Esp Eng

Customers privacy policy

PRIVACY NOTICE

SISTEMA DE TRANSFERENCIAS Y PAGOS STP, S.A. DE C.V., INSTITUCIÓN  DE FONDOS DE PAGO ELECTRÓNICO (hereinafter "STP") with address at Av.  Insurgentes Sur 1425, 10th, 12th and 14th floors, Insurgentes Mixcoac, Benito Juárez,  C.P. 03920, Mexico City, and identified with the trade name "STP". 

To all our customers: 

STP is a financial institution that complies with and respects the rights enshrined in  the second paragraph of article 16 of the Constitución Política de los Estados Unidos  Mexicanos, with respect to the personal data of individuals, and therefore, this  document (hereinafter referred to as, "Privacy Notice") is primarily intended to  comply with the provisions of the Ley Federal de Protección de Datos Personales  en Posesión de los Particulares (hereinafter, the "Law") and the Reglamento de la  Ley Federal de Protección de Datos Personales en Posesión de los Particulares (hereinafter, the "Regulations"). 

In this sense, STP makes available the Privacy Notice in order that the Personal  Data Subject (terms defined below) has the possibility to exercise his/her right to  informational self-determination. 

Likewise, the Client, (i) by entering and using the website https://stp.mx/ (hereinafter,  "STP Website"), or (ii) by entering any of the systems made available by STP and  selecting the option “I accept”, declares that he/she accepts the terms and conditions  contained in this Privacy Notice, and therefore, in both cases, expressly grants  his/her consent to use electronic means for such purpose, in terms of the provisions  of article 1803 of the Código Civil Federal

Therefore, in the event that, as Data Subject, you do not fully and completely accept  the terms and conditions of the Privacy Notice, you must refrain from providing any  type of Personal Data to STP, by any means or system, including the STP Website. 

For the purposes of this Privacy Notice, the term "Personal Data", in its singular or  plural form, shall mean any information concerning an identified or identifiable  natural person; the term "Data Subject", in its singular and plural form, shall mean  the natural person to whom the personal data identifies or corresponds; and by  "Customer", in its singular or plural form, any individual or legal entity that may have  or may have a business or contractual relationship with STP, either by acquiring its  services or providing services or products to the latter, including visitors to its  facilities and/or users of STP Website, its systems, social networks and/or desktop  and/or mobile applications.

PURPOSE OF DATA PROCESSING.  

STP requests the Personal Data of its Customers in order to: (i) identify the Data  Subject in order to ascertain that he/she is indeed the person he/she claims to be  for, and if applicable, to initiate a business or contractual relationship, and to prevent  him/her from being subject to identity theft or the contracting of services without  his/her authorization, (ii) in the case of the biometric data of the Data Subject, such  as the recording of his/her image and voice, to authenticate the Data Subject at the  moment of signing the electronic documents necessary for the contracting of the  services and/or products offered by STP, through the use of electronic applications  made available by STP; (iii) in the case of visitors, in addition to identifying them, to  carry out the registration of their entrance and exit, as well as to make video  recordings of the facilities, so that the images are used to protect the security of the  people and goods inside STP's facilities; (iv) to be able to enter into agreements of  terms and conditions for possible negotiations, confidentiality agreements, (v) to  register and update the data in the internal management system(s) used by STP to  provide access to the Personal Data to the persons authorized to do so, (vi) to keep  a physical and/or electronic file of the Personal Data, and to keep a copy of the data  in order to keep it confidential, and to keep it in a safe and secure environment, (vi)  integrate a physical and/or electronic file of the Data Subject and/or Client for the  duration of the business or contractual relationship and up to the term determined  by the applicable legislation, (vii) keep the Personal Data of the Data Subject and/or  Client in a reliable manner by means of the stamping of records of conservation of  data messages in accordance with the applicable legislation, as a means to grant its  express consent through electronic means, and thus avoid the repudiation in the  signature of electronic documents, (viii) to inform them about the status of the  obligations contracted through the contracts or legal documents executed, (ix) to  issue by any means account statements and letters of liquidation or settlement, upon  request of the Holder; (x) make payment demands in case of delay or default, (xi)  assign or transfer the rights in favor of STP derived from the contracts or legal  documents executed, (xii) provide information related to the contracts or legal  documents executed, (xiii) offer the different products and/or services that STP has  at its disposal, (xiv) consult and verify the data and information provided by the  Client, (xv) contact them via telephone, email, social networks, and/or desktop  and/or mobile applications to follow up on requests for information and/or services,  (xvi) use them for marketing, advertising and commercial prospecting purposes  related to the services offered by STP, (xvii) supervise the quality of the service  offered by STP to the Data Subject and/or Customer, and (xviii) in case of having to  prove any legal act or fact, display them ((including sensitive or biometric data)  before any authority. Customers are likewise informed that the purposes that give  rise to the existence of the business or legal relationship are those set forth in items  (i) to (vii), as applicable (hereinafter, "Primary Purposes"), and those that will serve  the maintenance and/or fulfillment of the obligations arising from the legal  relationship will be those contained in items (viii) to (xviii) (hereinafter, "Secondary  Purposes").

