Before you start browsing our Website, our Platform, and using the digital channels for offers, contact, and sales of Pollaya, make sure you have read and accepted our Privacy Policy for the Processing of Personal Data (hereinafter the “Policy”), according to the relevant definitions in our Terms and Conditions – available at https://pollaya.com/en/terms-and-conditions/ and those in this Policy.

If you do not agree and, therefore, do not accept the Terms and Conditions and/or our Policy, which are mandatory and binding documents, you must refrain from using and browsing the Website and our Platform and/or Mobile Applications. We recommend that you read it until the end, where you will find the specific Authorization we are requesting to safeguard and Process your personal information with the care and security it deserves.

Tresse Soluciones Creativas S.A.S. (or “the Data Controller”) is a legal entity, identified with NIT: 901172836-6, and with a commercial address in Bogotá D.C, acting as the exclusive owner and administrator of the Pollaya Website, Platform, and available Mobile Applications, committed to protecting your Personal Data that it collects and Processes as the Data Controller.

Therefore, this document contains the Policy, addressed to Users, Administrators, and Participants who browse, purchase our Products and Services, or participate in the dynamics of our Platform as a Participant, according to the definition in the Terms and Conditions of the Website and Platform, this Policy, and in accordance with Law 1581 of 2012, Decree 1074 of 2015, Decree 1377 of 2013, and other applicable regulations in the area of Personal Data protection, primarily in Colombia. In the case of international applicability, the Data Controller will carry out due diligence and compliance in accordance with regional and/or global standards, in line with the principle of accountability.

This Policy will include, among other things: the full identification of the Data Controller; the Processing to which your Personal Data and those of our Users, Administrators, and Participants of our Platform and its spaces will be subject; the purposes of the Processing; your rights as a Data Subject and those of other types of Data Subjects – to whom this Policy is directed – whose Personal Data are Processed and the procedure for exercising them; the communication channels for handling requests, inquiries, and complaints from Data Subjects; and the effective date of this Policy.

The above is done not only to comply with the applicable regulations and the obligations of a Data Controller but also with the intention of providing you and the other Data Subjects with relevant, timely, and detailed information, in accordance with the Authorizations obtained and the Processes that are implemented.

By Authorizing the Processing of your Personal Data within the Pollaya Website and Platform, either through clear acts of consent (which we can prove) and/or by checking boxes (clicking acceptance) in relation to this, you declare that: (i) you have the capacity and authority to grant the Authorization; and (ii) you have carefully read this document and the content of the Authorization itself and agree with everything that is stated and outlined.

If you have any questions, you can use the following communication channel: [email protected].

PRINCIPLES FOR THE PROCESSING OF PERSONAL DATA

• Principle of Legality in Data Processing: The Processing of Personal Data is governed by local law in general and the related provisions.
• Principle of Purpose: Processing must have a legitimate purpose according to the Constitution and the law, and this purpose will be communicated to the Data Subject.
• Principle of Freedom: Processing will only be carried out with the prior, explicit, and informed consent of the Data Subject.
• Principle of Accuracy or Quality: The information subject to Processing must be truthful, complete, accurate, up-to-date, verifiable, and understandable.
• Principle of Transparency: The Data Subject has the right to obtain information about the existence of data related to them at any time and without restrictions.
• Principle of Access and Restricted Circulation: Processing is subject to the limits established by the nature of the Personal Data, the law, and the Constitution. Only persons authorized by the Data Subject or by law may carry out the Processing.
• Principle of Security: The information subject to Processing will be handled with technical, human, and administrative measures to ensure security and prevent alterations, losses, inquiries, unauthorized use, or fraudulent access.
• Principle of Confidentiality: Those involved in the Processing of Personal Data, that are not public, will ensure confidentiality even after their relationship with the Processing activities has ended.
• Principle of Necessity and Reasonableness: The Personal Data collected must be strictly necessary for fulfilling the purposes pursued, so it is prohibited to collect and disclose Data not closely related to the purpose of the database.
• Principle of Accountability: Data Controllers must adopt appropriate and effective measures to comply with the obligations established by local law.

