Privacy Policies

NAUT 2024 Privacy and Confidentiality Statement.

At NAUT, we understand the protection of personal data as an opportunity to generate value for our customers. By using personal information responsibly, we not only protect the privacy of those who entrusted us with their data, but also allow them to operate our website safely and confidently.

Therefore, your privacy is very important to us and we strive to protect it.

In order to provide its services to you, NAUT processes, collects, and in some cases discloses information about individuals who, like you, are users and visitors of our website. This NAUT Privacy and Information Confidentiality Statement (the "Privacy Statement") describes the information NAUT collects and processes about you and what it may do with it.

This Privacy Statement is part of NAUT's General Terms and Conditions. Providing your voluntary, express, and informed consent to this Privacy Statement is an essential requirement for entering into contracts and/or having any type of relationship with NAUT, subject to applicable Colombian law.

LEGAL FRAMEWORK APPLICABLE TO THE TREATMENT

Pursuant to this policy for the processing of your personal data, the following regulatory references, procedures, and guidelines issued by the NAUT Company will apply to the processing of users' personal data.

• Political Constitution of Colombia.
• Law 1581 of 2012.
• Single Decree 1074 of 2015.
• Regulatory Decrees.
• Applicable jurisprudence.
• This Personal Data Processing Policy.

PRINCIPLES TO WHICH THE TREATMENT IS SUBJECT

This policy for the processing of your personal data will be developed under the following principles established in the global policy defined by the NAUT Company and those determined in article four (4) of Law 1581 of 2012:

Legality : The Treatment must be subject to the provisions of the Law.

Purpose : The purpose of the Treatment must be legitimate, temporary and informed to the owner.

Reasonable limit: The storage and processing of personal data will be limited to what is essentially necessary to fulfill the previously specified purposes of the business relationship, as well as the fulfillment of the purposes authorized by the Data Subject.

Freedom: Data may only be processed with the prior, express, informed, and self-determined consent of the data subject or by legal or judicial mandate.

Truthfulness or quality: The information must be truthful, complete, accurate, up-to-date, verifiable and understandable.

Transparency: The right of data subjects to obtain information about their data at any time and without restrictions must be guaranteed.

Restricted access and circulation : Processing may only be carried out by persons authorized by the Owner or by the persons provided for by law.

Security: Information must be handled with the necessary measures to ensure record security and prevent tampering, loss, unauthorized or fraudulent access, use, or consultation.

Confidentiality: Personal data that is not public is confidential and can only be provided in accordance with the law.

Any person involved in the processing of information must guarantee its confidentiality.

2. Who is responsible for the processing of personal information?

NAUT is responsible for the processing of user and visitor data on its website through its subsidiaries or affiliates.

In the Republic of Colombia, NAUT Services are provided by Econaut SAS BIC with Tax Identification Number 901339836-5 and registered office at Carrera 45 Avenue No. 108A – 40 Office 404, Bosch Building, Bogotá DC, Republic of Colombia. Econaut SAS is the controller of the personal data we collect from you. These Services are offered through the website (add the Naut domain)

The data controller is the person who decides how personal data will be processed. They determine the purposes or uses for which the personal information will be used and the means by which this processing will be carried out (see Section 4. "What will personal information be used for?").

3. What information do we collect and process?

NAUT collects your personal information so you can enjoy our services and products and to continuously improve them.

In some cases, you provide the information yourself, when you register or provide information when using one of our services. In other cases, we collect it automatically, such as when you browse our website or use our services. We may also collect information about you from other trusted sources.

You are under no obligation to provide us with the personal information shown below; however, this is an essential requirement for us to be able to enter into a contract and/or have any type of relationship with NAUT. If you do not provide this information, we will not be able to provide our services to you or our ability to do so may be significantly hindered.

Inaccurate or falsified personal information you provide may result in the suspension of the Services. NAUT may also suspend or permanently disable users who violate this Privacy Statement.

