Last Updated: September 14, 2022
The evertecinc.com. ath.com, athmovil.com and ath.business.com websites, and their mobile applications and functionalities, pvot and its functionalities, are owned by Evertec Group LLC., who is responsible for your information and has its principal place of business at Hwy 176 Km 1.3 Cupey, San Juan, P.R. 00926
Our subsidiaries in Colombia also have their own Personal Data Protection Manual in compliance with the applicable local legal requirements.
Affiliates – refers to companies controlled by a common owner. These can be financial or non-financial companies. Refers to related companies under the same corporate entity.
Cookie – text files that are stored on your computer browser to record your preferences. When visiting the ATH Móvil or ATH Business websites, and/or online ordering on the webpages of businesses who use pvot, we may collect your IP address, among other information, through “cookies”. These do not contain your email address or other personally identifiable information, unless you choose to provide this information to us.
Data Protection Authority – independent public authorities that supervise, through investigative and corrective powers, the application of the data protection law. They provide expert advice on data protection issues and handle complaints lodged against violations of the General Data Protection Regulation (GDPR) and the relevant national laws. There is one Data Protection Authority in each EU Member State.
Non-affiliates – refers to companies not controlled by a common owner. These can be financial or non-financial companies. Refers to entities that are not related between them and do not belong to the same corporate entity.
Personally Identifiable Information (PII) – (common term in the United States) refers to information which can be used to distinguish or trace an individual’s identity, such as their name, social security number, biometric records, etc. alone or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, mother’s maiden name, etc. Personal information does not include de-identified data which cannot be associated with a specific individual.
Personal data – (common term in the European Union) refers to information relating to an identified or identifiable natural person. Personal data includes but it is not limited to, name and last name, physical address, email address, national identity card number, internet protocol (IP) address and other factors specific to the physical, physiological, genetics, cultural, religious, location or social identity of that person.
Secure Sockets Layer (SSL) encryption technology – secure protocol developed to ensure that the transmission of data between a server and a user, or vice versa, is completely safe and protected. When you visit a website starting with “https”, the “s” after the “http” indicates the website is secure.
Third party – a person who is not a party to a contract or transaction.
Information we collect from our users
We may collect nonpublic Personally Identifiable Information (PII) from you in order to operate our websites www.evertecinc.com, www.ath.com, www.athmovil.com and www.ath.business.com , including its mobile applications, and to provide you with our ATH Móvil and ATH Business services, the functionality of Botón de Pago and online ordering at businesses who use our product pvot. Personal information is data that identifies you or that makes you identifiable. We collect information that you voluntarily provide us when you visit our website, send us your resume as part of an employment application or when you create an ATH Móvil or ATH Business account or when you use our ATH Móvil or ATH Business services and functionalities. We may also collect transaction information when you use our ATH Móvil, ATH Business, the Botón de Pago functionality and/or online ordering on the websites of businesses that use our product pvot. When you send us your resume, or when you use our products, services and functionalities, you provide your consent to our privacy practices as described in this Privacy Statement. If you, as user, do not provide us your information, we will not be able to provide our products, services and functionalities and our ability to evaluate your employment application would be limited. We do not sell or rent the personal information we collect. The type of nonpublic PII that we may collect includes, but is not limited to:
- Information received when you open an ATH Móvil or ATH Business account: name, date of birth, telephone number, email address, and/or debit card number associated with your ATH Móvil or ATH Business account.
- Account access information: we may verify your username to provide you with access to ATH Móvil or ATH Business applications.