DEFINITIONS

• Authorization: Prior, explicit, and informed consent of the Data Subject to carry out the Processing of their Personal Data. In this case, the Authorization is granted by the User, Administrator, and/or Participant of the Pollaya Website and Platform and the Products and/or Services available there, and is obtained by Tresse Soluciones Creativas S.A.S. in its capacity as the Data Controller.
• Database(s): Organized set of Personal Data that is subject to processing.
• Cookies or browsing data: Cookies are small pieces of information that a web server sends to the user’s browser for various purposes, such as identifying the language in which information should be presented during a future visit, browsing preferences, personalization, security, or fraud prevention, among others.
• Personal Data: Any information linked or that can be associated with one or more determined or determinable natural persons.
• Personal Data of Children and Adolescents (Personal Data NNA): These are the Personal Data of minors, the Processing of which must be authorized by the Legal Representative, without prejudice to the child or adolescent exercising their right to be heard. The Processing of such data is prohibited, unless the data is of a public nature and the Processing responds to the best interest of the minor and ensures the respect for their fundamental rights. In this case, no Personal Data of minors is processed on the Pollaya Website and Platform.
• Sensitive Data: These are data that affect the privacy of the Data Subject or whose improper use could lead to discrimination, such as those related to racial or ethnic origin, political orientation, religious or philosophical beliefs, union membership, social organizations, human rights organizations, or those promoting the interests of any political party or guaranteeing the rights and guarantees of opposition political parties, as well as health data, sexual life data, and biometric data.
• Data Processor: A natural or legal person, public or private, who, alone or in association with others, processes Personal Data on behalf of the Data Controller.
• Website: Refers to the Pollaya website portal, available at the link https://pollaya.com/, where all the information on Products and Services available and enabled is found.
• Platform and Applications: Refers to the online space where our registration and participation spaces are enabled, available at the link game.pollaya.com.
• Privacy Policy for the Processing of Personal Data: Refers to this document, through which Tresse Soluciones Creativas S.A.S., as the Data Controller of Personal Data, informs at least the information referred to in Article 13 of Law 1581 of 2012.
• Data Controller: A natural or legal person, public or private, who, alone or in association with others, decides on the database and/or the Processing of Personal Data. In this case, it is Tresse Soluciones Creativas S.A.S.
• Transfer: This occurs when the Data Controller and/or Data Processor of Personal Data located in Colombia sends the information or Personal Data to a recipient who is also a Data Controller and is located inside or outside the country.
• Transmission: Processing of Personal Data involving the communication of the data within or outside the territory of the Republic of Colombia when the purpose is to carry out Processing by the Data Processor on behalf of the Data Controller.
• Processing: Any operation or set of operations on Personal Data, such as, but not limited to, collection, storage, use, circulation, or deletion.
• Data Subject: A natural person, owner of the Personal Data collected by the Data Controller or the Data Processor, if applicable, who can be identified with the personal information they provide and can exercise their legal rights regarding the Processing of this data. In this case, it refers to Users, Administrators, and/or Participants.
• Users: Any person, natural or legal, who browses the Pollaya Website and/or Platform to learn about the Products and Services offered by the Data Controller to sports enthusiasts, without establishing any commercial relationship with Tresse Soluciones Creativas S.A.S.
• Administrators: Any person, natural or legal, who browses the Pollaya Website and Platform, to register and contract, under the available modality, the Products and/or Services of the Data Controller in order to open a space for sports enthusiasts where they can generate prediction dynamics for scores or results of a tournament, with purely recreational purposes.
• Participants: Individuals who are invited by the Administrator to join the recreational space to actively participate in the prediction dynamics for scores or results of a tournament within the Platform.

 

DATA CONTROLLER DETAILS

Email: [email protected]; [email protected]. Phone: 315 5243483 Address: Bogotá, Colombia

ABOUT THIS POLICY

In general, this Policy outlines the mechanisms established by the Data Controller to guarantee and protect the fundamental right to data privacy, specifically for the Users, Administrators, and/or Participants of the Website and/or Platform, through the proper compliance with Law 1581 of 2012, its decrees and regulatory standards, and best practices for the protection of Personal Data and Privacy in the digital and e-commerce environment.