These are the types of data we might collect:

Information you provide directly to us when you register or use our services:

  • Name, personal image (personal photo or document photo).
  • Valid ID or document number.
  • Contact information (such as phone number, address, email address).
  • Bank account details.
  • Information and payment methods.
  • Information about the intellectual property rights held by members of the Brand Protection Program (BPP) and information about their whistleblowing activities.

Data we collect automatically, whether you are registered or not:

Information about the devices or computers from which you access the NAUT platform and other automatically captured data (such as browser or operating system type or version, settings, information about some of the downloaded applications, and parameters).

Information we collect from other sources:

  • Information collected for fraud prevention and compliance with reporting regimes (PEP lists, OFAC, etc.).
  • Credit information, both positive and negative, that we obtain from credit risk databases or centers, telecommunications companies, and/or publicly accessible sources, in accordance with applicable law.
  • Data used to validate identity, complete, or correct information, obtained from secure and reliable sources, such as public agencies, service providers, or business partners with whom we work.

In some cases, this information may be considered sensitive under applicable law. In these cases, we request your express consent to process it.

4. What do we do with personal information?

The collection and processing of your personal information allows us to provide you with excellent service, allowing you to perform transactions quickly and securely and offering you features that best suit your needs. Except where prohibited by applicable law, NAUT may use your personal information for the following purposes:

  • Identify and contact you.
  • Register in our systems.
  • Verify your identity in compliance with legal requirements.
  • Validate, update, and correct your information.
  • Provide you with the products, services and/or benefits that you request or contract with us.
  • Facilitate direct contact with our advisors for the purposes of the transaction you wish to complete.
  • Prepare and maintain a record of the transactions you carry out, as well as inform you about them and follow up accordingly.
  • Make our e-commerce platform and online payment system available to you.
  • Provide support for your account investment solutions.
  • Respond to your comments, complaints, and suggestions, as well as provide you with support.
  • Consult and report positive and negative data to credit risk centers, perform commercial and/or credit risk verification tasks, analyze the feasibility of entering into or maintaining a business relationship, and develop profiles for credit analysis purposes.
  • Judicial and/or extrajudicial collection.
  • Facilitate the shipping of products advertised on the NAUT website.
  • To enable you to participate in contests, auctions, or sweepstakes, if applicable, and to notify you if you win, in compliance with the regulations applicable to sweepstakes and contests.
  • Contribute to the security of relationships, communications, and transactions between users of our site.
  • Improve our services, develop new ones, and offer you a better experience on the NAUT website.
    Conduct internal and statistical studies about your interests and behaviors to offer you better services and products.
    Create profiles by analyzing various variables, such as behavior or interactions within the page, preferences, interests, transaction history, behavior and location, among others, to improve our commercial and promotional initiatives, display advertising or promotions, banners of interest, news about NAUT, improve our content and article offering, personalize said content, presentation and services.
  • Offer you services and features tailored to your needs to provide you with a better experience.
  • Provide you with information through various channels (email, SMS, push messages, phone calls, or any other means) about improvements or new features or services on the website.
  • Seek your loyalty through a benefits program.
  • Comply with legal obligations and requirements of competent authorities.
  • Comply with the regulations applicable to NAUT in general.
  • Compliance with Anti-Money Laundering and Counter-Terrorism Financing regulations (KYC actions, identity verification against Politically Exposed Persons, profile and transaction history verification in compliance with applicable regulations on anti-money laundering, verification against OFAC lists and others), as applicable.
  • Compliance with general reporting regimes, as applicable.
  • Compliance with tax collection, registration, reporting, auditing, and billing regimes at any level of government (e.g., national, departmental, and municipal).
  • Compliance with information requests from competent administrative or judicial authorities.
  • Provide user information to government entities with collaboration agreements for the fulfillment of their responsibilities.
  • Detect and prevent fraud, abuse, and related crimes to protect the security of our users and the sustainability of the website.
  • Ensure the website grows sustainably and securely through tools and actions to prevent fraud and related crimes.
  • Train the automated fraud detection and prevention algorithm model.
  • Protect the rights of users, third parties, or NAUT itself.
    Defend the rights, tangible and intangible assets of NAUT.
    Enforce NAUT's rights against breaches of its Terms and Conditions.
  • Allow other users or third parties to assert their rights.
  • Make announcements and advertising and promotional contacts.
    Contact you through various channels (email, text messages (SMS), push messages, phone calls, or any other means) for advertising and/or promotional purposes regarding NAUT products and services.
  • Carry out all types of marketing, advertising, commercial prospecting and/or market research activities.
    Some of these purposes described may not be applicable if you do not use the service associated with those purposes.

