Privacy Policy

PRIVACY POLICY STATEMENT

Last Updated: September 14, 2022

At Evertec® we are committed to provide the highest quality payment processing services and solutions, adding value and efficiency to the institutions we serve. In doing so, we place the highest importance on respecting and protecting the privacy and confidentiality of the information shared with us. This Privacy Statement applies to the information collected through our webpage www.evertecinc.com, ath.com, the ATH Móvil® and ATH Business® applications, our services and functionalities, including but not limited to Botón de Pago, and through online ordering available in the webpages of businesses that use pvot by evertec® (“pvot”). The ATH Móvil websites (www.athmovil.com and ath.business.com) are only informative and do not have any application functionalities available. Our services include products, services, functionalities, technology and applications offered to ATH Móvil, ATH Business and/or pvot users. We provide this Privacy Policy Statement to inform users what type of information we may collect and also how we collect, use, share and protect your Personally Identifiable Information (PII). We also inform you the choices you can make about the way your information is collected and how that information is used. This information is very important so we hope you can take the time to review the following Privacy Policy Statement carefully.

The evertecinc.com. ath.com, athmovil.com and ath.business.com websites, and their mobile applications and functionalities, pvot and its functionalities, are owned by Evertec Group LLC., who is responsible for your information and has its principal place of business at Hwy 176 Km 1.3 Cupey, San Juan, P.R. 00926

Our subsidiaries in Colombia also have their own Personal Data Protection Manual in compliance with the applicable local legal requirements.

DEFINED TERMS

Affiliates – refers to companies controlled by a common owner. These can be financial or non-financial companies. Refers to related companies under the same corporate entity.

Cookie – text files that are stored on your computer browser to record your preferences. When visiting the ATH Móvil or ATH Business websites, and/or online ordering on the webpages of businesses who use pvot, we may collect your IP address, among other information, through “cookies”. These do not contain your email address or other personally identifiable information, unless you choose to provide this information to us.

Data Protection Authority – independent public authorities that supervise, through investigative and corrective powers, the application of the data protection law. They provide expert advice on data protection issues and handle complaints lodged against violations of the General Data Protection Regulation (GDPR) and the relevant national laws. There is one Data Protection Authority in each EU Member State.

Non-affiliates – refers to companies not controlled by a common owner. These can be financial or non-financial companies. Refers to entities that are not related between them and do not belong to the same corporate entity.

Personally Identifiable Information (PII) – (common term in the United States) refers to information which can be used to distinguish or trace an individual’s identity, such as their name, social security number, biometric records, etc. alone or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, mother’s maiden name, etc. Personal information does not include de-identified data which cannot be associated with a specific individual.

Personal data – (common term in the European Union) refers to information relating to an identified or identifiable natural person. Personal data includes but it is not limited to, name and last name, physical address, email address, national identity card number, internet protocol (IP) address and other factors specific to the physical, physiological, genetics, cultural, religious, location or social identity of that person.

Secure Sockets Layer (SSL) encryption technology – secure protocol developed to ensure that the transmission of data between a server and a user, or vice versa, is completely safe and protected. When you visit a website starting with “https”, the “s” after the “http” indicates the website is secure.

Third party – a person who is not a party to a contract or transaction.

INFORMATION WE COLLECT FROM OUR USERS

We may collect nonpublic Personally Identifiable Information (PII) from you in order to operate our websites www.evertecinc.com, www.ath.com, www.athmovil.com and www.ath.business.com , including its mobile applications, and to provide you with our ATH Móvil and ATH Business services, the functionality of Botón de Pago and online ordering at businesses who use our product pvot. Personal information is data that identifies you or that makes you identifiable. We collect information that you voluntarily provide us when you visit our website, send us your resume as part of an employment application or when you create an ATH Móvil or ATH Business account or when you use our ATH Móvil or ATH Business services and functionalities. We may also collect transaction information when you use our ATH Móvil, ATH Business, the Botón de Pago functionality and/or online ordering on the websites of businesses that use our product pvot. When you send us your resume, or when you use our products, services and functionalities, you provide your consent to our privacy practices as described in this Privacy Statement. If you, as user, do not provide us your information, we will not be able to provide our products, services and functionalities and our ability to evaluate your employment application would be limited. We do not sell or rent the personal information we collect. The type of nonpublic PII that we may collect includes, but is not limited to:

  • Information received when you open an ATH Móvil or ATH Business account: name, date of birth, telephone number, email address, and/or debit card number associated with your ATH Móvil or ATH Business account.

