This Policy came into effect on May 11, 2019, replacing the Policy which was in force until that date.
We have modified our Privacy Policy or Personal Data Processing Policy. The new version of our Privacy Policy or Personal Data Processing Policy shall be in force from MaY 11, 2019. The use of our services from May 11, 2019 shall be governed by this version.
You can find the major changes in this version of our Privacy Policy or Personal Data Processing Policy, as well as the ones historically conducted over it, in the following sections:
|
We invite you to read the new version of our Privacy Policy or Personal Data Processing Policy in its entirety and familiarize yourself with the same.
This Privacy or Personal Data Processing Policy from PayU applies to all Latin America countries in which PayU provides its payment services i.e. Argentina, Brazil, Chile, Colombia, Mexico, Panama and Peru.
This Privacy or Personal Data Processing Policy of PayU applies to all users of PayU´s services, that is, merchants, natural and legal persons, the latter in the events that according to the law of Protection of Personal Data should be applied, payers of the merchants which are PayU’s customers, which are linked directly with PayU in the payment process through their access to PayU´s payment platform, or all those natural persons whose data are collected or gathered by PayU in events, web pages of PayU in Latin America, among others, to later contact or send them information about PayU and the services we provide.
This Privacy or Personal Data Processing Policy of PayU establishes:
In order to ensure your right to privacy and the protection of your personal data at all times, we have tried to make this Policy as easy as possible for your better understanding. Your information and privacy are important to us!
As the data subject, you consent to the processing while being at the PayU web sites we ask you to verify and approve the acceptance of the Terms and Conditions of use of the PayU Services and this Privacy Policy or Privacy Notice, the latter in cases in which it applies. We invite you to get acquainted, read very well and get familiarized with this Policy, prior to accepting the same and to provide us with your personal data for processing.
You are not obliged to provide us with your personal information; however, if you choose not to do so, you will not be able to make use of some of our services or we will not be able to respond to your queries and needs.
You will always have access to this Policy by logging in to our web sites, in the main page or in the Legal section.
PayU may amend this Policy at any time. The amendments will be notified to you through the publication of the same in our web page and they will come into effect from the very moment of their publication, unless something different is stated. If the modifications require your express consent, in order to modify the purposes of the processing of your personal data, you will be informed so that you definitely accept and renew the authorization which you have given us for processing.
1 Delete data: Delete or remove the data subjects’ information from the databases.
The processing of your personal data is governed by the following principles, which apply without prejudice to the principles established in the Data Protection Laws applicable:
a) Principle of legality: the processing of your personal data will be based on what the applicable law and this Privacy Policy or the Personal Data Processing Policy establishes.
b) Principle of purpose: the processing of your personal data must comply with a purpose, which will be set out in this Privacy or Personal Data Processing Policy, in the applicable law or in the contract that you have with PayU. These purposes are legitimate and legal and are established for the correct provision of our services and/or for the improvement of the same or of the experience and contact you may have with PayU.
c) Principle of Freedom: The processing of your personal data can only be exercised with your prior, definite and informed consent. Your personal data may not be obtained or disclosed by PayU without your authorization, or in the absence of the same, without legal or judicial mandate that relieves your consent.
d) Principle of transparency: As the data subject, you have the right to obtain information regarding your personal data, the purpose of the processing, the databases in which they are contained, among other aspects relating to your privacy and the protection of your right to access your personal information.
e) Principle of security: Your personal information will be handled by PayU through the provision of technical, human and administrative measures necessary in order to provide security to your data, avoiding their adulteration, loss, query, use or unauthorized or fraudulent access.
f) Principle of confidentiality: Your personal data shall be subject to confidentiality.
