Privacy Policy
Aplicación Movil
Effective as of April 22, 2019 (the "Effective Date").
CAMBIO SIR currency mobile application Privacy Notice
In this Privacy Notice we explain how we collect and use your personal information that we obtain when you use our services, visit or use our websites or mobile applications or otherwise interact with us, how we share your information and the steps we take to protect your information.
1 - WHO WE ARE AND THE APPLICATION OF THIS PRIVACY NOTICE
This Privacy Notice applies to CAMBIO SIR ( “we”, “our” or “us”).
We are committed to the privacy and security of your personal data. This Privacy Notice describes how we collect and use personal data, in accordance with applicable law and our standards of ethical conduct.
CAMBIO SIR at Misiones 1374, Montevideo, Uruguay will be the “data controller” or “controller” in relation to any personal data provided to us directly via email, phone, and post or via https://www.cambiosir.com.uy/ (the “Website”), or the CAMBIO SIR currency mobile application (the “App”). This means that we are responsible for deciding how we will hold and use personal data about you.
CAMBIO SIR can be contacted:
By email at: cambiosir@cambiosir.com.uy or
By post to: Cambio Sir, Misiones 1374, Montevideo, Uruguay.
By using or navigating the Website, the App or any product or service offered by us through the Website and/or App (collectively, “Services”), you acknowledge that you have read, understand, and agree to be bound by this Privacy Notice. You should not provide us with any of your information if you do not agree with the terms of this Privacy Notice.
We encourage you to review and check the Website / App regularly for any updates to this Privacy Notice. We will publish the updated version on the Website / App and by continuing to deal with us, you accept this Privacy Notice as it applies from time to time.
Top ▲
2 - DATA PROTECTION PRINCIPLES
“Personal data” means any information that enables us to identify you or the beneficiary of your transaction with us, directly or indirectly, such as name, email, address, telephone number, any form of identification number or one or more factors specific to your or your beneficiary’s identity.
We are committed to complying with applicable data protection laws and will ensure that personal data is:
Used lawfully, fairly and in a transparent way;
Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes;
Relevant to the purposes we have told you about and limited only to those purposes;
Accurate and kept up to date;
Kept only as long as necessary for the purposes we have told you about;
Kept securely.
Top ▲
3 - WHAT PERSONAL DATA DO WE COLLECT AND HOW DO WE COLLECT IT?
We may collect personal data when you give it to us, including when you indicate that you would like to receive any of our Services, when you register with us, when you complete forms online, when you speak with us over the telephone, when you write to us, when you visit the Website or App and, in certain circumstances as set out in this Privacy Notice.
We may collect and process the following personal data:
Personal details, such as data which may identify you. This may include your name, title, residential and/or business address, email, telephone and other contact data, signature, IP address and travel details (such as destination country or trip details) (“Identity Personal Data”).
If you have provided your consent for us to collect such information and not withdrawn such consent, non-identifiable GPS-based location details whilst using the Website or App (“Location Data”).
Information from which you may be indirectly identified, such as a client identification number or online identifier (“Indirectly Identifiable Personal Data”).
We may also receive information in connection with transactions you carry out on our Website, such as the last four digits of the payment card you used to make payment for the XECD service (as provided to us by the third party payment processor) (“Payment Data”).
Cookies and similar technologies
When you use our Website or App we collect information via cookies and similar technologies, including the IP address of visitors, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform. We may use this data for the following purposes:
To measure the use of our Website / App and services, including number of visits, average time spent on a website, pages viewed, page interaction data (such as scrolling, clicks, and mouse-overs), etc., and to improve the content we offer;
To administer the Website / App and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
As part of our efforts to keep the Website / App safe and secure.
Due to their core role of enhancing or enabling usability or site processes, disabling cookies may prevent you from using certain parts of our Website / App. It will also mean that some features on our Website or App will not function if you do not allow cookies.
For more information please read our Cookie Policy.