- Information provided in a resume as part of an employment application and during the recruitment process: name, title, contact information, education, previous work experience, abilities, qualifications, trainings, professional licenses and certifications and any other information that may be included in your resume or shared during the interview process. Background information related to your credit history and/or criminal background screenings may be required where relevant to your application and permitted under applicable law. Evertec may obtain and evaluate publicly available information as part of the recruiting process. When you apply for a position at Evertec, we request that you provide your personal information in order to evaluate your application. If you do not provide your information, our ability to consider your employment application would be limited. Except for when it is specifically required by law, we request that you do not include in your employment application any information related to your religion, health condition, age, gender identity, nationality, sexual orientation or political affiliation, among other sensitive information. If you choose to provide such sensitive information, we understand you are expressly authorizing Evertec to handle such information in agreement with this Privacy Statement. If you have functional diversity, and you would like us to consider an accommodation, you may provide us the information during the recruiting process. According to applicable law, we may request information regarding ethnic origin, veteran status or special conditions of our applicants in order to monitor our compliance with equal employment opportunities. However, providing such information is completely voluntary and will not be considered during the recruitment process.
- Information we may collect from third parties or other sources as permitted by law and/or in accordance with your consent: during the recruitment process, Evertec may obtain information about you from third parties or other sources. For example, when applicable, we may conduct background screening through a third-party service provider or verify information on your application related to your past education, previous job experience or references. If, during the recruiting process, you provide us personal information related to other individuals as references, you are attesting that you have obtained consent from those individuals so that Evertec may use their information as described on this Privacy Statement.
- Contact information: we may collect additional information from or about you when you communicate with us, when you register to receive information of some of our services, when you contact our Help Desk, respond to a service survey or participate in one of our contests or draws.
- IP Address: we may collect your IP address when you visit our website or use the ATH Móvil or ATH Business mobile applications.
- Transactional information: when you use the ATH Móvil or ATH Business services and functionalities, Botón de Pago and/or online ordering on the webpages of businesses using our product pvot, we may collect information on payment transactions such as the debit card originating the payment transaction and the debit card receiving the payment. Transactional information may also include personal information such as name, telephone number and email address. The IP address, model and operating system (OS) of your electronic device may be collected when you register, log-in or at the time of a transaction.
- Information we may receive from businesses registered with ATH Business – we may receive personal information together with payment transaction information submitted by businesses registered with ATH Business.
- Information we may receive when you use the online ordering service on the website of businesses that use our product pvot – when using these services and/or functionalities, we may collect information such as name, telephone number and email address, information you provide us so that your online order may be confirmed and to be able to send you updated information about your online order.
Use and sharing of information
Information submitted for a specific purpose will be used for that purpose only and in accordance with applicable contracts, laws and regulations. Generally, we use your information to be able to evaluate your employment application, to effectively provide our services directly or through our subsidiaries, affiliates or third parties. For example, to allow you to initiate a payment transaction through the ATH Móvil application or through the functionality of Botón de Pago to pay at a merchant’s webpage, to transfer money to another individual, to make a donation or to manage your business transactions through the ATH Business application. We may also use your information to authenticate your access to your ATH Móvil or ATH Business account or to communicate with you in response to a previous message from you about your account, this site or our services. Your information could also be used to manage business needs and to improve our services.
- The information we receive as part of an employment application and through the recruitment process will be used as permitted by applicable law for the following purposes:
To evaluate your abilities and qualifications related to the position requirements
- To verify background screening and previous work experience, with your consent and as permitted by applicable law
- To create an applicant’s profile that could be used to identify you and to consider you for other opportunities that may be available considering your interests and particular needs. If you do not want us to keep your information for those purposes, please notify us.
- For internal use for analysis and statistics
- To comply and continue to monitor our compliance with legal, regulatory and governance requirements,
- To be able to communicate with you regarding your employment application and the recruiting process
In the event that you are hired by Evertec, the personal information collected as part of your employment application and recruitment process will be included in our human resources system and will be used to manage the new-hire process. The information may become part of your employee file and may be used for other employment related purposes. Evertec does not make automated decisions related to the application and recruitment processes without human involvement.