PayU may collect or solicit personal information from the following sources:
a) Information that you provide to us. In order to make use of PayU´s services as a merchant or payer in any of the countries in which we operate, or, if you have a legal relationship with PayU as a service provider, or are interested in contacting us or to know what PayU is, we can display registration forms into which you will be required to provide your personal information, mainly to get in touch with you and be able to provide our services. For example, we ask for personal information related to your identification data (name, cellphone, email address, identity card number or identification, among others). We may also ask you for more information, for reasons of public order laws related to tax or fiscal matters or for the prevention and control of money laundering and terrorism prevention, to name a few. If you are a payer we will ask the data of your means of payment such as credit card number, expiration date, the card franchise, among others.
b) Information that we collect when you use our services.We collect information related to the service we offer. Among the information obtained in this way we include the following data: (i) The IP address, (ii) cookies. This information will allow to identify your browser or your account in PayU and serves as an information security measure, as well as to avoid phishing or other behaviors that pose a risk to the personal data of the user or customer. We also collect information related to your payment habits (amount frequency, which merchants you have paid using PayU, Payment behaviors), movements and transactions through PayU, or any other information related and generated by your interaction with the payment platform and its related services.
c) Information that we obtain from third parties such as credit bureaus, or identity validators, or from third-party allies, provided that we can legally resort to these sources.
In accordance with the personal data protection laws applicable in the Latin American countries and for the purposes of this Privacy or Processing of Personal Data Policy, we will consider that the information you give us is of personal nature, provided that the same, alone or in conjunction with other delivered or generated data, will allow us to identify or set you apart as an individual, or in cases in which it applies, as a moral person. Data like for example the name, telephone number, address, bank account number and its ownership, among others, is personal data. This information is your exclusive property.
In contrast to the above, the information you register or submit to PayU or which we generate from this and that does not reflect or make reference to a physical or moral person in particular, in the cases in which according to the applicable law of data protection it is required, allowing that your individual identification, such as for example which is related to the amount of a transaction, the acquisition of a particular good or service, the means of payment, the bank used or the information that we turn anonymous, among others, do not have the nature of personal data.
4.1 When PayU acts as processor of your personal data and, as a result, we have not collected your consent for the processing directly, you will need to ask the controller for your data, which can be, for example, a merchant that is client of PayU, technically integrated via API with us and with whom you have a consumer or commercial relationship for the purchase of goods or for the provision of their services, which will inform and share this Privacy Policy with you. This controller will be the one which collects your acceptance for the processing of your personal data.
4.2 All personal data and information you provide as a user of PayU´s services must be truthful, complete, accurate, up-to -date, verifiable and understandable.
4.3 When you exert your right of rectification, update, deletion, object the processing of your personal data, you will have to prove that you are in effect the data subject or who requests it is authorized by you, under the terms required by the law. Also, you must only exert your rights through the channels authorized by PayU in this Policy and you will have to send your queries or claims in compliance with the requirements established in the law.
5.1 PayU will process your personal data according to what is authorized by you and by the Law. The processing includes the purposes laid down in this Privacy Policy or Privacy Notice, in the cases in which the latest applies in accordance with the Law.
5.2 For the purposes described in this Privacy Policy, or in the Privacy Notice, PayU may process, collect, use, store, protect, among other activities, your personal data, including the following:
5.3 PayU may share your personal data with PayU’s Companies and/or its suppliers, when necessary to provide you with our services. PayU’s Companies and/or our providers will be required to only use your personal data for the purposes set out in this Policy. PayU ensures that every third party involved in the processing of your personal data uses protection standards in accordance with the applicable legislation and in accordance with the provisions set forth in this Privacy Policy.
Your acceptance to this Policy implies your consent that PayU might share your personal data with PayU’s Companies and/or with our suppliers within the limits described in the authorization and in this Policy.
5.4 We may also combine your personal data with other information we have, or provided by third parties, or resulting from your use of our services, to provide and improve PayU’s services, its content and advertising, as well as for the development and/or offering of products or services from PayU or from allies, among others.
5.5 PayU may process some or all of your personal data on servers located in different countries, where PayU provides its services in Latin America and where you as the data subject, reside in. This processing may be carried out by PayU (any of PayU’s Companies) or by third parties commissioned by PayU for the effect. In this event, PayU will verify that these countries have levels of personal data protection appropriate and consistent with those set out in this Policy and applicable laws and will comply with the requirements of this Policy and the law for the processing of your data. The transfer referred to is necessary for us to provide our services. By accepting this Privacy Policy, you understand this aspect and consent to this.