Top ▲
4 - HOW WE USE YOUR PERSONAL DATA
Personal data collected through our Website or App is typically stored and processed in Uruguay; however, in some instances, it may be transferred, stored, and/or processed outside of Uruguay (see section 5 for further details).
We have summarised below the ways in which we may use your personal data and our basis for such usage:
How we use personal data Our basis for using your personal data
Registration and administration. We may use Identity Personal Data to enable you to register with us and, once your registration with us is complete, for the administration of your account, to contact you, to update our records about you, and to respond to and process your queries and requests.
Performance of a contract / service – delivery.
Requesting access to tools and information. You may wish to have access to certain tools and information made available on Our Website / App. We may collect and use Identity Personal Data for these purposes.
Supply of our Services. We may use Identity Personal Data (and where it is collected, Payment Data)) so that we can supply you with our Services which you use or have requested.
Location. If you have given your consent for us to so and not withdrawn such consent, we may collect and use Location Data to provide you with a tailored experience on the Website or App related to your location, such as displaying the local currency in the relevant location. Your consent for us to process your Location Data for such purposes.
Service communications. We may use Identity Personal Data to notify you about changes or developments relating to our Services which you used or have requested. Necessary for our legitimate interest to notify you about changes or developments relating to our products and services which you use or have requested.
Compliance. We may use Identity Personal Data (and where it is collected, Payment Data) for compliance purposes, including the prevention and detection of crime, tax evasion or fraud. Necessary to comply with a legal obligation.
Telephone calls. We may monitor and record (via automated means or transcripts) our telephone calls with you (which may involve Identity Personal Data (and where it has been collected, Payment Data) and we may use any transcripts of these calls so we can be sure we understand the instructions you give us and so we have a clear record of our discussion with you. Necessary to comply with a legal obligation.
Performance of a contract/ service - delivery.
Marketing. In certain circumstances, we may use your Identity Personal Data to contact you with marketing communications in relation to the Services or the services and products of Cambio Sir. See section 11 below.
Profiling. Cambio Sir may combine Indirectly Identifiable Personal Data with other information generated during the use of our Services to create individual profiles for customers through automated processes. Necessary for our legitimate interest to enhance the customer experience by allowing for better use of our services. See section 12 below.
Non-identifiable data
Whenever possible, we use data from which you cannot be identified directly (such as IP addresses and anonymous demographic and usage data) rather than personal data. This non-identifiable data may be used to tailor your experiences with the Services by showing content in which we think you will be interested and displaying content according to your preferences. Non-identifiable data may also be used to improve our internal processes or delivery of services.
We may use aggregate data for a variety of purposes, including analysing user behaviour and characteristics in order to measure interest in (and use of) the various portions and areas of the Services. We also may use the data collected to evaluate and improve the Services and analyse traffic to the Services.
In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case we may use such data without further notice to you.
Top ▲
Aggregated statistical analysis
We may use statistical analysis of aggregate data to inform advertisers of aggregate user demographics and behaviour, as well as the number of users that have been exposed to or clicked on their advertising banners. We will provide only aggregate data from these analyses to third parties.
Third party service providers
We may share personal data we collect with third party service providers to manage, enable or facilitate certain aspects of the Services we provide and if we do so, we will have safeguards in place with such third party service providers requiring them to protect the personal data.
We use advertising services suppliers on our Website and App, such as Exponential Interactive, Inc. (“Exponential”) and MoPub, a division of Twitter, Inc. and Twitter International Company (“MoPub”), who, along with their advertising partners, may collect and use personal data when you interact with our Website or App. Further details are set out at section 6 below.
Corporate process
We may transfer your personal data to a third party as a result of a sale, acquisition, merger, or reorganisation. In these circumstances, we will take reasonably appropriate steps to ensure that your information is properly protected.