  • Account access information: we may verify your username to provide you with access to ATH Móvil or ATH Business applications.

  • Information provided in a resume as part of an employment application and during the recruitment process: name, title, contact information, education, previous work experience, abilities, qualifications, trainings, professional licenses and certifications and any other information that may be included in your resume or shared during the interview process. Background information related to your credit history and/or criminal background screenings may be required where relevant to your application and permitted under applicable law. Evertec may obtain and evaluate publicly available information as part of the recruiting process. When you apply for a position at Evertec, we request that you provide your personal information in order to evaluate your application. If you do not provide your information, our ability to consider your employment application would be limited. Except for when it is specifically required by law, we request that you do not include in your employment application any information related to your religion, health condition, age, gender identity, nationality, sexual orientation or political affiliation, among other sensitive information. If you choose to provide such sensitive information, we understand you are expressly authorizing Evertec to handle such information in agreement with this Privacy Statement. If you have functional diversity, and you would like us to consider an accommodation, you may provide us the information during the recruiting process. According to applicable law, we may request information regarding ethnic origin, veteran status or special conditions of our applicants in order to monitor our compliance with equal employment opportunities. However, providing such information is completely voluntary and will not be considered during the recruitment process.

  • Information we may collect from third parties or other sources as permitted by law and/or in accordance with your consent: during the recruitment process, Evertec may obtain information about you from third parties or other sources. For example, when applicable, we may conduct background screening through a third-party service provider or verify information on your application related to your past education, previous job experience or references. If, during the recruiting process, you provide us personal information related to other individuals as references, you are attesting that you have obtained consent from those individuals so that Evertec may use their information as described on this Privacy Statement.

  • Contact information: we may collect additional information from or about you when you communicate with us, when you register to receive information of some of our services, when you contact our Help Desk, respond to a service survey or participate in one of our contests or draws.

  • IP Address: we may collect your IP address when you visit our website or use the ATH Móvil or ATH Business mobile applications.

  • Transactional information: when you use the ATH Móvil or ATH Business services and functionalities, Botón de Pago and/or online ordering on the webpages of businesses using our product pvot, we may collect information on payment transactions such as the debit card originating the payment transaction and the debit card receiving the payment. Transactional information may also include personal information such as name, telephone number and email address. The IP address, model and operating system (OS) of your electronic device may be collected when you register, log-in or at the time of a transaction.

  • Information we may receive from businesses registered with ATH Business – we may receive personal information together with payment transaction information submitted by businesses registered with ATH Business.

  • Information we may receive when you use the online ordering service on the website of businesses that use our product pvot – when using these services and/or functionalities, we may collect information such as name, telephone number and email address, information you provide us so that your online order may be confirmed and to be able to send you updated information about your online order.

USE AND SHARING OF INFORMATION

Information submitted for a specific purpose will be used for that purpose only and in accordance with applicable contracts, laws and regulations. Generally, we use your information to be able to evaluate your employment application, to effectively provide our services directly or through our subsidiaries, affiliates or third parties. For example, to allow you to initiate a payment transaction through the ATH Móvil application or through the functionality of Botón de Pago to pay at a merchant’s webpage, to transfer money to another individual, to make a donation or to manage your business transactions through the ATH Business application. We may also use your information to authenticate your access to your ATH Móvil or ATH Business account or to communicate with you in response to a previous message from you about your account, this site or our services. Your information could also be used to manage business needs and to improve our services.

