PRIVACY POLICY

Subject to Change Without Notice | Rev. April 1, 2023

In General

In this document we describe how we collect, use and handle your information when you use our websites and services (“Services”).

At CARRIÓN SÁNCHEZ, LLC, including its subsidiaries or related/affiliated entities (collectively the “Company”, “we”, “us”, or “our”), we value your trust and respect your privacy.

The Company strives to support users like you by offering our Services, while respecting your privacy expectations and protecting your Personal Information.

By “Personal Information” or “Business Information” (collectively the “Personal Information”), we mean information about an identifiable individual or business such as a person’s name, email address, residential address, telephone number, and in some cases, more sensitive information such as but not limited to gender, demographic, and payment card information, among other.

In some instances, we may receive information about you from other sources, or third parties from whom we obtain data, and combine this data with information we already have about you or your business. This helps us to update, expand, analyze our records, among other.

To demonstrate our commitment to protecting your privacy, we have developed this Privacy Policy, which describes how we will collect, use, disclose, retain and protect Personal Information in order to provide you with our Services offered and maintained by us and our affiliates from time to time. This Privacy Policy applies to all domains of which are owned and operated by the Company.

WHEN USING THE SITE, YOU CONFIRM THAT YOU HAVE READ, UNDERSTOOD, AND AGREE TO COMPLY WITH THIS POLICY. PLEASE READ THIS POLICY CAREFULLY AS IT DESCRIBES OUR PRIVACY POLICIES AND PRACTICES. IF YOU DO NOT AGREE WITH OUR PRIVACY POLICIES AND PRACTICES, DO NOT USE THE SITE.

THIS POLICY MAY CHANGE FROM TIME TO TIME WITHOUT NOTICE.

Scope

For the purposes of this Privacy Policy, the term “Site” means this website, and all Apps, software, related webpages, social media, and related websites operated by affiliates or divisions of the Company, but does not include any third-party websites which are linked to or may link from this website whether or not such third-party websites are used in connection with the Services. “Company Apps” means the Site and other applications which provide access to the Services offered by the Company and its affiliates from time to time. When this Policy does not apply, you should read the applicable privacy policy and related terms posted on the website, application, or other service you are using before providing them with your information.

Accountability

The Company has designated a Designated Agent who is responsible, for receiving your privacy-related questions, and for providing you with information about our privacy practices.
Company Designated Agent:

Nitza Carrión Nevárez
ncarrion@carrionsanchez.com
400 Rafael Lamar Street
Urb. Ext. Roosevelt, San Juan, P.R. 00918

Identifying Purposes

The Company collects, uses, and discloses Personal Information only for the purposes of providing you with our Services and for such other ancillary purposes consented to by you as a user.

Personal Information: How Do We Use Your Personal Data?

We process Personal Data to operate, improve, understand and personalize our Services. More specifically, the Company collects, uses and discloses information (which may include Personal Information) for the following purposes:

1. To provide you with our Services.
2. To create and manage user profiles.
3. To promote or offer you products, services and offers (including new and other Services which are offered by us, our sponsors and partners) that may be relevant to you and your business.
4. To contact you for the purposes of product information, service updates, notifications relating to the Services, newsletters and tailored savings opportunity messages.
5. To monitor system usage, server and software performance, to improve system design, to create benchmarks and to conduct trending analyses.
6. To provide support and assistance for the Services. To assist you with technical support issues. It is important to remember that most technical issues can be resolved without a Company customer service representative viewing your Personal Information.
7. To personalize website content and communications based on your preferences.
8. To respond to user inquiries.
9. To fulfill user requests.
10. To meet contract or legal obligations.
11. To comply with any laws, regulation, court orders, subpoenas or other legal process or investigation and to protect ourselves and other individuals from harm.
12. To assist in due diligence relating to any corporate action such as a financing, merger, amalgamation, sale or divestiture, provided that reasonable safeguards are taken to protect the confidentiality of Personal Information in our possession.
13. To resolve disputes.
14. To protect against or deter fraudulent, illegal or harmful actions.
15. To enforce our “Legal Documents”: Legal Notice, Privacy Policy, Cookie Policy, Legal Disclaimer, and Terms and Conditions.

