DATA PROTECTION POLICY
1. Introduction
This policy relates to the entity SEVEN CARD and debit card issuance services, Visa card supplies, deposits in general, outsourcing of payroll services, among others, offered in the Central American region.
Data protection is the safeguarding of the privacy rights of individuals in relation to the processing of personal data held in both paper and electronic format.
2. Objective
The objective of this policy is to affirm SEVEN CARD commitment to protecting the privacy rights of individuals in accordance with the Data Protection Acts.
3. Data Protection Principles
SEVEN CARD will perform their responsibilities in accordance with the acts and the thirteen principles of privacy and protection of personal data (OAS Cataloging-in-Publication Data Organization of American States. Secretariat for Legal Affairs. Department of International Law). These principles state that SEVEN CARD, as data controllers, shall:
- Principle One: Legitimate Purposes and Loyalty.
- Principle Two - Transparency and Consent.
- Principle Three - Relevance and Necessity.
- Principle Four - Limited Treatment and Conservation.
- Principle Five - Confidentiality.
- Principle Six - Data Security.
- Principle Seven - Data Accuracy.
- Principle Eight – Access, Rectification, Cancellation, Opposition and Portability.
- Principle Nine - Sensitive Personal Data.
- Principle Ten - Responsibility.
- Principle Eleven - Trans border Flow of Data and Liability.
- Principle Twelve - Exceptions.
- Principle Thirteen - Data Protection Authorities.
4. Collection and processing of data
SEVEN CARD may collect, process or store personal data:
- To effectively provide services of debit card issuance services, Visa card supplies, deposits in general, outsourcing of payroll services, among others, offered in the Central American region.
- To comply with AML/CFT regulations.
- To comply with the regulations established in the jurisdiction where you carry out your economic activity.
- To provide online banking services.
- To provide record-keeping functions.
Personal data will be securely stored, in electronic form, and in accordance with the current laws.
Our Vision
To become the main means of payment in the Latin American region.
5. Disclosure of Information
SEVEN CARD will not disclose an individual’s personal data except:
- When the Banks have express consent to do so, or in circumstances as agreed between the Banks and an individual, and in accordance with the Banks’ terms and conditions.
- When necessary, according to requirement of regulatory bodies and auditors.
- When the Banks are required or permitted to do so by law.
- To fraud prevention agencies where required.
Notification shall be given to client of any significant or material changes to the way in which data is collected, processed, stored or disclosed by SEVEN CARD, where such changes are not covered by this policy.
6. Sensitive Personal Data
Sensitive personal data shall only be held for the specific purpose for which it was obtained and only for the purposes of providing a financial product or other applicable banking service, or when the data subject is an employee, for the purpose of employment in SEVEN CARD. Other than in the exceptional cases as prescribed by the Acts, explicit consent shall be obtained in order to process sensitive personal data.
7. Data Retention
Save where there is a legal requirement to retain data for an alternative timeframe, SEVEN CARD will keep the data and digital documents for a period of 5 years.
8. Responsibility
Responsibility for ensuring compliance with the Acts rests with SEVEN CARD, their employees and agents. The Compliance Department co-ordinates the provision of support, assistance, advice and training within SEVEN CARD to ensure compliance with the Acts.
9. Procedures and Guidelines
SEVEN CARD is committed to ensuring individuals’ privacy and this is reflected in their guidelines and procedures in relation to all aspects of data protection. Specific policies and procedures that supplement this policy have been approved by Senior Management of SEVEN CARD. In addition, training procedures are in place for all employees to ensure high standards in relation to data protection are maintained.
10. Right of Access to Information
Under the Acts, an individual has the right to access his/ her personal data upon written request and payment of a small fee. In addition, the data subject also has the right to have any incorrect data held on file corrected.
Requests to access or correct information should be forwarded to:
servicioalcliente@sevencard.com
+(502) 3993-7373