DRIXIT offers a Platform which provides a service that is integrated to the personal protection equipment installed in the User’s cell phone device. The Platform is connected with some third-party softwares and sensors that enable DRIXIT the provision of information obtained to the employer. This data may consist in the rate and position of the User either at indoor or outdoor areas, identifying, among other things, the geolocation of the User, allowing to know if they comply with the rules of social distancing predisposed or even if they fall down or suffer serious strokes, also, the Platform offers an anti-panic button to allow them to communicate when they are in a dangerous situation (the “Services”).
DRIXIT has drafted this document in order to notify the User about: (i) data controller contact information (ii) the categories of personal data that DRIXIT collects and processes through the Platform; (iii) how it treats Users’ personal data; (iv) the contact details and information of those third parties to whom DRIXIT communicates or discloses personal data and the reasons for such actions; and (v) the rights and options that DRIXIT offers to the personal data subjects in the event that they opt to have access to them; (vi) also, DRIXIT will describe the security and privacy practices applied and how Users can communicate with DRIXIT to learn about its privacy practices.
### 1. DATA CONTROLLER
### 2. WHAT INFORMATION DOES DRIXIT COLLECT AND HOW IS COLLECTED?
2.2. Users will find a list of all the information that DRIXIT may request and collect through the Platform as described below:
#### Information provided by User.
In order to use DRIXIT Services, Users will have to register an account on the Platform. For this purpose, DRIXIT will require the Users’ full name and telephone number.
#### Passively Collected Information.
When the User accesses the Platform, DRIXIT will be able to automatically collect and store certain information, including the device’s Internet Protocol (IP) address and other technical information related to its use, such as browser type and version, time zone configuration, operating system, usage sessions, time spent on the Platform, frequency of use, as well as information on how the User uses the Platform and its functionalities.
Also, DRIXIT will collect and process geolocation data from the navigation system of the User’s device for the provision of the Services. Such location data will only be collected by DRIXIT from Users’ mobile devices if they allow it through their privacy settings on their devices. Without this authorization Services cannot be fully provided.
In case the User allows it, this data will be collected by DRIXIT while the Platform is running in the foreground (open and on-screen) or background (open but not on-screen) of the User’s device.
#### Information from other sources.
DRIXIT may receive information about the User from other sources such as public sources, or third parties. DRIXIT may require, at its discretion, the information to provide the Services or to the perform of the Platform.
### 3. PERSONAL DATA TREATMENT PURPOSES
3.1. DRIXIT may use the information provided by the Users and collected by DRIXIT for the purposes described below:
To perform the User’s login in the Platform. Before using the Services, DRIXIT will ask the Users their Personal Data to verify their identity and authenticate their visits;
– To provide the User with the Services according to their requirements by offering them the best experience on the Platform, as well as to develop and implement new services and functionalities into the Platform. The storage by DRIXIT of the IP number of the User’s devices allows the User to be identified at the time of login to their individual accounts, and also facilitates the diagnosis of any connection problems that may exist in the Platform, improving the Service quality;
– To offer the Services on the Platform allowing, among other functions, the generation of charts and metrics of each employer, enabling the visualization, through the User’s location, of the amount of days free of accidents, the most frequent incidents, the activities or groups exposed to risk of accidents, the areas where the social distancing is not being fulfilled, among other User’s actions. Furthermore, the geolocation is requested to ensure adequate assistance to the User in case of an emergency situation through the use of the panic button;
– To implement mechanisms for managing queries, suggestions and complaints from Users inside the Platform or through DRIXIT’s contact lines.
### 4. USE OF THE COLLECTED INFORMATION
4.1. DRIXIT shall store and use the information provided by the Users and collected by DRIXIT for the maximum term established by applicable law to analyze it and to provide the Users with the best Service possible.
4.2. Any person who has provided personal information through the Platform, may send an email to [email protected] to update, delete and/or correct his personal information.
4.3. DRIXIT may disclose User Personal Data and/or personal information, if necessary, to other Users such as employers, authorities, DRIXIT’s partners and other third parties, for example, third-party suppliers of services related to the Service, in order to perform communications, IT and other infrastructure services, as well as to customize and improve the Service.
