Corporate Legal Document

Personal Data Processing and Protection Policy

88 TECH GROUP S.A.S.
Effective as of: April 9, 2024

In compliance with Law 1581 of 2012 and other applicable regulations on personal data protection in Colombia.

Policy Document

Version 2.1  | Document Code: POL-DATOS-001

In Force

1. Introduction

Foundations and Scope of the Policy

88 TECH GROUP S.A.S.

In our role as the Data Controller, we are committed to protecting privacy and ensuring the proper handling of information belonging to our users, clients, employees, providers, collaborators, and the community at large.

In compliance with the requirements of the Law 1581 of 2012 – Personal Data Protection Law and the Decree 1377 of 2013, we have adopted this policy to ensure adherence to the principles contained in current legislation.

This document outlines the guidelines and parameters under which 88 TECH GROUP S.A.S. carries out the collection, storage, use, circulation, and deletion of personal data. The data processed may be public, private, semi-private, or sensitive in nature, and will be managed in accordance with the purposes established herein, always in compliance with applicable legal regulations.

Scope of Digital Application

This Personal Data Processing Policy extends to:

www.88pay.io and its subdomains
88pay mobile application

By accessing or using our service, you confirm that you have read, understood, and accepted the collection, storage, use, and disclosure of your personal information as described in this policy and in our Terms of Service.

Through this policy, we reaffirm our commitment to protecting your personal information by implementing the necessary measures to meet the highest standards of security and confidentiality, and by promoting a culture of data protection throughout our operations.

2. Purpose

Objective and intent of the policy

The purpose of this Personal Data Processing and Protection Policy is to establish the guidelines, controls, and procedures that 88 TECH GROUP S.A.S. will apply to ensure the protection, privacy, and security of the personal data collected, stored, used, circulated, or deleted in the course of its business activities.

This policy is designed to ensure compliance with the current regulations on personal data protection, in accordance with the provisions of Law 1581 of 2012 and Decree 1377 of 2013, as well as any other regulations that amend, supplement, or replace them. In addition, it seeks to guarantee the rights of data subjects by providing clear and transparent mechanisms for exercising their rights to access, update, rectify, and delete their personal information.

Legal Framework

Law 1581 of 2012- Personal Data Protection
Decree 1377 of 2013- Partial regulation

Protected Data Groups

Clients and users

who interact with our services

Employees and applicants

who are part of our organization

Suppliers and collaborators

who provide us with services or products

Third parties

who interact with our platform

Organizational Commitment

This policy aims to define the proper handling of personal data, ensuring its confidentiality, integrity, and availability, while promoting a culture of data security and protection within the organization.

3. Scope of Application

Extent and Coverage of the Policy

This Personal Data Processing and Protection Policy applies to all activities related to the collection, storage, use, circulation, and deletion of personal data carried out by 88 TECH GROUP S.A.S. , in its capacity as Data Controller and/or Data Processor.

Data Collection Sources

Interactions with clients, users, employees, suppliers, and collaborators
Websites, mobile applications, digital platforms, and any other means controlled by 88 TECH GROUP S.A.S.
Databases containing public, private, semi-private, or sensitive information

This policy shall apply to all databases managed by the company, regardless of whether they are in physical or digital format, ensuring at all times compliance with the provisions established byLaw 1581 of 2012, Decree 1377 of 2013, Decree 886 of 2014 , and other complementary or amending regulations governing the processing of personal data in Colombia.

Covered Individuals and Entities

Clients and users

who interact with our services

Employees and applicants

who are part of our organization

Suppliers and collaborators

who provide us with services or products

Third parties

who interact with our platform

Exclusions

Excluded from the scope of application are any data that, by legal or contractual provision, are expressly excluded from processing or are governed by specific sectoral regulations.

Through this policy, 88 TECH GROUP S.A.S. ensures the protection, confidentiality, and proper use of the personal data collected, in compliance with the principles established in current legislation, such as legality, transparency, security, and restricted access to information.