If your data is used for any purpose other than those detailed above, you will be informed before we process it.

NAUT will retain your Personal Information for as long as necessary to fulfill the purposes for which it was collected.

5. How do we share personal information?

Protecting your privacy is very important to NAUT. Therefore, we do not sell or trade information that identifies our users. We also do not share or otherwise transfer your personal information to third parties, except as indicated below:

NAUT may assign, transmit and/or transfer your Personal Information to:

(i) "Service Providers": the service providers or third-party companies that we engage to act on behalf of NAUT to provide a service following our instructions and in accordance with the provisions of this Privacy Statement, to help improve or facilitate operations through our website, such as:

  • Transportation, logistics, courier, and parcel companies to deliver the products you purchased.
  • Payment methods, intermediaries in payment management, to obtain payment for contracted services or products, as well as provide you with protection regarding the products purchased.
  • Computer system providers, cloud service providers, database providers, and technology service providers in general, (d) call centers or customer service centers.
  • Companies that manage loyalty programs to provide you with benefits.
  • Advertising or marketing agencies.
  • Data analysis.
  • Collection agencies.
  • Government entities or risk-related companies, for the purpose of verifying your information. These Service Providers only access the information strictly necessary to provide the agreed-upon services and may not use it for purposes other than those assigned by NAUT.
  • (v) “Public Authorities”: the administrative and judicial authorities that, in the exercise of their jurisdiction, request information, even if there is no executive or judicial order or subpoena to that effect, for the purposes of: (a) collaborating in the investigation and reporting fraud, piracy, violations of intellectual or industrial property or any other illegal act, as well as any activity or circumstance that could generate legal liability for NAUT and/or its users; (b) safeguarding a public interest, the procurement or administration of justice, the recognition, exercise or defense of a right in a judicial or administrative process, and/or the resolution of disputes; and (c) complying with any applicable law, regulation or legal provision, or with any mandate from a competent authority duly founded and motivated.
  • (vii) “Dispute Interveners”: authorities, friendly mediators, courts or entities that intervene in dispute resolution with the aim of resolving disputes that may arise between users or between them and NAUT.
  • (viii) “Developers” within the framework and conditions of the NAUT Developer Program.
  • NAUT may also disclose your personal information at its discretion to other users of the Websites and/or Services, entities, or third parties when there are sufficient grounds to consider your activity as a sign of attempting or committing a crime or attempting to harm other people.

If NAUT decides to share your personal information with third parties other than those mentioned above, we will request your prior express consent, provided that there is no authorization or legal obligation that allows us to do so without that consent.

You also give your express and informed consent for NAUT to assign, transmit, or transfer your personal information to the recipients detailed in this Privacy Statement.

Finally, NAUT will not be liable for any misuse of your personal information by any third party when these third parties directly collect and/or process your personal information.

6. International data transfers

The services provided by NAUT require the support of a technological infrastructure, such as servers and cloud services, which may be NAUT's own or provided by third parties.

Some of that infrastructure may be located in a country other than yours.

It may also be the case that the recipients of the data indicated above in the “How do we share Personal Information?” section are located in a different country.

The countries to which the data we transfer is received may not offer adequate levels of personal data protection under applicable law.

In these cases, NAUT adopts measures to protect your data, through contractual clauses or binding corporate rules that impose the same protections as those described in this Privacy Statement.