Scope of Application

This Policy applies to all Personal Data Processing carried out by the Data Controller and those third-party Processors authorized by the Data Controller, if applicable, in relation to the Personal Data of the Users, Administrators, and/or Participants of the Website and Platform. This Policy has been established and will be applied in accordance with the regulations related to Personal Data protection in Colombia, including Law 1581 of 2012, and in line with globally accepted best practices for demonstrated responsibility.

Application of the Policy by Third-Party Processors

If required, and when the Data Subject grants authorization for it, third-party Processors authorized by the Data Controller may carry out the Processing of Personal Data on behalf of the Data Controller. These third-party Processors are obligated to strictly comply with this Policy and must implement all technical and administrative measures to ensure at least the same or higher standard of protection for the Personal Data being processed. The Data Controller will take necessary and reasonable measures to ensure the protection of the Personal Data processed on its behalf.

This scenario may include service providers who collect information on behalf of Pollaya, such as:

Companies that support our Website, Platform, and services, payment processors who collect payment information (e.g., bank account, credit or debit card information, billing address) to process the payments of Administrator Subjects, in order to fulfill their orders and provide the requested products, thus ensuring compliance with our business relationship regulated by the Website’s Terms and Conditions.

In any case, it is important to note that regarding third-party transactional areas, these may also collect the Data Subject’s data beyond the entrusted task by Pollaya and its Data Controller. In such cases, these third parties will be acting under their own terms and conditions and policies, which must be considered by the Data Subject when applicable.

Pollaya May Also Act as a Processor and Not a Controller

Although this Policy regulates the Processing under Tresse Soluciones Creativas S.A.S. as the Data Controller, it is important to understand that Tresse Soluciones Creativas S.A.S. may also act as a Processor of Personal Data. Specifically, with respect to its relationship with companies that contract the Products and Services of Tresse Soluciones Creativas S.A.S. but under specific needs for customization and clear instructions to meet the company’s needs. For this reason, all data of the Participants in Pollaya’s corporate space, contracted under corporate needs, will only be Processed by Tresse Soluciones Creativas S.A.S. to fulfill the contract and guidelines required by the corporate sector Administrator and not for Pollaya’s own business purposes.

We invite you to visit our Terms and Conditions to explore the different contracting and relationship options with our platform, its Products, and Services available for individuals and the corporate sector.

Scope and Content of the Policy

This Policy contains the terms and purposes on which the collection, storage, use, circulation, deletion, and any other form of Processing of Personal Data will be carried out. It also establishes the security conditions under which Personal Data will be Processed, as well as the pre-established procedures for Data Subjects to exercise their rights to access, update, and rectify their Personal Data in accordance with applicable laws.

 

ABOUT THE PERSONAL DATA THAT WILL BE PROCESSED

Personal Data of Users, Administrators, and/or Participants who navigate the Website and/or purchase Products and/or Services available on the Pollaya Platform. The Data Controller may collect and Process – without limitation and in accordance with the authorizations obtained – the following Personal Data from its Administrators and Participants, as applicable depending on the type of relationship the Data Subject has with the Data Controller according to the definitions of Administrator and/or Participant.

From Individual Administrators:

• Full Name
• ID Number or Identification Document
• Cell phone or Contact phone
• Email Address
• Country of residence

Bank account (This data will only be requested for the corresponding payment or transactional step of the purchase and will be directly processed by the chosen payment gateway or intermediary to offer a transactional space within the Platform).

Financial instrument data (This data will only be requested for the corresponding payment or transactional step of the purchase and will be directly processed by the chosen payment gateway or intermediary to offer a transactional space within the Platform).

Customer support information. Includes the information you choose to include in communications with us, such as when sending a message through the available channels on the Website and Platform.

Some service features may require you to directly provide certain information about yourself. You may choose not to provide this data; however, doing so may prevent you from using or accessing certain functions (both in the operation of Pollaya’s backend and in the terms for transactions within the Website and Platform of Pollaya).

From Participants:

• Full Name
• Email Address
• Password of your choice
• Country of residence

*When Participants correspond to individuals under the responsibility of a corporate client, remember that their Personal Data will not be processed by Pollaya as the Data Controller but on behalf of the contracting company and/or corporate client, who acts as the Data Controller regarding the data of Participants shared with Pollaya.

Any Personal Data – beyond those essential for Pollaya to provide its services – that the corporate client decides to request from their employees and that will participate in Pollaya’s spaces, must be collected and processed in accordance with the authorization granted by the corporate client.

