Privacy Policy

This Privacy Policy describes how Fizupay processes the personal data of individuals (the Users) who use the payment infrastructure provided by Fizupay (the Payment Services) to make payments to third-party providers of goods or services, such as airlines, travel agencies, e-commerce merchants and other service providers (the Service Providers).

Use of the Payment Services constitutes the User's acceptance of this Privacy Policy, without prejudice to the privacy policy of the applicable Service Provider, which governs the primary relationship between the User and the Service Provider.

IF YOU DO NOT AGREE TO THE TERMS OF THIS PRIVACY POLICY, DO NOT ACCESS OR USE FIZUPAY SERVICES.

Fizupay may modify or update this Privacy Policy from time to time. Any updates will be published by updating the "Last updated" date.

It is the User's responsibility to review this Privacy Policy periodically. Continued use of the Payment Services after the publication of updates will constitute the User's acceptance of the updated version.

1. WHAT IS THE ROLE OF FIZUPAY?

Fizupay operates exclusively as a Payment Facilitator. Fizupay:

• (i) Is not the provider of the goods or services purchased by the User.
• (ii) Does not control or manage the commercial, contractual or consumer relationship between the User and the Service Provider.
• (iii) Processes payments solely in accordance with the instructions of the Service Provider and the agreements entered into with it.

This Privacy Policy applies exclusively to the processing of personal data by Fizupay in its capacity as Payment Facilitator and in connection with the services provided.

The Service Provider is solely responsible for the goods or services contracted by the User, as well as the processing of personal data carried out in connection with that relationship, in accordance with its own privacy policy.

2. WHO IS RESPONSIBLE FOR THE PROCESSING OF PERSONAL DATA?

In accordance with the role of Fizupay and the Service Provider:

• (i) In its role as a Payment Facilitator, Fizupay acts as a data processor, as applicable, in accordance with the relevant laws, with respect to the personal data necessary to provide the Payment Services.
• (ii) The Service Provider acts as the data controller with respect to the personal data related to the goods or services offered to the User and is governed by its own privacy policies, for which Fizupay is not responsible.

3. WHAT PERSONAL DATA DO WE COLLECT?

Fizupay collects and processes only the personal data necessary to process payments and to comply with legal, regulatory, contractual and security obligations. Fizupay does not sell or share personal data with third parties, except as described in this Privacy Policy.

3.1. Contact information: first name and last name, email address, phone number, physical address and/or postal address or other similar information, depending on the type of payment and applicable laws.

3.2. Identity and verification information: Identity documents, data used solely for identity verification, fraud prevention and regulatory compliance.

3.3. Payment transaction information: Payment method, account or card details, date, amount, currency, billing address, digital wallet identifiers and other data strictly necessary to process and authorize payments.

3.4. Voluntarily provided information: Data provided or submitted through forms, inquiries, complaints, surveys or any other interactions initiated by the User.

3.5. Communication information: Emails and/or messages.

3.6. Geolocation information: Precise or approximate location obtained via IP address or device, only when necessary for fraud prevention, regulatory compliance or the provision of the Payment Services.

3.7. Payment service usage information: Technical records related to Payment Service. Fizupay does not track the User's commercial activity or browsing behavior outside the context of the payment.

3.8. Device information: IP address, device type, operating system, browser, technical identifiers, security events and diagnostic information.

3.9. Cookies: Fizupay uses cookies and similar strictly necessary for the technical operation of the Payment Services, fraud prevention, transaction security and compliance with legal and regulatory obligations.

The cookies used by Fizupay are not intended for advertising, marketing or commercial profiling purposes and they do not allow the User to be identified or tracked outside the specific context of the payment process.

The User may configure their browser to block or delete cookies. However, disabling essential technical cookies may affect the proper functioning of the Payment Services.

The Payment Services are not directed to minors. Fizupay does not intentionally collect personal data from minors without valid legal authorization.

4. INFORMATION WE COLLECT FROM THIRD PARTIES

Fizupay may receive personal data from:

• (i) Service Providers.
• (ii) Financial institutions, banks, payment networks and processors.
• (iii) Identity verification, fraud prevention and compliance providers.
• (iv) Financing providers or installment payment plan providers.

All of the above in accordance with applicable laws and contractual confidentiality and security obligations.

5. PURPOSE OF DATA PROCESSING

Fizupay processes personal data exclusively for the following purposes:

• (i) To process, authorize, settle, manage and/or refund payments.
• (ii) To verify identity and prevent fraud.
• (iii) To comply with legal, regulatory and tax obligations.
• (iv) To manage disputes, chargebacks and claims.
• (v) To ensure the security and integrity of the Payment Services.

Fizupay does not use personal data for direct marketing, advertising or for the creation of commercial profiles.