7. How long will we store personal information?

We will only retain personal information for as long as necessary to fulfill the purpose for which it was collected, to comply with legal or regulatory requirements, or for the period of legal limitation for potential legal or contractual liabilities.

Once this period has elapsed, the data will be deleted or anonymized so that no individual can be identified.

8. Automated decisions and profiling

At NAUT, we are committed to providing you with better and more comprehensive services to simplify your navigation through our website and your experience with the brand.

To do this, we use tools that help us become more efficient through techniques known as "artificial intelligence," "machine learning," and "Big Data," which we use for various purposes, such as fraud prevention, service and advertising personalization, and automated cybersecurity mechanisms.

Automated decisions are those made based on the use of algorithms and computer programs, without any human intervention in the decision-making process.

Profiling, on the other hand, is the evaluation of certain personal aspects, such as your interests, preferences, behaviors, or location, which is carried out by automatically processing personal information using statistical procedures. As a result of this processing, we may send you personalized communications, or display them on our website, that we believe may be of interest to you.

You have the right to request a review of a decision based on automated data processing here.

9. Minors

NAUT Services may be available to minors with the prior consent of their legal representative. If you fall into this category and do not have the consent of your legal representative, you should not provide their personal information.

Through your legal representative, you may also exercise your rights as mentioned in clause 13 of this Declaration.

10. Links to other websites

Throughout the website, NAUT may include links to third-party websites, which does not indicate that they are owned or operated by NAUT. It is clarified that the processing of Personal Information by the third parties responsible for the aforementioned websites is not covered by this Privacy Statement. Furthermore, you acknowledge and accept that NAUT has no control over such websites and is not and will not be responsible for the content or services provided by such sites, or for the manner in which they process your Personal Information. Therefore, you access such websites at your own risk.

11. How can you exercise your rights to control your personal information?

Applicable regulations grant you certain rights over your personal information, such as:

  • Access.
  • Update.
  • Rectification.
  • The cessation of sending advertisements, offers and promotions.
    Suppression.
  • Revocation of consent.
  • Confidentiality.
  • Review of automated decisions.

In certain cases, we will retain your personal information that you have requested to be deleted to fulfill the purposes described in this Privacy Statement or when there is a contractual or legal obligation to retain your personal information. Once that purpose has been fulfilled or the contractual or legal obligation has been eliminated, we will delete your personal information.

12. Cookie Policy

This website uses its own and third-party cookies to improve your browsing experience, allow content sharing on social networks, and obtain usage statistics.

If you wish, you can prevent the download of cookies by adjusting your browser settings so that they are not stored on your device.

As the owner of this website, we wish to inform you that we do not use personal information from cookies. We only compile general visitor statistics that do not contain personally identifiable information.

It is extremely important that you read this cookie policy carefully and understand that by continuing to browse this website, you are deemed to have accepted their use.

In accordance with Colombian law and Statutory Law 1581 of 2012 on Personal Data Protection, please be advised that by continuing to browse this platform, you consent to the use of the aforementioned cookie mechanisms.

13. Security. Storage of personal information

NAUT complies with industry regulations and standards regarding security measures applicable to your Personal Information.

NAUT is not responsible for illegal interceptions or violations of its systems or databases, or for their use by unauthorized persons. NAUT is also not responsible for the improper use of information obtained through these means.

14. Policy Changes

NAUT reserves the right to modify its Personal Information Privacy Policy at any time. To this end, it will publish a notice via email 15 business days prior to its implementation and for the duration of the Policy's validity. If you do not agree with the new personal information management policies, the data subjects or their representatives may request the entity to remove their information through the means indicated above.

However, data withdrawal cannot be requested as long as a link of any kind with the entity is maintained.

