Pagadito has always considered the processing of personal data to be a valuable privilege, and its main concern is to ensure that this information is duly protected while respecting the principles of honesty, lawfulness and transparency. On May 25, 2018, the EU Regulation 2016/679 on the processing of personal data and the free circulation of such data (General Data Protection Regulation, "GDPR") will become directly applicable in all European Union Member States.
Pagadito's business model requires the collection and disclosure of Users’ information in some cases. Pagadito believes that privacy of its User's information is highly important. Therefore, precautions are taken to safeguard such information by means of effective computer security systems.
This section includes a detailed description of how Pagadito manages such information for User to know beforehand of such circumstances.
The User can enjoy Pagadito's services being a Registered User. To achieve this, User must provide complete and accurate personal and financial data, as described in section "Personal Information". The information that may be required and stored include full name, user's nickname to be able to log in the web site, address, date of birth, e-mail, telephone number, credit card or debit card number, billing address to receive statement of account, card expiry date, card type, etc.
Pagadito reserves the right to confirm Personal data provided through public or specialized companies, for which the User expressly authorizes Pagadito to confirm the information it deems necessary. The information obtained will be treated as confidential.
Pagadito automatically collects and stores some information about Users' activity on Pagadito. Such information may include the URL of origin (whether or not they are on the website), which URL they access after that (whether or not they are on the Web site), what browser they are using, and their IP addresses. Pagadito may also collect and store information about the pages visited, searches made, publications, purchases or sales, ratings and replies entered, messages in the forums, etc. At the same time, Pagadito may collect and store information from correspondence such as e-mails or letters sent by the User, or correspondence regarding activities or messages of other Users on the site by other Users or third parties.
The processing of Data for each of the items above may be printed, automated or electronic and, particularly, by ordinary mail or e-mail, telephone (e.g., automated calls, SMS), fax and any other IT channel (e.g., websites, mobile applications).
To operate in the site, the Registered Users must use a unique nickname for identification. No User may have information of other Users unless: a) The Selling User is a Pagadito Comercio, b) When goods sold are vehicles or real estate property and c) When the transactions are international.
All duly registered Users shall have a Personal Password that will be used by the User to pay and charge as well as for other activities. The User must keep such password confidential and shall not share it with others. Furthermore, User will be responsible for all actions requiring use of his/her User nickname and Password. It means that he/she will be responsible for paying all fees that are accrued resulting from the use of that User’s Nickname and Password. If the User has evidence that a third party knows his/her Password, he/she must change it by selecting “my Personal Data” from the Pagadito menu.
Pagadito will take all measures it has available to protect the privacy of the Users’ information. Therefore, Pagadito shall not share Personal Information onerously nor free of charge, other than in the forms expressly set forth in this document. Moreover, the User authorizes Pagadito to provide all or part of his Personal Information to the companies controlled by controlling or associated with Pagadito.
Particularly, regarding Pagadito Comercios, Pagadito handles confidentially all Pagadito Comercios Purchasing Users’ information, so that Pagadito Comercios has only the necessary information of the buyer and not the Buyer User’s relevant financial or economic data.
Should any court order or public authority require Pagadito to provide information, Pagadito assumes no responsibility for the use of such information. Likewise, in the event of a third party unlawfully gaining access to any information, Pagadito assumes no responsibility for the use of such information.
Pagadito believes that the information of its Users is an asset that must be protected from any loss or unauthorized access. Therefore, it uses various security techniques to protect such data from unauthorized access by Users inside or outside the company. Pagadito binds itself to comply with all applicable regulations regarding security measures applicable to Personal Information in order to reduce such risk. Pagadito has an Extended SSL Validation certificate, a PCI DSS certificate and GDPR (General Data Protection Regulation) compliance.
Pagadito relies on hardware, software and encryption from companies providing quality protection services suitable for the type of information stored.
