Política de privacidad de datos

PRIVACY POLICY AND PERSONAL DATA PROTECTION

This Privacy Policy (hereinafter, the “Policy”) describes how the Company, which operates under different commercial brands, including Apprecio and Dcanje, collects, uses, stores, shares, and protects the personal data of individuals who access and/or use the Company’s websites, mobile applications, and other digital channels (hereinafter, the “Platform”).

INTERNATIONAL SCOPE AND APPLICABLE REGULATIONS

The Company operates in various countries across the American continent under different commercial brands. In each country, the processing of personal data is governed by the laws and regulations in force in the territory where the User registers, uses the Platform, and/or where the associated service is performed.

In the event of any discrepancy between this international version and a local Privacy Policy applicable to a specific country, the local Privacy Policy corresponding to the User’s country and/or the territory where the main data processing takes place shall prevail.

You may review the local privacy policies (or applicable documents) at the following links:

Chile (CL): Privacy Policy Chile
Peru (PE): Privacy Policy Peru
Colombia (CO): Privacy Policy Colombia
Ecuador (EC): Privacy Policy Ecuador
Mexico (MX): Privacy Policy Mexico

DEFINITIONS

Company: The legal entity responsible for operating the Platform and processing personal data, under the applicable commercial brand in each country.

User: A natural person who accesses, browses, registers, and/or uses the Platform.

Personal Data: Information that identifies or makes a natural person identifiable.

Processing: Any operation performed on personal data, such as collection, storage, use, communication, transfer, deletion, among others.

DATA WE MAY COLLECT

Depending on the country, the channel used, and the type of relationship with the User, the Company may collect and process the following categories of data:

Identification data: name, surname, identification document (or equivalent), date of birth (where applicable), and other data required for registration and validation.
Contact data: email address, phone number, address (where applicable).
Account and security data: credentials (stored in encrypted/hashed format), access logs, account recovery information, and anti-fraud measures.
Transactional and operational data: activity on the Platform, redemption history, transfers, requests, validations, and related statuses.
Device and browsing data: IP address, device identifiers, operating system, browser, usage events, cookies, and similar technologies (subject to User settings and applicable regulations).
Support and service data: inquiries, claims, support conversations, surveys, and feedback.

PURPOSES OF PROCESSING

The Company may process personal data for the following purposes, as applicable:

Enable user registration, authentication, and account management.
Operate the Platform and provide access to available functionalities, benefits, and/or services.
Manage processes related to redemptions, transfers, validations, and benefit delivery.
Prevent, detect, and investigate fraud, abuse, unauthorized access, and/or security incidents.
Respond to requests, inquiries, claims, and provide support.
Perform internal analysis, metrics, and improvements to the Platform, including quality, experience, and security.
Send operational and/or informational communications (e.g., confirmations, alerts, policy changes).
Send commercial and/or promotional communications when there is a valid legal basis and/or consent, and allow opt-out where applicable.
Comply with legal, regulatory, contractual obligations, and requests from competent authorities.

LEGAL BASES

The legal bases for processing personal data will depend on the applicable country and may include, as appropriate: (i) the performance of a contract or relationship with the User, (ii) compliance with legal obligations, (iii) legitimate interest (e.g., security and fraud prevention), and/or (iv) the User’s consent when required by applicable regulations.

DATA SHARING AND PROCESSORS

The Company may share personal data with third parties only when necessary to fulfill the purposes described above, such as:

Service providers and data processors: technology services, hosting, analytics, messaging, verification, support, and security.
Affiliated companies or operational partners: when necessary to validate User participation, enable benefits, process requests, or resolve discrepancies.
Competent authorities: when required by law or by a valid legal request.

In all cases, the Company will adopt reasonable measures to require adequate confidentiality and security standards from such third parties, in accordance with applicable regulations.

INTERNATIONAL DATA TRANSFERS

If, for operational or technological reasons, personal data must be processed from or transferred to servers located in other countries, the Company will carry out such transfers in compliance with applicable regulations and will implement reasonable safeguards to protect personal data (e.g., contractual agreements, security measures, and internal policies).

DATA RETENTION PERIODS

The Company will retain personal data for as long as necessary to fulfill the purposes described in this Policy, comply with legal obligations, and/or defend against potential claims. Thereafter, the data will be deleted or anonymized in accordance with applicable regulations.

INFORMATION SECURITY

The Company implements reasonable technical and organizational measures to protect personal data against unauthorized access, loss, alteration, or disclosure. However, no system is completely infallible, and the User acknowledges that zero risk does not exist in digital systems.

DATA SUBJECT RIGHTS

The User may exercise the rights recognized by applicable regulations in their country, which may include, as applicable: access, rectification, updating, objection, deletion/suppression, restriction of processing, and data portability. The availability and scope of these rights depend on local legislation.

To exercise these rights, the User must use the contact channels enabled by the Company in the corresponding country. The Company may request additional information to verify the identity of the requester when necessary.

COOKIES AND SIMILAR TECHNOLOGIES

The Platform may use cookies and similar technologies to enable its operation, improve user experience, measure usage, and perform analytics. Where required, the Company will implement consent and configuration mechanisms for cookie usage in accordance with applicable regulations.

CHANGES TO THIS POLICY

The Company may modify this Policy when necessary. Any material changes will be communicated through the channels deemed appropriate by the Company, including publication on the corresponding websites or applications, in accordance with applicable regulations.

CONTACT

For inquiries related to privacy and data protection, the User may contact the Company through the support and/or contact channels published on the Platform for the corresponding country.