Personal Data Processing Policy

  1. Identification of the Data Controller

BYTTE S.A.S., a legally constituted commercial company under the laws of the Republic of Colombia, identified by Tax Identification Number (NIT) 830115764-4, with its principal place of business in the city of Bogotá D.C., in its capacity as the Data Controller, adopts this Personal Data Processing Policy in order to guarantee proper compliance with current regulations regarding the protection of personal data.

This policy is adopted in compliance with the provisions of:

  • Article 15 of the Political Constitution of Colombia;
  • Law 1581 of 2012;
  • Law 1266 of 2008;
  • Decree 1377 of 2013;
  • Decree 1074 of 2015;
  • and other regulations that modify, add to, or complement them.

This policy governs the processing of personal data collected by BYTTE S.A.S. through:

  • employment contracts, commercial agreements, and confidentiality agreements;
  • physical or electronic forms;
  • institutional websites;
  • mobile applications;
  • technological platforms;
  • and any other channel authorized by the company.
  1. Information of the Data Controller

Company Name: BYTTE S.A.S.

Tax ID: 830115764-4
Address: Bogotá D.C., Colombia
Address: Av. Calle 26 No. 69 D-91 Of. 407 Tower 1
Email: info@bytte.com.co
Phone: (+57) 317 8943347
Websites:

  • https://bytte.website
  • www.miid.bio
  • www.fingo.co
  1. Area Responsible for Personal Data Protection

BYTTE S.A.S. has designated an area responsible for managing personal data protection, tasked with addressing requests, inquiries, and complaints related to the processing of personal data.

Data subjects may exercise their rights of:

  • access
  • updating
  • rectification
  • erasure
  • revocation of authorization

Data subjects may exercise their rights by sending an email to info@bytte.com.co or through the official channels enabled by the company for this purpose.

  1. Purpose

The purpose of this Policy is to establish the guidelines and criteria for the collection, storage, use, circulation, transmission, transfer, updating, and deletion of personal data processed by BYTTE S.A.S., as well as the measures adopted to guarantee the protection of such information.

  1. Scope

This policy applies to all personal data registered in the databases of BYTTE S.A.S. and to any processing carried out by the company in its capacity as:

  • Data Controller, or
  • Data Processor, when acting on behalf of third parties.

This policy will apply when the processing of personal data:

  • takes place in Colombian territory; or
  • when the data controller or processor is not established in Colombia, but Colombian law applies to them by virtue of international treaties or agreements.
  1. Scope

This policy is mandatory for:

  • employees
  • contractors
  • suppliers
  • business partners
  • third parties acting on behalf of BYTTE S.A.S.

and for any natural or legal person who has access to or processes personal data managed by the company.

BYTTE S.A.S. will implement training and awareness programs to ensure proper compliance with applicable regulations regarding the protection of personal data.

Where applicable, BYTTE S.A.S. will register its databases with the National Database Registry (RNBD) administered by the Superintendency of Industry and Commerce, in accordance with current regulations.

  1. Definitions

For the purposes of this policy, the following definitions apply:

Authorization: Prior, express, and informed consent of the data subject to carry out the processing of personal data.

Database: An organized set of personal data that is subject to processing.

Personal data: Any information linked to or that can be associated with a specific or identifiable natural person.

Data processor: A natural or legal person, public or private, who processes personal data on behalf of the data controller.
Data controller: The natural or legal person who decides on the database and/or the processing of personal data.

Data subject: The natural person whose personal data is being processed.

Processing: Any operation or set of operations performed on personal data, such as collection, storage, use, circulation, or erasure.

Public data: Data that is not semi-private, private, or sensitive and whose access can be carried out without restriction in accordance with the law.

Sensitive Data: Data that affects the privacy of the data subject or whose misuse may lead to discrimination, such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, data relating to health, sex life, or biometric data.

  1. Principles for the Processing of Personal Data

The processing of personal data by BYTTE S.A.S. will be governed by the principles established in Article 4 of Law 1581 of 2012:

Principle of Legality: The processing of personal data is a regulated activity that must comply with the provisions of the law.

Principle of Purpose: The processing must have a legitimate purpose communicated to the data subject.

Principle of Freedom: The processing may only be carried out with the prior, express, and informed consent of the data subject.

Principle of Accuracy or Quality: The information must be truthful, complete, accurate, up-to-date, and understandable.

Principle of transparency: The data subject has the right to obtain information about the processing of their personal data.

Principle of access and restricted circulation: Processing is subject to the limits derived from the nature of the data and the law.

Principle of security: Information must be handled with technical, human, and administrative measures that guarantee its security.

Principle of confidentiality: All persons involved in the processing of personal data are obligated to guarantee the confidentiality of the information.

Collection of personal data

BYTTE S.A.S. may collect personal data through various physical and electronic channels, including, among others:

  1. Contact forms on institutional websites.
  2. Requests made through corporate emails.
  3. Interactions with the customer service area.
  4. Electronic forms available on the company’s platforms or applications.
  5. Access to digital platforms or private customer areas.
  6. Use of electronic payment portals or payment gateways. 7. Interaction with the company’s websites or technological applications.

Personal data will always be collected with the prior, express, and informed consent of the data subject, except in cases where the law authorizes processing without requiring such consent.

Consent may be obtained by any means that allows for its subsequent verification.

Rights of Data Subjects

In accordance with Article 8 of Law 1581 of 2012, data subjects have the following rights:

  1. To know, update, and rectify their personal data with the data controller or processor.
  2. To request proof of the consent granted for the processing of their personal data, except when such consent is not required by law.
  3. To be informed by the data controller or processor, upon request, regarding the use that has been made of their personal data.
  4. To file complaints with the Superintendency of Industry and Commerce for violations of the provisions on personal data protection. 5. Revoke authorization and/or request the deletion of data when the processing does not respect constitutional and legal principles, rights, and guarantees.
  5. Access their personal data that has been processed, free of charge.

