience personalization, marketing effectiveness measurement

4.5. Geolocation Data

• General location (IP-derived regional information)
• Precise location (with explicit consent or service necessity)

Primary Purposes: Fraud prevention, service customization, regulatory compliance, analytics

4.6. Professional/Employment Information

• Current/past employment history, performance evaluations
• Educational background, professional credentials
• References and background check results (with consent)

Primary Purposes: Recruitment, hiring, HR management, workforce planning

4.7. Inferences and Profiles

• Profiles reflecting preferences, characteristics, behavior patterns
• Risk scoring algorithms, fraud detection models
• Service personalization data, marketing segmentation profiles

Primary Purposes: Risk management, fraud prevention, service personalization, targeted marketing (with appropriate legal bases)

4.8. Sensitive Personal Information

We collect Sensitive Personal Information only when necessary and permitted by law:

• Government identifiers (for KYC/employment verification)
• Account credentials and financial account information
• Precise geolocation (with consent)
• Racial/ethnic origin (voluntary EEO reporting only)

Special Protections: Sensitive Personal Information is subject to heightened protection measures and specific use limitations under CCPA/CPRA.

‍

Section 5. How We Use Personal Information

‍

The following table outlines our primary use purposes, associated data categories, and legal bases:

‍

‍

Section 6. Information Sharing and Disclosure

‍

Yuno USA does not sell Personal Information. We share Personal Information only in the following circumstances:

‍

6.1. Yuno Group Entities

For administrative coordination, consolidated operations, integrated service delivery, and global compliance management.

‍

6.2. Service Providers

With third-party vendors providing:

• Cloud hosting and IT infrastructure
• Customer relationship management (CRM) systems
• Marketing and analytics platforms
• Recruitment and background verification services
• Legal, accounting, and professional services

All service providers are contractually required to protect Personal Information and process it only per our instructions.

‍

6.3. Payment Ecosystem Partners

When acting as a Service Provider for Merchants, we share End-User data with:

• Payment service providers (PSPs)
• Acquiring banks and financial institutions
• Fraud prevention and risk management services
• Regulatory compliance verification services

‍

6.4. Legal and Regulatory Disclosures

To government authorities, law enforcement, or regulatory bodies when required by:

• Valid legal process (subpoenas, court orders)
• Regulatory investigations or examinations
• National security or public safety requirements
• Legal obligations under financial services regulations

‍

6.5. Business Transfers

In connection with mergers, acquisitions, asset sales, or similar corporate transactions, subject to confidentiality protections and notice requirements.

‍

Section 7. Your Privacy Rights

‍

7.1. California Consumer Rights (CCPA/CPRA)

California residents have the following rights regarding their Personal Information:

‍

Right to Know/Access: Request disclosure of:

• Categories of Personal Information collected
• Sources of information collection
• Business/commercial purposes for processing
• Categories of third parties receiving information
• Specific pieces of Personal Information collected

‍

Right to Delete: Request deletion of Personal Information, subject to legal exceptions.

‍

Right to Correct: Request correction of inaccurate Personal Information.

‍

Right to Opt-Out: Opt out of "sale" or "sharing" of Personal Information for cross-context behavioral advertising.

‍

Right to Limit Use of Sensitive Personal Information: Direct us to limit use/disclosure of Sensitive Personal Information to necessary purposes.

‍

‍Right to Non-Discrimination: Exercise privacy rights without discriminatory treatment.

‍

Authorized Agent Rights: Designate authorized agents to exercise rights on your behalf.

‍

7.2. General Data Protection Rights

All individuals may request:

• Information about our data processing practices
• Access to Personal Information we maintain
• Correction of inaccurate information
• Reasonable restrictions on processing
• Information about data retention periods

‍

‍Section 8. Exercising Your Rights

‍

8.1. Request Submission Methods

Email: privacy@y.uno

Mail: Yuno USA LLC Privacy Team

‍

8.2. Verification Requirements

‍

To protect against unauthorized access, we implement risk-based verification procedures:

• Low-Risk Requests: Basic identity verification through email confirmation
• High-Risk Requests: Enhanced verification including government ID verification
• Sensitive Requests: Multi-factor authentication and additional documentation

‍

8.3. Response Timelines

CCPA/CPRA Requests:

• Acknowledgment within 10 business days
• Substantive response within 45 calendar days (extendable to 90 days with notice)

‍

Other Requests:

• Response within 30 days of receipt, or as required by applicable law

‍

8.4. End-User Request Handling

End-Users should direct privacy requests to the Merchant with whom they have a direct relationship. Yuno USA will assist Merchants in responding to End-User requests as outlined in our Data Processing Agreements.

