Data Processing Policy

1. Introduction

Thank you for joining Zabio, the platform owned by SureFx Colombia S.A.S. (NIT 901.818.731-6).

We want to make sure you have all the necessary information about how we process your personal data. That is why we present our Personal Data Processing Policy, where we explain clearly and transparently:

  • The principles and purposes of using your data.
  • The rights you have over your personal data.
  • How we guarantee that your information is protected.

By using our platform and by checking the Personal Data Processing Authorization box, you are giving us your permission to process your data in accordance with this policy. You also confirm that the data you provide us is correct and that you have the right to share it.

We ask that you read this policy carefully before using our services. If at any time you do not agree with the processing of your data, you can choose not to accept and, if you do not provide the requested information, you will not be able to access some of our services.

2. Purpose

The purpose of this policy is to provide you with all the necessary information about how we process your personal data at Zabio. We want you to know how we use, protect, and manage your data, as well as the guarantees we offer you and the rights you can exercise over them.

3. Identification of the Responsible Party

The party responsible for the personal data we collect and process is Zabio, with domicile in Bogota, Colombia. If you wish to contact us, you can do so through the channels available on our website.

4. Scope of Application

This policy is applicable to all users who access, browse, or use our platform. It also applies to collaborators, partners, and third parties related to the services we offer.

This policy applies whenever the processing of personal data takes place within the territory of the Republic of Colombia.

It will also be applicable in cases where the data controller or processor is located outside Colombia but, due to international standards or current treaties, must comply with Colombian legislation on personal data protection.

5. Scope

This document covers all services available on our platform, whether you access it through web devices, mobile devices, or any other digital medium. It also covers the processing of data you provide us when interacting with our services.

6. Definitions

Below, we explain some key terms used in this document to ensure we are speaking the same language:

Authorization: The clear, prior, and explicit permission given by the data owner for their personal data to be used. This means that, before processing your data, we need your consent.

Database: An organized set of personal data that is collected, managed, or processed in some way.

Personal Data: Any information that allows us to identify you directly or indirectly, such as your name, phone number, email address, among others.

Data Processor: The person or entity that handles personal data on behalf of the data controller. For example, a cloud storage provider that protects and manages a company's data.

Data Controller: The person or entity that decides how and for what purpose personal data will be used. In this case, Zabio is the controller of most of your data processing.

Data Owner: The natural person to whom the personal data being processed belongs.

Processing: Any action performed with personal data, such as collecting, storing, using, sharing, or deleting it.

Public Data: Information that is neither private nor sensitive and can be freely consulted. Examples include marital status, profession, or public servant status. This data is usually found in public registries or official documents.

Sensitive Data: Information that, due to its nature, may affect the privacy of the data owner or be used in a discriminatory manner. Examples include racial origin, religious or political beliefs, or union membership.

7. Principles

At Zabio, we follow these fundamental principles to ensure that the processing of your data is safe and transparent:

  • Legality: We comply with Colombian and international personal data protection laws.
  • Purpose: We use your data only for the purposes we have informed you about and authorized.
  • Freedom: We only process your data with your explicit consent, and you can revoke that consent at any time.
  • Truthfulness: We only use truthful and updated data, and we ask you to keep your information correct.
  • Transparency: Whenever you need it, we will inform you about how we are using your data.
  • Restricted access: Only those who have authorization may access your personal data.
  • Security: We implement measures to ensure your data is secure and protected against unauthorized access.
  • Confidentiality: We maintain the privacy of your data, even after our interactions end.

8. Assumptions about Personal Data

We start from the assumption that the data you provide us is correct and complete. It is your responsibility to ensure that the information you share with us is up to date.

9. Collection of Personal Data

At Zabio, we take your privacy and the proper handling of your personal data very seriously. Here we explain what type of information we collect and how we use it to provide you with our services efficiently.

Types of data we collect

When you decide to register and use our services, we ask for certain personal data to offer you the best experience. These may include:

  • Full name
  • Phone number
  • Email address
  • Mailing address
  • Username and password
  • Postal code
  • Gender and age

Why do we need them? This data is fundamental to managing your account, carrying out transactions, and providing you with full access to the platform.

Third-party links: Our platform may include links to third-party websites, applications, or related services. If you decide to click on any of these links, you will be leaving our environment. Please note that we have no control over how these third parties handle your data.

Use of public forums: If you participate in public forums within our platform (such as comments on articles, chats, or social media posts), any personal data you share there may be seen by other users.

Legal basis for collection: Your consent is what allows us to collect and process your data. By accepting this Privacy Policy, you give us your explicit permission to use your data for specific purposes, as described in this document.