5.6 Non-personal information is combined with personal information, the information will be treated as personal information by PayU.
6.1 Our primary goal in collecting personal information is to provide you with our services in a safe, efficient, personalized way and without setbacks.
6.2 PayU collects and processes your personal information as permitted or required for the fulfilment of the following purposes:
Depending on the type of payment chosen by the data subject (buyer/payer), PayU will share the data with the institutions that validate and process each means of payment, for corresponding approval, validation, and compensation. This means that your personal data may be collected for those purposes by financial issuing institutions of the means of payment, acquiring financial institutions, payment processing networks, franchises such as Visa, MasterCard or American Express, to name a few.
The result of the processing of the payment made shall be notified to the merchant that is customer of PayU where you are making the payment, and to the buyer/payer.
By accepting this Privacy Policy, you authorize us to share your personal information with the enabling entities of the means of payment and with the entities in charge of processing and compensation of the same institutions as well as with the merchant that is customer of PayU from whom you’re purchasing a good or service.
The data of you or your credit card will be saved by PayU by applying the safety and protection standards of the information established by the regulations of the Payment Card Industry (PCI DSS), which you can check at www.pcisecuritystandards.org/.
It is important for you to know that your personal information will be kept by PayU under the functionality PayU Click only if the payment transaction you are performing to enable the functionality is approved by the issuers, acquirers, networks, and/or any other participant in the process of approval and validation of payments. If this does not happen, PayU will not save the information of your credit card(s).
This functionality is not required for you to have access to our services. Also, if you use "PayU Click" but, at any time, want to stop making use of this functionality, you can communicate with us and we will send you a link or the procedure to remove your information from the "PayU Click" functionality.
PayU may also make validations of your credit risk profile, based on the personal information you have provided us or it has been generated using our services by you.
The transfer is performed to comply with the provision of our Services or to meet other operational needs of the business or in development of some of the purposes set forth in this Policy.
By using the services of PayU, you understand that the transfer is necessary for the provision of our services and you authorize this transfer.
7.1 PayU does not sell nor obtain any gain from the use of your personal information.
7.2 PayU may combine your personal information with information from PayU, PayU’s Merchantss or third party information, in order to improve and customize the content of the ads, promotions and advertising that may be of interest to you.
7.3 If you do not wish to receive advertising information, or you don't want your data to be used to parameterize and customize your profile for purposes of marketing products and services of PayU or PayU´s Merchantss or of third parties, you can request the cessation of the use of your personal data for these purposes at any time, through the means provided in this Policy by PayU to this effect.
8.1 PayU’s web sites, online services, email messages and advertisements may use "cookies" and other technologies such as pixel tags and web beacons. These technologies allow PayU to understand the behavior of its users and indicate what parts of the web sites were visited, and facilitate and measure the effectiveness of ads and of web searches.
8.2 By using the software or PayU’s web sites you consent to the use of cookies.
8.3 You may choose to decline cookies at any time. However, if you do, keep in mind that some features are available only through the use of cookies and therefore if you decide not to accept them they will not be available.
8.4 The information that is collected by cookies and other technologies is treated by PayU as non-personal information, unless, in accordance with the laws of the countries in which PayU provides its services, it must have this treatment.
8.5 The Internet Protocol (IP) and similar identifiers will be treated by PayU as personal information, when in accordance with the laws of the countries in which PayU provides its services it should have this treatment, otherwise, it will be non-personal information.
9.1 PayU may share your personal data with financial entities, entities that provide the means of payment arranged on our platform, franchises, institutions, networks or any other which are involved in payment processing and validation. By giving your authorization supported by this Policy, you authorize PayU to share your personal data with these entities.
9.2 PayU may share your personal information with Merchantss which are PayU’s clients, in order to confirm a payment through PayU. This includes sharing information related to the rejection of the payment or payments that are not successful.