We will only process your Personal Data if we have a lawful basis for doing so. Lawful bases for processing include consent, contractual necessity and our “legitimate interests” or the legitimate interest of others, as further described below.

Contractual Necessity: We process your first and last name, email address, location and credit/debit card information as a matter of “contractual necessity”, meaning that we need to process the data to perform under our “Legal Documents” with you, which enables us to provide you with the Services. When we process data due to contractual necessity, failure to provide such Personal Data will result in your inability to receive some or all portions of the Services that require such data.

Legitimate Interest: We also process the Personal Data above when we believe it furthers our legitimate interests, examples of which include:

• Operation and improvement of our business and services
• Marketing of our services
• Marketing third party products and services
• Provision of customer support
• Protection from fraud or security threats
• Compliance with legal obligations
• Completion of corporate transactions

Other Processing Grounds: From time to time we may also need to process Personal Data to comply with a legal obligation, if it is necessary to protect the vital interests of you or other data subjects, or if it is necessary for a task carried out in the public interest.

Consent

We collect Personal Information directly from you or other third parties. We use and disclose the Personal Information only as described in this policy and our “Legal Documents”.

Withdrawing your consent will not apply to actions the Company has already taken based on your prior consent.

In order to use certain Services, you may be required to provide personal information relating to yourself and your employees, agents, contractors and representatives from time to time. You acknowledge, and represent to us that you only collect, use and disclose personal information in compliance with applicable privacy laws. You further represent and warrant to us that you have obtained all required consents from your employees, agents, contractors and representatives whose personal information will be disclosed to us or to our third-party service providers in connection with the Services. You further agree to indemnify and hold the Company, its affiliates, subsidiaries, partners, service providers, suppliers and contractors and each of their respective officers, directors, agents, and employees (collectively, the “Parties”), harmless for any loss, cost, complaint, damage, claim or liability whatsoever arising from your collection, use and disclosure of personal information relating to your employees, agents, contractors and representatives.

Collection of personally-identifiable information

The Company must collect some of your personally-identifiable information to provide, support, improve, and market the Site and the Company’s Content to you. Some of the ways that the Company may collect such information include information that you provide to the Company directly, information about you that the Company automatically collects from log data, IP addresses, and aggregated user data, cookies and similar technologies, and information that you give the Company about your contacts, and your chat histories, if applicable. The Company will only use your personally-identifiable information when the law allows the Company to do so and in the ways described in this Privacy Policy.

The Company collects, processes, stores, and transfers personally-identifiable information that you submit through the Site and its other services and Content, including:

• Information You Provide to Us. We receive and store any information you knowingly provide to us. For example, we collect Personal Information such as your name and email address. We may anonymize your Personal Information so that you cannot be individually identified and provide that information to our partners.
If you have provided us with a means of contacting you, we may use such means to communicate with you. For example, we may send you promotional offers or communicate with you about your use of the Services. Also, we may receive a confirmation when you open a message from us. This confirmation helps us make our communications with you more interesting and improve our services. If you do not want to receive communications from us, please indicate your preference by following the unsubscribe link provided in each e-mail. Please note that if you do not want to receive legal notices from us, those legal notices will still govern your use of the Services, and you are responsible for reviewing such legal notices for changes.

• Business Information. This includes information provided in the course of the contractual or client relationship between you or your organization and us, or otherwise voluntarily provided by you or your organization.

• Marketing and Communications Preferences. These include your preferences in receiving marketing from us and third parties and your communication preferences. We offer you control over the various types of optional communications made available by us to you, including opt-in and opt-out capabilities. At times, you also will receive mandatory communications from our Site when we deliver the services and Content that you request or need to advise you of important notices about the Site. In such cases, your only option for opting out of mandatory communications is to cancel your user account with us.

• Contact Information, Feedback, and Inquiries. When you submit feedback to us, contact us for support, or ask us questions, we may collect your first and last name, email address, telephone number, and/or other contact information in order to respond to your feedback, provide support, or answer your questions. This includes records and copies of your correspondence (including email addresses and phone numbers) with us, if any.

