Comprehensive Privacy Notice Users and Prospects

1. Introduction

Yuno Tecnologías S.A.P.I. de C.V. ("YUNO") is committed to protecting your privacy and personal data. This Privacy Notice outlines how we collect, use, disclose, and safeguard your data when you interact with our payment orchestration services. By interacting with our services, you agree to the practices described in this Notice.

‍

2. Definitions

For clarity and alignment with global data protection laws, the following definitions apply:

‍

• Applicable Data Protection Laws: This term includes all laws and regulations related to theprocessing of personal data, including the GDPR, CCPA/CPRA, and other relevant local laws inMexico, the U.S., the EU, and other regions where YUNO operates.
• Controller: An entity that determines the purposes and means of processing personal data.
• Processor: A party that processes personal data on behalf of the controller.
• Sub-processor: A third party engaged by a processor to help fulfill data processing obligation son behalf of the controller.
• Data Subject: An individual whose personal data is being processed.
• Personal Data: Any information relating to an identified or identifiable person, including identifiers such as names, addresses, identification numbers, online identifiers, and other datapoints specific to an individual's identity.
• Processing: Any operation performed on personal data, including collection, recording,organization, storage, adaptation, retrieval, consultation, use, and deletion.
• Company Data: Data provided by users or collected through interactions with YUNO's services,which may or may not contain personal data.
• Operational Territory: Any jurisdiction where YUNO conducts its services and processes data,including but not limited to Mexico, the United States, and European Union member states.
• Data Supply Chain: The process and flow of data collection, transfer, and processing betweenYUNO, its partners, and users.

‍

3. Personal Data We Collect

To provide effective services, YUNO may collect the following categories of personal data:

‍

3.1 Identification and Contact Information

This includes data such as your full name, email address, phone number, and physical address. This data is collected to identify you, communicate with you, and manage your user account.

‍

3.2 Financial Information

We may collect payment details, billing information, and transaction histories to facilitate payment processes and fulfill contractual obligations.

‍

3.3 Technical and Electronic Data

This includes data related to your use of our services, such as IP addresses, device identifiers,browser types, operating systems, and usage statistics. Such data helps enhance user experience,maintain security, and optimize service performance.

‍

3.4 Professional Data

YUNO may collect job titles, company affiliations, and related business information for client management and service provision.

‍

3.5 Marketing and Communications Data

This includes preferences regarding marketing communications and information related to your interactions with promotional content.

‍

Third-Party Personal Data

If you provide us with the personal data of third parties (e.g., your clients or partners), it is your responsibility to inform them about this Privacy Notice and obtain their consent as required byapplicable data protection laws. By sharing such data, you affirm that you have the necessaryauthorization and that the data is accurate.

‍

Sensitive Personal Data

YUNO does not intentionally collect sensitive personal data (e.g., data regarding health, religious beliefs, or sexual orientation). Should any sensitive data be collected or processed, it will be handled with the highest security measures and only as permitted by applicable laws.

‍

4. Processing Purposes

YUNO processes personal data to provide and enhance our services, fulfill legal obligations, and pursue legitimate business interests. The purposes are outlined as follows:

‍

4.1 Primary Purposes

‍

• Service Provision: To inform clients and prospects about YUNO's services, including pricing and modalities, and to facilitate the contracting process.
• User Management: To administer, control, and update user accounts, profiles, and accesscredentials.
• Verification and Security: To authenticate user identities and protect against fraud, identity theft, and unauthorized access.
• Contractual Fulfillment: To execute agreements with users and provide the services outlined incontracts.
• Billing and Collections: To issue invoices, process payments, and manage any related collection processes.
• Internal Administration: To support internal operations, manage client records, and conduct routine administrative tasks.
• Service Improvement: To analyze usage patterns, monitor service quality, and make necessary improvements to our offerings.
• Legal Compliance: To comply with applicable laws and regulations, including record-keepingand reporting obligations.
  

• Statistical Analysis and Historical Records: To generate business insights and maintain a record of service interactions for future reference.

4.2 Secondary Purposes‍

‍

• Marketing and Promotions: To send newsletters, promotional content, and other relevant updates regarding YUNO's services. Users have the right to opt out of these communications at any time through the provided mechanisms.