We may share your PII in order to carry out our daily operations. We may share information of our job applicants with our affiliates that are involved in the talent recruitment process for available positions. If we do so, Evertec is responsible for the information shared with our affiliates. We may also share personal information to comply with law enforcement authorities pursuant to a subpoena, a court order or any other legal process or requirement. There are Federal laws that grant consumers the right to limit some, but not all, of the information that may be shared. Federal law only grants you the right to limit:
- The sharing of information between affiliates for the purpose of daily operations which pertain to your credit capacity, (In Evertec, we do not ask you for, nor do we maintain, this type of personal information).
- The sharing of information with affiliates to be used for marketing products and services.
- The sharing of information with non-affiliates to be used for marketing products and services.
If you wish to limit the sharing of your personal information, please send your request to email@example.com or you may click on “Unsubscribe” on any of our promotional communications.
The following sets forth the ways in which we may share your personal information and whether or not you may limit what is shared according to Federal law:
|Ways in which we may share your personal information||Does Evertec share your personal information?||Can you limit what we share?|
We share your personally identifiable information in order to carry out our daily operations; such as processing transactions, offering service related information and responding to court requests and legal investigations.
For the purpose of conducting our affiliates’ daily operations - information about your transactions and experience with us.
Sharing of information between affiliates for the purpose of daily operations which pertain to your credit capacity.
Information on credit capacity is not collected by Evertec for daily operation purposes
We do not share
We do not share your personal information for marketing purposes, for our affiliates or non-affiliates to send you marketing offers.
We do not share
If you live in California, California law gives you the right to ask if we disclose your personal information to third parties for their direct marketing purposes (we do not disclose your personal information for others’ direct marketing purposes). It also gives you the right to ask if we sell your personal information to third parties (we do not sell your personal information). California residents have a right to request access to certain personal information collected about them over the past 12 months, or to request deletion of their personal information, subject to certain exceptions, and may not be discriminated against because they exercise any of their rights under the California Consumer Privacy Act (CCPA).
Sharing with third-party service providers. We may share personal information with third-party service providers who perform services on our behalf as part of our daily operations.
During the recruiting process we may share personal information with third-parties or service providers like recruiting agencies, consultants and background screening services. Personal information will only be shared on a need-to-know basis in order to perform the required services and functions. Evertec will not allow third-parties or other service providers to use your personal information for their own purposes.
We share information with our service providers that accurately reflects our privacy policies and practices. We also have contractual agreements with our service providers that prohibit third parties from disclosing or using the shared information other than to carry out the business purposes for which it was shared. Our service providers are also required to maintain information security programs in place that include administrative, technical and physical safeguards to protect the security and confidentiality of personal information.
Sharing when required by law. We may disclose personal information to law enforcement and government authorities, if Evertec is compelled to do so by a subpoena, court order or similar legal procedure, or as otherwise required by law. We may share information in relation to a reorganization, merger, joint venture or similar processes.
Sharing information for safety reasons and fraud prevention. We may share personal information, including but not limited to, name and telephone number, with financial institutions participating in ATH Móvil, to protect or prevent against actual or potential fraud, unauthorized transactions, claims or similar risks. We may also share, as necessary, to protect your vital interests in the event of an emergency or for health and safety reasons if they occur, for example, while you were attending a job interview at our premises.
Sharing information with businesses affiliated to ATH Business. Businesses affiliated to ATH Business have access to certain information from ATH Móvil users that make payments to their business. For example, the business may have access to information that includes, but is not limited to, telephone numbers, email addresses, name, debit card number and comments, if any.
Sharing information between ATH Móvil users in a transaction. When using the ATH Móvil application to make person to person payments, the ATH Móvil users involved in the transaction may have access to see the name and telephone number of the other person originating or receiving the payment.
Your information may be transferred to and maintained in whole or in part on computer networks which may be located outside of the state, province, country or other governmental jurisdiction in which you reside, and may be stored on equipment or in facilities leased or licensed from third parties. Unless required to be disclosed in response to a legal process, such as a court order or subpoena, or to a law enforcement agency’s request, we will not share the collected information with third parties other than as set forth in this notice.
