Last updated: 19 November, 2025

PURPOSE AND SCOPE OF THE POLICY

The main purpose of the Privacy Policy of Modyo Chile SpA is to comprehensively describe how the company, in its capacity as data controller, handles the personal data of data subjects who visit its websites located at https://www.modyo.com/ https://es.modyo.com/ and https://support.modyo.com/. The scope of this policy covers all types of identifiable personal data that the company collects, either directly or through mandated third parties, explaining in detail the processes of processing, communication, assignment, and protection of said personal data.

Relationship with Terms and Conditions

This Privacy Policy maintains a direct and inseparable relationship with the Terms and Conditions of Use of the Modyo platform, considered as complementary parts that comprehensively regulate the relationship between Modyo Chile SpA and its users. The company establishes that both documents must be interpreted jointly to fully understand the conditions of use of its services.

Recommendation for Complete Reading

Modyo strongly recommends that all data subjects read this Privacy Policy completely and in detail to ensure they are fully informed about the processing of their personal data. The company recognizes that privacy is fundamental both for data subjects and for its business model, which is why it provides specific contact channels to resolve any questions or concerns related to the processing of personal data and the exercise of legally recognized rights.

WHAT DOES MODYO DO?

Main Activities of the Company

Modyo Chile SpA (hereinafter "Modyo") is a technology company specializing in the development of digital platforms for financial institutions and organizations seeking to modernize their digital channels. In its capacity as data controller, Modyo processes personal data lawfully and fairly, complying with the principles of purpose, proportionality, quality, responsibility, security, transparency, information, and confidentiality established in current legislation.

Target Audience and Services

Modyo's target audience is clearly defined by financial institutions of various sizes and leading organizations seeking to modernize and optimize their digital channels. The services Modyo offers as data controller focus on providing the necessary tools and knowledge so that these organizations can offer exceptional digital experiences to their own clients, always respecting the rights and freedoms of individuals in the processing of their personal data. For more detailed information on specific activities and the full portfolio of services, the company directs interested parties to consult the "Solutions" section available on www.modyo.com.

PERSONAL INFORMATION: TYPES, COLLECTION, USE, AND DISCLOSURE

1. Information Provided Directly by the User

Modyo, in its capacity as data controller, collects personal data that data subjects voluntarily provide through various interactions with the platform, based on their free, specific, unambiguous, and informed consent. This category includes data such as the data subject's personal name, the name of their company or organization, personal and business email addresses, and other relevant contact details that the data subject deems necessary to share.

Modyo obtains this personal data mainly when data subjects decide to subscribe to email alerts about Modyo events or company news, when they request specific information about the services or products offered, or when they complete contact forms available on the website. The processing of this data is carried out in accordance with the principle of purpose, strictly limited to fulfilling the specific, explicit, and lawful purposes informed to the data subject at the time of collection.

It is important to note that the provision of this personal data is completely voluntary and depends exclusively on the consent of the data subject. Modyo uses this data responsibly and proportionally, applying it only to satisfy the needs expressed by the data subject and to adequately respond to their specific requests. This may include communicating the data to mandated third parties specializing in email services to facilitate the sending of requested communications, or with related Modyo companies to provide the specific product information the data subject has requested, always maintaining the original purpose of the processing.

2. Information Collected Automatically (Cookies, Browser, etc.)

When users visit Modyo's websites, the company automatically collects certain technical information from the user's device or the browsing software used. This automatic collection includes standard browser information such as the source IP address, the type and language of the browser used, specific access times to the site, and the addresses of the websites from which the user was referred; this information may be considered personal information or personal data according to applicable data protection laws.

Additionally, Modyo collects specific technical information about the device used to access the site, including the unique device identifier, the specific model, the operating system version, the types and versions of installed applications, information about plug-ins, and data related to time zones and geolocation. This device information is used as part of the security controls implemented by the company to uniquely identify each device and authenticate the user during site access.

Modyo also implements the use of cookies, which are data files placed on the user's computer or other device by the server when they visit the site. These cookies and similar tracking technologies allow Modyo to collect and use information about the user and the device used to access the site. For more detailed information on the specific types of cookies used, the reasons for their implementation, and how users can control their use, Modyo refers to its specific Cookie Statement.