HOW WE COLLECT YOUR DATA

The information and Personal Data of the Data Subject that we may collect, use, and process include the following collection methods by the Data Controller:

• Through registration on the Pollaya Website and Platform.

• Responses to surveys or consumer studies we conduct after the contracting process, through any of the contact channels you authorized.

• Through third-party interfaces, especially in the transactional area. For example, the information that Mercado Pago, credit card franchises, or any other payment gateway or digital payment method available within the Pollaya Website and Platform helps us collect and/or share.
• Emails with invitations to play and/or participate in promotions or campaigns for our Products and Services. Remember that you, as the Data Subject, are solely responsible for the risks arising from any information you send us by email that is not encrypted and/or marked as confidential or sensitive.
• Data from your visits to the website including, but not limited to, data traffic, location data, web logs, and other communication data.

  ABOUT THE PURPOSES OF THE PROCESSING General Purposes of Personal Data Processing The Data Controller and third-party Processors authorized by the Data Controller – if any – will process the Personal Data in accordance with the following purposes: Purposes Applicable to All Data Subjects

• Providing various Services and Products related to entertainment games and social interaction.
• Notifications throughout the game, tournament, or cup in which the participant is engaged.
• Sending invitations to contacts and selected friends either via the platform or by importing contacts to email messages.
• Identification and/or authentication at the time of registration and within transactional processes, if applicable.
• Operating and managing the Website, carrying out activities related to that online space.
• Ensuring compliance with any legal obligations and/or administrative or judicial requirements that may arise, and responding or acting within the framework of judicial processes when required.
• Managing internal matters including, but not limited to, accounting, financial and management reports, tax calculation, presentation and payment, other compliance reports, internal or external audits, and compliance with commercial, tax obligations or those related to the activities developed by the Data Controller as the business owner.
• Including Personal Data in one or more databases, which will be managed by the Data Controller or third-party Processors, if applicable, for the purposes outlined here. These databases may also include and integrate Personal Data Transferred to them by third-party Processors.
• Performing national and/or international Transfers and/or Transmissions of Personal Data, including to third countries that do not have an adequate level of protection in terms established by the Superintendence of Industry and Commerce, if applicable.
• Informing about substantial changes to this Privacy Policy or the Terms and Conditions.
• Responding to requests, inquiries, complaints, and/or claims made by Data Subjects through any of the channels provided by the Data Controller on their Website and Platform for this purpose.
• Sending notifications and information that may be useful to Data Subjects who have specifically requested or accepted that it be collected, including information about our Products and Services, unless they have informed us that they do not wish to be contacted for these purposes.
• Monitoring and auditing the Data Controller’s databases in order to update the data and allow you, as a User, Administrator, and/or Participant, to decide whether or not to unsubscribe and thus keep personal information of Users who wish to remain potential Administrators. You can unsubscribe from our databases at this link: https://game.pollaya.com/mis-datos/actualizacion
• For mass communications regarding marketing, promotions, events, and browsing tracking. You can unsubscribe from our databases at this link: https://game.pollaya.com/mis-datos/actualizacion

Purposes Applicable to Administrators

• To establish and comply with obligations arising from commercial or legal relationships with Administrators, as applicable.
• To process and complete purchases.
• To perform controls and take security measures to prevent fraud within the commercial or legal relationships within the platform, in accordance with Pollaya’s third-party providers involved in the Website’s operations.
• For mass communications regarding marketing, promotions, events, and customer service.

The contact Personal Data will be used in accordance with the Authorization granted. We will communicate, when necessary, via email, text message (SMS, MMS), direct mail, or by phone. To change the preferred channels for receiving communications from the Data Controller and Pollaya, the Administrator, User, or Participant must send an email to: [email protected].  