The information we receive as part of an employment application and through the recruitment process will be used as permitted by applicable law for the following purposes:

  • To evaluate your abilities and qualifications related to the position requirements

  • To verify background screening and previous work experience, with your consent and as permitted by applicable law

  • To create an applicant’s profile that could be used to identify you and to consider you for other opportunities that may be available considering your interests and particular needs. If you do not want us to keep your information for those purposes, please notify us.

  • For internal use for analysis and statistics

  • To comply and continue to monitor our compliance with legal, regulatory and governance requirements,

  • To be able to communicate with you regarding your employment application and the recruiting process

In the event that you are hired by Evertec, the personal information collected as part of your employment application and recruitment process will be included in our human resources system and will be used to manage the new-hire process. The information may become part of your employee file and may be used for other employment related purposes. Evertec does not make automated decisions related to the application and recruitment processes without human involvement.

We may share your PII in order to carry out our daily operations. We may share information of our job applicants with our affiliates that are involved in the talent recruitment process for available positions. If we do so, Evertec is responsible for the information shared with our affiliates. We may also share personal information to comply with law enforcement authorities pursuant to a subpoena, a court order or any other legal process or requirement. There are Federal laws that grant consumers the right to limit some, but not all, of the information that may be shared. Federal law only grants you the right to limit:

  • The sharing of information between affiliates for the purpose of daily operations which pertain to your credit capacity, (In Evertec, we do not ask you for, nor do we maintain, this type of personal information).

  • The sharing of information with affiliates to be used for marketing products and services.

  • The sharing of information with non-affiliates to be used for marketing products and services.

If you wish to limit the sharing of your personal information, please send your request to [email protected] or you may click on “Unsubscribe” on any of our promotional communications.

The following sets forth the ways in which we may share your personal information and whether or not you may limit what is shared according to Federal law:

Ways in which we may share your personal information

Does Evertec share your personal information?

Can you limit what we share?

We share your personally identifiable information in order to carry out our daily operations; such as processing transactions, offering service related information and responding to court requests and legal investigations.

Yes

No

For the purpose of conducting our affiliates’ daily operations - information about your transactions and experience with us.

Yes

No

Sharing of information between affiliates for the purpose of daily operations which pertain to your credit capacity.

Information on credit capacity is not collected by Evertec for daily operation purposes

We do not share

We do not share your personal information for marketing purposes, for our affiliates or non-affiliates to send you marketing offers.

No

We do not share

If you live in California, California law gives you the right to ask if we disclose your personal information to third parties for their direct marketing purposes (we do not disclose your personal information for others’ direct marketing purposes). It also gives you the right to ask if we sell your personal information to third parties (we do not sell your personal information). California residents have a right to request access to certain personal information collected about them over the past 12 months, or to request deletion of their personal information, subject to certain exceptions, and may not be discriminated against because they exercise any of their rights under the California Consumer Privacy Act (CCPA).

Sharing with third-party service providers. We may share personal information with third-party service providers who perform services on our behalf as part of our daily operations.

During the recruiting process we may share personal information with third-parties or service providers like recruiting agencies, consultants and background screening services. Personal information will only be shared on a need-to-know basis in order to perform the required services and functions. Evertec will not allow third-parties or other service providers to use your personal information for their own purposes.

We share information with our service providers that accurately reflects our privacy policies and practices. We also have contractual agreements with our service providers that prohibit third parties from disclosing or using the shared information other than to carry out the business purposes for which it was shared. Our service providers are also required to maintain information security programs in place that include administrative, technical and physical safeguards to protect the security and confidentiality of personal information.

Sharing when required by law. We may disclose personal information to law enforcement and government authorities, if Evertec is compelled to do so by a subpoena, court order or similar legal procedure, or as otherwise required by law. We may share information in relation to a reorganization, merger, joint venture or similar processes.

Sharing information for safety reasons and fraud prevention. We may share personal information, including but not limited to, name and telephone number, with financial institutions participating in ATH Móvil, to protect or prevent against actual or potential fraud, unauthorized transactions, claims or similar risks. We may also share, as necessary, to protect your vital interests in the event of an emergency or for health and safety reasons if they occur, for example, while you were attending a job interview at our premises.