‍

Section 9. International Data Transfers

‍

Personal Data collected by Yuno USA may be transferred internationally to other Yuno Group entities and service providers. We implement appropriate safeguards including:

‍

• Adequacy Determinations: Transfers to countries with recognized adequate protection levels
• Standard Contractual Clauses: Approved contractual protections for transfers to non-adequate countries
• Transfer Impact Assessments: Evaluation of transfer risks and supplementary measures
• Binding Corporate Rules: Internal data transfer frameworks (when applicable)

‍

All international transfers comply with applicable US legal requirements and maintain protection levels comparable to US standards.

‍‍

Section 10. Data Security

‍

Yuno USA implements comprehensive security measures including:

‍

10.1. Technical Safeguards

• Encryption of data in transit (TLS 1.3) and at rest (AES-256)
• Access controls and authentication systems
• Network security and intrusion detection
• Regular security testing and vulnerability assessments

‍

10.2. Administrative Safeguards

• Security policies and procedures
• Employee training and background checks
• Incident response procedures
• Vendor security management

‍

10.3. Physical Safeguards

• Secure data centers with access controls
• Equipment disposal and media sanitization
• Environmental monitoring and protection

‍

10.4. Industry Certifications

• ISO 27001 (Information Security Management)
• ISO 27701 (Privacy Information Management)
• PCI DSS Level 1 (Payment Card Industry Security)
• SOC 2 Type II (Service Organization Controls)

‍

Full details available at our Trust Center: security.y.uno

‍

Section 11. Data Retention

‍

Personal Information is retained only as long as necessary for:

• Service Provision: Duration of business relationship plus reasonable period for transition
• Legal Compliance: As required by applicable laws, regulations, and legal holds
• Legitimate Business Interests: Fraud prevention, legal claims, business records

‍

Specific Retention Periods:

• Customer/Merchant data: 7 years after relationship termination
• Employee records: As required by employment and tax laws
• Marketing data: Until opt-out or 3 years of inactivity
• Website analytics: 26 months unless longer retention legally required
• Financial transaction records: 7 years or as required by applicable regulations

‍

We regularly review retention periods and securely dispose of Personal Information when no longer needed.

‍

Section 12. Cookies and Tracking Technologies

‍

12.1. Cookie Types and Purposes

‍

Essential Cookies: Required for website functionality, security, and basic operations

‍

Performance Cookies: Website analytics, performance monitoring, error tracking

‍

Functional Cookies: User preferences, customization, enhanced functionality

‍

Marketing Cookies: Advertising effectiveness, remarketing, audience measurement

‍

12.2. Cookie Management

You can control cookies through:

• Browser settings and preferences
• Industry opt-out tools (DAA, NAI)
• Platform-specific controls (Google, Facebook, etc.)

‍

12.3. Third-Party Technologies

We use third-party analytics, advertising, and marketing platforms that may collect information through cookies and similar technologies. These third parties have their own privacy policies governing data collection and use.

‍

Section 13. Policy Updates and Changes

‍

13.1. Update Procedures

This Policy is reviewed and updated regularly to reflect:

• Changes in business practices
• Evolving legal and regulatory requirements
• Technological developments
• Industry best practices

‍

13.2. Notice of Material Changes

We will provide notice of material changes through:

• Prominent website posting
• Email notification to registered users
• Direct communication for significant changes affecting individual rights

‍

13.3. Effective Date

Policy changes become effective on the "Last Updated" date shown at the top of this document.

‍

Section 14. Contact Information

‍

14.1. Privacy Team Contact

Yuno USA LLC Privacy Team

Email: privacy@y.uno
 

14.2. Data Protection Officer

For complex privacy matters or data protection concerns: Email: dpo@y.uno

‍

14.3. Regulatory Complaints

California residents may also contact: California Attorney General's Office
Privacy Unit, California Department of Justice
Website: oag.ca.gov/privacy

‍

14.4. Additional Resources

• Yuno Global Privacy Policy: Available at y.uno/privacy 
• Trust Center: security.y.uno 

‍