Privacy Policy

OBJECTIVE AND SCOPE

This policy regulates the processing of personal data of our allies, employees, contractors, suppliers, users, clients, consumers, and any person whose personal data is or will be processed (hereinafter referred to as Data Subjects) by Enric INC, with identification number 7568676, domiciled in Delaware, United States (hereinafter Enric), acting as the Data Controller and/or Processor. The policy aims to guarantee the rights of Data Subjects, inform about the mechanisms and procedures to exercise these rights, address questions, complaints, and claims, and disclose how all personal information (hereinafter referred to as Personal Data) will be processed within our commercial activity and its purpose, in compliance with current Colombian regulations.

ENRIC

For the purposes of this Policy, Enric’s details are as follows:

Name: Enric INC

ID: 7568676

Address: Cl. 26 SUR # 23 A -11

Phone: +573127885331 Email: hello@Enric.ai

AUTHORIZATION

We will obtain your consent as the Data Subject before collecting your Personal Data, which you and any competent authority can consult or verify.

We will request your prior authorization for the processing of your personal data in various scenarios where we obtain it, both physically and digitally.

In cases where we process Personal Data transmitted or transferred by third parties, it will be the sole and exclusive responsibility of the third party to obtain all authorizations from the Data Subjects for Enric to process them for the purposes contemplated here.

In any case, by expressly and previously accepting this Policy, YOU AUTHORIZE the processing of your personal data by Enric in accordance with the purposes, treatment, and other conditions contemplated here and adjusted to current regulations on the matter.

In the case of minors, authorization and provision of information must be carried out by their parents, guardians, or legal representatives.

CONTENT OF THE INFORMATION

For the development of our commercial activities and the correct provision of the service we offer, we will collect the following information:

Users: Information to provide services, namely: Name; Identification; Address; Names and surnames of the legal representative; ID or identification number; Email address; Phone number; Payment method-related data; Any other information required for the provision of services to users.

Clients: Information to provide services, namely: Name; Identification; Address; Names and surnames of the legal representative; ID or identification number; Email address; Phone number; Payment method-related data; Any other information required for the provision of services.

Suppliers: Information to contract services, namely: Name; Identification; Address; Names and surnames of the legal representative; ID or identification number; Email address; Phone number; Payment method-related data; Any other information required for the provision of services.

Employees: Personal identification information, including but not limited to: names and surnames, ID or identification number, age, phone, address, and other information that allows identifying Employees.

Shareholders: Personal identification information, including but not limited to: names and surnames, ID or identification number, age, phone, address, and other information that allows identifying Shareholders.

Personal data of minors must be provided through their parents, guardians, or legal representatives, as well as express authorization for its processing.

SENSITIVE DATA

In the execution of our services, we will collect and process Sensitive Data, such as, but not limited to: (i) Images, photographs, and/or voice recordings or biometric data taken for identification purposes; (ii) information related to health, gender, among others.

In such cases, the data will be processed with the highest security standards.

PROCESSING

In the development of our activities, we will collect, use, administer, store, analyze, anonymize, index, segment, profile, compile, process, transmit, transfer, verify your Personal Data, perform collections and share information with credit bureaus, if necessary, and, in general, we will perform various operations with your Personal Data.

Your Personal Data processed by us will be subject only to the purposes indicated below or those authorized by you as the Data Subject.

PURPOSES

Enric and those who, with your prior authorization, have access to your Personal Data by Law, contract, or other binding document, will carry out the Processing for the following purposes:

Users: (i) To share with Enric’s clients for their download, metric visualization, configuration, marketing strategy development; improve user experience, personalize offers and promotions, as well as conduct market studies and trend analysis to optimize their products and services to meet market needs more effectively; (ii) to provide, improve and monitor the interactions you have with the products and services provided by Enric and its clients; (iii) to have interactions through any of our communication channels such as: email, cell phone, social networks, among others; (iv) to protect our legitimate interests or those of third parties; (v) maintain and increase the security of our services; (vi) optimize our services and your user experience; (vii) respond to service requests you make; (viii) prevent any form of abuse of our service; (ix) comply with our legal and regulatory obligations; (x) execute or enforce the terms of our agreements; (xii) manage load distribution and technical optimization of our services; (xiii) offer technical assistance and customer or user support regarding our products and/or services; and, finally, (xiv) for any other purpose for which you have given your explicit consent.