The merchantss which are PayU’s customers will not be able to use your personal information for any purpose other than that set out here, unless you agree to it and have clearly and directly authorized PayU’s Merchants.
PayU is not responsible for the information management, protection practices or compliance with the laws of protection of personal data by the merchantss which are PayU’s customers.
9.3 PayU will not reveal your credit card number or bank account number to the merchantss which are PayU’s customers you've paid through PayU, unless you authorize us to do so.
9.4 In some cases PayU may, if necessary, share your personal data with companies of the PayU Group, operators, agents or service suppliers that are partners or contractors of PayU, for the provision of PayU’s services. In all cases, PayU will require those who it shared your personal data with, to take the appropriate technical and organizational measures to protect your personal data and to comply with the relevant legislation.
9.5 PayU may share your personal data with the credit bureaus and collection agencies, in the terms permitted by law.
9.6 PayU may share your personal information in whole or in part with the companies that it may merge with or with companies that are intended to be acquired, PayU’s Companies. In any case, this Policy will continue to govern the terms of use of this information, until it is replaced or modified, depending on the situation.
9.7 PayU may disclose your personal information when we are required to do so in compliance with the policies for the management of credit cards or the rules of the financial institutions involved in the processing and validation of payments.
9.8 PayU may disclose your personal information, on the occasion of a legal process, litigation and/or at the request of public and governmental authorities within or outside your country of residence or in compliance with mandatory procedures, such as, for example, the reports to governmental entities in the field of withholdings and taxes.
9.9 PayU may disclose your personal information if it is necessary for law enforcement or court or administrative order.
9.10 PayU may disclose your personal information when it considers that there is sufficient evidence to believe that the disclosure of personal information is required in order to avoid damage or financial loss to PayU or any user of PayU’s services.
9.11 PayU may disclose your personal information when required to report any suspected illegal activity.
9.12 PayU you may access and use your personal data when we believe in good faith that it is necessary to: (i) comply with the applicable law; (ii) to protect our users from spam or prevent fraud attempts to the users of our system; (iii) for the operation and maintenance of our web sites, products and services, such as, for example, to prevent or put an end to an attack on our networks and our computer systems; (iv) to protect our rights and property; (v) to demand the fulfillment of the terms governing the use of our web sites, products or services.
9.13 PayU may share your information with allies such as financial institutions and financial technology companies, among others, with which PayU executes agreements to explore, create and / or offer products and / or services. In such events, with the acceptance of this privacy policy, you authorize PayU to share your personal data with said third parties.
10.1 PayU guarantees access to your personal information so that you can exercise your right to modify, correct, update, delete it or refuse to its processing. You can access your information in the form and time established by the applicable legislation, in accordance with the laws of your country or of the country in which your personal data are being processed, as applicable.
10.2 You will be able to perform all the above actions in relation with your personal information, unless PayU must keep it in the state in which it is recorded in PayU’s system for legal, contractual or legitimate business reasons which prevent it to do so.
10.3 PayU may reject access, rectification, cancellation, opposition, changes, modifications, update requests, among others, of your personal information, provided that it is legally permitted, that are: (i) more repetitive than reasonable, (ii) that require a disproportionate technical effort (for example, developing a new system or fundamentally change an existing practice), (iii) that endanger the privacy of other users or (iv) that are not practical (for example, requests that refer to information stored on backup systems).
10.4 PayU may provide the update service of data free of charge. In the event that the upgrade or modification of personal data generates some cost, you will be notified in advance and you will be charged, provided that it is legally allowed.
10.5 When PayU is providing you with the services, your personal data are protected in such a way that they cannot be deleted accidentally or maliciously. For this reason, although you request the removal of your data from our services, it is possible that PayU will not immediately delete your personal data on our information systems or on the residual backup and stored on our servers. The complete suppression will end or not according to: (i) our technical procedures for the renewal of the backup or similar technical activities, (ii) actions that might cause harm to the rights or legitimate interests of third parties, (iii) the existence of a legal obligation to retain the information.
