Privacy Policy

Zip Co Payments México, S.A. de C.V. (“we/us/our”) with address at Paseo de los Tamarindos 90, Floor 21, Office 106, Bosques de las Lomas, Cuajimalpa de Morelos, CP 05120 City of Mexico, Mexico is committed to protecting the privacy of our customers’ personal and credit information. This policy sets out the ways in which we collect, hold, use and disclose personal information (including credit-related information). We may vary this policy from time to time.

We are committed to abiding by the Federal Law for the Protection of Personal Data Held by Private Parties, the Mexican Privacy Principles, the Law that Regulates Credit Information Companies, and any other relevant law.

What is personal information?

When we refer to “personal information”, we mean information from which your identity is reasonably apparent. This information may include information or an opinion about you. The personal information we hold about you may also include credit-related information.

“Credit information”, which is information which includes your identity; the type, terms and maximum amount of credit provided to you, including when that credit was provided and when it was repaid; repayment history information, default information (including overdue payments); payment information; new arrangement information; details of any serious credit infringements; court proceedings information; personal insolvency information and publicly available information; and

“Credit eligibility information”, which is credit reporting information supplied to us by a credit reporting body, and any information that we derive from it.

We use your credit-related information to assess your eligibility to be provided with finance. Usually credit-related information is exchanged between credit providers and credit reporting bodies.

How do we collect personal information?

We only collect information that is relevant to our business relationship with you. This information is received directly from you or from other sources that you have approved.

If we collect personal information from someone else, we will take reasonable steps to ensure that you:

• have been informed hereby or otherwise that we have collected that information;
• understand the purposes for which we have collected that information;
• and are aware how we might use that information or disclose it to other people.
• Your telephone calls to us may be monitored or recorded for internal training purposes.

What personal information do we collect?

The personal information we collect about you include:

• contact data;
• identification data;
• financial and estate data;
• employment details; and
• social media information.

When you use our website or mobile applications, we may collect information about your location or activity, including IP address, telephone number and whether you have accessed third party sites, the date and time of visits, the pages that are viewed, information about the device used and other user location information. We collect some of this information using cookies (see ‘Our use of cookies’ below).

Why do we collect personal information and how do we use it?

We collect personal information for the purposes of:

• providing financial products and services to you;
• managing our business relationship with you;
• optimizing our credit decisioning and fraud prevention engines;
• monitoring our financial performance;
• researching and planning for improvement of our products and services; and
• complying with our legal and regulatory responsibilities.

How do we collect your personal information?

Where reasonable and practical, we will collect your personal information directly from you. We may collect information about you that is publicly available, for example from public registers or social media, or made available by third parties. We may also collect your personal information from credit reporting bodies, mortgage and finance brokers, employers and other people such as accountants and lawyers.

When do we disclose personal information?

We disclose your personal information to achieve the same purpose for which it was collected.

Apart from the purposes above we do not give your information to any other person or company outside our subsidiary companies.

We might also disclose personal information about you:

• within our corporate group and subsidiary companies;
• to Zip entities and service providers based outside of Mexico;
• on a confidential basis to our agents, contractors and external service providers;
• to other organisations that are involved in managing or administering your finance, such as third party suppliers, lenders, mortgage insurers, trade insurers and credit reporting bodies;
• to entities that assist us to provide our products to you, including card issuers, gateways, or digital wallet providers;
• if we are otherwise permitted or required to do so by law, such as under the Federal Law for the Protection of Personal Data Held by Private Parties, government and law enforcement agencies or regulators;
• to anybody who represents you, such as finance brokers, lawyers, mortgage brokers, guardians, persons holding power of attorney and accountants;
• to investors, agents or advisers, trustees, rating agencies, or any entity that has an interest in your finance or our business;
• to entities to whom we outsource some of our functions or that provide information and infrastructure systems to us;
• to associated business and other organisations (unless you tell us not to) and their agents for the purpose of marketing their products and services to you;
• to any organisation providing verification of your identity, including online verification of identity; or
• in other circumstances where you have first consented to the disclosure.

Credit-related information

We exchange credit-related information for the purposes of assessing your application for finance and managing that finance. If you propose to be a guarantor, one of our checks may involve obtaining a credit report about you.

This credit-related information may be held by us in electronic form on our secure servers and may also be held in paper form. We may use cloud storage to store the credit-related information we hold about you. The cloud storage and the IT servers may be located outside Mexico.

When we obtain credit eligibility information about you from a credit reporting body, we may also seek publicly available information and information about any serious credit infringement that you may have committed.