Use of your personal data

We use your personal data to offer, manage, and improve our services. This includes:

  • Transaction processing: such as payments, withdrawals, and transfers.
  • Platform improvements: we adapt and add new features based on your needs.
  • Personalized advertising and recommendations: to offer you relevant content and adjust the experience to what you are looking for.
  • Security and fraud prevention: to keep the platform safe for all users.

Payments and external providers: To process debit and credit payments, we work with specialized external providers. These payment processors handle your financial information in accordance with their own privacy policies.

Disclosure of your personal data

Zabio reserves the right to share your personal data when the law requires it or in certain specific circumstances, such as:

  • Complying with legal obligations, subpoenas, or court orders.
  • Preventing fraud or security threats.
  • Investigating contractual violations.

Transfers in case of merger or sale: If Zabio merges, sells, or transfers most of its assets to another entity, your personal data will be transferred along with those assets. However, the new entity must adhere to the terms of this Privacy Policy.

International data transfer: If you are located outside Colombia and decide to provide us with your information, you understand and accept that your data will be transferred and processed in Colombia, following Colombian personal data protection laws.

10. Processing of Personal Data

At Zabio, we process your personal data responsibly and in accordance with current legislation. We only use the collected data for commercial, contractual, and operational purposes related to our lines of business, internal processes, and information security.

Below, we explain how your data is used, according to the type of user or data owner:

10.1. Regarding user personal data

  1. Use of personal data: Zabio may use your personal data for various purposes, including but not limited to:
    • Processing, studying, analyzing, requesting, and disclosing your information to information bureaus or operators.
    • Sending communications through channels available on the platform (email, SMS, etc.), related to operations performed.
    • Improving and personalizing the services we offer, such as hedging solutions and any other platform service.
  2. Suspension or disabling of access: Zabio reserves the right to temporarily or permanently suspend or disable your access to the platform if deemed necessary, based on the information you have provided.
  3. Use of cookies: We use cookies to improve your browsing experience, optimize platform performance, and personalize content according to your preferences. Cookies will be automatically installed in your browser, but we will not store personal information without your consent. You can manage or disable cookies through your browser settings, and you will find more details about this in our Privacy Policy.
  4. Other purposes: Additionally, data may be used to:
    • Determine pending obligations or make inquiries about your credit history.
    • Report to information bureaus about unpaid debts, if necessary and in accordance with the operation.

10.2. Regarding data of general users and visitors

  1. Use of data: Data collected from users and visitors will be used for operational and commercial purposes, related to the services we offer through our platform and in collaboration with strategic partners. This includes:
    • Providing the services we offer and communicating with you about your use of the platform.
    • Collecting metrics about how you access and use the platform, to improve our services and develop new products.
  2. Personalized advertising: We use the collected information to show you relevant advertising based on your interests. This allows us to improve our advertising systems and measure the effectiveness of our ads.
  3. Compliance with legal obligations: We also use data to comply with our legal and administrative obligations, as part of our general commercial operations.
  4. Promotions and marketing: We may send you promotional communications, such as news, updates, special offers, and promotions related to our products and services. You can always opt out of receiving these messages, and you can manage your privacy preferences at any time.

11. Rights of Users, Collaborators, and Third Parties

Users, collaborators, and third parties whose personal data is registered in Zabio's databases have a series of rights that they can exercise at any time. These rights include:

Know, update, and rectify your personal data

You have the right to:

  • Know the personal data we have about you.
  • Request its update or correction if it is inaccurate, incomplete, fragmented, or if it is being used incorrectly.

Oppose or cancel the processing of your data

If at any time you do not want us to process your data, you have the right to oppose or even cancel them, especially if the data processing is incorrect or was not authorized.

Responsibility for data accuracy

It is important that you know that you are responsible for the accuracy and truthfulness of the personal data you provide. If your data is incomplete or incorrect, you can update it, but the initial truthfulness depends on you.

How to exercise your rights

To exercise your rights, you must submit a request that includes:

  • Your identification as the data owner.
  • A clear description of the facts that give rise to the claim.
  • A contact address to receive our response.
  • The documents you consider necessary to support your request.

Deadline for resolving the claim

If your claim is incomplete, we will ask you to correct it within five (5) business days following its receipt. If you do not do so, we will understand that you have withdrawn your request.

If the person receiving the claim is not in a position to resolve it, they will forward it to the corresponding person or department within two (2) business days and notify you.

Claim review process

Once a complete claim is received, we will catalog it as "under review" within a maximum of two (2) business days. This status will be maintained until the claim is resolved.