Information Collected Automatically. Whenever you interact with our Services, we automatically receive and record information on our server logs from your browser including your IP address, “cookie” information, and the page you requested. “Cookies” are identifiers we transfer to your computer or mobile device that allow us to recognize your browser or mobile device and tell us how and when pages and features in our Services are visited and by how many people. You may be able to change the preferences on your browser or mobile device to prevent or limit your computer or device’s acceptance of cookies, but this may prevent you from taking advantage of some of our features. Our advertising partners may also transmit cookies to your computer or device, when you click on ads that appear on the Services. Also, if you click on a link to a third party website, such third party may also transmit cookies to you. This Privacy Policy does not cover the use of cookies by any third parties.

Other things you should know. We reserve to right to remove, at our sole discretion, any information that you provide when you register for or use the Site or any services therein, if we believe it is inappropriate or violates our “Legal Documents”.

How and With Whom Do We Share Your Data?

We share Personal Data with vendors, third party service providers and agents who work on our behalf and provide us with services related to the purposes described in the “Legal Documents”. These parties include:

• Payment processors
• Fraud prevention service providers
• Ad networks and partners
• Analytics service providers
• Hosting service providers

We also share Personal Data when necessary to complete a transaction initiated or authorized by you or provide you with a product or service you have requested, including to other users (where you post information publicly or as otherwise necessary to effect a transaction initiated or authorized by you through the Services).

We also share Personal Data when we believe it is necessary to:

• Comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies
• Protect us, our business or our users, for example to enforce our “Legal Documents”, prevent spam or other unwanted communications and investigate or protect against fraud
• Maintain the security of our products and services

We also may share information with third parties without your prior consent.

Furthermore, if we choose to buy or sell assets, user information is typically one of the transferred business assets. Moreover, if we, or substantially all of our assets, were acquired, or if we go out of business or enter bankruptcy, user information would be one of the assets that is transferred or acquired by a third party, and we would share some or all of your Personal Data with the party that is acquiring our assets. You acknowledge that such transfers may occur, and that any acquirer of us or our assets may continue to use your Personal Information as set forth in this policy.

How Long Do We Retain Your Personal Data?

We retain Personal Data about you for as long as you have an open account with us or as otherwise necessary to provide you Services. In some cases we retain Personal Data for longer, if doing so is necessary to comply with our legal obligations, resolve disputes or collect fees owed, or is otherwise permitted or required by applicable law, rule or regulation, such as marketing purposes.

What Security Measures Do We Use?

We seek to protect Personal Data using appropriate technical and organizational measures based on the type of Personal Data and applicable processing activity, including by using data hosting service providers to host the information we collect.

Accessing, Updating, and Deleting Your Personal Information

Absent exceptional circumstances, we offer you reasonable control over your personal data at any time. Please inform yourself of your rights by reviewing the list below.

We try to respond to all legitimate requests regarding your personal information within one month. Occasionally, it could take us longer than a month if your request is particularly complex or you have made a number of requests. In such cases, we will notify you and keep you updated. The timeframes described here do not apply to our response times for addressing ordinary customer service and support requests unrelated to the exercise of personal information access rights.

There may be circumstances in which we need to ask you for more information to identify your account and may ask you to demonstrate your identity or we may be unable to provide access, including but not limited to: where the information contains legal privilege, would compromise others’ privacy or other legitimate rights, where the burden or expense of providing access would be disproportionate to the risks to the Individual’s privacy in the case in question or where it is commercially proprietary. If we determine that access should be restricted in any particular instance, we will provide you with an explanation of why that determination has been made and a contact point for any further inquiries. To protect your privacy, we will take commercially reasonable steps to verify your identity before granting access to or making any changes to your personal information.

1. Request of access. You have the right to request a copy of the personal data that we hold about you, as well as to inquire about the origin, recipients, and purposes of that data. There are certain exceptions to this right, however, so that we may deny access to you as required by law or to protect the legal rights of others.