4. Definitions and Key Terms

Glossary of terms used in this policy

To help explain things as clearly as possible in this Privacy Policy, whenever any of these terms are mentioned, they are strictly defined as follows:

General Terms

Company:
When this policy mentions "Company", "we", "us" or "our", it refers to 88 TECH GROUP S.A.S., which is responsible for your information under this Privacy Policy.
Country:
Where 88 TECH GROUP S.A.S. is located.
Platform:
Public-facing website, web application, or digital application of 88 TECH GROUP S.A.S.
Website:
The 88 TECH GROUP S.A.S. website accessible through this URL: www.88pay.io
Service:
Refers to the service provided by 88 TECH GROUP S.A.S. as described in the relevant terms and on this platform.

Data and Processing

Personal Data:
Any information that can be associated or linked to an identified or identifiable natural person, whether in numeric, graphic, photographic, or any other format.
Data Subject:
A natural person whose personal data is subject to processing by 88 TECH GROUP S.A.S.
Processing:
Any operation or set of operations performed on personal data, such as collection, storage, use, circulation, modification, or deletion.
Database:
A set of personal data organized for the purpose of processing.
Data Controller:
A natural or legal person, public or private, who decides on the collection, use, and processing of personal data.
Data Processor:
A natural or legal person, public or private, who processes personal data on behalf of the Data Controller, either individually or in association with others.

Types of Data

Public Data:
Data that is not classified as semi-private, private, or sensitive. Public data includes, among others, information related to a person’s marital status, profession or occupation, and status as a merchant or public servant.
Semi-private Data:
Access to this data is subject to certain restrictions and is of interest to a specific group or sector of people. Examples include financial or credit information, academic records, employment data, and personal contact details.
Private Data:
Personal information related to an individual’s private life, including data found in private documents, preferences, or interests, among others.
Sensitive Data:
Data that affects the data subject’s privacy or, if misused, could lead to discrimination. Examples include racial or ethnic origin, political opinions, religious or philosophical beliefs, health data, sexual life, and biometric information.

Persons and Roles

Client:
Refers to the company, organization, or individual who registers to use the 88 TECH GROUP S.A.S. Service to manage relationships with their consumers or service users.
Employee:
Refers to individuals employed by 88 TECH GROUP S.A.S. or under contract to perform a service on behalf of one of the parties.
Third Parties:
Refers to advertisers, contest sponsors, promotional and marketing partners, and others who provide our content or whose products or services we believe may be of interest to you.
Applicant:
A person undergoing the selection process to be hired by the company through an employment contract.
Collaborator:
A natural or legal person who provides consulting services under a collaboration agreement signed with 88 TECH GROUP S.A.S.
Provider:
Natural or legal persons who supply the Company with necessary inventory for the development of its operations.

Technology and Processes

Cookies:
A small amount of data generated by a website and stored by your web browser, used to identify your browser, provide analytics, or remember user preferences. The use of cookies is subject to user consent.
Device:
Any internet-connected device such as a phone, tablet, computer, or any other device that can be used to access 88pay.io.
IP Address:
A number assigned to every device connected to the internet, typically assigned in geographic blocks. 88 TECH GROUP S.A.S. may collect IP addresses for analytical and security purposes.
Consent:
Prior, express, and informed authorization given by the data subject for the processing of their personal information. It must be freely given, specific, and explicit.

Rights and Procedures

Data Subject Rights:
These are the rights of the data subject, such as the right to access, update, correct, delete, and revoke consent for the processing of their personal data.
Data Collection:
The process through which 88 TECH GROUP S.A.S. obtains personal data from data subjects for subsequent processing, in accordance with the principles established in this policy.
Data Modification or Update:
The process by which personal data stored by 88 TECH GROUP S.A.S. may be corrected or updated to ensure its accuracy and truthfulness.
Data Deletion:
The process through which personal data is removed from the databases of 88 TECH GROUP S.A.S. at the request of the data subject or in compliance with applicable law.
Authorized Person:
An individual authorized by the data subject to carry out any type of procedure or request before 88 TECH GROUP S.A.S. on behalf of the authorizing party.
Data Protection Officer:
Person(s) internally appointed by the Company to formally coordinate and oversee compliance with Law 1581 of 2012, as well as to handle complaints, requests, or claims submitted by data subjects.