In spite of this, one must take into account that there is no perfect security system on the Internet. Therefore, Pagadito assumes no responsibility for unlawful appropriations and violation of its systems or databases and the use of such information by unauthorized individuals.
All personal data of the Users will be stored in an automated database of personal data located in Panama and/or El Salvador. When User's registers with Pagadito, he/she confirms to be aware of the location of this file and authorizes this international transfer of his/her data, in cases where his/her country of residence is other than the country where such database is located.
This applies to total or partially automated processing of personal data, as well as to the non-automated processing of personal data saved or intended to be stored in a file.
Collecting information allows us to provide Users with the most convenient features and services and to customize services for the benefit of Users. Personal Information collected has the following purposes:
1. Disclose information to card issuing banks and credit card associations regarding purchasing behavior and card-related account profiles in order to prevent fraud and illicit behavior.
2. Pagadito will provide, only the User's nickname data to the stakeholders by e-mail or the web site in order to facilitate transactions between them. The express authorization of Pagadito will be required in order to know personal data such as name, telephone number, e-mail and address of a user. This information can only be used by the stakeholders to complete the transaction originated by Pagadito. When exercising his or her right to data portability pursuant to paragraph 1, the stakeholder shall have the right to have personal data transmitted directly from person in charge to person in charge when technically possible.
3. Conduct internal studies on the interests, location and behavior of Users in order to offer the best services and provide them with information of interest to them according to their needs. Where the processing of personal data is for the purpose of direct marketing, the stakeholder shall have the right to object at any time to the processing of personal data concerning him/her, including profiling insofar as it is related to such marketing.
4. Develop commercial and advertising initiatives of the offers, contents and services through the analysis of the visited web pages and the searches of the Users in order to improve their presentation.
5. Send information about new services, news about Pagadito and advertising about products or services of interest to the User. The User hereby expressly authorizes Pagadito to send information regarding its services; however, the User may request not to be included in the lists for sending this information. He may do so in the section "Change of notification preferences" shown in clause IX.
6. In case the User is the winner of a Pagadito's promotion, he/she authorizes to disclose his/her names, personal data and photographs of him/her or his/her family by any means for advertising purposes without the right to compensation for it.
7. Share Personal Information with service providers or outsourcing companies such as transportation services, media or intermediaries in the management of payments, insurance, call centers, loyalty programs in order to improve or expedite services and operations. Pagadito will see that certain standards are met through the signing of agreements on the privacy of Users' information, especially the EU Regulation 2016/679 (GDPR). However, Pagadito assumes no responsibility for the misuse of information by such providers. In some occasions, providers will collect information directly from Users and in these cases, the User may receive a notification about this activity, and it will be at the User's discretion what information he/she wants to provide and the uses that will be made of it. In case the User provides additional information, under his own initiative, the providers will use such information according to their own policies, therefore, Pagadito assumes no responsibility for such use. If the decision is to disclose information to third parties other than the referred suppliers, the consent of the User will be required.
8. In case of any dispute between the Users and Pagadito, the latter may provide Personal Information to entities such as insurance companies, amiable compositeurs, arbitration courts or any competent court. If it were not possible to provide the information simultaneously, and to the extent it were not, the information will be provided gradually without undue delay.
Pagadito has a policy of restricted access of a User's Personal Information to other Users. Users may only use Personal Information of other Users obtained in the site for: a) communications related to Pagadito that constitute requested and authorized commercial communications, b) the use services offered in Pagadito such as deposits, insurance, shipping or transportation, and fraud claims and c) any other purpose to which the corresponding user expressly consents once the legally required information has been previously communicated to him/her.
On the other hand, the information to which the User has access according to the previous modes, may not be revealed to other Users or third parties without the due authorization of Pagadito or the User owner of the same. In addition, it is prohibited to the Users to add the e-mail or in any other way, the notification address or any other information of another Pagadito User.
