End User Privacy Policy

This Privacy Policy is applicable to the services Belvo (defined in the section below) provides through its platform and software applications (“applications”) to its corporate customers (“Clients”) providing the aggregation of financial data from bank accounts and other types of financial accounts (“financial accounts”) for End Users.

Through this Policy, we wish to provide you, as an End User, with a simple and straightforward explanation of the information Belvo collects and about how we use, share that information and how we participate in data processing as a processor. While our Clients must inform you of the services we provide them, the applicable notices or policies, and must obtain, where appropriate, any consent necessary to process your information, we value transparency and want to provide you with a concise description of how we process your information.

Identity and contact details of the Processor

Belvo Technologies SAPI de CV (for Mexico and Colombia) or Belvo Tecnologias LTDA (for Brazil) (hereinafter, “Belvo”) is in charge of the processing of End Users’ personal data to fulfill the purposes established here. To resolve any doubts or clarifications regarding the use of your personal data, you can contact Belvo through the following e-mail: legal@belvo.com, indicating who is the Client making use of your personal data so that we can inform them about your contact with Belvo.

Purpose for the treatment of your personal data

Belvo uses your personal data for the purposes listed below:

• To comply with the legal relationship established with the Client (corporate Clients).
• Ensure the security of Belvo’s services by creating and encrypting your access credentials, applying security measures to the information you share through our services and applying measures to prevent fraud and malicious activity that can affect the security of our systems and your information.
• Statistics and improvement of  the use of our services, investigation of illegal uses of Client’s applications and investigation of violations of our Terms and Conditions, criminal activity or unauthorized access to Belvo’s services.

Who can we share your information with?

In order to fulfill our contractual relationship with our Clients, we may share your personal data, inside and outside your country of residence, with the recipients and for the purposes explained below:

For the purposes of auditing, security, fraud control, preservation of rights, we may keep your data for a longer period in the event that the law or regulatory rule so establishes or for the preservation of rights. 

The collected data may be stored on our servers, as well as in an environment of  resource usage  or servers in the cloud (cloud computing), which may require a transfer and / or processing of this data outside the country in which it was collected.  

When personal data is sent outside of your place of residence, the Client and Belvo ensure compliance with all legal and information security requirements established by applicable regulations, through contracts, clauses and controls necessary to ensure protection of your information.

Belvo’s responsibility and Client’s responsibility

Belvo processes the personal data of End Users who connect their financial accounts to a Client’s application or otherwise connect their financial accounts through the Belvo platform. Belvo accesses, treats and uses the personal data of End Users only during the period in which they remain linked to the Client’s applications or the Belvo platform.

The Clients are responsible for the databases created with the personal data of the End Users for the provision of the services you have contracted with them. These same Clients are responsible for the security measures they adopt to protect the personal data of their users and, in addition, to inform you about the purposes of the treatment related to your application. In summary, this Privacy Policy does not refer to and does not apply to third party web pages, applications, products or services and we strongly recommend that you review the notices or privacy policies that they must make available for you to process your personal data.

It is up to you to read the privacy and data handling policies of such portals, applications or platforms outside our environment, and it is your responsibility to accept or reject them. We are not responsible for the privacy and data processing policies of third parties, nor for the content of any websites, content or services linked to environments other than ours.

Storing your personal data; criteria for its determination

Belvo will keep your personal data for the periods strictly necessary to comply with the instructions of the Client (our corporate clients) and, if applicable, until the period of prescription of the actions resulting from the legal relationship that gave rise to the processing of your data.

Data Subject’s rights; means for exercising it

In all legally appropriate cases, you may exercise your rights of access, rectification, cancellation and opposition in accordance with the Notice or Privacy Policy of the Client who treats your personal data as responsible for them. 

As a processor, Belvo does not process requests to exercise the rights of personal data subjects, since such requests must be met by those responsible for the personal data of End Users.

If you request the exercise of your rights of access, rectification, cancellation or opposition, among others, Belvo will redirect your request to the corresponding Client, if applicable.

Automatic means of collecting personal data

Belvo uses cookies to facilitate navigation on the website www.belvo.com and/or the use of its platform within the Client application. Cookies are a tool used by web servers to save and retrieve information stored in the browser used by users or visitors to our website and allow you to save your preferences to provide a better browsing experience.

Cookies have an expiration date, which can vary from the duration of the session or visit to our website, until a specific date after which they are no longer operational. Most of the cookies used on www.belvo.com are associated only with an anonymous User and his computer equipment, it does not provide references that allow the User’s name and surname to be deduced, cannot read data from his hard drive or include viruses in his texts.

We may also collect information using “web beacons”, “pixel tags”, “clear gifs” or similar means (generically “web beacons”) that allow us to obtain non-personal or aggregated information, such as domain names, areas of the website what you visit, your operating system, the version of the operating system you use, the browser version and the URL prior to your visit. This information is used to understand traffic patterns.

You can configure your browser to automatically accept or reject all cookies or to receive an on-screen notice about the receipt of each cookie and decide right away whether or not you want to implement it on your hard drive. In any case, you can delete cookies from our website at any time, following the procedure set out in the help section of your browser.

For more information about the types of cookies we use at www.belvo.com, you can access our Cookie Policy.

Modifications or updates to this Privacy Policy

Belvo may modify, update, extend or in any other way alter the content and scope of this Privacy Policy, at any time and in its sole discretion. In such cases, we will post these changes on the website www.belvo.com. 

If any point of this Policy is considered unenforceable by the Data Authority or the court, the other conditions will remain in full force and effect.

Date of last update: February 22, 2021