Security and Compliance

Security Measures:
A set of actions, policies, and technologies implemented by 88 TECH GROUP S.A.S. to protect personal data from loss, unauthorized access, misuse, alteration, or destruction. These measures include physical, administrative, and technical protocols.
Security Incident:
An event that compromises the confidentiality, integrity, or availability of personal data, such as unauthorized access, loss, disclosure, or modification of information. The company will take immediate steps to contain and report the incident in accordance with applicable law.
Data Storage:
The period and conditions under which personal data is retained by 88 TECH GROUP S.A.S., determined by the purpose of the processing and applicable legal or contractual obligations.
International Data Transfer:
The transmission of personal data to another country, which is carried out only when the recipient guarantees an adequate level of protection as required by current regulations, or through legal mechanisms such as standard contractual clauses or adequacy agreements.
Revocation of Consent:
The right of the data subject to withdraw their previously granted consent for the processing of their personal data at any time, unless a legal or contractual obligation prevents it. The revocation may be total or partial.
Claim:
A request submitted by the data subject or their representatives to correct, update, delete information, or revoke authorization when they believe that the processing does not comply with applicable legal principles, rights, and guarantees.

5. Principles of Personal Data Processing

Guiding principles for handling personal data

The processing of personal data by 88 TECH GROUP S.A.S. shall be governed by the following principles, in accordance with current legislation:

Legality

The processing of personal data shall be carried out lawfully, in compliance with applicable legal provisions and ensuring the informed consent of the data subject.

Purpose

Personal data shall be collected and processed for legitimate, specific, and explicit purposes, informing the data subject of such purposes.

Freedom

The processing of personal data shall be carried out with the free, prior, express, and informed consent of the data subject, who may revoke such consent at any time.

Truthfulness or Quality

Personal data shall be truthful, complete, accurate, up-to-date, and understandable. Necessary measures will be taken to ensure data quality.

Transparency

The data subject shall have the right to obtain clear, sufficient, and timely information regarding the existence of personal data concerning them, as well as how such data is being processed.

Restricted Access and Circulation

Personal data processing shall be carried out ensuring the security, confidentiality, and restricted access to the data, preventing unauthorized disclosure.

Security

Technical, human, and administrative measures will be implemented to ensure the security of personal data, preventing its alteration, loss, unauthorized processing, or access.

Confidentiality

Personal data shall be treated with the utmost confidentiality, and the necessary measures shall be adopted to protect the information from unauthorized access, disclosure, or misuse.

6. Personal Data Subject to Processing

Processing in accordance with Law 1581 of 2012, Decree 1377 of 2013, and other applicable regulations.

In the course of its business and operational activities, 88 TECH GROUP S.A.S. collects, stores, uses, circulates, transfers, transmits, and deletes personal data of natural and legal persons, with the purpose of fulfilling its contractual, legal, and commercial obligations.

Guiding Principles of Treatment

  • Legality: Processing shall be carried out in accordance with applicable legislation.
  • Purpose: Must have a legitimate purpose, informed to the data subject.
  • Freedom: Only with the data subject's consent, unless otherwise provided by law.
  • Truthfulness or Quality: Information must be complete, updated, truthful, and verifiable.
  • Transparency: The data subject has the right to obtain information at any time.
  • Restricted Access and Circulation: Only accessible by authorized persons or as required by law.
  • Security: Protection through technical, human, and administrative measures.
  • Confidentiality: Data shall be kept confidential during and after the relationship with the data subject.

Categories of Personal Data

Public Data

These do not require authorization for processing and are publicly accessible, such as:

  • Marital status.
  • Profession or occupation.
  • Status as merchant or public servant.
  • Information from public records or documents.
Private Data

Require authorization for processing and are not publicly accessible, such as:

  • Personal habits, interests, or preferences.
  • Contracts, financial statements, and other private documents.
  • Non-public personal contact information.
Semi-private Data

Not publicly accessible, but may be shared in specific contexts, such as:

  • Financial or credit information.
  • Employment and academic data.
  • Professional contact information.
Sensitive Data

Require special handling and cannot be processed without the data subject’s express consent, such as:

  • Racial or ethnic origin.
  • Political, religious, or philosophical beliefs.
  • Union or organizational affiliations.
  • Health, sexual life, or biometric data.