6. DATA SHARED WITH THIRD PARTIES

Personal data may be shared solely with:

• (i) Service Providers.
• (ii) Financial institutions and payment networks.
• (iii) Compliance, security and fraud prevention providers.
• (iv) Competent authorities, when legally required.

7. USER RIGHTS

In accordance with applicable law, the User may exercise their rights of access, rectification, erasure, objection or restriction of processing of their personal data by submitting a request to the following email address: customerservice@fizupay.com

Without limitation, the User is entitled to the following rights:

7.1. Right to information:

The User has the right to request information from Fizupay and/or the competent local authorities or entities, where applicable, regarding the existence of their personal data in records or databases, the purposes for which such data is processed and the identity of the data controllers.

The User is entitled to receive the information in a clear and understandable manner, without any codes and where applicable, accompanied by an explanation in plain language.

The information may be provided in writing, electronically, by telephone, via images or by any other appropriate means.

Under no circumstances shall Fizupay provide information belonging to third parties, even if related to the User, in accordance with applicable law.

7.2. Right of access:

After verifying their identity, the User may request and obtain from Fizupay information regarding their personal data that has been collected in Fizupay's records or databases.

The exercise of this right of access allows the User to:

• a) Determine whether the User's personal data is included in Fizupay's records or databases;
• b) Access all personal data relating to the User contained in these records or databases;
• c) Request information regarding the sources and methods used to collect the data;
• d) Request information regarding the purposes for which your personal data was collected;
• e) Request information regarding the intended recipients or the intended disclosure of the User's personal data.

If the period of ten (10) consecutive days, or the period established by applicable local regulations, expires without Fizupay having fulfilled the User's request, the User may exercise the remedies provided by applicable law.

If applicable, in the case of personal data of deceased individuals, the relationship must be established either through the appropriate legal documentation confirming the claimant's status as heir or successor of the data subject or in the manner provided under applicable law.

The exercise of this right is free of charge.

7.3. Right to rectification, updating, erasure or confidentiality:

The User may request the rectification, updating, and, where applicable, erasure of their personal data contained in Fizupay's records or databases or that such data be treated as confidential.

The erasure of personal data will not be permitted where it could adversely affect the legitimate rights or interests of third parties or where there is a legal obligation to retain the data. Likewise, Fizupay may deny access, rectification, erasure or confidentiality in cases related to the protection of public order and safety, the protection of the rights and interests of third parties, where such actions could impede ongoing judicial or administrative proceedings connected to the enforcement of tax or social security obligations, the exercise of health and environmental control functions, the investigation of criminal offenses or the verification of administrative violations, or in fulfillment of any other obligations applicable to Fizupay.

Any decision made in this regard will be reasoned and duly notified to the User. During the process of verifying and rectifying any errors or inaccuracies in the personal data, Fizupay will block the record or indicate, when disclosing information related to it, that it is subject to review.

7.4. Right to rectification, updating or erasure free of charge:

Users may request the rectification, updating or erasure of inaccurate or incomplete personal data in our records or databases free of charge.

If applicable, Fizupay may request information or documentation to verify the User's identity and authorization to make the request. Once the User's identity has been verified, Fizupay will respond to the request within a reasonable period, in accordance with the applicable regulations.

8. DATA PRESERVATION

Personal data will be retained for as long as necessary to:

• (i) Provide the Payment Services.
• (ii) Comply with legal and regulatory obligations.
• (iii) Manage disputes and audits.
• (iv) Assert or defend legal rights.

Backup copies may be retained in systems for a limited period for these purposes.

9. INFORMATION SECURITY

Personal data may be processed and stored in countries other than the User's country of residence, including the United States. Fizupay implements reasonable technical, administrative, and organizational measures to protect personal data, in accordance with industry standards for payment services and applicable law.

While Fizupay has taken reasonable steps to protect the personal information you provide, please be aware that no security measure is completely secure or impenetrable, and no method of data transmission can be guaranteed against interception or other misuse. Any information disclosed online is potentially vulnerable to interception and unauthorized use.

10. GOVERNING LAW AND JURISDICTION

This Privacy Policy is governed by the laws of the State of Delaware, United States, without prejudice to the possible application of laws providing protection to Users. Any dispute shall be submitted to the competent courts of the State of Delaware, except where, as applicable, the User has the right to file a complaint with the competent data protection authority in their jurisdiction.

11. CONTACT INFORMATION

For inquiries, complaints or requests related to this Privacy Policy or the processing of personal data:

Postal Address: Fizupay Inc., 251 Little Falls Drive, Wilmington, DE 19808

Email: customerservice@fizupay.com

Designated Data Controller: Fizupay Inc., contact address: Fizupay Inc., 251 Little Falls Drive, Wilmington, DE 19808