10.6 You should perform the exercise of rights by taking the following considerations into account:
11.1 On PayU’s web sites may be links that take you to another web site.
11.2 The linked sites are not under the control of PayU and have different privacy policies.
11.3 If you use extras, add-ons or third-party applications to gain access to the services of PayU, the provider of such applications may have access to certain personal information of yours. PayU cannot control how the service provider of the applications uses the available personal data in relation to these. Don't forget to read the privacy policies of the provider before installing or using the applications.
11.4 The Privacy Policy of PayU does only consider personal data that is collected directly by PayU.
11.5 PayU recommends you to be careful when you provide your information on the Internet. PayU accepts no responsibility in relation to web sites that are outside of its control.
12.1 Protection and security of the personal, financial and business information is treated and managed according to PayU’s security policy.
12.2 PayU takes legal, technical and organizational measures that it considers necessary in order to maintain the security of your personal information, with due observance of the applicable obligations and exceptions under the legislation in force.
12.3 PayU follows the industry’s standards regarding the protection of personal data, including, among other measures, a firewall, Virtual Private Network ("VPN") and Transport Layer Security (TLS). Additionally, PayU is a certified entity under the PCI (Payment Card Industry Data Security Standard) standard.
12.4 PayU protects your personal information with encryption methods during its processing, among other existing or future techniques to ensure the security of the information.
12.5 PayU reviews its policy regarding the collection, storage and processing of your personal data, including physical security measures, to prevent adulteration, loss, query, use or fraudulent or unauthorized access to your personal information.
12.6 PayU communicates its Privacy Policy to employees and suppliers and applies strict measures for the protection of privacy in its interior.
12.7 PayU limits the access of the contractors, agents and employees to the personal information that must be processed. Only authorized employees of PayU or its affiliates, subsidiaries or service providers who need access to such information in order to comply with their obligations may have access to the personal data. PayU ensures that they meet strict contractual confidentiality obligations and that they are subject to contractual and legal consequences that a failure can generate.
12.8 PayU ensures that the confidentiality obligation assumed by persons involved in the processing of your personal information persists even after the end of the relationship between PayU and those people.
13.1 PayU will retain your personal information for the period necessary to fulfill the purposes outlined in this Privacy Policy, unless the law requires or permits a longer retention period.
14.1 PayU does not voluntarily collect, use or disclose personal information of minors, according to the minimum age equivalent in the relevant jurisdiction, without the prior consent of the parents or guardians of the minor.
14.2 The services of PayU are not intended or designed to attract minors.
14.3 If we learn that we collected the personal information of a minor according to the jurisdiction, without first receiving a verifiable parental consent, we will take steps to delete the information as soon as possible.
14.4 We encourage parents to stay informed about the Internet activities of their children, in order to ensure that no information is collected from a minor without parental consent.
15.1 The exercise of rights, requests, queries and claims can be performed with regards to PayU under the following considerations:
15.2 PayU answers all your questions in the shortest possible time and within the required terms of the applicable law of Personal Data Protection.
15.3 If you are not satisfied with the response received by PayU you can let us know, in which case we will take the necessary actions to meet your request, or you can refer your complaint to the relevant data protection authority.
The data subject has the right to access, free of charge, at intervals of not less than six months, unless a legitimate interest is proven for the purpose, as set forth in article 14, paragraph 3 of Act No. 25,326. The THE AGENCY OF ACCESS TO PUBLIC INFORMATION, in its capacity as Control Body of Law N ° 25,326, has the power to deal with complaints and claims filed by those affected in their rights for non-compliance with the regulations in force regarding protection of personal data.
To contact the Access to Public Information Agency: Av. Pte. Gral. Julio A. Roca 710, 3rd floor - Autonomous City of Buenos Aires. Email: info@aaip.gob.ar
In order to comply with the Act No. 1581 of 2012 and other related and complementary rules, PayU Colombia S.A.S. ("PayU" or the "Company") domiciled in the city of Bogotá, in the Street (Calle) 99 No. 14-49, 7th Floor, Bogota, Phone number +57 1 6540721 informs you that it acts as the Responsible of your personal data collected through the platform and/or transactional channel and/or through payments made through PayU.