MECHANISM FOR THE HOLDER TO EXPRESS HIS/HER REFUSAL FOR  SECONDARY PURPOSES.  

Likewise, through this Privacy Notice, STP guarantees the right of its Customers to  express their refusal to the processing of their personal data in relation to the  Secondary Purposes for the business or legal relationship, for which the Customer  must inform STP in writing at the address of the latter, It is understood that the  signature of the same is a sign of the Customer's consent, without prejudice to its  right to revoke the consent previously granted or to exercise its right to oppose the  processing of its data in terms of the applicable provisions, rights that in any case  will be guaranteed by STP. 

COLLECTION AND PROCESSING OF PERSONAL DATA.  

STP collects data from its Customers (i) personally, (ii) by any other means permitted  by the Law and its Regulations, including the recording of telephone calls to STP's  offices, as well as image and voice recording. The data that STP collects from its  Customers are processed through appropriate technical, administrative and digital  means that allow the protection of their information. The data of STP's Customers  are treated secretly and confidentially by STP, which adopts the necessary  measures to avoid their alteration, loss, treatment or unauthorized access. 

For its part, the Customer declares that its data are accurate, authentic and complete  and are the responsibility of the Customer who provides them, thus releasing STP  from any liability in this regard. The Personal Data that Customers freely and  voluntarily provide to STP, include: personal identification data (including images  and voice recording, electronic signature and/or advanced electronic signature),  contact data, employment data, patrimonial or financial data. Likewise, when  providing their Personal Data, Customers also transmit to STP personal documents  such as: valid official identification with photograph, proof of address, bank  statement, proof of tax status, proof of the unique population registry code and digital  seal certificate. 

EXERCISE OF THE RIGHTS OF ACCESS, RECTIFICATION, CANCELLATION  OR OPPOSITION (ARCH RIGHTS).  

Customers shall be responsible for the accuracy, veracity, authenticity and validity  of their Personal Data. STP's Clients have the right to (i) access the Personal Data  collected from them, that is, to know what personal data we have about them, what  we use them for and the conditions of use we give them, (ii) to rectify their Personal  Data, in case they are outdated, inaccurate or incomplete, (iii) to cancel your  Personal Data when, in your opinion, they are not being used in accordance with the  principles, duties and obligations set forth in the Law, its Regulations and applicable  rules, and it is legally appropriate, and (iv) to oppose the processing of such  Personal Data for specific purposes; all of the above in terms of the Law, its  Regulations and the applicable provisions on the matter.

REVOCATION OF CONSENT.  

At any time, the Customer may inform STP of its determination to revoke the consent  previously granted for the processing of Personal Data in accordance with the  purposes described in this Privacy Notice, in order for STP to stop using such data,  provided that the consent to be revoked does not derive from a contractual legal  relationship or transaction agreed with STP, that the law allows it or that it has been  expressly agreed between STP and the Customer. In all cases the revocation of  consent shall not have retroactive effects. The means and procedure for doing so  are mentioned below. 

MEANS AND PROCEDURE FOR THE EXERCISE OF ARCH RIGHTS AND FOR  THE REVOCATION OF CONSENT. 