15. Rights of the owner of the information

• Know, update, and rectify your personal data that is being processed by the Company or those in charge of processing it.
• Request proof of the authorization granted to the Company, except when expressly exempted as a requirement for processing.
• Revoke authorization and/or request the deletion of data when the principles, rights and guarantees are not respected in the processing.
constitutional and legal.
• Submit complaints to the Superintendency of Industry and Commerce for violations of the provisions of Law 1581 of 2012.
• Know our processing policy and any substantial changes that may occur in the processing policies.

16. Authorization for processing

For the processing of personal information, NAUT will request prior, informed authorization from the data subjects. This authorization may be provided in writing, verbally, or through unequivocal conduct. The Company will retain proof of the authorizations obtained for data processing.

17. Procedure for submitting queries and complaints

The Company will use the channels and processes established in the Personal Data Processing Procedure Manual, which is part of this Policy, for inquiries and complaints, and will carry out the activities established in its inquiries and complaints handling procedure to address and process them.

Consultations
The owner of the information, their successors in title, or any other person with a legitimate interest will make inquiries through written communication or by email, in which:

1. Determine your identity, including your name and phone number.
ID.
2. The reason for the consultation is clearly and expressly specified.
3. The legitimate interest with which you act is accredited, attaching in all
case the proper supports.
4. Indicate the physical or electronic correspondence address to which
the response to the request can be sent.

In accordance with article fourteen (14) of Law 1581 of 2012: "The query will be attended to within a maximum period of ten (10) business days counted from the date of receipt thereof. When it is not possible to attend to it within said period, the interested party will be informed, stating the reasons for the delay and indicating the date on which his/her query will be resolved, which in no case may exceed five (5) business days following the expiration of the first term."

Claims
The owner, his successors in title or any other person with a legitimate interest who considers that the information contained in a database should be subject to correction, updating, deletion, or revocation of the authorization granted for the treatment, or when they notice the alleged non-compliance with any of the duties contained in Law 1581 of 2012, may, by physical or electronic means, present a timely claim to the responsible area. In accordance with article fifteen (15) of Law 1581 of 2012, said claim will be admissible once compliance with the requirements presented below is verified:

1. The claim must:
a) Include the identity of the claimant, stating his/her name and number
of identification.
b) Clearly and expressly specify the reason for the consultation.
c) Prove the legitimate interest with which the claimant acts,
always attaching the appropriate supporting documents.
d) Indicate the physical or electronic correspondence address to which
the response to the request must be sent.

If the claim is found to be incomplete, "the interested party will be required within five (5) days following receipt of the same to correct the deficiencies. After two (2) months from the date of the request, if the applicant does not present the required information, it will be understood that he has withdrawn the claim."

2. In the event that the Company is not competent to resolve the claim, it will forward it to the appropriate party within a maximum period of two (2) business days and inform the interested party of the situation.

3. “Once the complete claim has been received, a legend stating “claim in process” and the reason for it will be included in the database within a period of no more than two (2) business days. This legend must remain in effect until the claim is decided.”

"The maximum term to address the claim will be fifteen (15) business days counted from the day following the date of receipt. When it is not possible to address it within this term, the interested party will be informed of the reasons for the delay and the date on which their claim will be resolved, which in no case may exceed eight (8) business days.
following the expiration of the first term.”

The request to delete information and revoke authorization will not be valid when the data subject has a legal or contractual obligation to remain in the database.
If, after the respective legal term has expired, the controller and/or processor, as applicable, have not deleted the personal data, the data subject shall have the right to request the Superintendency of Industry and Commerce to order the revocation of the authorization and/or the deletion of the personal data. For these purposes, the procedure described in Article 22 of Law 1581 of 2012 shall apply.

18. Handling queries and complaints

The Company has a department responsible for receiving, addressing, and resolving inquiries and complaints from personal data subjects or those authorized to do so. Data subjects may submit their inquiries and complaints through the following channels:
• Email: administracion@econaut.com.co
• Physical address: Carrera 45 Avenue no. 108A – 40 Office 404, Bosch Building Bogotá DC,
• Telephone: (+57) (601) 5229510

19. Validity

This Policy will be effective from June 2023.

20. Data processing policies