As a result, with the verification and acceptance of this Policy and the acceptance of our contracts of our system’s use (terms and conditions of the merchantss and terms and conditions of payers) you express that you know this Information Processing or Privacy Policy (the "Policy"), and that you consent to the processing of your personal data, in the terms set forth in it.
This Policy of PayU describes:
In accordance with Act No.1581 of 2012, the data subjects have the following rights:
In accordance with the provisions of Law 1266 of 2008, in addition to Law 1581 of 2012, in relation to the rights indicated in section 2.4. of this section "LEGAL CONSIDERATIONS FOR COUNTRY PAYU" / COLOMBIA, PayU guarantees the exercise of the following rights to the, Data Subjects, where applicable: a. Exercise the fundamental right to habeas data in the terms of the law, through the use of consultation procedures or claims, without prejudice to other constitutional and legal mechanisms. b. Request the respect and protection of other constitutional or legal rights, as well as the other provisions of the law, through the use of the claims and petitions procedure. c. Request proof of certification of the existence of the authorization issued by the source or by the user. d. Request information about authorized users to obtain information. e. Request information or request the updating or rectification of the data contained in the database, which PayU will perform as operator, as established in the procedure for inquiries, claims and petitions provided by Law 1266 of 2008 f. Request information about the use that the user is giving to the information.
The authority of personal data in Colombia is the Superintendence of Industry and Commerce, which you will be able to address in the terms established in the legal regime.
PayU will request your authorization for the processing of your personal data using informed authorizations, such as the following, in the event that it may not be able to put this privacy policy at your disposal and you will not be able to know the same in advance, or agree to its application in the processing of the personal data you provide to us:
MODEL AUTHORIZATION FORM JUST FOR EXAMPLE
AUTHORIZATION FOR THE PROCESSING OF INFORMATION
In order to comply with the Act No. 1266 of 2008 and Act No. 1581 of 2012 and other complementary and related rules, PayU Colombia S.A.S. ("PayU" or the "Company") domiciled in the city of Bogotá, in the Street (Calle) 99 No. 14-49, 7th Floor, Bogota, informs you that it acts as the Responsible of your personal data and financial data collected through the platform and/or transactional channel and/or through the payments made through the PayU payment system. As a result, with the click of acceptance you manifest that you know the Privacy Policy included in this document and available at -here-, and that you know and you authorize in a free, prior and informed manner that:
You also authorize, when PayU requires it for developing and offering innovative products and services, to access, query, compare and evaluate information about you that is stored in the databases of any credit, financial, or any commercial database or service risk central that allows it to set your behavior as a debtor, user, customer, head of financial, commercial, or any other kind of services. In the same manner, and as applicable, you are consenting PayU to report your information and behavior on monetary obligations to legitimately constituted credit, financial, commercial or service risk centrals or to other financial institutions, in accordance with Act No. 1266 of 2008 and other applicable regulations.
With the click of acceptance you also manifest that the data supplied are true, that you have not omitted or changed any information. This authorization is extended to those who represent the rights of PayU, who it contracts for its exercise, or to whom the rights, obligations or contractual position are ceded to any title. This authorization shall remain in force, until revoked in accordance with the events provided for by law, but may not be revoked in whole or in part, in force of the bond or by virtue of legal rules that oblige the Company to keep it stored.
You can at any time exercise the right to know, update, rectify and delete your personal information, as well as to request the proof of authorization, revoke the same, and submit claims to the Responsible or start filing complaints with the Superintendence of Industry and Commerce. We invite you to visit the Information Processing Policy, where you can learn more information about the procedure for the exercise of your rights, available below or here.