Clients: (i) Offer and provide our services to you; (ii) Provide support with a problem or correct a failure in our service; (iii) Carry out filing, updating, storage and information processing activities, either by itself or through third parties contracted for this purpose; (iv) Inform you of the existence of new services, own and third-party; (v) Manage information on credit risks and control and prevention of money laundering; (vi) For the transmission or transfer of personal data to third parties with which contracts have been concluded in order to carry out and comply with the service offered; (vii) To manage all the information necessary for compliance with tax obligations and commercial, corporate and accounting records; (viii) To proceed with the billing and collection of the service; (ix) To share Personal Data with service companies or “outsourcing” companies that contribute to improving or facilitating operations, including payment methods, insurance or payment management intermediaries, transport and courier companies, advertising agencies, among others; (xi) Carry out the transmission or transfer of data with third natural or legal persons; (xii) Make contact for commercial purposes or collection management through any of the following channels: email, phone call and WhatsApp message at the times and frequency authorized by current regulations.

Suppliers: (i) to execute the concluded contracts; (ii) to carry out selection processes, hiring and other commercial activities necessary for the development of the relationship with the supplier; (iii) to carry out collection or collection management through any of the following means: email, phone call and WhatsApp message and within the schedules and frequency authorized by law; (iv) to carry out reporting to credit bureaus and search in control lists; (v) to share Personal Data with service companies or “outsourcing” companies that contribute to improving or facilitating operations, including payment methods, insurance or payment management intermediaries, transport and courier companies, advertising agencies, among others.

Employees: (i) to execute the concluded contracts; (ii) to carry out personnel selection processes, hiring and other human management activities of the company.

Shareholders: (i) for the development of the relationship with the company; (ii) to carry out and comply with all the procedures and activities inherent to the existing relationship.

We will ensure that the policies of third parties who access, transmit, transfer or process Personal Data have standards similar to those of this Policy, through the signing of agreements, conventions and/or contracts.

RIGHTS OF THE DATA SUBJECT

As a Data Subject, you have the following rights:

(i) Know, update and rectify your personal data.

(ii) Request proof of the authorization granted;

(iii) Be informed about the uses or Processing given to the Personal Data of the Data Subject, upon prior consultation by the latter;

(iv) File complaints before the Superintendence of Industry and Commerce for infractions of Law 1581 of 2012, Decree 1377 of 2013 and other legal provisions on the matter, once the direct consultation or claim procedure has been exhausted;

(v) Revoke the authorization and/or request the deletion of the data, when the Processing does not respect constitutional and legal principles, rights and guarantees, and;

(vi) Access your personal data that have been subject to Processing free of charge.

(vii) Refrain from providing sensitive data.

You may exercise your rights by presenting your citizenship card or any identification document. Likewise, your representatives may exercise your rights, providing the document that authorizes them to do so.

PROCEDURES

In order for the Data Subject to exercise their rights, we will implement the following procedures.

To address any doubt, consultation, complaint, question, claim or request of any type of information related to your personal data, particularly, to exercise your rights to know, update, rectify and delete the data or revoke the authorization granted, you must contact us by email to: hello@Enric.ai, taking into account the following conditions:

Consultations. We have adequate mechanisms for you to make consultations, providing all the information contained in the individual record or that is linked to your identification as Data Subject.

We will respond to consultations within a maximum term of ten (10) business days from the date of receipt. When it is not possible to attend the consultation within said term, we will inform the interested party before the expiration of the ten (10) days, with the reasons for the delay and the date on which your consultation will be attended, which in no case may exceed five (5) business days following the expiration of the first term.

Claims. When the Data Subject considers that the information contained in our database should be subject to correction, update or deletion, or when they notice the alleged breach of any of the duties contained in Law 1581 of 2012 and the regulations that regulate or complement it or when they want to revoke the authorization for the processing of personal data granted, they may submit a claim to us, which will be processed under the following rules:

The claim must be submitted by the Data Subject, their successors or their representative, in the format(s) proposed by Enric for this purpose. If the claim received does not have your identification as Data Subject, the description of the facts that give rise to the claim, the address and evidence of the claim, we will contact you within five (5) days following receipt to correct the failures. If two (2) months elapse from the date of the request without you submitting the required information, it will be understood that you have withdrawn the claim.

In case the person receiving the claim is not competent to resolve it, they will transfer it to whom it corresponds within a maximum term of two (2) business days and will inform the interested party of the situation.

Once the complete claim is received, a legend that says “claim in process” and the reason for it will be included in the Database maintained by Enric, within a term not exceeding two (2) business days. Said legend must be maintained until the claim is decided.