3. Information Obtained from Third Parties

Modyo may eventually receive personal information about users from external sources or third parties, but only under very specific and controlled circumstances. Modyo ensures that these third parties have the express consent of the corresponding user, or that they are legally authorized or obliged to disclose personal information to Modyo. This prior verification is fundamental to maintain the integrity and legality of all personal information collection processes.

4. Disclosure to Third Parties and Contractual Measures

Modyo may disclose users' personal information to companies within its corporate group, third-party service providers, and collaborators who provide specific data processing services. These services may include support in service delivery, provision of specific website functionalities, or assistance in improving the overall security of the platform. All third parties with whom Modyo shares personal information are subject to strict contracts that obligate them to use and disclose personal information only for the specifically permitted purposes established in the corresponding contract. These contracts also require that third parties implement reasonable and appropriate security measures to protect personal information against unauthorized access and misuse. The company maintains rigorous control over these contractual agreements to ensure that all providers and collaborators comply with the same data protection standards that Modyo applies internally.

5. Disclosure in Mergers or Acquisitions Processes

Modyo may also disclose users' personal information to actual or potential buyers, including their agents and advisors, in connection with any actual or proposed purchase, merger, or acquisition of any part of the company's business. In these cases, Modyo commits to informing the potential buyer that they must use the personal information only for the purposes contained and specified in the current Privacy Policy, thereby maintaining the continuity of data protection even during corporate change processes.

6. Disclosure for Legal Compliance or Protection of Rights

Modyo reserves the right to use and disclose personal information when necessary to comply with applicable laws, current regulations, court orders, and resolutions issued by competent governmental authorities. This disclosure may also occur when Modyo considers it necessary by applicable law or regulation, to exercise, establish, or defend Modyo's legal rights, or to protect the fundamental interests of the user or any other person who may be affected.

LEGAL BASIS FOR THE PROCESSING OF PERSONAL INFORMATION (EEA)

The specific legal basis depends on the type of personal information in question and the particular context in which Modyo collects it, always ensuring compliance with the strictest data protection regulations.

Modyo normally collects or processes personal information only under the following legally established circumstances:

  • When it needs to process the information to perform a contract with the user.
  • When the processing is in Modyo's legitimate interest that is not overridden by the user's rights.
  • When it has a legal obligation to process the information.
  • When it needs to process the information to protect the fundamental interests of the user or another person.
  • When it has the express consent of the user to do so.

When Modyo asks the user to provide personal information to comply with legal requirements or to establish contact, this is made clear at the appropriate time, informing the user whether the provision of personal information is mandatory or not, as well as the possible consequences if the user chooses not to provide such information.

If Modyo collects and uses personal information based on its legitimate interests or those of a third party, these interests normally consist of:

  • The efficient operation of the website.
  • Necessary communication with clients to provide services.
  • Responding to user questions.
  • Improving the functioning or security of the site.
  • Understanding, through analysis, how the site is used.
  • Carrying out marketing activities.
  • Detecting and preventing fraudulent, abusive, or illegal activities.

PROTECTION OF MINORS

Modyo maintains a strict policy regarding the protection of minors, establishing that it does not intentionally collect any personal information from or about children under 13 years of age. Modyo expressly requests that minors under this age do not submit personal information through its digital platforms.

Regarding parental responsibility, Modyo directly calls on parents and legal guardians not to allow their children under 13 to submit personal information without express permission and adequate supervision. This policy reflects Modyo's commitment to the special protection required by minors in the digital environment and its adherence to the best international practices in the protection of minors' data.

COOKIES AND TRACKING TECHNOLOGIES

1. Use of Cookies and Similar Technologies

Modyo implements the use of cookies, which are small data files placed on the user's computer or other device by the server when visiting the website. These cookies and similar tracking technologies allow the company to collect and use information about the user and the device used to access the site; this information may be considered personal information or personal data according to applicable data protection laws. For specific and detailed information on the types of cookies used, the reasons for their implementation, and the control options available to users, the company maintains a separate and specific Cookie Statement.