Procedure for inquiries

Data subjects or their successors may submit inquiries regarding the personal data held in the databases of BYTTE S.A.S.

Inquiries will be addressed within a maximum of ten (10) business days from the date of receipt of the request.

If it is not possible to address the inquiry within this period, the interested party will be informed of the reasons for the delay and the date on which the inquiry will be addressed, which in no case may exceed five (5) business days following the expiration of the initial period.

Procedure for complaints

Data subjects or their successors may file complaints when they believe that the information contained in a database should be corrected, updated, or deleted.

The claim must contain at least the following:

  • Identification of the claimant
  • Description of the events giving rise to the claim
  • Contact address
  • Supporting documents

If the claim is incomplete, the claimant will be notified within five (5) business days to correct the deficiencies.

If the claimant fails to provide the required information within two (2) months of the notification, the claim will be considered withdrawn.

When it is not possible to address the claim within said period, the interested party will be informed of the reasons for the delay and the date on which the claim will be addressed, which in no case may exceed eight (8) business days following the expiration of the initial period.

Purpose of Personal Data Processing

BYTTE S.A.S. will process personal data for the following purposes:

Commercial and Contractual Management

  • To develop the contractual relationship with clients, users, and suppliers.
  • To manage billing processes, accounts receivable, and compliance with contractual obligations.
  • To offer products, services, and promotions related to the company’s business activity.

Regulatory Compliance and Fraud Prevention

  • To prevent activities related to fraud, money laundering, or terrorist financing.
  • To verify identity and conduct risk analysis.
  • To consult and report information to credit bureaus and information providers.

Administrative and Labor Management

  • To manage selection processes, onboarding, and human talent management.
  • Manage social security system affiliations and contributions.
  • Develop wellness, training, and workplace safety programs.

Service Analysis and Improvement

  • Conduct statistical studies, market analysis, and user segmentation.
  • Develop improvements to products, platforms, and services offered by the company.
  • Analyze browsing behavior on digital platforms.

Data Transfer and Transmission

  • Share information with business partners or technology providers necessary for the company’s operations.
  • Transmit personal data to data processors within or outside the national territory when necessary for the provision of services.

Processing of Sensitive Data

In cases where BYTTE S.A.S. needs to process sensitive data, such as biometric data for authentication or identity verification processes, the data subject will be informed beforehand that:

  • providing this data is optional;
  • they are not obligated to authorize its processing.

Likewise, users will be explicitly informed which data is considered sensitive and the specific purpose of its processing, in accordance with current regulations on personal data protection.

Transfer and Transmission of Personal Data

BYTTE S.A.S. may transmit or transfer personal data to third parties when:

  • it is necessary for the execution of the contractual relationship;
  • the data subject has given their authorization;
  • it is required by a competent authority;
  • it is carried out in compliance with legal obligations.

In all cases, it will be ensured that third parties comply with the obligations established in the applicable personal data protection regulations.

Security of Personal Data

BYTTE S.A.S. adopts the necessary technical, human, and administrative measures to guarantee the security of the personal data being processed, preventing its alteration, loss, unauthorized or fraudulent access, use, or disclosure.

The measures implemented include, among others:

  • access controls to information;
  • user authentication and validation mechanisms;
  • IT security protocols;
  • Confidentiality controls for employees and contractors;
  • Internal information security policies.

In the event of requests from competent judicial or administrative authorities, BYTTE S.A.S. may disclose personal information in compliance with legal obligations or in cases expressly authorized by law.

Cookie Policy

BYTTE S.A.S. websites may use cookies and similar technologies to improve the user browsing experience.

Cookies allow us to:

  • recognize the user when they return to the website;
  • analyze browsing habits;
  • improve the functioning of digital services;
  • optimize the user experience.

Users can configure their browser to accept, reject, or delete cookies at any time.

Retention of Personal Data

Personal data will be retained for the time necessary to fulfill the purposes for which it was collected or for the time required by applicable law.

Once the purpose of the processing has been fulfilled or the legal retention periods have expired, the data may be deleted or anonymized in accordance with the company’s internal policies.

Information Collected During Web Browsing

When a user browses BYTTE S.A.S. websites, technical data such as the following may be collected:

  • IP address;
  • approximate geographic location;
  • browser type and operating system;
  • pages visited and browsing time.

This data is used solely for statistical, security, or digital service improvement purposes.

Accuracy and Truthfulness of Data

The data subject is responsible for providing truthful, complete, accurate, and up-to-date information.

BYTTE S.A.S. is not responsible for the truthfulness of information provided by data subjects when it is incorrect or incomplete.

Authorization for the Processing of Personal Data

BYTTE S.A.S. will process personal data with the prior authorization of the data subject, which may be obtained through:

  • physical or electronic forms;
  • express acceptance on digital platforms;
  • electronic authorization mechanisms;
  • any other means permitted by law.

Authorization will allow the company to process personal data in accordance with the purposes established in this policy.

Modifications to the Data Processing Policy

BYTTE S.A.S. BYTTE S.A.S. reserves the right to modify this policy to adapt it to regulatory changes, case law, or industry practices.

Any modifications will be communicated to data subjects through publication on the company’s websites or via the usual communication channels.
Effective Date

This Personal Data Processing Policy is effective upon publication.

The databases in which personal data is registered will remain valid for the same period during which the information is maintained and used for the purposes described in this policy.

This Personal Data Processing Policy will be available for consultation by data subjects on BYTTE S.A.S.’s websites and may be requested through the company’s official channels.

Publication Date: March 6, 2026
Last Updated: March 6, 2026

Scroll to Top