  1. ARCO Request Requirements. 

In terms of the provisions of the Law, any ARCO Rights Request ("ARCO  Request") must comply with the following requirements: 

  1. Indicate the name of the Data Subject and his/her address, or other means  to communicate the response to his/her request. 
  2. Accompany the documents that allow to prove its identity, or in its case, the  representation of the Personal Data Holder. 
  3. Indicate a clear and precise description of the Personal Data with respect to  which you seek to exercise any of the ARCO Rights. In the case of  rectification of Personal Data, you must indicate the modifications to be  made and provide the documents supporting your request; and 
  4. Indicate and/or accompany any other element or document that facilitates  the location of the Personal Data. 

For the submission of ARCO Requests, the Personal Data Subjects and their  representatives may submit a free written document providing all the minimum  requirements previously indicated. 

  1. Means of submitting ARCO requests or revoking consent. 

In order to make the submission of ARCO Requests simple, Personal Data  Subjects may submit such requests in the following ways: 

  1. Directly at the STP office identified at the beginning of this Privacy Notice. 

The Personal Data Subject must prove his or her identity by means of a  copy of his or her identification document and must show the original for  comparison. The following identification documents are accepted by STP:  INE credential, passport, military service card and professional license. 

If a representative attends, he/she must prove: (i) the identity of the Data  Subject, (ii) his/her identity as representative, and (iii) the existence of the  representation, by means of a public instrument or power of attorney signed 

before two witnesses, or through the declaration of the Data Subject in  personal appearance. 

Acknowledgement of receipt of the ARCO Request will be delivered to the  Data Subject or his/her representative, indicating the date of receipt. 

  1. By e-mail to the address [email protected], as long as it is possible to  reliably identify the Holder by means of authentication mechanisms allowed  by the legal provisions on the matter, and accepted by STP. The use of  advanced electronic signature or the electronic instrument that substitutes  it, shall exempt the presentation of the copy of the identification document.  Receipt will be acknowledged by e-mail indicating the date of receipt of the  ARCO Request. 
  2. Deadline for attention to ARCO Requests. 

The receipt of an ARCO Request does not imply that it is declared admissible by  STP. In the event that the information provided in the ARCO Request is insufficient  or erroneous to process it, or if the necessary documents to process it are not  provided, STP will require the Personal Data Subject or his/her representative,  within 5 business days following the receipt of the ARCO Request, for a single time,  to provide the necessary elements or documents to process it. The Personal Data  Holder or its representative will have 10 business days from the day following  receipt of the request to respond. 

STP will respond to the ARCO Request with the determination reached, within 20  business days from receipt of the request, or if additional information or documents  have been requested, within 20 business days from the day following the  presentation of the response to the request. 

In the event that the ARCO Request is granted, STP will make effective the  determination reached within 15 business days from the date the response is  communicated to the Data Subject or his/her representative. In the case of ARCO  Requests regarding the right of access to Personal Data, the delivery of such data  will be made prior accreditation of the identity of the Data Subject or his/her  representative. 

STP may extend the deadlines to respond to an ARCO Request, and/or to make  effective its reached determination, only once, for periods equal to those indicated  in each case, provided that the area in charge of handling Personal Data matters  considers that the circumstances of the case justify it. In such cases, STP will notify  the Data Subject or his/her representative, the circumstance(s) that justify the  extension, within each of the original deadlines to respond or to make effective the  determination reached.

Responses to ARCO Requests will be delivered to the Personal Data Subject or  his/her representative, by the same means by which the request was submitted,  either by e-mail, directly at the STP office where the ARCO Request was submitted,  or by Mexican postal mail or e-mail in cases where the ARCO Request was  submitted by telephone. The requested information or personal data may be made  available to the Personal Data Subject or his/her representative, in simple copies  or in electronic file depending on the type and quantity of documents involved in  each case. 

For the revocation of consent, it will be sufficient for the Data Subject to make  his/her request by telephone to the Legal Department of STP, or by e-mail to the  address [email protected], proving his/her identity in the terms indicated above  for this route. STP will give a positive response and will make such request  effective, provided that it is not a personal data necessary for the existence,  maintenance and fulfillment of its legal relationship with the Data Subject. 