2. Data Collected by the Browser

Modyo collects standard information that the user's browser automatically sends to every website visited. This information includes the source IP address, the specific type and language of the browser used, the precise access times to the site, and the addresses of the referring websites from which the user arrived at the Modyo site. This data is used for multiple purposes, including improving the general functioning and security of the website, and assisting in authentication processes to identify who the user is when they access the site, especially when they register to access restricted sections of the site and are assigned or create a specific username and password.

3. Technical Device Information

In addition to browser information, Modyo collects specific technical data about the device used to access the website. This device information includes the unique device identifier, the specific device model, the operating system version installed, the types and versions of applications present, information about plug-ins installed, and data related to time zones and geolocation of the device. This information is used as an integral component of the security controls implemented by the company to uniquely identify each device and authenticate the user during the site access process. Device information may also be shared, along with information about any fraudulent transactions using the device, with specialized security service providers, who compare and add the device data and fraud data to specialized databases to identify and block access to the site by devices associated with fraudulent or abusive activities.

4. Site Usage Information

Modyo collects detailed information about how the user's device has interacted with the website, including the specific pages accessed, the links clicked, the time spent on each page, and the browsing patterns within the site. The collection of this information allows Modyo to better understand the visitors accessing the site, identify where they come from geographically and digitally, and determine which site content is most interesting or useful to users. This information is used exclusively for Modyo's internal analytical purposes and to continuously improve the security, quality, and relevance of the website for all visitors.

5. Social Features and Widgets

Modyo's website may include various social media features and widgets, such as "Share This" buttons or other small interactive programs that facilitate interaction with social media platforms. These features may collect the user's IP address, identify the specific page they are visiting on Modyo's site, and may set cookies to allow the functionality to operate correctly and efficiently.

It is important to note that these social media features and widgets may be hosted by third parties or directly on Modyo's site, and user interactions with these features are governed by the specific privacy policy of the company providing that functionality, not necessarily by Modyo's policy.

6. Policies on Tracking and "Do Not Track" Signals

Regarding information about a person's online activities over time and across different websites or online services, Modyo establishes a clear policy:

  • When a visitor uses the site, except where required by applicable law, those who are not the site operator are not authorized to collect such cross-site tracking information.
  • The site operator does not collect such tracking information, except the information reasonably necessary to process and document specific user transactions.
  • Due to this policy, the site does not necessarily respond to "Do Not Track" signals from the Internet browser or other similar mechanisms that allow individuals to exercise their right of choice regarding the collection of cross-site tracking information.

SECURITY MEASURES FOR THE PROTECTION OF PERSONAL INFORMATION

Modyo has implemented a comprehensive protection system that includes physical, electronic, and procedural security measures specifically designed to protect users' personal information from unauthorized access and use. These measures are carefully designed to provide an adequate level of security appropriate to the specific risk associated with the processing of personal information, adapting to different data categories and sensitivity levels.

Modyo extends these security requirements to all those to whom it discloses personal information, including both its internal employees and external service providers. All these parties are contractually obligated to maintain the same protection measures that Modyo applies internally, thereby ensuring a secure chain of custody for all processed personal information. Modyo conducts regular evaluations of these security measures to ensure they remain effective and up-to-date against emerging threats in the digital environment.

INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION

Users' personal information may be transferred and processed in countries other than the user's country of residence, including jurisdictions that may have personal data protection laws different from those of the user's country of origin. Specifically, the servers hosting Modyo's website are located in the United States, and Modyo group companies, as well as its service providers and collaborators, maintain operations in various locations around the world.

To address the implications of these international transfers, Modyo has implemented appropriate and specific safeguards to require that personal information remains protected in accordance with the standards established in this Privacy Policy, regardless of the jurisdiction in which it is processed. This includes the application of the European Commission's standard contractual clauses for transfers of personal information between Modyo group companies, which require all group companies to protect personal information originating from the European Economic Area in accordance with European Union data protection law. The company has implemented similar and appropriate safeguards with all its service providers and business partners to ensure the continuity of global data protection.