2. Request correction. You have the right to request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us. Our goal is to keep your personal information accurate, current and complete. Please contact us if you believe your information is not accurate or changes. You may edit some of your account information via the Site.

3. Right to Erasure and Deletion of Your Personal Information. You may have a legal right (for instance, if you are located in the EU or EEA under the GDPR) to request that we delete your personal information when it is no longer necessary for the purposes for which it was collected, or when, among other things, your personal information has been unlawfully processed.

We also may decide to delete your personal information if we believe it is incomplete, inaccurate or that our continued storage of your personal information is contrary to our legal obligations or business objectives. When we delete personal information, it will be removed from our active servers and databases and our Services, but it may remain in our archives when it is not practical or possible to delete it. We may also retain your personal information as needed to comply with our legal obligations, resolve disputes, or enforce any agreements, such as limited information about your device that may be retained for the purposes of fraud detection and enforcement of our “Legal Documents”.

4. Right to Object. In certain circumstances, as permitted under applicable law, you have the right to object to processing of your personal information and to ask us to erase or restrict our use of your personal information. If you would like us to stop using your personal information, please contact us and we will let you know if are able to agree to your request.

5. Right to Portability. You have the right to request that some of your personal data is provided to you or an authorized third party in a commonly-used, machine-readable format (such as .txt). If you require the direct transfer of data to another responsible party, this will only be done to the extent technically feasible.

6. Right to Withdraw Consent. If you have provided your consent to the collection, processing and transfer of your personal information, you have the right to fully withdraw your consent. We attempt to comply with all reasonable and legitimate requests. To withdraw your consent with respect to emails and other communications from us, please notify us or follow the opt-out links available in the communications sent to you. Once we have received notice that you have withdrawn your consent, we will no longer process your information for the purpose(s) to which you originally consented unless there are compelling legitimate grounds for further processing that override your interests, rights and freedoms or for the establishment, exercise or defense of legal claims. Withdrawal of consent to receive marketing communications will not affect the processing of personal information for the provision of our Services.

7. Updating Your Personal Information. If any of the personal information you have provided to us changes, please let us know. For instance, if your email changes, you wish to cancel any request you have made of us, or if you become aware of inaccurate personal information about you, please contact us to update your information. You may edit your account information via the Site.

We are not responsible for any losses arising from any inaccurate, inauthentic, deficient or incomplete personal data that you provide to us.

Limiting Collection

The Company limits the collection of Personal Information by collecting only the information required to fulfill the identified purposes. We will collect only the minimum amount of information required to facilitate the Services. However, we may provide you with the option of sharing additional information to enhance your use of the Services. We will share your personal information with third parties only in the ways that are described in this privacy statement.

You may in connection with some but not all of our Services have the ability to allow others (Guest Collaborators) access to your account. Note that by providing Guest Collaborators access to your account, you will also be providing the Guest Collaborator access to any Personal Information in your account. While the Guest Collaborator must agree to our “Legal Documents”, we take no responsibility for any collection, use or disclosure of your Personal Information by your Guest Collaborator. It is your responsibility to ensure that your Guest Collaborator complies with privacy standards that are no less stringent than our own.

When you use certain Services, you have the option to share information with other accounts you have signed up for. You may choose from time to time to connect the Company with other third-party service providers in order to utilize these services in conjunction with the Company Apps. Purposes may include saving copies of records, importing data from external sources, communications with third parties, and conducting payment and direct deposit functions, among others. In such instances, your account and password credentials and other required information in respect of such third-party service may be stored by the Company for the purpose of providing this service.

Limiting Use, Disclosure and Retention

The Company will not use or disclose Personal Information for purposes other than the identified purposes of the Services or such other purposes which we identify from time to time.

We also ensure that only those employees responsible for the Services’ operations have physical or technical access to Personal Information and only where such access is required to perform work authorized by their supervisors.

We retain all Personal Information provided by you on secure servers, as do our third-party partners and service providers. This data will be subject to the laws of the relevant jurisdictions. Our third-party service providers, including financial institutions, have their own “Legal Documents” that will govern your relationship with these third parties. You are responsible for reviewing and agreeing to these “Legal Documents”. If you do not agree with these “Legal Documents” you should not use the services offered by such third-party service providers.