LIMITATION OF THE USE OR DISCLOSURE OF THEIR PERSONAL DATA.  When the processing of Personal Data does not refer to those necessary to comply  with a legal or contractual obligation (compliance with the legal obligations arising  from the legal relationship existing between the Customer and STP), the Customer  shall have the right to request STP to limit the use and/or disclosure of its Personal  Data by means of the request that STP will provide, so that in case it is appropriate  STP registers the Customer's personal data in the exclusion lists within a term of 20  (twenty) calendar days from the presentation of the respective request. For further  information, please send an e-mail to the following address: [email protected]. 

COOKIES AND WEB BEACONS.  

STP acknowledges that it is possible that the STP Site or any of the platforms,  systems or digital applications used by STP to offer its services and/or products may  make use of Cookies or Web beacons in connection with certain features or  functions.  

For the purposes of this Notice, Cookies are understood as the data file that is stored  in the hard disk of a user's computer equipment or electronic communications device  when browsing a specific Internet site, which allows the exchange of status  information between such site and the user's browser, and the status information  may reveal means of session identification, authentication or user preferences, as  well as any other data stored by the browser with respect to the Internet site; and  by Web beacons, the visible or hidden image inserted within a website or e-mail,  which is used to monitor the user's behavior in these media, and through these it is  possible to obtain information such as the IP address of origin, browser used,  operating system, time at which the page or system was accessed, and in the case  of e-mail, the association of the above data with the addressee.

Notwithstanding the foregoing, the Client may deactivate Cookies and Web beacons  in its browser, delete them or manage their use through the configuration of its  browser at any time, in the understanding that such actions could cause a deficiency  in the performance and/or operation of the STP Site or any of the platforms, systems 

or digital applications that the latter uses to offer its services and/or products, derived  from the fact that certain functionalities are only available through the use of Cookies  or Web beacons. 

TRANSFER OF PERSONAL DATA BY STP.  

STP uses the Personal Data of its Customers exclusively for the purposes indicated  in this Privacy Notice and keeps them for the time indicated by the legal provisions.  STP only shares and/or transfers the Personal Data of its Clients with third parties  (i) when the Client contracts another product and/or service through STP, (ii) with  its affiliated companies, being one of these, Servicio de Transmisión de Pagos, S.A.  de C.V. or any other that within its shareholding structure, has one or more  shareholders in common with STP, for the purpose of complying with the Purpose  of Data Processing section of this Notice, (iii) when we assign and/or dispose of the  accounts receivable portfolio, (iv) to make payment requirements with respect to  uncollected invoices derived from the provision of services, (v) for the rendering of  services, (vi) for consultation, verification and processing of the data and information  provided by the Client through third parties or the persons hired by the latter for such  purpose, (vii) when required by law or by order of a duly founded and motivated  competent authority, and (viii) in the cases indicated in article 37 of the Law. Apart  from the aforementioned cases, the Client trusts that his/her Personal Data will not  be transferred to third parties without his/her express consent. 

In any case, STP guarantees that the purposes of the processing of the Customer's  Personal Data will be respected by the third party recipients when any of the  aforementioned transfers take place. The third parties receiving the personal data of  the Customers may be companies engaged in or having a similar line of business to  STP, financial institutions (national or foreign), and individuals and legal entities that  provide services to STP. 

The purposes of the aforementioned transfers will pursue (i) compliance with the  provisions regarding Personal Data by STP, (ii) the maintenance and/or fulfillment  of the obligations and rights contracted through the contracts entered into with the  Customers, (iii) the processing of personal data with third parties, (iv) the protection  of STP's payment rights, (v) the guarantee of any right derived from the contracts  entered into by STP, (vi) the protection of the rights of the Customers and (vii) the  advertising and promotion of the financial products offered by STP to its Customers. 

In this act, the Client hereby agrees that STP may carry out the transfers in the  aforementioned cases, to the aforementioned third party recipients and for the  aforementioned purposes, and therefore signs this Privacy Notice with full  knowledge and consent.

COMMUNICATION OF MODIFICATIONS.  