RETENTION OF PERSONAL INFORMATION

Modyo retains users' personal information for a maximum period of 10 years. This retention may be due to various reasons, such as:

  • Providing a specific service requested by the user.
  • Complying with applicable legal requirements.
  • Meeting tax obligations.
  • Fulfilling accounting requirements established by applicable regulations.

When Modyo determines that it no longer has any need to process a user's personal information, it will proceed to delete it completely or anonymize it so that it cannot be linked to the specific individual. In cases where complete deletion is not possible, for example, because the personal information has been stored in backup files or backup systems, Modyo commits to securely storing such personal information and completely isolating it from any further processing until its definitive deletion is technically possible.

USER RIGHTS REGARDING THEIR PERSONAL INFORMATION

Users have specific data protection rights established by the applicable legislation. These rights include:

  • The right to access, correct, update, or request the deletion of their personal information at any time.
  • The right to object to the processing of their personal information when it is based on the legitimate interests of the company, as well as specifically objecting to direct marketing.
  • The right to request that the company restrict the processing of their personal information.
  • The right to request that the company provide the portability of their personal data.

These rights can be exercised by contacting the company via email at privacy@modyo.com.

Users retain the permanent right to opt-out of marketing communications sent by Modyo at any time. This right can be easily exercised by clicking the "unsubscribe" link included in the marketing emails sent by the company. To opt-out of other forms of marketing, users can exercise their right by contacting the company via email at privacy@modyo.com and making the corresponding request.

Users also have the fundamental right to withdraw any consent they have previously given at any time. It is important to note that the withdrawal of consent does not affect the lawfulness of any processing the company performed before such withdrawal, nor does it affect the processing of personal information performed based on legal processing grounds other than consent.

Finally, users have the right to file complaints with a data protection authority about Modyo's collection and use of their personal information. For more information about this process, users can contact their local data protection authority. Modyo commits to responding to all requests received from individuals wishing to exercise their personal information protection rights in accordance with applicable data protection laws.

UPDATES TO THE PRIVACY POLICY

Modyo may update this Privacy Policy periodically in response to legal, technical, or business changes that may affect the handling of personal information. These updates are carried out by publishing a revised version on the website, which takes effect at the time of its publication for all personal information collected from that moment forward, unless a deferred effective date is expressly indicated in the specific update.

When Modyo updates its Privacy Policy, it will take appropriate measures to inform users according to the importance and scope of the changes made. Modyo will obtain the specific consent of users for any material change to the Privacy Policy provided that applicable data protection laws in the relevant jurisdictions require it.

SCOPE OF APPLICATION OF THE PRIVACY POLICY

Supplementary Privacy Policies

Some areas, features, and specific services of the website may be offered under the condition that the user views and accepts specific privacy and disclosure terms for those particular areas, features, and services. These specific privacy and disclosure terms are considered supplementary to the terms established in this main Privacy Policy, complementing it without completely replacing it.

Additional Modyo Sites with Different Policies

This Privacy Policy applies specifically to the websites mentioned at the beginning of the document. However, other Modyo websites may have their own privacy policies or terms related to privacy that are different from those published in this main policy. These other privacy terms and conditions will apply to privacy-related matters concerning that other specific Modyo site and the use of any service, feature, or other offering made in connection with that particular site. In such circumstances, this main Privacy Policy will not apply, giving precedence to the specific policy of the site in question.

It is important to note that this Privacy Policy also does not apply to any website that Modyo develops specifically for individual clients. These websites developed for clients are subject to the terms and conditions specifically established in the applicable agreement between Modyo and that particular client, which may differ significantly from this general policy.

Links to Third-Party Websites

Modyo's website may provide links to other websites operated by third parties over which Modyo has no direct control and whose privacy policies may differ substantially from those established by Modyo. These links are provided solely for the users' convenience and do not imply any kind of endorsement or affiliation by Modyo toward those external sites. If a user decides to navigate to any of those external sites or submit personal information through them, their personal information will be collected and handled by those third parties according to their own privacy policies, falling outside of Modyo's control and responsibility.