In the future we may collect information, including Personal Information, to enable you to access services provided by our third-party partners and service providers. You will be subject to the “Legal Documents” of these third-party service providers. You are responsible for reviewing and agreeing to these “Legal Documents”. If you do not agree with the “Legal Documents” you should not use the services offered by such third-party service providers.

When the Company services some data is cached in the memory of the device. If the application is put in the background without closing, the data may remain in the cache. We take no responsibility for any unauthorized viewing of this data by third parties.

Children’s Privacy

If you learn that a minor has provided us with personal information without a lawful guardian or parent’s lawful consent, you may alert us at ncarrion@carrionsanchez.com. If we learn that we have unlawfully collected any personal information from minors, we will promptly take steps to delete such information and terminate the minor’s user account.

Accuracy

The Company relies on you to ensure that the Personal Information you provide to us while using the Services is as accurate, complete and up-to-date as necessary for the purposes for which it is to be used. Upon request the Company will provide you with information about whether we hold any of your personal information. You are welcome to make changes, request deletion or corrections to Personal Information at any time by contacting us at the contact information listed below. We will respond to your request within a reasonable timeframe.

We also make every effort to ensure the accuracy of the information in our reports, displays, articles and support queries. However, you must verify all information created from your use of the Services and we recommend that you consult a professional before completing any government or regulatory filing or otherwise relying upon the information, as the use of this information is at your own risk.

You are responsible for ensuring that the information you have provided is truthful, accurate, reliable and complete.

Safeguards

The Company implements industry best practices appropriate to the sensitivity of your Personal Information. We use administrative, technical, and physical safeguards to protect your Personal Information against loss, theft, and unauthorized access, use, disclosure, copying, modification, disposal, or destruction in accordance with applicable legal requirements and industry best practices.

We ensure that any third party acting on our behalf in respect of your Personal Information maintains reasonable and appropriate safeguards. For example, these third parties classify customer account data as “super sensitive”. This means that access to such data is strictly limited based on business need and this data cannot be transmitted without the use of approved encryption methods.

Payment Card Information

No method of transmission over the internet or method of electronic storage is 100% secure. Therefore while we do protect your information, we cannot guarantee its absolute security. If you have questions about security on our Site, you can contact us through the “Contact Us” section.

Openness

The Company makes clear and transparent notice of its privacy practices publicly available. Our notices describe the collection, use, disclosure, and protection of Personal Information and provide the contact information of our privacy contact person.

The Company will advise you at the first reasonable opportunity upon discovering or being advised of an incident where your personal information is lost, stolen, accessed, used, disclosed, copied, modified or disposed of by unauthorized persons or in an unauthorized manner.

Additional Features

Some of the functionality of the Services and the Company Apps interoperate with, and are highly dependent upon, application programming interfaces (APIs) from third parties. We may collect Personal Information from these third party APIs to the extent you authorize us to do so, and our collection, use and disclosure of that Personal Information will be governed by this privacy policy.

Our Site may include links to other websites whose privacy practices may differ from those of the Company. If you submit personal information to any of those sites, your information is governed by their privacy policies. We encourage you to carefully read the privacy policy of any website you visit.

Behavioral Targeting/Re-Targeting

We may partner with a third party to either display advertising on our Site or to manage our advertising on other sites. Our third-party partner may use technologies such as cookies to gather information about your activities on this site and other sites in order to provide you advertising based upon your browsing activities and interests.

Agents/Service Providers

The Company uses third-party email services providers in order to provide certain services to help us run our operations, including, without limitation, for purposes of delivering emails to you. If required, we will disclose your personal information to these service providers to the extent required by us to receive these services.

Notification of Privacy Policy Changes

We may update this privacy policy to reflect changes to our information practices without prior notification. You are bound by any changes to the Privacy Policy when you use the Services after such changes have been first posted. We encourage you to periodically review our Privacy Policy for the latest information on our privacy practices.

###