Rules of Security and Privacy

PagSeguro - Colombia

1. This Exhibit is an integral part of the Global Privacy Policy - Grupo UOL. If the USER uses the services, resources, technologies, or features provided by Grupo UOL for payment processing in Colombia, the following supplementary conditions shall be applicable.

2. The terms defined herein are supplementary to the ones set in the Global Privacy Policy - Grupo UOL. Except if otherwise provided herein, capitalized terms shall have the same meaning that was attributed to them in the Global Privacy Policy - Grupo UOL.

3. If there is any conflict, this Exhibit shall prevail over the Global Privacy Policy - Grupo UOL in the territory of Colombia.

(i) Handling Data

4. As for the use of services of PagSeguro and the website of PagSeguro in the territory of Colombia, the entity in charge of the data handling (who establishes the purposes and the means of handling Personal Data) is:

- Pagseguro Colombia S.A.S.

- Domicile: Bogotá D. C., Colombia.

- Address: Cl 93 B No. 12 - 18, P 4.

- Email: l-lgpd@uolinc.com

- Phone number: + 57 (1) 4322099

5. PagSeguro is committed to protect the USERS’ privacy, and it ensures the full compliance with the principles and rules set under applicable law, namely, the provisions in Law 1581 of 2012 and Decree 1074 of 2015.

(ii) Handling Personal Data

6. In addition to the Personal Data mentioned in the Global Privacy Policy - Grupo UOL, Grupo UOL may proceed to record calls the USERS make to the call center, who works on our behalf, in a way to (i) prove that business transactions were made (as well as the performance of other communication concerning PagSeguro services), (ii) for purposes of monitoring and quality assurance of customer support, and (iii) for training purposes. Whenever a call is recorded, we ensure that all applicable legal requirements have been complied with.

7. Grupo UOL may also, in order to improve PagSeguro services and the proper operation of PagSeguro website, collect additional technical information on time zone settings and types and versions of browser’s plug-ins; information on the USER's visits, including the full URL clickstream (including date and time); products that you have viewed or researched; webpage response time, download errors; webpage interaction information (e.g., rolling, clicks, and mouse tracking); methods used for browsing outside the webpage; and telephone numbers used to call our customer support line. These data will be used with the same purposes established in the Global Privacy Policy - Grupo UOL, in full compliance with the principles and rules set in legislation in force.

(iii) Purpose of handling and legality

8. PagSeguro ensures that all activities handling Personal Data shall be based on grounds of (i) USER’s consent; (ii) data required by court order; (iii) data of a public nature; (iv) medical or sanitary urgency cases; (v) processing of data authorized by law for historic, statistic or scientific purposes; or (vi) data related to the civil register of people.

9. In addition to the data usage provided in Global Privacy Policy - Grupo UOL, Grupo UOL may also handle the Data to investigate suspicious transactions. If any breach is suspected or confirmed, Grupo UOL may inform the USER or competent authorities, as the case may be.

(iv) Children

10. Please, note that PagSeguro services and PagSeguro websites are not made for children under 18. Grupo UOL undertakes to protect the privacy of children, specially in the on-line environment. If you are aware that a child has provided Personal Data to Grupo UOL without consent to use one of the services, resources, technologies, or features offered by Grupo UOL for processing payments, please contact us at compliance@pagseguro.com. PagSeguro suggests the proper monitoring of children’s activities by their parents.

(v) Exercise of Data Holder’s Rights

11. Using the support tools available in the websites, applications, and services provided by PagSeguro, the USER (subject to the verification of their identity) may exercise its rights under Colombian data protection laws to:

(i) Know, update and rectify its Personal Data;

(ii) Request proof of the authorization granted to the Data Controller, except when expressly exempted as a requirement for the Processing according to Applicable Law;

(iii) Be informed, upon request, about the use made of their Personal Data;

(iv) File complaints before the Superintendence of Industry and Commerce for violations of the provisions of Applicable Law;

(v) Revoke the authorization and/or request the deletion of Data when the Processing thereof does not respect the constitutional and legal principles, rights and guarantees. The revocation and/or deletion shall proceed when the Superintendence of Industry and Commerce has determined that in the Processing the Controller or Data Processor has incurred in any conduct contrary to the law and/or the Constitution; and

(vi) Access free of charge to its Personal Data that have been subject to Processing.

(vi) Responsible Area of Handling any Requests Regarding Data Holder’s Rights

12.Requests, queries, claims from the holder of the data, in order to exercise his/her rights to know, update, rectify and delete the data and revoke the authorization will be handled by l-lgpd@uolinc.com in the terms established by Applicable Law

(vii) Exercise of Data Holder’s Rights

13. The Data Holder or his/her assignees who consider that the Personal Data contained in an information system, or in a database, should be subject to correction, updating or deletion, or when they notice the alleged breach of any of the duties contained in any Applicable Law, may submit a claim or request available at https://customer.international.pagseguro.com/en, using the “LGPD” option.

l-lgpd@uolinc.com shall attend to and respond to the claims or requests of the Data Holder within the terms and periods established for such purpose under Applicable Law.

The Holder, without prejudice to the foregoing, and in the event that his request or claim has not been addressed by l-lgpd@uolinc.com, may in any case subsequently address in a second instance the Superintendence of Industry and Commerce (www.sic.gov.co). In such event, for the filing of the claim before the Superintendence of Industry and Commerce, the nature of the protected information shall be taken into consideration, being appropriate when such information: (i) does not have the character of public information or is Public Data, and (ii) l-lgpd@uolinc.com is in violation of the applicable principles for public information or Public Data.

(viii) Validity

14. The present Policy shall be in force from June 23, 2023 and the data bases subject to Processing will be valid as long as it is necessary for the purposes established for each of them.


Versions in other languages are provided just for reference, if any question arises, the Portuguese version shall prevail.