This privacy policy (the “Privacy Policy”) is applicable to the use of the services offered in the mobile app known as “Drixit Mobile App” for iOS and Android (the “Platform”), which is provided by the Responsible Party, whose details and definitions are set out in Clause Thirteen of this Privacy Policy (“DRIXIT”).
DRIXIT offers a Platform which provides a service that is integrated to the personal protection equipment installed in the User’s cell phone device. The Platform is connected with some third-party softwares and sensors that enable DRIXIT the provision of information obtained to the employer. This data may consist in the rate and position of the User either at indoor or outdoor areas, identifying, among other things, the geolocation of the User, allowing to know if they comply with the rules of social distancing predisposed or even if they fall down or suffer serious strokes, also, the Platform offers an anti-panic button to allow them to communicate when they are in a dangerous situation (the “Services”).
For the purposes of this Privacy Policy, the “Users” or the “User” means any person who use or access the Platform or use the Services offered by DRIXIT. The Users will be considered together with DRIXIT as the “Parties” or the “Party” individually.
DRIXIT has drafted this document in order to notify the User about: (i) data controller contact information (ii) the categories of personal data that DRIXIT collects and processes through the Platform; (iii) how it treats Users’ personal data; (iv) the contact details and information of those third parties to whom DRIXIT communicates or discloses personal data and the reasons for such actions; and (v) the rights and options that DRIXIT offers to the personal data subjects in the event that they opt to have access to them; (vi) also, DRIXIT will describe the security and privacy practices applied and how Users can communicate with DRIXIT to learn about its privacy practices.
BEFORE NAVIGATING AND/OR USING THE PLATFORM AND/OR THE SERVICES, PLEASE READ THIS PRIVACY POLICY CAREFULLY. IF YOU DO NOT AGREE WITH THIS PRIVACY POLICY, YOU SHOULD REFRAIN FROM USING THE PLATFORM AND/OR THE SERVICES.
### 1. DATA CONTROLLER
1.1. DRIXIT´s Responsible Party, whose specifications are set forth in the Clause thirteenth of this Privacy Policy, will be the company in charge of the processing of personal data that the User provides on the Platform, or that are collected or processed by, for or through the Services, or in connection with them.
This Privacy Policy and its updates will apply to any compilation, use and disclosure of the User’s personal information.
DRIXIT respects and constantly strives to comply with the European General Data Protection Regulation 2016/679 (“GDPR”) to protect, ensure and preserve the rights of those Users who access the Platform. Additionally, DRIXIT acknowledges the importance of complying with the Brazilian General Data Protection Law (LGPD), and will ensure that the processing of personal data of Brazilian users is done in accordance with the requirements of this law. For this reason, the Users may contact DRIXIT, at any time, if they have any questions about this Privacy Policy, or its implementation, by sending an email to [email protected].
### 2. WHAT INFORMATION DOES DRIXIT COLLECT AND HOW IS COLLECTED?
2.1. The User’s personal data (hereinafter, the “Personal Data”) will only be processed by DRIXIT, due to the express consent given through the acceptance of this Privacy Policy by checking the box or clicking on the specific button placed on the Platform.
2.2. Users will find a list of all the information that DRIXIT may request and collect through the Platform as described below:
#### Information provided by User.
In order to use DRIXIT Services, Users will have to register an account on the Platform. For this purpose, DRIXIT will require the Users’ full name and telephone number.
#### Passively Collected Information.
When the User accesses the Platform, DRIXIT will be able to automatically collect and store certain information, including the device’s Internet Protocol (IP) address and other technical information related to its use, such as browser type and version, time zone configuration, operating system, usage sessions, time spent on the Platform, frequency of use, as well as information on how the User uses the Platform and its functionalities.
Also, DRIXIT will collect and process geolocation data from the navigation system of the User’s device for the provision of the Services. Such location data will only be collected by DRIXIT from Users’ mobile devices if they allow it through their privacy settings on their devices. Without this authorization Services cannot be fully provided.
In case the User allows it, this data will be collected by DRIXIT while the Platform is running in the foreground (open and on-screen) or background (open but not on-screen) of the User’s device.
#### Information from other sources.
DRIXIT may receive information about the User from other sources such as public sources, or third parties. DRIXIT may require, at its discretion, the information to provide the Services or to the perform of the Platform.