RIGHTS OF PERSONAL DATA SUBJECTS

Rights Granted to Data Subjects By accepting this Policy, the Data Subjects confirm that they have freely, expressly, and priorly been informed about the rights granted to them by applicable laws as Personal Data Subjects, which are outlined below:

• To know, update, and rectify their Personal Data before the Data Controller or the Data Processor.
• To request proof of the Authorization granted to the Data Controller unless it is expressly exempted as a requirement for the Processing.
• To be informed by the Data Controller or Data Processor, upon request, about the use made of their information and Personal Data.
• To file complaints with the competent authorities for violations of the applicable Personal Data protection regime.
• To revoke the Authorization and/or request the deletion of their information and Personal Data in accordance with the law and this Policy.
• To access their information and Personal Data that has been processed, upon request to Pollaya, in accordance with the applicable current regulations.
• General procedure for exercising the rights of Data Subjects.
• Persons authorized to exercise the rights of Data Subjects.

The following individuals are authorized to exercise the rights of Data Subjects:

• The Data Subject or their legal successors, upon proving their identity, or through electronic means that allow for identification.
• By the representative and/or attorney of the Data Subject, upon proving the representation or power of attorney.
• By stipulation for the benefit of another or someone else; or
• The rights of children or adolescents will be exercised by those authorized to represent them.

Channels Available for Submitting Queries, Requests, and Complaints Email: [email protected]. Minimum Information Required for Any Query, Request, or Complaint The following are the minimum details that should be included in any query, request, or complaint:

• The name and address of the Data Subject or another means of receiving the response.
• Documents proving the identity or authority of the representative.
• A clear and precise description of the Personal Data regarding which the Data Subject seeks to exercise any of their rights.
• If applicable, other elements or documents that facilitate locating the Personal Data.
• Procedure for addressing queries

The Data Controller will guarantee the right to consult by providing the Data Subjects with all the information contained in the individual record or that is linked to the identification of the Data Subject.

*To make inquiries, the enabled means or channels must be used.

Regardless of the channel implemented for handling inquiries, they will be addressed within a maximum period of ten (10) business days from the date of receipt. If it is not possible to address the inquiry within this period, the interested party will be informed before the expiration of the ten (10) days, stating the reasons for the delay and specifying the date when the inquiry will be addressed, which in no case may exceed five (5) business days following the expiration of the first period.

Procedure for Handling Requests and Complaints

The Data Subjects and other authorized persons may exercise their rights to rectify, update, or delete their Personal Data at their discretion by submitting a request to the Data Controller.

If the Data Subjects notice a possible breach of any of the duties contained in Law 1581 of 2012, Decree 1377 of 2013, or any other applicable regulation, they may file a complaint with the Data Controller, which will be processed under the following rules:

To make requests and complaints related to the Processing of Personal Data, the enabled channels must be used, and they must be submitted by the persons authorized to do so.

All requests and/or complaints must contain at least the information specified in Article 15 of Law 1581 of 2012 and Article 9 of Decree 1377 of 2013, as well as the information mentioned above in this document. In addition to this information, all requests and/or complaints must include a description of the facts giving rise to the complaint, the address, and any documents the Data Subject wishes to assert.

If the received complaint does not have the complete information required for processing, the interested party will be requested within the next five (5) days to correct the deficiencies. If no required information is provided within two (2) months from the date of the request, it will be considered that the complainant has abandoned the complaint.

If, for any reason, a complaint is received that should not have been directed to the Data Controller, it will be forwarded, to the extent possible, to the appropriate party within a maximum of two (2) business days, and the interested party will be informed of the situation.

The maximum period to address the complaint will be fifteen (15) business days from the day after the date of receipt. If it is not possible to address it within this period, the interested party will be informed before the expiration of the aforementioned term about the reasons for the delay and the date when the complaint will be addressed, which in no case may exceed eight (8) business days following the expiration of the first term.

The request for the deletion of information and the revocation of Authorization or the request to limit the use and disclosure of Personal Data will not be processed when:

• The Data Subject has a legal or contractual obligation to remain in the database, as required by applicable laws.
• The deletion of data would hinder judicial or administrative actions related to tax obligations, the investigation and prosecution of crimes, or the updating of administrative sanctions.
• The data is necessary to protect the legally protected interests of the Data Subject; or
• To carry out an action based on public interest or to comply with a legally acquired obligation by the Data Subject.

The Data Subject may request the deletion and/or revocation—partial or total—of Authorization for their Personal Data, which are explained below:

In the case of a request for partial deletion and/or revocation of Personal Data, this may occur for specific types of Processing (e.g., for advertising or market research purposes), but other Processing purposes with which the Data Subject agrees may be retained. Therefore, it should be indicated which Processing the Data Subject does not agree with so that partial deletion and/or revocation of Personal Data can proceed.