We may disclose your credit-related information to overseas entities that provide support functions to us. You may obtain more information about these entities by contacting us. Where we do this, we make sure appropriate data handling and security arrangements are in place.

Notifiable matters

he law requires us to advise you of ‘notifiable matters’ in relation to how we may use your credit-related information. You may request to have these notifiable matters (and this policy) provided to you in an alternative form.

We exchange your credit-related information with credit reporting bodies. We use the credit-related information that we exchange with the credit reporting body to confirm your identity, assess your creditworthiness, assess your application for finance or your capacity to be a guarantor, and manage your finance.

The information we can exchange includes your identification details, what type of loans you have, how much you have borrowed, whether or not you have met your loan payment obligations, and if you have committed a serious credit infringement (such as fraud).

If you fail to meet your payment obligations in relation to any finance that we have provided or arranged, or you have committed a serious credit infringement, then we may disclose this information to a credit reporting body.

You have the right to request access to the credit-related information that we hold about you and make a request for us to correct that credit-related information if needed. See ‘Access to and correction of your personal information’ below.

Sometimes your credit information will be used by credit reporting bodies for the purposes of ‘pre-screening’ credit offers on the request of other credit providers.

You may contact the credit reporting body to advise them that you believe that you may have been a victim of fraud.. You can contact any of the following credit reporting bodies for more information:

• Trans Unión de México, S.A., Sociedad de Información Crediticia for individuals. https://www.burodecredito.com.mx/ Círculo de Crédito, S.A. de C.V., Sociedad de Información Crediticia. https://www.circulodecredito.com.mx/

Website traffic information

Because of the way web communication standards work, when you arrive at or leave our websites, we automatically receive the web address of the site that you came from or are going to. We also collect information on the pages of our website you visit while you are on our websites, the type of browser you use, and the times you access our websites. We use this information to try to understand our customers’ preferences better and to manage the load on our servers, so as to improve our service and your experience with us.

Our use of cookies

We use cookies, pixels, pixel tags, tracking links and other third party-technologies (known collectively as “cookies”) to collect information about your use of our website and customise your experience of our services. Cookies are small files of data that reside on your computer and allow us to recognise you as a ZIP customer (or a visitor of our website) and keep track of your visits and activity on our website to provide several features, such as;

• Remember your customised settings, such as your location, shopping cart contents and your sign-in details;
• Customise landing page experiences based on your account activity;
• Analyse traffic on our website;
• Track your behaviour when using our website and services to deliver content and advertising which is relevant to your interests;
• Track the success of promotional material and advertising campaigns;
• Show you interest-based and customised advertising;
• Promote trust and safety;
• Prevent fraudulent conduct;
• Enhance the security of our website and service.
• We share cookie information with third-party partners with whom we have a relationship with regarding whether a user identified by the merchant is already registered with us.
• We also allow approved third-party partners including Branch, Facebook, Google, LinkedIn to set cookies or other third-party technologies to collect data when you utilise Zip’s services. These third parties may use the data collected from these cookies or other third-party technologies (along with other information they may hold about you, including information from cookies on other webpages) to show you interest-based advertisement on sites across the internet, deliver you with personalised content, measure the effectiveness of their advertising, or perform services on behalf of Zip. Third parties may store and distribute data obtained from cookies or other third-party technology in data centres and systems around the world including outside of your country of residence.

You may encounter cookies from other businesses when using our services on websites we do not control. For example, if you view a web page related by someone else or use an application developed by another business, there may be a cookie placed by that web page or application. You are free to opt-out of receiving cookies and interest based-ads from us and third parties if your browser or browser add-on permits. To locate instructions to opt-out of cookies specific to your browser, select the “help menu” on your browser. You can access information about opting out from receiving targeted advertisements by visiting the NAI website opt-out page here: https://www.networkadvertising.org/choices/, the DAA opt-out page here: https://www.aboutads.info/, and/or the EDAA opt-out page here: https://www.youronlinechoices.eu/. Opting out of cookies may interfere with your use of our website and ZIP services. If you opt-out of cookies you may encounter interference with your use of our website and services.

Storing and retaining personal information

We store personal information in electronic or hardcopy form (or both) and use industry standard levels of security to prevent unauthorised access to that information.

Personal information is only accessible to our staff or to authorised service providers with incidental access to supply their services to us.

We do not retain any of your information longer than is required for the business relationship with you or for legal purposes. When we are informed, we will keep the personal information we hold accurate, complete and up to date.