‍

5. Data Sharing and Transfers

YUNO is committed to supporting data subjects in exercising their rights as established by the Law,GDPR, CCPA, and other relevant data protection regulations. These rights include, but are not limited to:

‍

5.1 Rights Available to Data Subjects (ARCO Rights)

‍

• Right to Access: You have the right to know if YUNO is processing your personal data and to request details about the processing activities.
• Right to Rectification: You can request the correction of inaccurate or incomplete personal dataheld by YUNO.
• Right to Erasure (Right to be Forgotten): Under certain circumstances, you may request thedeletion of your personal data, provided that such deletion does not conflict with legalobligations or legitimate interests.
• Right to Restrict Processing: You can request the restriction of processing under specific conditions, such as contesting the accuracy of your data or when processing is unlawful but you do not wish for the data to be erased.
• Right to Data Portability: You have the right to request the transfer of your personal data to another organization or directly to you, in a structured, commonly used, and machine-readable format.
• Right to Object: You can object to the processing of your personal data for direct marketing purposes or on grounds related to your particular situation when the processing is based on legitimate interests.
• Rights Related to Automated Decision-Making: Where applicable, you have the right not to be subject to decisions based solely on automated processing, including profiling, which significantly affect you.

‍

5.2 Exercising Your Rights

‍

To exercise any of your data rights, you can submit a request through the following channels:

‍

• Email: privacy@y.uno
• Mail: Cráter 38, Jardines del Pedregal, Alvaro Obregón, Mexico City

‍

Request Requirements:

• Your full name and contact information.
• Proof of identity (e.g., official ID) or legal representation, if applicable.
• A clear and precise description of the right you wish to exercise and any related personal data.
• Any supporting documents or information to help locate your data.

‍

Response Time: YUNO will acknowledge your request within 20 business days and, if applicable, implement the request within 15 business days after the response. If your request is incomplete or requires further clarification, YUNO will notify you and provide 10 business days to address the issue. Failure to respond will result in the request being considered withdrawn.

‍

5.3 Limitations to Data Rights

Certain rights may be limited by legal, regulatory, or contractual obligations. In such cases, YUNO will inform you of the reason for any limitation or denial of your request.

‍

Response Time: YUNO will acknowledge your request within 20 business days and, if applicable, implement the request within 15 business days after the response. If your request is incomplete or requires further clarification, YUNO will notify you and provide 10 business days to address the issue. Failure to respond will result in the request being considered withdrawn.

5.3 Limitations to Data Rights

Certain rights may be limited by legal, regulatory, or contractual obligations. In such cases, YUNO will inform you of the reason for any limitation or denial of your request.

‍

6.Revocation of Consent

You may revoke your consent for the processing of your personal data at any time, provided that such revocation does not interfere with YUNO's ability to fulfill contractual or legal obligations. Procedure for Revocation: The process for revoking consent follows the same steps outlined for the exercise of ARCO rights. Requests can be submitted via the email or mailing address provided above.

‍

7. Data Security Measures

YUNO is committed to maintaining the security, integrity, and confidentiality of your personal data.To this end, we implement robust technical and organizational measures that align with industry standards and best practices.

‍

Security Measures Include:

‍

• Data Encryption: Personal data is encrypted during transmission and at rest to preventunauthorized access.
• Access Controls: Strict access control measures are in place to limit data access to authorizedpersonnel only.
• Regular Security Audits: YUNO conducts periodic security audits and penetration testing to identify and mitigate potential vulnerabilities.
• Employee Training: Our staff receives regular training on data protection and privacy practices to ensure compliance.
• Incident Response Plan: YUNO maintains an incident response plan to manage and mitigate any data breaches swiftly.

‍

8. Data Sharing and Transfers

YUNO may share your personal data under specific conditions, ensuring that all transfers comply with applicable data protection laws:

‍

8.1 Internal Data Sharing

• Corporate Affiliates: Data may be shared with YUNO's affiliated companies for centralizedmanagement, business continuity, and compliance purposes.