Pagadito will cooperate with the judicial or administrative authorities to guarantee faithful compliance of the law and with the purpose of safeguarding the integrity and security of the company and its Users. Therefore, Pagadito may provide Personal Information of its Users at the request of any authority for purposes of its investigations in cases such as: protection of industrial and intellectual property rights, fraud prevention and other matters, and for its part, the User authorizes Pagadito Comercios to provide the information that at its discretion it deems pertinent for the proper compliance with the law.
Pagadito, at its discretion and when it may deem necessary because it believes that the activity of a User is suspicious or there are indications that he/she is trying to commit a crime or harm a person, may provide Personal Information of a User to other Users or third parties to enforce Pagadito's Agreements and Conditions of Use and other Policies of the site and with the purpose of cooperating with the execution and compliance with the law. This power will be exercised by Pagadito regardless of whether or not there is a judicial or administrative order to that effect.
Some of the uses that Pagadito can make of the Cookies may be: a) that the User does not have to introduce his password over and over during a navigation session, b) to count and corroborate the registrations, the activity of the user and others. The purpose of the installation of Cookies will always be for the benefit of the User who receives them and shall not be used for other purposes unrelated to Pagadito.
Pagadito can also use Web beacons. A web beacon is an electronic image, also called a single-pixel (1 x 1) or transparent pixel, that is placed in the code of a Web page. A Web beacon has similar purposes to Cookies but in addition, a Web beacon is used to measure traffic patterns of Users from one page to another in order to maximize how traffic flows through the Web. The User and the visitor of Pagadito's Web site know and accept that Pagadito may use a tracking system through the use of Web beacons.
If the User does not want to receive e-mails containing advertising, promotions or news from Pagadito, he/she can change his/her notification preferences in the Mi Pagadito section. In this section the User may choose his preferences to be considered by Pagadito in promotions, advertisements and news.
The User has the right to access, rectify and cancel his/her Personal Information. On the other hand, he/she binds itself and is responsible for the truthfulness, accuracy and validity of the information he/she provides and binds itself to keep it updated. Once registered in Pagadito, the user may review and modify the information he/she has sent such as:
1. The User's nickname and e-mail address. However, for security purposes, Pagadito will keep the information above.
2. The information provided in the registration such as: company, address, zip code, country, telephone number, fax number, e-mail, among others.
3. Personal Security Code.
The purpose of keeping some information that the User has requested to be removed is its use in cases of disputes or claims or to find problems and solve them. In addition, for security, technical and legal reasons, the User should not expect that his Personal Information will definitely and automatically be removed from the databases. The consent referred to in items 1), 2), and 3) above is optional. The lack of such consent will make it impossible for Pagadito to carry out the aforesaid activities.
The Users are required to update their information as the data need to be modified. The update of the information will be done through the Mi Pagadito section.
If material changes are made in the form that Personal Information is administered, it will be notified to the User to allow the User to take an informed decision regarding whether it accepts or not that its Personal Information is used as suggested. If it does not accept those terms, in that case the contractual bond will be dissolved, and its Personal Information shall not be used other than in the way that was informed at the time of being collected. The silence on the part of the User shall presume acceptance of the changes.
To access the services the User must be a person with legal capacity to contract; therefore, persons who do not meet this requirement should refrain from registering on the site unless they do so through their legal representative.
According to EU Regulation 2016/679 (GDPR), if the child is under 16 years of age, the processing shall only be regarded as lawful if the consent or authorization was provided by the holder of parental authority or guardianship over the child, and only to the extent to the authority he has been given or authorized. Member States may establish by law a lower age for such purposes, provided that this is not less than 13 years. In Spain the age is 14 years.
Notification of a personal data security breach to the supervisory authority.
In the event of a breach of security of personal data, Pagadito shall notify the competent supervisory authority pursuant to Article 55 without undue delay and, if possible, no later than 72 hours after it has become aware of it, unless such breach of security is unlikely to constitute a risk to the rights and freedoms of natural persons. If the notification to the supervisory authority does not take place within 72 hours, it shall be accompanied by an indication of the reasons for the delay.