International Transfer and Transmission of Data

88 TECH GROUP S.A.S. may transfer or transmit personal data to third parties located outside Colombia when necessary to fulfill its corporate purpose, contractual relationships, or upon data subject authorization. Such transfers will be carried out in accordance with Colombian law, ensuring adequate levels of protection through contractual clauses or other legal mechanisms.

Purposes of Processing

The personal data collected by 88 TECH GROUP S.A.S. will be processed to fulfillspecific purposes based on the data subject’s relationship with the company:

Clients and Users:

Contract management, service delivery, handling requests, complaints and claims, billing, and commercial communications.

Employees and collaborators:

Personnel management, payroll administration, compliance with labor obligations, access control, and security measures.

Suppliers and Business Partners:

Supply contract administration, payment management, compliance evaluation, and operational communications.

Third Parties:

Fulfillment of contractual, legal, or regulatory obligations.

Authorization from the Data Subject

88 TECH GROUP S.A.S. shall request and retain prior, express, and informed authorization from the data subject for processing their personal data, except in cases permitted by law.

Sensitive data: Processing of sensitive or private data will always require the data subject’s express consent, unless a legal or contractual obligation justifies its use without such consent.

Revocation and Deletion of Data

The data subject may request at any time the revocation of previously granted authorization and/or the deletion of their personal data.

Procedure: Such requests will be processed in accordance with current regulations, unless a legal or contractual obligation requires retention of the data in the databases of 88 TECH GROUP S.A.S.

7. Rights of the Personal Data Subject

Rights granted to personal data subjects

As a personal data subject, you have the following rights, which may be exercised at any time:

Fundamental Rights

To know, update, and correct your personal data
To request proof of the authorization granted
To be informed about how your data is being used
To file complaints with the Superintendency
To revoke authorization and/or request data deletion
To access your personal data free of charge

Legal Basis

The rights described here are established in Law 1581 of 2012 and its regulatory decrees, which govern the protection of personal data in Colombia.

Limitations to Rights

The right to deletion cannot be exercised when there is a legal or contractual obligation requiring the data to remain in the databases of 88 TECH GROUP S.A.S. Revocation of consent will not be applicable when a legal provision prevents such revocation.

8. Procedures for the Exercise of Rights

Service channels and timeframes to exercise your rights as a personal data subject.

To exercise the aforementioned rights, the data subject may contact 88 TECH GROUP S.A.S. through the following service channels established by the company.

Inquiries and requests will be addressed in accordance with the legal timeframes established, , ensuring a timely and effective response for the exercise of fundamental rights of personal data holders.

Response Times

Inquiries:10 business days (+ 5 additional days if necessary)
Claims:15 business days (+ 8 additional days if necessary)

Available Service Channels

Email

legal@88pay.io – Primary channel for formal inquiries and rights requests.

Phone

+57 3175330176 – Phone service for immediate inquiries and guidance on procedures.

Physical Address

Transversal 39 A 72 76, Municipality of Medellín – In-person service by appointment.

Web Form

www.support.88pay.io – Online platform for managing and tracking requests.

Requirements to File a Claim

To file a claim, the data subject must provide: name and ID number, clear description of the facts giving rise to the claim, contact information for notifications, and any supporting documents. 88 TECH GROUP S.A.S. ensures that all requests are processed in accordance with applicable regulations.