### 3. PERSONAL DATA TREATMENT PURPOSES
3.1. DRIXIT may use the information provided by the Users and collected by DRIXIT for the purposes described below:
To perform the User’s login in the Platform. Before using the Services, DRIXIT will ask the Users their Personal Data to verify their identity and authenticate their visits;
– To provide the User with the Services according to their requirements by offering them the best experience on the Platform, as well as to develop and implement new services and functionalities into the Platform. The storage by DRIXIT of the IP number of the User’s devices allows the User to be identified at the time of login to their individual accounts, and also facilitates the diagnosis of any connection problems that may exist in the Platform, improving the Service quality;
– To offer the Services on the Platform allowing, among other functions, the generation of charts and metrics of each employer, enabling the visualization, through the User’s location, of the amount of days free of accidents, the most frequent incidents, the activities or groups exposed to risk of accidents, the areas where the social distancing is not being fulfilled, among other User’s actions. Furthermore, the geolocation is requested to ensure adequate assistance to the User in case of an emergency situation through the use of the panic button;
– To share the User’s personal information with companies contracted by DRIXIT as service providers of computer systems, cloud services and/or databases, according to DRIXIT’s instructions and in compliance with the terms of this Privacy Policy. In all cases, DRIXIT will ensure the enforcement of confidentiality and security standards, by signing agreements focused on the privacy of the Personal Data of the Users and in accordance with the applicable legislation;
– To contact Users if necessary for updates on the Service offered by DRIXIT through the Platform and/or to inform about new versions of this Privacy Policy;
– To implement mechanisms for managing queries, suggestions and complaints from Users inside the Platform or through DRIXIT’s contact lines.
3.2. By accepting this document, the User agrees to the practices for the handling practices as described in this Privacy Policy. Thus, the User gives its free, express and informed consent for their Personal Data to be used for the purposes mentioned above, and authorizes
### 4. USE OF THE COLLECTED INFORMATION
4.1. DRIXIT shall store and use the information provided by the Users and collected by DRIXIT for the maximum term established by applicable law to analyze it and to provide the Users with the best Service possible.
4.2. Any person who has provided personal information through the Platform, may send an email to [email protected] to update, delete and/or correct his personal information.
4.3. DRIXIT may disclose User Personal Data and/or personal information, if necessary, to other Users such as employers, authorities, DRIXIT’s partners and other third parties, for example, third-party suppliers of services related to the Service, in order to perform communications, IT and other infrastructure services, as well as to customize and improve the Service.
In the event that DRIXIT engages a third-party service provider, DRIXIT will only provide them with the necessary information required to perform its specific tasks, this may include Personal Data and other information that the User provides through the Platform.
4.4. The information may be shared by DRIXIT with its partners and with other companies or similar sites or services for the purposes described in this Privacy Policy. These companies or sites generally have their own policies regarding the protection of your data privacy. However, DRIXIT will make its best efforts to ensure the protection and privacy of the information shared is protected by the legislation in force. If necessary, DRIXIT will try to subscribe agreements about data protection and privacy of information. Notwithstanding the foregoing, DRIXIT shall not be liable for damages caused by such companies and / or Internet sites regarding such companies’ obligation about the protection, confidentiality and privacy of the data they process.
4.5. The Platform may contain links to other websites owned by third parties unrelated with DRIXIT. As a consequence, this Privacy Policy does not apply and DRIXIT shall not be responsible for the actions of those websites. DRIXIT recommends you review the detailed privacy policy on those websites to understand the information collection procedures they use and how they protect your information.
### 5. DATA TRANSFER
5.1. Only for the purposes set forth in this Privacy Policy and to provide the Service, DRIXIT may disclose Personal Data and/or personal information, when necessary, to authorities, DRIXIT’s partners, and other third parties, such as third-party service providers used to provide the Service.
In the event that DRIXIT contracts with third-party service providers, DRIXIT will only disclose the necessary information to perform their specific function, which may include Personal Data and other information that the User sends through the Platform. Each of these third-party service providers will be authorized to use Personal Data only as needed for providing the Services.
Likewise, DRIXIT may share Users’ Personal Data with other members, subsidiaries or associates as necessary to offer the Services through the Platform. In addition, DRIXIT may share Personal Data with any law enforcement agencies, authorities or other third parties if DRIXIT considers that it is legally obliged to do so or if such disclosure is reasonably necessary.
5.2. In some cases, such as the Republic of Argentina, Personal Data may be transferred outside the country to jurisdictions that offer the same or better levels of privacy protection. In case that Personal Data is transferred to any country with lower levels of protection, DRIXIT will perform these transfers under the appropriate safeguards and security measures, including signing agreements with standard data protection clauses approved by the legal authority.
Therefore, Users understands consents and accepts, through the present Privacy Policy, that their Personal Data may be transferred to other countries with or without an adequate standard of protection. In the event that the User revokes its consent, this will not affect the actions taken by DRIXIT.
### 6. CONFIDENTIALITY AND SECURITY OF INFORMATION
6.1. DRIXIT has adopted reasonable security measures to protect the User’s information and to prevent unauthorized access to the User’s Personal Data or any unauthorized modification, disclosure, or destruction of such information. In particular, DRIXIT takes the following security measures in order to provide an adequate security level:
– Service architecture: All the services are provided from the same private network, unavailable to the general public, and can only be consulted through the DRIXIT API. Within the access method the access is by JWT or SSO (single sign on). The security of this method, combined with the selection of secure servers, contributes to a significant improvement in the management of the User’s Personal Data;
– Data Encryption: Personal Data will be encrypted when it is in traffic and at rest. DRIXIT will protect the information in transit using Transport Layer Security (TLS) 1.2 or 1.3 which is a cryptographic protocol designed to provide communications security over a computer network. Meanwhile, data at rest will be protected by the Advanced Encryption Standard 256 (AES), which is a symmetric encryption algorithm.