This Privacy Notice may be modified at such time and in such manner as STP may  determine, in accordance with the regulations on the protection of personal data that  may be issued, the needs of STP by virtue of the products and/or services it offers  and the privacy practices of STP, and therefore, any update, change and/or total or  partial modification to this Privacy Notice shall be made known to the Customer  directly at STP's domicile, as well as through our website https://stp.mx/, informing  of the modification through a pop-up, so that the Client may be able to exercise  his/her ARCO rights. 

INFORMATION ABOUT INAI.  

If the Client considers that its right to the protection of its Personal Data has been  violated by any conduct or omission on the part of STP, or presumes any violation  of the provisions set forth in the Law, its Regulations and other applicable  regulations, it may file a complaint with the Instituto Nacional de Transparencia,  Acceso a la Información y Protección de Datos Personales (INAI). For further  information, the Customer should visit its official website www.inai.org.mx. 

CONSENT FOR THE PROCESSING OF SENSITIVE DATA.  

In the case of contracting any service and/or product, through electronic or digital  means, I expressly consent and authorize that my sensitive or biometric Personal  Data, such as my image and voice, be processed by STP in accordance with the  provisions of this Privacy Notice, and for such purpose, I give my consent using  electronic means, in terms of the provisions of articles 1803 of the Código Civil  Federal and 9 of the Law, which is stated in the authorization granted through such  means. 

Date of last update: April 30, 2024.
Solutions About Us API’s Contact FAQs Security Tips
Risk disclosure policies
Intrinsic risks Risk mitigation Risk, exchange platform
Privacy policy
Customers privacy policy Employees privacy policy Candidates privacy policy CONDUSEF BURÓ
STP
Information Security policy Terms and conditions Adhesion contracts Products / Requirements
Customers are informed that SISTEMA DE TRANSFERENCIAS Y PAGOS STP, S.A. DE C.V. Institución de Fondos de Pago Electrónico, is authorized, regulated and supervised by the financial authorities; additionally it is informed that the federal government and public state-owned managerial companies cannot be responsible or guarantee the users’ resources used during the transactions made by the customers with STP or with third parties, neither any responsibility for the taken obligations of STP or any other user in front of another, by virtue of the transactions conducted.
Corporate office Mexico City
Corporate office Mexico City
Av. Insurgentes Sur 1425, Insurgentes Mixcoac, Benito Juárez, 03920 Ciudad de México, CDMX
Tel: 55 52648418 Opción 2-2-2
Corporate office Querétaro
Business Park II, Av. Antea 1090, Jurica, 76100 Santiago de Querétaro, Qro. Piso 9
Corporate office Monterrey
Blvd. Antonio L. Rodríguez 18888, Piso 4, Col. Santa María, 64650 Monterrey, Nuevo León.
Follow us in:
@stpfintech
Check Costs and commissions of our products

¡Gracias por contactarnos!

Uno de nuestros asesores se comunicará contigo lo más pronto posible
Ir a la página principal
Protección de clientes emisores:
En apego a la Circular 14/2017 emitida por Banco De México, STP cuenta con mecanismos de protección de clientes emisores para ordenes de transferencia aceptadas por SPEI no instruidas por ellos.
Sistemas alternos de envío y políticas de continuidad de negocio:​
STP reconoce que existen amenazas significativas ante la posibilidad de la ocurrencia de un incidente o desastre que afecte la operación, como también la necesidad de recuperarse en el menor tiempo posible.

Por lo anterior y en cumplimiento a la Ley para Regular las Instituciones de Tecnología y la Circular 14/2017, STP cuenta con procedimientos de continuidad operativa ante la ocurrencia de eventos que afecten la operación de STP.
Declaración de Riesgos respecto a operaciones con Monedas o Activos Virtuales.
STP NO ES OPERADOR, ADMINISTRADOR, NI PARTICIPA EN LA COMPRA Y VENTA DE MONEDAS o ACTIVOS VIRTUALES conocidas como criptomonedas, únicamente actúa como receptor de recursos en Moneda Nacional de las plataformas de negociación (exchange) de estas criptomonedas; los clientes o usuarios de dichas plataformas asumen los riesgos de adquirir las monedas o activos virtuales, por lo que cualquier aclaración sobre estas operaciones, la deberán solicitar directamente con la plataforma que les abrió la cuenta de criptomonedas.