Access to your personal data
You have a right to request a copy of the personal information we collect from you through our websites, applications, services and/or functionalities. You may send your request through the email firstname.lastname@example.org. We will require proof of your identity before providing any personal information. You can also review and update your personal information in your account settings at any time by logging in to your account, when you have created an ATH Móvil account or an employment application profile. If you wish to change any information in an employment application that was already submitted for our consideration, you may update your profile and submit your application again. We encourage you to update your personal information if there are any changes in the information provided during the application or recruitment processes.
Where appropriate, you may have the personal data erased, corrected, amended or completed. We reserve the right to refuse to provide our users with a copy of their personal data but will provide the reasons for our refusal. You will be able to challenge our decision to refuse to provide a copy of your personal data.
Once we receive your PII, Evertec has security measures in place to help protect against the loss, misuse, unauthorized modification or destruction of the information under our control. We use industry-recognized security safeguards, such as firewalls, anti-virus, intrusion detection systems, and operational procedures to detect and preclude unauthorized parties from accessing our systems. We urge you to take adequate precautions to protect your personal information as well, including never sharing your personal or access information with anyone.
We use Secure Sockets Layer (SSL) encryption technology to safeguard the information shared with us in the restricted areas found in our website. SSL is the standard security technology for creating an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and intact. Adding SSL encryption to our web pages ensures end-to-end encryption for the duration of the session. You can verify this by looking for a lock icon in the address bar and looking for “https” at the beginning of the webpage’s internet address.
Monitoring and enforcement
Evertec, ATH Móvil or ATH Business will not send unsolicited text messages, or emails, requesting usernames, passwords, or any type of sensitive information. We will use e-mail to respond to e-mail messages received from you, to inform about service improvements, changes in terms and conditions applicable to our services or to engage in other communications which you have expressly permitted.
Links to other web sites
Our applications and/or webpages may contain links to other webpages whose information sharing practices may be different from ours. We encourage our users to be aware when they leave our sites and/or applications and to review the terms and conditions and privacy notices of any other webpages and/or applications since we cannot assume any responsibility for the content or privacy policies of those other sites and/or applications.
Evertec is committed to the protection of children’s online privacy under the Children’s Online Privacy Protection Act (COPPA). We encourage parents and guardians to take an active role in their children’s online activities and interests. Evertec does not knowingly collect information from children under 13 years of age. Our webpages, ATH Móvil and ATH Business applications, our services and functionalities including, but not limited to, Botón de Pago, and online ordering on the webpage of businesses that use our product Pvot, are not targeted to children under 13. If a parent or guardian becomes aware that his or her child has provided us with information without their consent, the parent or guardian should contact us. Once notified, we will delete such information from our files as soon as reasonably practicable unless we are legally obligated to retain such data. Please contact us if you believe that we have mistakenly or unintentionally collected information from a child under the age of 13. If you are a child under 13, you may not use our services. Our services are not directed to children under the age of 13. If we unintentionally collected your data and later learn you are a child under the age of 13, we will delete the data as soon as possible.
We review our Privacy Statement regularly and may modify it from time to time when necessary. Some of the changes will be in response to changes in our business, our websites, ATH Móvil or ATH Business applications, our services, the employment application or recruitment process, changes in functionalities or applicable laws and regulations. The amended Privacy Statement will be posted on our websites, applications and/or functionalities. We encourage you to periodically review this Privacy Statement so that you will be aware of our updated privacy practices. The date when the Privacy Statement was last updated will be included at the top right corner of the Privacy Statement.
Employment applicant’s consent
When you apply for an employment opportunity at Evertec and provide your personal information as part of the application and recruitment processes, you express your consent to the use and sharing of your personal information as described in this Privacy Statement.
Contact Evertec with questions regarding this privacy statement
If you are a resident of the European Union, and have an unresolved privacy or personal information collection, use or disclosure concern that we have not satisfactorily addressed, please be aware that you may address your concern to your local Data Protection Authority, who may decide to further investigate the matter. Evertec will always fully cooperate with any regulatory request.