Legal and regulatory
We may also disclose your personal data in special cases if required or requested to do so by law, court order, or other governmental authority, or when we believe in good faith that disclosing this data is otherwise necessary or advisable, such as to identify, contact, or bring legal action against someone who may be causing injury to, or interfering with, our rights or property, our services, another user, or anyone else that could be harmed by such activities (for example, identify theft or fraud).
Sharing personal data outside of Uruguay
As explained above, we may share your personal data, which may involve transferring your data outside of Uruguay. It is important for you to note that the laws on holding data in Uruguay (or any other country in which we transfer, store or process your data) may be less stringent than the laws of your country, but Cambio Sir intends to adhere to the principles set forth in this Policy, unless otherwise required by applicable laws.
If we share personal data with third party service providers based outside of Uruguay, we will ensure a level of protection and safeguarding of your personal data.
Top ▲
6 - ADVERTISING
Advertisements that appear on the Website or App or otherwise in the Services are generally delivered (or "served") directly to you by third party advertisers. These third party advertisers have no access to the information you have provided directly to XE.
If you have provided your consent by accepting “Targeting Cookies” through the Website cookie consent manager or enabled “Targeting” and “Location” on the App, the advertisements that are served may be personalised to you.
Advertising on our Website
Advertisements on our Website may be served by Exponential or Exponential’s advertising partners.
If you have provided your consent by accepting Targeting Cookies Exponential will automatically receive your IP address. Exponential or Exponential’s advertising partners may also download cookies and similar technologies such as pixel tags/beacons and scripts downloaded to your computer (‘cookies’) to measure the effectiveness of their ads and to personalize advertising content. Doing this allows them to recognize your computer each time they send you an advertisement in order to measure the effectiveness of their ads and to personalize advertising content. In this way, they may compile information about where individuals using your computer or browser saw their advertisements and determine which advertisements were clicked.
Accordingly, if you have provided your consent by accepting Targeting Cookies, Exponential will collect and profile personal data in the form of IP address and cookies from users on the Website in order to provide targeted online advertising and ad measurement. You may change your consent decision at any time via the Website cookie consent manager. Exponential’s collection and use of your personal data is covered by the Exponential Privacy Policy.
If you do not accept Targeting Cookies, Exponential or any other third party advertisers will not receive your IP address or download any cookies to your computer through the Website. However, advertisements that are not specific or personalised to your or your device may still be served to you on the Website.
Advertising on our App
Our App is integrated with MoPub. This allows us to serve advertisements in the App and for advertisers to reach audiences that may be interested in the advertiser’s products or services and MoPub may collect and use personal data for these purposes. MoPub’s privacy policy will apply to MoPub’s collection and use of personal data.
As set out in the MoPub privacy policy, MoPub is designed to avoid collecting information such as your name, address or email address but the personal data collected may enable MoPub to recognize your device over time and across apps. Depending on where you live and your privacy choices on the App, the personal data MoPub collects may include device identifiers and information, app usage information, (if you have enabled Location Services) geo-location, information about interests to make ads served more relevant and information about interactions with ads.
If you have provided your consent by enabling “Targeting” and “Location” for the App, MoPub will collect and use the personal data summarised above and described in the MoPub privacy policy to serve you personalised advertising.
If you do not enable Targeting and Location for the App, you will not receive personalised advertisements and MoPub will not collect and use personal data for such purposes. MoPub may still collect and process certain personal data when MoPub consider they have a basis for doing so, as described in the MoPub privacy policy.
Remarketing on the Website and App
If you have provided your consent by accepting Targeting Cookies on the Website or enabled Targeting on the App, the Website / App may use Google AdWords, including the remarketing and Similar Audiences features. This enables Google, through the use of cookies, to identify the fact that you have visited the Website / App, to track aspects of your usage of the Website / App and combine that with what it knows about your usage of other websites in the Google ad network. We use these services to advertise to visitors of Google ad network websites who have previously visited our Website / App or who Google deems to have shared interests with visitors of our Website / App. Any data we collect through your use of our Website / App will be used by us in accordance with this Privacy Notice and Google’s collection and use of your personal data is covered by the Google privacy policy. You can set preferences for how Google advertises to you using the Google Ad Preferences page.