Sensitive information

We will only collect sensitive information about you with your written and express consent. Sensitive information is personal information touching on the most private areas of the data subject’s life, or whose misuse might lead to discrimination or involve a serious risk. In particular, sensitive data is considered relating to your racial or ethnic origin, political persuasion, memberships in trade or professional associations or trade unions, sexual preferences, criminal record, or health.

Anonymity

Where it is lawful and practicable, we endeavour to de-identify the personal information we collect about you.

Direct marketing

Subscribing to our news and publicity services is absolutely voluntary. We do not require to convey with publicity deliveries to keep and maintain our legal relationship we may have with you in a certain moment; therefore, you will always have the initial option to not subscribe to our publicity systems; also, you will have the possibility at all times to opt-out from our advertising, sales and publicity messages. You may opt-out of the marketing messages through the opt-out link provided in the message, or by logging into your Zip Co Mx account. We will not charge you for giving effect to your request and will take all reasonable steps to meet your request at the earliest possible opportunity.

Updating your personal information

It is important to us that the personal information we hold about you is accurate and up-to-date. During the course of our relationship with you, we may ask you to inform us if any of your personal information has changed.

If you wish to make any changes to your personal information, you may contact us. We will generally rely on you to ensure the information we hold about you is accurate or complete.

Access to and correction of your personal information

You may access and update any personal information you think we may hold about you at any time by contacting us at the address below.

If you wish to access the personal information we hold about you, we may charge a small fee to cover our costs of supplying that information. We will inform you of this cost at the time you make a request.

If you believe any personal information held by us is inaccurate or out-of-date, you may update that personal information.

Depending on the type of request that you make, we may respond to your request immediately. Otherwise, we usually respond to you within seven days of receiving your request. We may need to contact other entities (such as other credit providers or credit reporting bodies) to properly investigate your request.

If you are requesting us to correct your personal or credit-related information, where reasonable, and after our investigation, we will provide you with details about whether we have corrected that information within 15 days.

There may be situations where we are not required to provide you with access to your personal or credit-related information, for example, if the information relates to existing or anticipated legal proceedings, if your request is vexatious, or if the information is commercially sensitive.

If we deny you access to the personal or credit-related information we hold about you, or refuse to correct your personal or credit-related information, we will provide you with an explanation why.

Your Privacy Rights.

In addition to the right of access and correction mentioned above, you have the right to require your information to be corrected or cancelled; you may oppose from our use to your personal data for specific purposes and/or revoke at any time the consent you granted us from the processing of your personal data to the extent permitted by the Federal Law on the Protection of Personal Data held by Private Parties (FDPL) or any other applicable law. In order to exercise such rights or to ask any questions or complain in relation to the processing of your personal data please contact us send us an email to the address mentioned below.

In general, where we collect personal data from you in respect of a purpose which we do not consider necessary or essential in the context of our legal relationship with you, we will make available to you a mechanism whereby you can decline your consent, you will just have to address your request under the terms exposed in the section below.

Your requests will be evaluated in the terms set out in the FDPL. We will communicate you (i) the information required for your identification as well as the documents needed to be sent alongside your request; (ii) the time periods in which you will receive an answer to your request; (iii) how you should file your request, including the forms that you may use to file your request, if any, and; (iv) the form or means in which we will deliver you the information.

Queries and complaints

If you have any query or complaint about the way we collect, use, hold or disclose personal information, please contact us. We will use our best efforts to respond to your query or request as quickly as possible.

For the avoidance of doubt, this policy does not apply to our employee records.

If you would like more information about this policy or the information we hold, please contact:

The Privacy Officer

QuadPay, Inc (Zip Co Group)

27 West 24th Street, 2nd Floor, New York, New York 10010

Email: mexico-privacy@care.zip.co Phone: +523319309188

If you require more information about privacy laws generally, please contact:

• Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales, Insurgentes Sur No. 3211 Col. Insurgentes Cuicuilco, Alcaldía Coyoacán, C.P. 04530 Phone: 5004 2400 Website: https://home.inai.org.mx/

Changes to our Privacy Policy

We are constantly reviewing all of our policies and attempt to keep up-to-date with market expectations.

As a consequence, we may change this policy from time to time or as the need arises. We will post any changes to this policy on our website. In case we make any substantial change with the processing of your personal data, we will let you know through an e-mail or announcing such changes in our website. Every change made to our Privacy Notice will be effective the following day from its publication date.

You may request this policy in an alternative form by phoning us on +523319309188 or by writing to us at https://help.mx.zip.co/hc/es-mx/requests/new.