On the other hand, the total deletion and/or revocation of Authorization implies that all the Data Subject’s Personal Data must cease to be processed completely, regardless of the different purposes for which the Data Subject granted their Authorization. There will be cases in which consent, due to its necessity in the relationship between the Data Subject and the Data Controller for fulfilling a contract, cannot be revoked.

For the above reasons, it will be necessary for the Data Subject to indicate in their revocation request whether the revocation they intend to carry out is total or partial.

DATA PROCESSING DURATION

The Data Controller will retain the Data Subjects’ Personal Data for as long as the contractual relationships with them persist and for up to ten (10) more years following the termination of the legal or contractual relationship, in accordance with the applicable term in cases where parallel regulations require Tresse Soluciones Creativas S.A.S. to retain personal information for a specified period—either longer or shorter.

CONSENT

The collection, storage, use, circulation, and, in general, the Processing of the Personal Data held in the Data Controller’s databases require the free, prior, express, and informed consent of the Data Subjects. Tresse Soluciones Creativas S.A.S., in its capacity as the Data Controller, has established the necessary mechanisms to obtain the Data Subjects’ Consent prior to collecting the data, ensuring that it is possible to verify and prove the granting of such Consent. The Personal Data of the Data Subjects will be kept in the Tresse Soluciones Creativas S.A.S. databases for as long as they are used for the authorized purposes, unless the Data Subject requests their complete or partial deletion. The Consent can be documented in a physical, electronic document, data message, on the internet, website, or even verbally or by phone, or in any other format that allows for subsequent consultation. It can also be given through an unequivocal conduct by the Data Subject that reasonably allows for the conclusion that consent was granted, or through a technical or technological mechanism that unequivocally shows that without the Data Subject’s consent, the data would never have been collected and stored in the database. By granting consent through any of the mechanisms listed above, the Data Subject authorizes Tresse Soluciones Creativas S.A.S. to process, obtain, compile, exchange, update, collect, process, store, reproduce, consult, supplement, and handle their Personal Data, either partially or entirely, as well as to transfer and/or transmit such Personal Data to third countries, even those that do not offer an adequate level of protection equivalent to Colombia, for the purposes stated above. The Data Subject declares that they have the necessary authority to grant this Consent. Any authorized third-party Processor to whom Tresse Soluciones Creativas S.A.S. transfers the information will be obligated to comply with this Privacy Policy. At any time, the Data Subject can revoke, either partially or fully, the Consent granted or object to the sending of commercial communications, by expressly requesting it through any of the channels enabled by Tresse Soluciones Creativas S.A.S.

TRANSFER AND TRANSMISSION OF PERSONAL DATA

National and International Transfer of Personal Data By accepting this Privacy Policy—and thereby authorizing the Data Controller to process your Personal Data—the Data Subjects expressly and unequivocally authorize that their data may be transferred by Tresse Soluciones Creativas S.A.S. to third parties, both nationally and internationally, including to countries that do not provide adequate levels of protection. In such cases, Tresse Soluciones Creativas S.A.S. will obtain the necessary consent from the Data Subjects. Tresse Soluciones Creativas S.A.S. will enter into a Data Transfer Agreement with third parties outside the national territory, establishing the minimum conditions that guarantee an adequate level of protection for the data in cases where data is transferred between Tresse Soluciones Creativas S.A.S. as the Data Controller and a third-party Processor. In any case, Tresse Soluciones Creativas S.A.S. commits to contractually regulate the flows of the Personal Data in its databases, ensuring compliance with local laws. Transmission of Personal Data, National and International When Tresse Soluciones Creativas S.A.S. or an authorized third-party Processor transmits Personal Data to a third-party Processor outside Colombia, a Transmission Agreement will be entered into between the parties. This agreement will specify the scope of the Processing, the activities the Processor will carry out on behalf of Tresse Soluciones Creativas S.A.S. for the Processing of the Personal Data, and the obligations of the Processor towards the Data Subject and the Data Controller. The Data Processing by the Processor will be under the control and responsibility of the Data Controller. The Processor will be obligated to process the data in accordance with Colombian regulations on data protection and in accordance with this Policy. In all cases, the Processing carried out by the Processor will be subject to the purposes established by Tresse Soluciones Creativas S.A.S. This Transmission scenario may also occur in reverse, in cases where Tresse Soluciones Creativas S.A.S. acts as a Processor for its Corporate clients, who own the Personal Data they share with Tresse Soluciones Creativas S.A.S. under their instructions for the delivery of Products and Services to sports enthusiasts. In these cases, the corporate administrator must have the necessary authorizations to share the relevant personal information with Tresse Soluciones Creativas S.A.S. to comply with the data processing assignment. The information flows under Transfers and/or Transmissions may relate to, for example, the following processes:

• With suppliers or other third parties providing services on behalf of Tresse Soluciones Creativas S.A.S. (e.g., IT management, payment processing, data analysis, customer service, cloud storage, etc.).
• With business and marketing partners to show you advertisements. Our business and marketing partners will use your information in accordance with their own privacy notices.
• In order to detect possible fraud and for control purposes, you agree that the Data Controller has the right to transfer your Personal Data to third parties, including, among others, third-party providers such as ID verification and address verification providers.
• Additionally, Tresse Soluciones Creativas S.A.S. reserves the right to disclose your personal data to relevant third parties when the Data Controller has reasonable grounds to suspect irregularities related to your account.

 

ON THE SECURITY AND CONFIDENTIALITY OF PERSONAL DATA

The protection, security, and confidentiality of the information and Personal Data of our Users, Administrators, and Participants on the Website and Platform, whose Personal Data we collect, is of vital importance. Therefore, we have policies, procedures, and information security standards in place, which may change at any time at our discretion. The objective is to protect and preserve the integrity, confidentiality, and availability of the information and Personal Data, regardless of the medium or format in which they are stored, their temporary or permanent location, or the way they are transmitted. We will adopt the necessary technical, human, and administrative measures to secure the records, preventing alteration, loss, unauthorized or fraudulent access, or use. The Database Administrator will ensure their security and monitor the proper implementation of this Policy.

COOKIES

Cookies are small text files that are stored in your browser when you visit a website. The cookies we use from Google Analytics help us remember your preferences, such as language, location, and security settings. They also help us track traffic on our Website and Platform so we can improve its performance. All under the purposes of processing your personal data that you have authorized Tresse Soluciones Creativas S.A.S. to use.

You can choose not to accept cookies by configuring your browser to reject them. However, this may affect your ability to use some features of our Platform. You can review additional information about cookies in our Terms and Conditions available at: https://pollaya.com/en/terms-and-conditions/

SENSITIVE PERSONAL DATA

For the development of its corporate purpose and the provision of its services, Tresse Soluciones Creativas S.A.S. may need to process Sensitive Personal Data. According to Article 6 of Law 1581 of 2012, it will only process Sensitive Personal Data with the proper authorization from the Data Subject. In any case, the Data Subject is informed that they are not obligated to authorize the processing of Sensitive Personal Data.

By granting authorization, the Data Subject will accept that their Sensitive Personal Data will be processed for the purposes described in this Policy.

In managing Sensitive Personal Data, the Data Controller will take necessary measures to protect the security and confidentiality of the information, as outlined in the chapter on security and confidentiality.

PERSONAL DATA OF CHILDREN AND ADOLESCENTS

Tresse Soluciones Creativas S.A.S. does not collect or process Personal Data of minors under 18 years old. If we were to process such data, we would request the proper authorization from the minor’s legal guardians and process the data in accordance with the best interests of the minor. If we realize that we have mistakenly collected or processed Personal Data of minors under 18 years old, we will immediately delete this information from our Databases.

Tresse Soluciones Creativas S.A.S. will not be responsible for situations where minors impersonate their parents or legal guardians by using personal information that is valid for making purchases or transactions, such as identification numbers or debit/credit card information.

ENTRY INTO FORCE, VERSION, AND MODIFICATIONS OF THE POLICY

Tresse Soluciones Creativas S.A.S. reserves the right to modify this Privacy Policy at any time without prior notice. Any changes will be promptly informed and published on the Website and/or via email.

The latest update to this Privacy Policy was made on April 22, 2025, and it is applicable from that date onward.