Privacy Policy And Authorization for the Processing of Personal Data by Lappiz

In accordance with the provisions of Statutory Law 1581 of 2012, which establishes the General Regime for the Protection of Personal Data (Habeas Data), LAPPIZ (hereinafter, LAPPIZ), identified with NIT 901.461.800 – 1, domiciled in the city of Envigado – Antioquia, in its capacity as an entity that collects, stores, and processes personal data, requires the prior, express, and informed authorization of the data subject for the processing of their personal data.

1. LAPPIZ will act as the Controller (Responsable) of the personal data of its clients, workers, and suppliers, managing them in accordance with its Personal Data Processing Policy. Likewise, it will act as a Processor (Encargado) when, through its clients, personal data of end-users of its technological solutions are entered into its databases.
2. When the information processed by LAPPIZ is of a sensitive nature or corresponds to data of children or adolescents, the granting of authorization for its processing shall be optional, in accordance with the law.
3. By creating a user on LAPPIZ’s technological platform, using or accessing it, or accessing its website at https://lappiz.io, the data subject freely, previously, expressly, and in an informed manner accepts this Policy and the processing of their data for the described purposes.
4. LAPPIZ is exempt from liability for the data subject’s failure to comply with obligations regarding the proper management and custody of their personal data.

1. General Information and Definitions

FINTIC S.A.S., identified with Nit. 900.885.937-8 (hereinafter, “LAPPIZ”), domiciled in Envigado – Antioquia, at CALLE 71 SUR No. 43 B 85 – OFFICE 807, establishes the principles for the processing of personal data collected in the development of its corporate purpose. This policy is based on Law 1581 of 2012, Decree 1377 of 2013, and Decree 1074 of 2015.

• Authorization: Prior, express, and informed consent to process non-public data.
• Personal Data: Any information linked to one or more identifiable natural persons.
• Sensitive Data: Data affecting privacy or whose misuse may cause discrimination (e.g., health, biometrics, political affiliation).
• Platform: Refers to LAPPIZ software, applications, and the website https://lappiz.io.
• Habeas Data: The fundamental right to know, update, rectify, or cancel one’s personal information held by third parties.

2. Purposes of Data Processing

Personal data will be processed for the following general purposes:

• Providing, operating, and optimizing technological solutions and platforms.
• Verifying and authenticating the identity of users.
• Contacting data subjects for technical, operational, or commercial notifications.
• Fulfilling contractual obligations and commercial relationships.
• Sending commercial, promotional, or advertising information related to products and services.
• Developing marketing activities and institutional communications.
• Managing internal processes for hiring employees and linking suppliers.

Data Disclosure

LAPPIZ may disclose personal data when the user sets their account to public, to members of the same organization, to strategic partners, or in cases of company mergers or acquisitions.

3. Types of Data Collected

• Information provided by the Subject: Name, email, phone number, company, and other identification data.
• Device Information: Technical data such as IP address, browser type, and URLs visited.
• Third-party sources: Information received from service providers.

4. Rights of the Data Subject

Data subjects have the right to:

1. Know, update, and rectify their personal data.
2. Request proof of the authorization granted.
3. Be informed about the use given to their data.
4. File complaints with the Superintendency of Industry and Commerce (SIC).
5. Revoke authorization or request the deletion of data.
6. Access their processed personal data free of charge.

5. Cookies Policy

LAPPIZ uses cookies for the following purposes:

• Necessary: For basic website functionality.
• Preference: To remember settings like language.
• Statistics: To understand how visitors interact with the platform anonymously.
• Marketing: To display relevant advertisements.

6. International Data Transfers

LAPPIZ’s systems and servers are located in the United States. By using the services, users accept the transfer, storage, and processing of their data in that country.

7. Security Measures

LAPPIZ implements technical and operational security measures to protect information. However, 100% security for internet transmissions cannot be guaranteed, and users are responsible for the confidentiality of their passwords.

8. Data Retention

Data will be retained as long as necessary for the purposes established in this Policy, to comply with legal mandates, or as required by law.

9. Procedures for Inquiries and Claims

Data subjects can exercise their rights by sending an email to: admin@lappiz.io.

• Inquiries: Will be answered within a maximum of 10 business days.
• Claims: Will be resolved within a maximum of 15 business days.

Requests must include the subject’s full name, identification, a clear description of the request, and a contact email for the response.

10. Policy Changes and Validity

LAPPIZ reserves the right to modify this policy by publishing updates on the platform.

This version 1.0 has been in effect since January 1, 2024.