9. Duties of the Personal Data Controller

Obligations and responsibilities in the processing of personal data

88 TECH GROUP S.A.S., As the Data Controller, 88 TECH GROUP S.A.S. assumes the following duties in handling the personal information of its clients, employees, suppliers, collaborators, and other third parties, in accordance with Law 1581 of 2012 and Decree 1377 of 2013:

a

Duty to Obtain Authorization

88 TECH GROUP S.A.S. must request and retain the prior, express, and informed authorization of the personal data subject, except in cases where the law stipulates that such authorization is not required. The company must ensure the authorization includes the purpose of processing and the rights granted to the data subject.

b

Duty to Inform the Data Subject

88 TECH GROUP S.A.S. is obligated to clearly and sufficiently inform data subjects of the purpose of data collection, as well as the rights granted to them, especially their rights to access, update, rectify, and delete their personal information, and the procedure for exercising these rights.

c

Duty to Ensure Information Accuracy

Information processed by 88 TECH GROUP S.A.S. must be truthful, complete, accurate, up-to-date, and verifiable. The company will adopt the necessary measures to ensure the quality of processed data and update it when necessary.

d

Duty to Ensure Data Security

88 TECH GROUP S.A.S. will implement technical, human, and administrative measures to ensure the security of personal data and prevent its alteration, loss, unauthorized consultation, use, or access. These measures will be aligned with the security standards established by current regulations.

e

Duty of Confidentiality

88 TECH GROUP S.A.S. will ensure the confidentiality of personal data and that it is processed only for the purposes authorized by the data subject. Access will be granted only to authorized personnel and third parties with a legitimate relationship and proper authorization.

f

Duty to Update Information

88 TECH GROUP S.A.S. commits to timely updating the personal data it holds to ensure it is truthful and complies with quality principles. Updates must also be made when requested by the data subject.

g

Duty to Address Inquiries and Complaints

The company is required to process and respond to data subjects’ inquiries and complaints about their personal data within the timeframes established by law: 10 business days for inquiries and 15 business days for complaints, except where exceptions apply.

h

Duty to Inform Authorities

88 TECH GROUP S.A.S. must notify the Superintendence of Industry and Commerce (SIC) or any other competent authority of any security incident that puts personal data at risk. This includes reporting any breach affecting the rights of data subjects.

i

Duty to Respect Processing Conditions

Personal data processed by 88 TECH GROUP S.A.S. will be used solely for the purposes authorized by the data subject and only for the time necessary to fulfill those purposes. The company guarantees compliance with the principles of purpose and temporality.

j

Duty to Delete Personal Data

Once the purpose for which personal data was collected is fulfilled, and unless there is a legal or contractual obligation to retain it, 88 TECH GROUP S.A.S. will delete the data upon the data subject’s request or to comply with applicable regulations.

k

Duty to Transfer Information to Third Parties

When it is necessary to transfer personal data to third parties (suppliers, partners, government entities, etc.), 88 TECH GROUP S.A.S. must ensure that these parties comply with the same data protection standards established in this policy and current laws. A confidentiality and data protection agreement must be signed before access is granted.

Commitment to Compliance

88 TECH GROUP S.A.S. 88 TECH GROUP S.A.S. commits to fulfilling all these duties rigorously and transparently, always ensuring respect for the fundamental rights of data subjects and compliance with current data protection laws.

10. Purposes of Data Collection and Processing

Specific purposes for the processing of personal data

The personal data collected and processed by 88 TECH GROUP S.A.S. will be used exclusively for legitimate purposes previously informed to the data subject, in accordance with the principles established in Law 1581 of 2012. Below are the specific purposes for the collection and processing of personal data in the different business areas of the company:

1. Purposes for Clients and Users

Service Provision

Personal data will be used to manage the commercial and contractual relationship, including the provision of services offered by 88 TECH GROUP S.A.S., such as billing, payment management, delivery of products or services, and handling of requests.

Customer Service

Data will be used to provide technical support, manage inquiries, complaints, claims, returns, or requests related to the products or services offered by the company.

Commercial Communication

88 TECH GROUP S.A.S. may use personal data to send promotional information, news, and updates about its products and services, provided that the data subject has given their consent.

Satisfaction Surveys

Data may be used to conduct surveys that assess service quality and improve the customer experience.

2. Purposes for Employees and Collaborators

Human Resources Management

Data will be used to manage recruitment, hiring, payroll, social benefits, performance evaluation, training, and other activities related to human talent management.

Compliance with Labor Obligations

Data will be used to fulfill legal and contractual obligations arising from the employment relationship, such as salary payments, reports to government entities, social security, occupational risk management, among others.