Sharing information with businesses affiliated to ATH Business. Businesses affiliated to ATH Business have access to certain information from ATH Móvil users that make payments to their business. For example, the business may have access to information that includes, but is not limited to, telephone numbers, email addresses, name, debit card number and comments, if any.

Sharing information between ATH Móvil users in a transaction. When using the ATH Móvil application to make person to person payments, the ATH Móvil users involved in the transaction may have access to see the name and telephone number of the other person originating or receiving the payment.

Your information may be transferred to and maintained in whole or in part on computer networks which may be located outside of the state, province, country or other governmental jurisdiction in which you reside, and may be stored on equipment or in facilities leased or licensed from third parties. Unless required to be disclosed in response to a legal process, such as a court order or subpoena, or to a law enforcement agency’s request, we will not share the collected information with third parties other than as set forth in this notice.

We use appropriate technology and well-defined employee practices to process the PII promptly and accurately. We will not keep personal data longer than is necessary, except as otherwise required by applicable law. If your ATH Móvil or ATH Business account is closed, we reserve our right to retain access to the data for as long as needed to comply with applicable laws. We will continue to use and disclose such personal data in accordance with this Privacy Policy Statement.

ACCESS TO YOUR PERSONAL DATA

You have a right to request a copy of the personal information we collect from you through our websites, applications, services and/or functionalities. You may send your request through the email [email protected]. We will require proof of your identity before providing any personal information. You can also review and update your personal information in your account settings at any time by logging in to your account, when you have created an ATH Móvil account or an employment application profile. If you wish to change any information in an employment application that was already submitted for our consideration, you may update your profile and submit your application again. We encourage you to update your personal information if there are any changes in the information provided during the application or recruitment processes.

Where appropriate, you may have the personal data erased, corrected, amended or completed. We reserve the right to refuse to provide our users with a copy of their personal data but will provide the reasons for our refusal. You will be able to challenge our decision to refuse to provide a copy of your personal data.

USE OF COOKIES

In order to better serve you through the internet, we may use Cookies in our webpages. A Cookie is a small piece of information which a web server may place on your device when you visit a web site. This is useful for having your browser remember some specific information (for example, pre-filled or pre-selected areas) which the web server can later retrieve. A Cookie allows your browser to remember you as a previous visitor and could improve the way you use the site because it remembers your preferences while you visit the site. When accessing some of the restricted areas at our website, your web browser sends an identifier of your device to our web servers. This information is collected to identify your device. If you wish to disable these Cookies, the “help” portion of the toolbar on most browsers will tell you how. However, if you set your browser to disable cookies, you may not be able to access certain areas or features of our webpages.

ABOUT SECURITY

Once we receive your PII, Evertec has security measures in place to help protect against the loss, misuse, unauthorized modification or destruction of the information under our control. We use industry-recognized security safeguards, such as firewalls, anti-virus, intrusion detection systems, and operational procedures to detect and preclude unauthorized parties from accessing our systems. We urge you to take adequate precautions to protect your personal information as well, including never sharing your personal or access information with anyone.

Our operational procedures include restricted access to customer’s non-public PII to those employees who have been trained to manage and safeguard this type of information. All employees, agents and contractors who have access to your PII are required to protect this information in compliance with our Privacy Policy. We hold our employees responsible for complying with our Privacy Policy and its principles, and we take the appropriate measures to enforce our employees’ responsibilities, as specified in our Code of Ethics. Additionally, we use internal and external resources to review the adequacy of our security procedures.

We use Secure Sockets Layer (SSL) encryption technology to safeguard the information shared with us in the restricted areas found in our website. SSL is the standard security technology for creating an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and intact. Adding SSL encryption to our web pages ensures end-to-end encryption for the duration of the session. You can verify this by looking for a lock icon in the address bar and looking for “https” at the beginning of the webpage’s internet address.

While we use encryption to protect sensitive information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job are granted access to PII. We also maintain physical and electronic security measures necessary to safeguard the confidentiality of your PII as required by law and by our Privacy Policy. These measures include restricting access to computers, archives and buildings. The computers and servers in which we store PII are kept in a secure environment.