8.2 External Data Transfers

‍

• Regulatory Authorities: Data may be shared with government bodies or law enforcement agencies as required by law.
• Service Providers and Sub-processors: We may share data with trusted service providers whoassist in delivering our services (e.g., IT support, cloud storage providers). These third partiesare bound by data processing agreements that mandate compliance with applicable dataprotection standards.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your personal data may be transferred as part of the business transaction. In such cases, we will notify you and ensure that your data continues to be protected.

‍

8.3 International Data Transfers

‍

Given YUNO's global operations, personal data may be transferred to and processed in countries outside your home jurisdiction. To ensure data protection, YUNO adopts the following safeguards:

‍

• Standard Contractual Clauses (SCCs): For transfers to countries without an adequacy decisionfrom relevant authorities.
• Binding Corporate Rules (BCRs): Where applicable, for intra-group transfers.
• Privacy Shield Frameworks: For transfers compliant with recognized data protection frameworks where applicable.

‍

9. Automated Data Collection and Cookies

‍

YUNO uses cookies and similar technologies to collect data about how you interact with our services. This information helps us improve user experience, service delivery, and marketing strategies.

‍

9.1 Types of Cookies We Use:

• Essential Cookies: Necessary for the proper functioning of our website and services.
• Performance and Analytics Cookies: Collect data on user behavior to help us optimize our website.
• Functionality Cookies: Remember your preferences and enhance your experience.
• Targeting Cookies: Used for marketing purposes to deliver more relevant ads.

‍

9.2 Managing Cookie Preferences

‍

You can manage or disable cookies through your browser settings.

‍

10. Data Retention

‍

YUNO retains personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Notice and to comply with legal, accounting, or reporting obligations. The retention period depends on the type of data and the processing purposes.

‍

10.1 General Retention Periods

‍

• User Account Data: Retained as long as the account is active and for a period necessary to comply with legal obligations or resolve disputes.
• Financial and Transaction Data: Retained for as long as required by applicable financial regulations or tax laws.
• Marketing and Communications Data: Retained until you opt out or withdraw your consent for such communications.
• Technical and Usage Data: Retained for a limited period to analyze service performance and enhance user experience.

‍

10.2 Data Deletion and Anonymization

‍

Once personal data is no longer needed for its original processing purpose, YUNO will eithersecurely delete or anonymize the data. In cases where data cannot be deleted due to legal ortechnical constraints, it will be isolated and protected from further processing.

‍

11. International Data Transfers

‍

Given the global nature of YUNO's operations, personal data may be transferred across borders,including jurisdictions that may not have data protection laws equivalent to those in your homecountry. To ensure the protection of your data:

‍

11.1 Safeguards for International Transfers

‍

• Adequacy Decisions: Personal data may be transferred to countries recognized by relevant authorities as providing an adequate level of data protection.
• Standard Contractual Clauses (SCCs): For transfers to countries without adequacy decisions,YUNO employs SCCs to guarantee that personal data receives protection consistent with applicable data protection laws.
• Binding Corporate Rules (BCRs): For intra-group data transfers, YUNO may adopt BCRs thatalign with GDPR standards.

‍

11.2 Compliance Measures

‍

YUNO ensures that any international data transfers comply with applicable data protectionregulations and employs appropriate safeguards to maintain the security and confidentiality oftransferred data.

‍

12. Updates to this Privacy Notice

‍

YUNO may update this Privacy Notice periodically to reflect changes in our practices, technological advancements, or legal requirements. When we make significant changes, we will notify you through appropriate channels, such as our website or direct communication.

‍

12.1 Notification of Changes

‍

• Website Publication: Updated versions of this Privacy Notice will be published on the YUNOwebsite in the "Privacy Notice" section.
• Direct Communication: When significant changes are made, YUNO may notify you via email orother direct communication methods if you have provided your contact details.

‍

12.2 Review Period

We encourage users to review this Privacy Notice periodically to stay informed about how weprotect and process personal data. The date of the last update will always be clearly indicated at thebeginning of the policy.

‍

13.Contact Information and Complaints

‍

YUNO is committed to addressing any questions or concerns regarding your personal data and thisPrivacy Notice. If you have any privacy-related inquiries or wish to exercise your data protection rights, please contact us at:

‍

• Email: privacy@y.uno
• Mail: Cráter 38, Jardines del Pedregal, Alvaro Obregón, Mexico City