Access and Security Control

Personal data may be used to ensure secure access to 88 TECH GROUP S.A.S. facilities and systems, as well as to implement physical and logical security measures.

3. Purposes for Suppliers and Contractors

Supplier Management

Personal data of suppliers will be used to manage the procurement of goods and services, make payments, verify compliance with contractual obligations, and maintain communication related to the business relationship.

Performance Evaluation

Supplier data may be used to evaluate the compliance and performance of services or products provided, in order to ensure quality.

Contract Management

Data will be processed for the creation, execution, and administration of commercial contracts and to comply with the legal obligations arising from them.

4. Purposes for Third Parties

Strategic Allies

Personal data may be processed to manage commercial or strategic partnerships that support the development of new business opportunities, always with the consent of the data subject.

Compliance with Legal Obligations

88 TECH GROUP S.A.S. will process personal data to comply with legal obligations before competent authorities, such as financial, tax, or social security reporting.

Fraud Prevention

Data may be processed to prevent, detect, and manage potential fraud or illegal activities within the company’s business operations.

5. Purposes for Platforms and Digital Services

Account Management

Users' personal data will be used to create, administer, and manage accounts on the digital platforms of 88 TECH GROUP S.A.S.

Improvement of Digital Services

Platform usage data may be used to enhance user experience, optimize the functionality of the website and mobile applications, and personalize service offerings.

Statistical and Marketing Analysis

Data may be used to conduct statistical analyses to better understand user behavior on digital platforms for commercial and marketing purposes, always respecting applicable laws.

Important

All of the aforementioned purposes will be carried out in accordance with the principles of legality, purpose, freedom, accuracy, transparency, restricted access and circulation, security, and confidentiality as established in Colombian data protection regulations.

11. Processing of Sensitive Data

Special protection for data requiring greater care

88 TECH GROUP S.A.S. recognizes the special protection that must be afforded to sensitive data, defined as those that may affect the data subject's privacy or whose misuse could result in discrimination. In accordance with Law 1581 of 2012, sensitive data includes, among others: The processing of such data will only be carried out under the following conditions and special considerations:

Types of Sensitive Data

Racial or Ethnic Origin

Information related to racial or ethnic origin.

Personal Beliefs

Religious, philosophical, or political beliefs.

Affiliations

Membership in trade unions, social or human rights organizations.

Health and Personal Life Data

Data related to health, sexual orientation, and personal life.

Biometric Data

Biometric data (such as fingerprints, facial recognition, etc.).

Special Conditions for Processing

a. Explicit Authorization from the Data Subject

Before collecting sensitive data, 88 TECH GROUP S.A.S. will clearly inform the data subject of the following:
  • The nature of the sensitive data being collected.
  • The specific purpose of processing the data.
  • That the data subject is not obligated to authorize the processing of sensitive data.

b. Legitimate Purposes for Processing Sensitive Data

Compliance with Legal Obligations

Processing of sensitive health data, such as medical reports, disability or incapacity certificates, required to fulfill labor or legal obligations (e.g., managing medical leave or complying with health and safety regulations).

Security and Access

Collection of biometric data to control access to physical facilities or IT systems, always with the data subject’s consent.

Prevention of Discrimination

Processing information necessary to ensure equal opportunities and to prevent any type of discrimination in the workplace or commercial environment.

c. Special Protection

Restricted Access

Only authorized personnel will have access to sensitive data, and such access will be limited strictly to what is necessary for fulfilling the authorized purposes.

Security Protocols

Additional controls will be established to prevent the loss, alteration, unauthorized use, or fraudulent access of sensitive data, including the use of encryption, biometric authentication, and continuous monitoring.

Secure Storage

Sensitive data will be stored in databases with high security standards and only for the time necessary to fulfill the specified purposes.

d. Right of the Data Subject to Refuse Authorization

The data subject has the right to refuse authorization for the processing of sensitive data without any negative consequences. 88 TECH GROUP S.A.S. will respect this decision and will only process sensitive data when there is a legal basis for doing so or when it is essential for the execution of a contractual relationship or compliance with legal obligations.