The maximum period for attending to your claim is fifteen (15) business days from its receipt. If we cannot attend to your request within this period, we will inform you of the reason for the delay and give you a new date to attend to it. In no case may this date exceed an additional eight (8) business days.

Request proof of authorization

You can request at any time proof of the authorization you gave us to process your personal data, except in cases where the law allows processing without the need for this authorization.

Access to your personal data

You have the right to access your personal data being processed free of charge. You can ask us for a copy of the information we have about you and verify how we are using it.

Revoke authorization or request deletion of your data

If at any time you consider that the processing of your data does not respect your rights, principles, or legal guarantees, you can revoke the authorization or request that we delete your personal data.

This request will apply when we determine that the processing of your data has violated the law or our established principles.

12. Duties of Zabio as Controller and/or Processor

12.1. Duties as Data Controller

As Data Controller, Zabio has the following duties regarding the handling of users' personal data:

  1. Guarantee the exercise of rights: Zabio must ensure that data owners can fully exercise their rights at all times, as established by law.
  2. Request and preserve authorization: Before processing data, we must request your explicit authorization and preserve a copy thereof, in accordance with the provisions of the law.
  3. Inform about the purpose of processing: We must inform you clearly and in detail about the purpose of collecting your data and the rights you have over them, derived from the authorization you have given us.
  4. Guarantee data security: We ensure that your data is stored securely, protecting it against possible alterations, losses, unauthorized access, or fraud.
  5. Provide truthful data: We must guarantee that the information we provide to data processors is accurate, updated, and verifiable.
  6. Keep data updated: It is our responsibility to communicate to data processors any changes or updates to the data you have provided us, ensuring they are always up to date.
  7. Rectify erroneous data: If we detect that the data provided is incorrect, we must rectify it and communicate it to the data processors.
  8. Provide only authorized data: We ensure that only data whose use is duly authorized in accordance with the law is provided to data processors.
  9. Require security compliance: We require data processors to respect all security and privacy conditions established for the protection of personal data.
  10. Notify data discrepancies: If any data is being questioned by the owner (for example, due to a claim), we must inform the data processor so that they can take appropriate measures.
  11. Inform about data use: At the request of the data owner, we must inform them about how their personal data is being used.
  12. Notify security violations: In the event of security violations or risks in the handling of personal data, we must inform the competent authority and the data owner.
  13. Comply with legal requirements: We must follow instructions and comply with requirements from the Superintendence of Industry and Commerce and other relevant authorities.

12.2. Duties as Data Processor

As Data Processor, Zabio has the following duties to ensure that data is processed in accordance with the law:

  1. Update received information: We must update the personal data you send us within five (5) business days after receiving the information.
  2. Manage inquiries and claims: We commit to managing the inquiries and claims you raise regarding your personal data, in accordance with what is established by law.
  3. Register claims: When we receive a claim, we must register in our database the legend "claim in process," in accordance with what the legal regulations establish.
  4. Do not disclose disputed data: We will refrain from sharing or disseminating any data that is being questioned by the owner while the claim is being resolved.
  5. Control access to information: Only authorized persons may access personal data. We ensure that access is restricted and controlled.
  6. Notify security violations: If we detect violations of data security policies or risks in their handling, we must inform the competent authority so that it can take necessary measures.
  7. Comply with instructions from the competent authority: As a processor, we commit to following the instructions and requirements issued by the authority that supervises personal data processing.

13. Area, Means, and Procedure for Exercising Rights

If you wish to exercise any of your rights over your personal data (such as access, correction, deletion, or opposition), you can follow this simple process:

  1. Draft your request clearly explaining which right you want to exercise and detail your request as precisely as possible.
  2. Send an email to info@zabio.xyz with the subject: "Personal data request."
  3. Attach a copy of your identity document, so that we can confirm that you are indeed the data owner.
  4. You will receive a confirmation of receipt of your request within a maximum of five (5) business days.
  5. We will manage your request within a period of up to fifteen (15) business days, counted from the date of confirmation.

If for any reason we need more time, we will inform you in a timely manner explaining the reason for the extension.

14. Validity

This policy was published on April 28, 2025, and will remain in effect until it is modified or replaced by a new version. Zabio commits to informing users, employees, and interested parties about any changes, through our official channels, with sufficient advance notice so that they can understand and adopt the modifications before their implementation.

Zabio

About Zabio

Who we areHelp center

Contact Us

info@zabio.xyz
+57 3243525757

Follow Us

InstagramLinkedIn
Legal NoticePrivacy Policy