HERE ENDS THE AUTHORIZATION TEXT FOR YOUR ACCEPTANCE. IN THE CASE OF NOT GRANTING YOUR CONSENT WE WILL NOT BE ABLE TO PROVIDE YOU WITH PayU’s SERVICE.
BELOW IS THE PRIVACY POLICY FOR YOUR QUICK KNOWLEDGE AND CONSULTATION.
The processing of your personal data may be carried out on PayU’s servers or by third parties hired by PayU, located in different countries of the world (such as, but not limited to, Argentina, Brazil, Mexico, Chile, Peru, Panama, United States). PayU reserves the right to transfer or transmit your personal information outside of the country of your residence and domicile, always ensuring that these countries have levels of personal data protection appropriate to those set out in this Policy and to applicable laws.
The transfer or transmission is performed to comply with the provision of our Services or to meet other operational needs of the business or in development of some of the purposes set forth in this Policy.
By using the services of PayU, you understand that the transfer or transmission is necessary for the provision of our services and you authorize this transfer.
Information related to your payment habits, use of PayU services, access to our websites, your movements and transactions paid through PayU, which may include the review of the information of the PayU client stores those that have been paid through our system, as well as any other information related to and generated by the interaction with the payment platform and derived transactions, may be used for the analysis of PayU, which may be done by automated means and it may entail the creation of profiles such as scores with content and credit purpose. This information may be sent to allied third parties, such as financial entities for the analysis and review by said third parties in relation to the credit risk, in order to make you offer joint products or services with PayU or own of said third parties, which may have a credit or financial nature and serve as a basis for the decision making of said third parties. With the acceptance of the privacy policy you are authorizing the realization of these activities with respect to the aforementioned data, by PayU. In case you do not want such operations on your data to be performed, we invite you to send us a communication to the mail indicated in this policy in the exercise of your right to the revocation of consent. Similarly, if you wish to exercise the rights of access, rectification and / or update regarding the indicated information, we also place at your disposal the indicated email address, in accordance with the provisions of Law 1266 of 2008, and/or Law 1581 of 2012 if applicable, and as indicated in the present CONSIDERATIONS APPLICABLE BY PAYU COUNTRY / Colombia, clause 2.1.
3.1 Online Latin American Payments Mexico S.R.L.C.V., hereinafter "PayU", with domicile in Sinaloa 195, interior 208, Colonia Roma Norte, Delegación Cuauhtemoc, Mexico City 067001, is a juridical person constituted under the laws of the United Mexican States and, as a person obliged in terms of the Federal Law of Protection of Personal Data in Possession of Private Individuals, hereinafter referred to as "the Law" and its rules, is fully committed to the protection of your personal data, being responsible for its processing, confidentiality and protection.
3.2 Means for exercising the access, rectification, cancellation or opposition rights, in accordance with the provisions of this Act.
For the exercise of your ARCO Rights, you must submit an application (the "ARCO Application") to the domicile of PayU, to the email address mentioned in paragraph 10 of this Policy, accompanied by the following information and documentation:
PayU will answer your request for the exercise of your ARCO Rights and the reasons for the decision by email, within a maximum period of 20 workdays from the day of receipt of your ARCO Application. In the case that the ARCO Application is answered in the affirmative or appropriately, the requested changes will be made within a maximum period of 15 workdays. PayU may notify you within the time limits referred to in this paragraph for the extension of the same, for just one time, for a period equal to the original.
PayU may deny access (the "Negation") to the exercise of the ARCO Rights, in the cases permitted by law, we will let you know the reason for such a decision. The Negation may be partial, in which case PayU will make the access, rectification, cancellation or opposition on the relevant part. .
The exercise of the ARCO Rights will be free, but if you reiterate the application within a period of less than twelve months, the costs will be three days of the General Minimum Wage in force in the Federal District, plus VAT, unless there are substantial changes to the Privacy Notice that could motivate new applications of the ARCO Application. You will have to cover the justified shipping costs or the cost of reproduction of copies or other formats and, where appropriate, the cost of the certification of documents.
This Policy came into effect on May 11, 2019, replacing the Policy which was in force until that date.