Protection Commitment

88 TECH GROUP S.A.S. is committed to implementing the highest standards of security and protection in the processing of sensitive data, ensuring respect for fundamental rights and human dignity.

12. Security Measures

Protection of personal data under our custody

88 TECH GROUP S.A.S. implements technical, physical, administrative, and technological measures to ensure the security, confidentiality, and integrity of the personal data under its custody. These measures are designed to prevent unauthorized access, loss, alteration, misuse, or disclosure of data, in compliance with the security principles established by Law 1581 of 2012 and applicable regulations.

A. Physical Measures

To protect data stored in physical format, 88 TECH GROUP S.A.S. implements the following measures:

  • Restricted Access:

    Areas where physical documents containing personal data are stored have controlled access. Only authorized personnel may enter these spaces.

  • Secure Storage:

    Documents containing personal information are stored in locked cabinets or file drawers located in secure areas.

  • Surveillance Systems:

    The facilities of 88 TECH GROUP S.A.S. are equipped with surveillance and access control systems to monitor unauthorized entry.

B. Technological Measures

To protect data stored in IT systems and digital databases, 88 TECH GROUP S.A.S. implements the following measures:

  • Authentication and Access Control:

    Access to systems containing personal data is restricted to authorized users through authentication mechanisms such as strong passwords, multi-factor authentication, and access privileges.

  • Data Encryption:

    Sensitive personal data is encrypted both in transit and at rest to prevent interception or unauthorized access.

  • Monitoring and Auditing:

    Continuous monitoring and auditing systems are implemented to detect and prevent unauthorized access or suspicious activity in systems handling personal data.

  • Firewalls and Antivirus Protection:

    IT systems are protected by firewalls, antivirus software, and other cybersecurity tools to prevent cyberattacks, malware, and unauthorized access.

  • Data Backups:

    Regular backups of personal data are conducted to ensure availability in case of incidents, with protection measures to prevent data loss or alteration.

C. Administrative Measures

88 TECH GROUP S.A.S. has adopted internal policies and procedures to ensure compliance with personal data protection regulations, including:

  • Information Security Policies:

    Clear policies on the handling and processing of personal data are in place and mandatory for all employees and collaborators.

  • Employee Training:

    All personnel at 88 TECH GROUP S.A.S. receive regular training on personal data protection, confidentiality, and information security to ensure understanding and compliance with current regulations.

  • Confidentiality Clauses:

    All employment and commercial contracts include confidentiality clauses that bind employees, vendors, and collaborators to maintain the confidentiality of personal data they process.

  • Risk Assessment:

    Regular risk assessments are carried out to identify vulnerabilities in information security and implement preventive actions to reduce the risk of security incidents.

  • Incident Response Plan:

    88 TECH GROUP S.A.S. has a security incident response plan that includes procedures for detecting, reporting, handling, and notifying data breaches or security incidents.

D. Updating Security Measures

88 TECH GROUP S.A.S. is committed to continuously reviewing and updating its security measures to adapt to technological advances, emerging threats, and best practices in information security. Periodic audits and security tests are conducted to ensure the effectiveness and regulatory compliance of the measures implemented.

E. Security Incident Notification

In the event of a security incident that compromises personal data, 88 TECH GROUP S.A.S. will notify the affected individuals and competent authorities, in accordance with the requirements of the Superintendence of Industry and Commerce (SIC), and will adopt the necessary corrective actions to mitigate the impact and prevent recurrence.

Commitment to Security

88 TECH GROUP S.A.S. is fully committed to the protection of personal data by implementing best security practices and adhering to the highest industry standards to ensure confidentiality, integrity, and availability of information.

13. Policies for Handling Inquiries and Complaints

Procedures to Guarantee the Exercise of Data Subjects' Rights

88 TECH GROUP S.A.S. establishes the following procedures for handling inquiries and complaints related to the processing of personal data, ensuring that data subjects can exercise their rights to access, update, rectify, delete, and revoke authorization, in accordance with Law 1581 of 2012.

Procedure for Submitting Inquiries

Data subjects or their legal representatives may submit inquiries to 88 TECH GROUP S.A.S. to learn what information is held in the company's databases and how their data is being processed.