Top ▲
7 - HOW LONG IS YOUR PERSONAL DATA RETAINED?
Personal data is used for different purposes, and is subject to different standards and regulations. In general, personal data is retained for as long as necessary to provide you with services you request, to comply with applicable legal, accounting or reporting requirements, and to ensure that you have a reasonable opportunity to access the personal data.
To determine the appropriate retention period for personal data, we consider the applicable legal requirements, the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means. For example:
Legal and regulatory requirements. We will retain your personal data if required to comply with legal and regulatory obligations, compliance procedures and legal limitation periods.
Customer service. If you provide us with your personal data but do not have a Cambio Sir Email Services account, we may (subject to any legal or regulatory considerations) retain your personal data for as long as necessary to deal with your query.
Marketing and Cambio Sir Email Services. Personal data provided to us for marketing and Cambio Sir Email Services purposes may be retained until you opt out or until we become aware the data is inaccurate.
Top ▲
8 - IS CORRESPONDENCE THAT YOU SEND TO US SAVED?
Yes. If you send us correspondence, including e-mails, we may retain such data along with any records of your account. We may also retain customer service correspondence and other correspondence involving you, us and any Cambio Sir, our partners, and our suppliers.
Top ▲
9 - DATA SECURITY
We are committed to maintaining the security of your personal data and have measures in place to protect against the loss, misuse, and alteration of the data under our control.
We employ modern and secure techniques to protect our systems from intrusion by unauthorised individuals, and we regularly upgrade our security as better methods become available.
Our datacentres and those of our partners utilise modern physical security measures to prevent unauthorised access to the facility. In addition, all personal data is stored in a secure location behind firewalls and other sophisticated security systems with limited (need-to-know) administrative access.
All our employees who have access to, or are associated with, the processing of personal data are contractually obligated to respect the confidentiality of your data and abide by the privacy standards we have established.
Please be aware that no security measures are perfect or impenetrable. Therefore, although we use industry standard practices to protect your privacy, we cannot (and do not) guarantee the absolute security of personal data.
The Website or App may offer chat rooms, forums, message boards, or news groups to users. It is important to remember that any information disclosed in these areas becomes public information. Accordingly, as with any public forum, you should exercise extreme caution when deciding whether to disclose your personal information.
Top ▲
10 - DOES THIS PRIVACY NOTICE APPLY TO OTHER WEBSITES?
No. Our Website (www.cambiosir.com.uy) and App may contain links to other Internet websites. By clicking on a third party advertising banner or certain other links, you will be redirected to such third party websites.
We are not responsible for the privacy policies of other websites or services. You should make sure that you read and understand any applicable third-party privacy policies, and you should direct any questions or concerns to the relevant third party administrators or webmasters prior to providing any personal data.
We may permit third parties to offer subscription or registration-based services promoted through our own Services. In some instances, these other services may be co-branded or use Cambio Sir's trademarks under license; however, other’s services have their own respective privacy policies.
Top ▲
11 - DIRECT MARKETING BY Cambio Sir OR Cambio Sir COMPANIES
We or an Cambio Sir Company may sometimes contact you (by email, SMS text, letter or phone) in order to provide targeted marketing about our Services or the services of another Cambio Sir. Such marketing communications will only be sent to you if you gave your consent (when you registered for our Services or at another point) and you have not withdrawn such consent or if there is another basis to send such communications to you.
All marketing e-mails you receive from us will include specific instructions on how to unsubscribe and you may unsubscribe at any time or alternatively you can unsubscribe from marketing at any time by contacting us in writing by email at cambiosir@cambiosir.com.uy or by post to Cambio Sir Privacy Office, Misiones 1374, Montevideo, Uruguay.