6.2. DRIXIT has internal policies that keep User’s personal information private and confidential. DRIXIT does not share Personal Data with third parties except as described in this Privacy Policy. The information collected by DRIXIT will be kept strictly confidential. Access to Personal Data is restricted to those users, employers, employees, contractors, operators, and representatives of DRIXIT who need to access to such data to perform their duties and use, develop or improve the Services. The same standards of confidentiality are required by DRIXIT to its suppliers.
DRIXIT not allow the access to this information to third parties unrelated to DRIXIT, unless the User expressly requests it.
6.3. Notwithstanding the above, considering that the Internet is an open system, with public access, DRIXIT cannot guarantee that unauthorized third parties cannot eventually overcome the security measures and use the User’s information improperly. In any case, DRIXIT maintains security and incident response plans to control incidents related to unauthorized access to private information we collect or store.
### 7. USERS RIGHTS
7.1. DRIXIT undertakes, using all resources at its disposal, to assist Users to access, rectify, delete or update their Personal Data, unless DRIXIT is able to deny such requests because it is under obligation or is entitled to keep such Personal Data according to the applicable legislation.
7.2. Users may access, update, delete or correct their Personal Data through the Platform by themselves. in the event that for any reason this is impossible, the User should send an e-mail to [email protected]. DRIXIT will be able to require the User to identify themselves, as well as, to indicate the Personal Data requested to be accessed, rectified or removed.
7.3. DRIXIT may refuse to process any requests that are unreasonably repetitive or systematic, require a disproportionate technical effort, compromise the User’s privacy, are considered impractical, or where access to the Personal Data is not necessary.
7.4. The service of access, rectification and deletion of Personal Data will be provided by DRIXIT free of charge, unless this requires an unreasonable or excessive effort, in which case an administration fee may be charged.
7.5. If the User considers that its rights are violated under the personal data protection laws in force, the User will have the right to exercise the right of access, portability, rectification, or removal thereof free of charge to the applicable authority according to the country where the User is located:
##### ARGENTINA:
The User may contact the Agencia de Acceso a la Información Pública through the following addresses:
Av: Av. Pte. Julio A. Roca 710, 2nd Floor – City of Buenos Aires.
www.argentina.gob.ar/aaip / [email protected] / Phone: +5411-2821-0047
THE USER IS ENTITLED TO EXERCISE THE RIGHT OF ACCESS TO ITS PERSONAL DATA FREE OF CHARGE FOR A PERIODICITY OF NO LESS THAN SIX MONTHS UNLESS THERE IS A LEGITIMATE INTEREST TO DO SO UNDER ARTICLE 14, PARAGRAPH 3 OF LAW NO. 25.326 OF THE REPUBLIC OF ARGENTINA. THE ENFORCEMENT AUTHORITY (IN THE REPUBLIC OF ARGENTINA, AGENCIA DE ACCESO A LA INFORMACIÓN PÚBLICA, THE SUPERVISING ORGAN OF LAW NO. 25.326), HAS THE AUTHORITY TO DEAL WITH COMPLAINTS AND CLAIMS PRESENTED CONCERNING THE NON- COMPLIANCE WITH PERSONAL DATA PROTECTION REGULATIONS.
### 8. RETENTION OF PERSONAL DATA
8.1. DRIXIT will conserve the Personal Data collected from the Users for 2 years after the conclusion of the Service, to ensure the rights of the Parties and Platform’s performance. After this period, DRIXIT will use the appropriate methods to destroy them securely, or in some cases will anonymize it.
### 9. CORPORATIVE CHANGES
9.1. DRIXIT may transfer the information collected in case DRIXIT merges or sells its business or in case of acquisition of DRIXIT’s principal assets, or any other kind of transfer from DRIXIT to another entity and/or between DRIXIT subsidiaries. If so, DRIXIT shall take all reasonable measures to ensure that such information is used in a consistent way as described in this Privacy Policy.
### 10. EXCEPTIONS
10.1. Notwithstanding any other statement in this Privacy Policy, DRIXIT will be allowed to disclose certain User’s personal information if DRIXIT reasonably determines that such disclosure is necessary for the following purposes:
– To prevent a legal responsibility;
– To comply with a legal requirement, such as a warrant, court order or citation;
– To comply with a governmental or other regulatory requirement; and/or
– To protect the rights, property or safety of DRIXIT, the User, or a third party.
### 11. CHANGES TO THIS PRIVACY POLICY
11.1. DRIXIT may modify the Privacy Policy at any time. The new versions of the Privacy Policy will be notified to the e-mail addresses indicated by the User in the registration and/or at any other time. The User must read and accept the updated versions of the Privacy Policy.
### 12. CONTACT
12.1. If the User has any questions about the Privacy Policy, or about the Platform, please contact DRIXIT, at any time, via email at [email protected].
### 13. DEFINITIONS
13.1. “Responsible Party”: means the party identified in the following chart, according to the country where the User has made its account register. If the User replaces its Registration Country with another related to a different Responsible Party, as identified below, the User accepts that the present Privacy Policy will be assigned to the new Responsible Party with no action required by any of the Parties.