This Privacy Policy describes how Ecadoris S.A. ("Ecadoris", "we") collects, uses and protects the personal data of visitors to ecadoris.com, in compliance with the Organic Law on Protection of Personal Data of Ecuador (LOPDP), published in the Official Registry Supplement 459 of 26 May 2021, and its Regulations in force as of 2026.
1. Data controller
Ecadoris S.A., Tax ID (RUC) 1793215689001, registered office at Av. República del Salvador N35-146 and Suecia, Mansión Blanca Building, Floor 8, Quito, Ecuador. Data Protection Officer email: dpd@ecadoris.com.
2. Personal data we collect
We collect: (i) identification data (name, cédula or passport, date of birth); (ii) contact data (email, phone, address); (iii) financial data (bank account, declared source of funds); (iv) browsing data (IP address, device type, cookies).
3. Purposes of processing
Data is used to: provide the crowdlending service, meet legal obligations against money laundering (UAFE), send commercial communications after consent, respond to enquiries and improve the platform.
4. Legal basis
Processing is based on (i) your explicit consent, (ii) the performance of a contract to which you are a party, (iii) the fulfilment of legal obligations and (iv) legitimate interest, where applicable.
5. Sharing with third parties
We may share data with: the Ecuadorian Internal Revenue Service (SRI), the Financial and Economic Analysis Unit (UAFE), the Superintendency of Companies, custodian banks, notaries and technology providers under a signed data-processing agreement.
6. Retention period
We retain your data during the contractual relationship and, afterwards, for 10 years, the minimum period required by Ecuadorian anti-money-laundering regulations.
7. Your rights
You may exercise ARCO+ rights (access, rectification, cancellation, opposition, portability, restriction of processing and not to be subject to automated decisions) by writing to dpd@ecadoris.com. If you believe your rights have been infringed, you may lodge a complaint with the Superintendency for the Protection of Personal Data.
8. Security
We apply technical and organisational measures compliant with ISO/IEC 27001:2022, including TLS 1.3 encryption in transit, AES-256 encryption at rest and mandatory multi-factor authentication for staff.
9. International transfers
We may transfer data to technology providers located in the European Union, in countries with an adequacy decision under the LOPDP or through standard contractual clauses approved by the supervisory authority.
10. Changes
We may update this Policy. The version in force will always be published at this URL, stating the last-updated date.