The maximum term to attend the claim will be fifteen (15) business days counted from the day following the date of its receipt. When it is not possible to attend it within said term, we will inform you before the expiration of the referred term the reasons for the delay and the date on which your claim will be attended, which in no case may exceed eight (8) business days following the expiration of the first term.

For all purposes, the request for data deletion and the revocation of the authorization for data processing will be processed as a claim and these will apply the terms indicated in literal b, above, of this Policy.

Deletion. The Data Subject has the right, at any time, to request us to delete (eliminate) their Personal Data when they consider that they are not being treated in accordance with the principles, duties and obligations provided for in Law 1581 of 2012; they have ceased to be necessary or relevant for the purpose for which they were collected or; the period necessary for the fulfillment of the purposes for which they were collected has been exceeded.

This deletion implies the total or partial elimination of personal information according to what is requested by the Data Subject in the records, files, databases or treatments carried out by Enric. However, we may deny it when the Data Subject has a legal or contractual duty to remain in the database; the elimination of data hinders judicial or administrative actions linked to tax obligations, investigation and prosecution of crimes or the updating of administrative sanctions or; the data are necessary to protect their legally protected interests; to carry out an action in the public interest, or to comply with an obligation legally acquired by the Data Subject.

Revocation of Authorization. You can revoke consent to the processing of your Personal Data at any time, as long as it is not prevented by a legal provision. For this, we will establish simple and free mechanisms that allow you to revoke your consent, at least by the same means by which you granted it.

You can revoke the authorization totally or partially, for this, you must always indicate which treatment you disagree with.

TRANSFER AND TRANSMISSION OF DATA

As Data Subject, you expressly authorize Enric to transfer and/or transmit your Personal Data to third parties (commercial allies, suppliers, clients, contractors) who, as Data Controllers and/or Processors of the information, may process Personal Data to carry out the necessary steps for Enric to provide you with high-quality products and/or services.

In any case, the third party receiving Personal Data transferred or transmitted by Enric will be obliged to adhere to this Processing Policy and to the strict scope of the authorization previously given by the Data Subject to carry out their respective processing.

In all cases where Personal Data of third parties is transferred or transmitted to Enric, whoever sends or authorizes its access and processing must strictly adhere to this Policy and must have previously obtained the necessary authorizations from the Data Subjects for Enric to carry out the processing in accordance with everything contemplated here; in such cases, whoever sends the personal data or authorizes its access and processing to Enric, will hold the latter harmless against any demand, claim or legal action that arises in relation to or derived from the authorization of the Data Subject of the Personal Data to carry out the processing of the same.

TRANSFORMATIONS, DISSOLUTION, LIQUIDATION, SPIN-OFF OR MERGER

The Data Subject expressly authorizes Enric to share their Personal Data, including Sensitive Data, to legal entities other than Enric, which arise as a consequence of the dissolution, merger, spin-off and liquidation of Enric. Thus, in the event that Enric undergoes transformations, all Personal Data, including Sensitive Data, will be transferred or transmitted in accordance with the provisions of this Data Protection Policy, with prior notice that this will happen.

SECURITY

We will adopt the technical, technological, human and administrative measures that are necessary to provide security to the records and files containing Personal Data, avoiding their adulteration, loss, consultation, unauthorized or fraudulent use or access.

We will maintain mandatory security protocols for personnel with access to personal data and information systems or storage thereof; however, no Internet transmission method or electronic storage method is 100% secure and reliable, and we cannot guarantee its absolute security.

CONTACT

To address any inquiry, consultation, complaint, claim or request of any type of information related to your Personal Data, particularly, to exercise your rights as the Data Subject of Personal Data provided to Enric, you may contact us by sending an email to hello@Enric.ai.

MODIFICATIONS

We reserve the right to modify this policy at any time. Any modification will enter into force and will have effects against related third parties from its publication in the corresponding channel. However, we will inform through the same means by which it was disseminated when there are essential changes or modifications and we will always include within it the date of publication.

You are recommended to review this Privacy Policy periodically to verify any changes. Changes to this Privacy Policy take effect when they are published on this page.

VALIDITY

This data policy enters into force from its publication.

Personal Data that is stored, used or transmitted will remain in Enric’s database, for the time necessary for the purposes mentioned in this Policy, for which they were collected. Thus, the validity of the database is closely related to the purposes for which personal data was collected, unless there is a legal obligation to retain information, in which case it will be kept for the time established by law.

Published August 2024