MONITORING AND ENFORCEMENT

The services and functionalities of ATH Móvil, ATH Business, Botón de Pago, pvot and Evertec employees may only process your PII in accordance with this Privacy Policy Statement. We conduct training and periodic reviews of our compliance. Employees who do not comply with our Privacy Policy may be subject to disciplinary action, up to and including employment termination. Employees are expected to report any violations to our Privacy Policy to their managers, the Privacy Officer, the Compliance Director or Compliance Officer, the Legal Department or through the confidential Ethics Line at www.evertecethicsline.com. The Compliance Division will perform periodic monitoring to ensure compliance with this Privacy Policy.

NO SPAM

Evertec, ATH Móvil or ATH Business will not send unsolicited text messages, or emails, requesting usernames, passwords, or any type of sensitive information. We will use e-mail to respond to e-mail messages received from you, to inform about service improvements, changes in terms and conditions applicable to our services or to engage in other communications which you have expressly permitted.

LINKS TO OTHER WEB SITES

Our applications and/or webpages may contain links to other webpages whose information sharing practices may be different from ours. We encourage our users to be aware when they leave our sites and/or applications and to review the terms and conditions and privacy notices of any other webpages and/or applications since we cannot assume any responsibility for the content or privacy policies of those other sites and/or applications.

CHILDREN’S PRIVACY

Evertec is committed to the protection of children’s online privacy under the Children’s Online Privacy Protection Act (COPPA). We encourage parents and guardians to take an active role in their children’s online activities and interests. Evertec does not knowingly collect information from children under 13 years of age. Our webpages, ATH Móvil and ATH Business applications, our services and functionalities including, but not limited to, Botón de Pago, and online ordering on the webpage of businesses that use our product Pvot, are not targeted to children under 13. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, the parent or guardian should contact us. Once notified, we will delete such information from our files as soon as reasonably practicable unless we are legally obligated to retain such data. Please contact us if you believe that we have mistakenly or unintentionally collected information from a child under the age of 13. If you are a child under 13, you may not use our services. Our services are not directed to children under the age of 13. If we unintentionally collected your data and later learn you are a child under the age of 13, we will delete the data as soon as possible.

CHANGES TO THIS PRIVACY POLICY STATEMENT

We review our Privacy Statement regularly and may modify it from time to time when necessary. Some of the changes will be in response to changes in our business, our websites, ATH Móvil or ATH Business applications, our services, the employment application or recruitment process, changes in functionalities or applicable laws and regulations. The amended Privacy Statement will be posted on our websites, applications and/or functionalities. We encourage you to periodically review this Privacy Statement so that you will be aware of our updated privacy practices. The date when the Privacy Statement was last updated will be included at the top right corner of the Privacy Statement.

Employment applicant’s consent

When you apply for an employment opportunity at Evertec and provide your personal information as part of the application and recruitment processes, you express your consent to the use and sharing of your personal information as described in this Privacy Statement.

CONTACT EVERTEC WITH QUESTIONS REGARDING THIS PRIVACY STATEMENT

Individuals may address their privacy related concerns by contacting Evertec at [email protected]. Please note that said email should only be used for privacy related concerns. For any other comments or concerns related to our services, you may contact our Customer Service Call Center at 787-775-2846 for ATH Móvil; 787-773-5466 for ATH Business; 787-773-5310 for Pvot; and 787-759-9999 for general information or comments. Please contact us if you have any questions about this Privacy Policy Statement, our privacy practices, your interactions on our webpages, our services or if you feel we are not complying with this Privacy Policy Statement. Every privacy-related question or comment will be acknowledged, evaluated and investigated, and the results of the investigation will be provided. If a complaint is found to be justified, appropriate corrective measures will be taken.

If you are a resident of the European Union, and have an unresolved privacy or personal information collection, use or disclosure concern that we have not satisfactorily addressed, please be aware that you may address your concern to your local Data Protection Authority, who may decide to further investigate the matter. Evertec will always fully cooperate with any regulatory request.