1. Submission of the Inquiry

The data subject may send their inquiry through the following contact channels:

legal@88pay.io
+57 3175330176
www.support.88pay.io
Transversal 39 a 72 76, Medellín

The inquiry must include:

  • Full name of the data subject
  • Identification document
  • Clear and precise description of the inquiry
  • Contact information

2. Response Time for Inquiries

Inquiries will be answered within a maximum period of 10 business days
If it is not possible to respond within this period, the data subject will be informed within an additional 5 business days maximum

Procedure for Submitting Complaints

Data subjects may file complaints when they believe their data has not been processed in accordance with applicable legal provisions, or when they wish to request correction, updating, deletion of data, or revocation of authorization.

1. Submission of the Complaint

The complaint must include:

  • Identification of the data subject: full name and ID number
  • Description of the facts: giving rise to the complaint
  • Contact information: physical address, phone number, and/or email
  • Supporting documents: (if applicable)

2. Response Time for Complaints

Incomplete complaints:5 business days to correct deficiencies
Complete complaints:15 business days (+ 8 additional days if necessary)

Support Systems

88 TECH GROUP S.A.S. has an efficient support system in place to handle inquiries and complaints, ensuring that the data subject receives a timely, clear, and appropriate response. The data subject will receive a notification of the receipt of their inquiry or complaint and will be able to track the status of their request through the contact channel used.

Processing of Requests for Revocation of Authorization or Data Deletion

In the event that the data subject requests the revocation of consent granted for the processing of their personal data or the deletion thereof, 88 TECH GROUP S.A.S. will analyze whether the request is appropriate according to Law 1581 of 2012. In cases where revocation or deletion is not applicable due to a legal or contractual obligation, the data subject will be informed of the reasons why the request cannot be fulfilled.

14. Policy for Monitoring the Personal Data Processing and Protection Policy

Validity, Modifications, and Review of the Data Policy

This Personal Data Processing and Protection Policy of 88 TECH GROUP S.A.S. comes into effect as of [09/04/2024]. This policy will remain in effect until it is modified or replaced by a new version approved by the company.

Policy Validity

The policy becomes effective from the established date and remains valid until it is modified or replaced by a new version officially approved by the company.

Right to Modify

88 TECH GROUP S.A.S. reserves the right to update or modify this policy at any time, based on regulatory changes, technological developments, or operational needs.

Notification of Changes

Any substantial modification will be communicated to data subjects through the company’s usual communication channels, such as the website, emails, or other available means.

Periodic Review

The policy will be reviewed periodically, at least once a year, or when significant changes occur in applicable legislation, the company’s operations, or risks related to personal data processing. Each review will assess the effectiveness of protection measures and compliance with legal requirements.

Commitment to Transparency

88 TECH GROUP S.A.S. is committed to keeping this policy up to date and to transparently communicating any changes that may affect the processing of personal data of our users, clients, and collaborators.

15. Contact Details of the Data Protection Officer

Point of Contact for Data Protection Inquiries and Requests

To ensure compliance with the provisions of this policy and to respond to any request, inquiry, or complaint related to the processing of personal data,
88 TECH GROUP S.A.S. has appointed a Data Protection Officer, who is responsible for coordinating, managing, and overseeing the proper handling of personal information.

Contact Information

Name

William Pinzon

Email

legal@88pay.io

Phone

(+57) 317 5330176

Address

Transversal 39 A 72 76 - Medellín, Antioquia, Colombia

Office Hours

Monday to Friday, 9:00 AM to 5:00 PM - Eastern Time

Availability of the Data Protection Officer

The Data Protection Officer is available to respond to inquiries, complaints, and requests for the updating, rectification, deletion, or revocation of consent for the processing of personal data, in accordance with the procedures established in this policy.

Commitment to Data Protection

88 TECH GROUP S.A.S. is committed to protecting your personal data and ensuring the exercise of your rights. Our team is dedicated to providing you with the best support and resolving any concerns related to the processing of your personal information.

Thank you for trusting us with your personal data.