You should note that we are opposed to third-party spam mail activities and do not participate in such mailings, nor do we release or authorise the use of customer personal data to third parties for such purposes.
Top ▲
12 - PROFILING
Through automated processes we may create individual profiles for customers based on a combination of Indirectly Identifiable Personal Data and other information gathered through our customer’s interaction with our Services. We may use such profiles to better understand the ways in which you use our Services. In addition, we may send personalised communications to you based on a profile (including pricing offers in relation to the Services or the services and products of Cambio Sir Companies, if we have a basis to send such communications in accordance with this Privacy Notice (see Section 11 above).
You have the right not to be subject to profiling, and you can exercise this right by contacting us in writing at cambiosir@cambiosir.com.uy.
Top ▲
13 - WHAT ARE MY DATA PROTECTION RIGHTS?
In certain circumstances and subject always to verification of your identity, you may request access to and have the opportunity to update and amend your personal data. You may also exercise any other rights you enjoy under applicable data protection laws.
Data subjects have the right to:
Request access to any personal data we hold about them (“Subject Access Request”) as well as related data, including the purposes for processing the personal data, the recipients or categories of recipients with whom the personal data has been shared, where possible, the period for which the personal data will be stored, the source of the personal data, and the existence of any automated decision making;
Obtain without undue delay the rectification of any inaccurate personal data we hold about them;.
Request that personal data held about them is deleted provided the personal data is not required by us or a Cambio Sir Company for compliance with a legal obligation under applicable law or for the establishment, exercise or defence of a legal claim;
Under certain circumstances, prevent or restrict processing of their personal data, except to the extent processing is required for the establishment, exercise or defence of legal claims;
Under certain circumstances, request transfer of personal data directly to a third party where this is technically feasible.
Also, where you believe that we have not complied with our obligations under this Privacy Notice or the applicable law, you may have the right to make a complaint to a relevant Data Protection Authority or through the courts.
Although not required, we would encourage you to let us know about any complaint you might have and we will respond in line with our complaints procedure set out in section 14 of this Privacy Notice.
Top ▲
14 - PRIVACY COMPLAINTS PROCEDURE
Where you believe that we have not complied with our obligations under this Privacy Notice, or the applicable law, you may have the right to make a complaint to a relevant Data Protection Authority or through the courts. Although not required, we would encourage you to let us know about any complaint you might have and Cambio Sir will respond in line with our complaints procedure – our contact details are set out in section 15 below.
We want to deal with your concerns fairly, effectively and promptly. However, some complaints are more complex than others and may take some time to investigate.
We will acknowledge your complaint promptly after receiving it
We will keep you informed throughout any investigation
In order to assist in the speedy resolution of any complaint you may have, it’s important that we understand your complaint fully. Sometimes this means we may ask you to address your concerns to us in writing. This can be either by email or post to the addresses in section 15 below. We have established internal procedures for investigating any complaint, which may also involve experienced members of staff from Cambio Sir Companies considering or investigation the complaint. Where appropriate, the complaint will be dealt with by someone who was not directly involved in the matter which is the subject of your complaint. The member of staff will either have authority to settle your complaint or will have ready access to someone who has the authority. Our response will fully address the subject matter of your complaint and, if appropriate, will offer redress. If you phone us during our investigation and the member of staff handling your complaint is not available, then another member of our team will try to assist you.
Unless applicable data protection laws require responses within shorter timescales, we will try to resolve any privacy complaints you have within 15 business days of receiving your complaint and in exceptional circumstances, within 35 business days (and we will let you know if this is the case).
As noted above, if you are not satisfied with our reply/outcome, or otherwise with the handling of the complaint, you may have the right to lodge a claim before a relevant Data Protection Authority or the courts.
15 - CONTACT US
If you have any questions or concerns about this Privacy Notice or our data practices, please contact us in writing by email at cambiosir@cambiosir.com.uy or by post to Cambio Sir, Misiones 1374, Montevideo, Uruguay.