In the event that DRIXIT engages a third-party service provider, DRIXIT will only provide them with the necessary information required to perform its specific tasks, this may include Personal Data and other information that the User provides through the Platform.
### 5. DATA TRANSFER
In the event that DRIXIT contracts with third-party service providers, DRIXIT will only disclose the necessary information to perform their specific function, which may include Personal Data and other information that the User sends through the Platform. Each of these third-party service providers will be authorized to use Personal Data only as needed for providing the Services.
Likewise, DRIXIT may share Users’ Personal Data with other members, subsidiaries or associates as necessary to offer the Services through the Platform. In addition, DRIXIT may share Personal Data with any law enforcement agencies, authorities or other third parties if DRIXIT considers that it is legally obliged to do so or if such disclosure is reasonably necessary.
5.2. In some cases, such as the Republic of Argentina, Personal Data may be transferred outside the country to jurisdictions that offer the same or better levels of privacy protection. In case that Personal Data is transferred to any country with lower levels of protection, DRIXIT will perform these transfers under the appropriate safeguards and security measures, including signing agreements with standard data protection clauses approved by the legal authority.
### 6. CONFIDENTIALITY AND SECURITY OF INFORMATION
6.1. DRIXIT has adopted reasonable security measures to protect the User’s information and to prevent unauthorized access to the User’s Personal Data or any unauthorized modification, disclosure, or destruction of such information. In particular, DRIXIT takes the following security measures in order to provide an adequate security level:
– Service architecture: All the services are provided from the same private network, unavailable to the general public, and can only be consulted through the DRIXIT API. Within the access method the access is by JWT or SSO (single sign on). The security of this method, combined with the selection of secure servers, contributes to a significant improvement in the management of the User’s Personal Data;
– Data Encryption: Personal Data will be encrypted when it is in traffic and at rest. DRIXIT will protect the information in transit using Transport Layer Security (TLS) 1.2 or 1.3 which is a cryptographic protocol designed to provide communications security over a computer network. Meanwhile, data at rest will be protected by the Advanced Encryption Standard 256 (AES), which is a symmetric encryption algorithm.
DRIXIT not allow the access to this information to third parties unrelated to DRIXIT, unless the User expressly requests it.
6.3. Notwithstanding the above, considering that the Internet is an open system, with public access, DRIXIT cannot guarantee that unauthorized third parties cannot eventually overcome the security measures and use the User’s information improperly. In any case, DRIXIT maintains security and incident response plans to control incidents related to unauthorized access to private information we collect or store.
### 7. USERS RIGHTS
7.1. DRIXIT undertakes, using all resources at its disposal, to assist Users to access, rectify, delete or update their Personal Data, unless DRIXIT is able to deny such requests because it is under obligation or is entitled to keep such Personal Data according to the applicable legislation.
7.2. Users may access, update, delete or correct their Personal Data through the Platform by themselves. in the event that for any reason this is impossible, the User should send an e-mail to [email protected]. DRIXIT will be able to require the User to identify themselves, as well as, to indicate the Personal Data requested to be accessed, rectified or removed.
7.3. DRIXIT may refuse to process any requests that are unreasonably repetitive or systematic, require a disproportionate technical effort, compromise the User’s privacy, are considered impractical, or where access to the Personal Data is not necessary.
7.4. The service of access, rectification and deletion of Personal Data will be provided by DRIXIT free of charge, unless this requires an unreasonable or excessive effort, in which case an administration fee may be charged.
7.5. If the User considers that its rights are violated under the personal data protection laws in force, the User will have the right to exercise the right of access, portability, rectification, or removal thereof free of charge to the applicable authority according to the country where the User is located:
The User may contact the Agencia de Acceso a la Información Pública through the following addresses:
Av: Av. Pte. Julio A. Roca 710, 2nd Floor – City of Buenos Aires.
www.argentina.gob.ar/aaip / [email protected] / Phone: +5411-2821-0047
THE USER IS ENTITLED TO EXERCISE THE RIGHT OF ACCESS TO ITS PERSONAL DATA FREE OF CHARGE FOR A PERIODICITY OF NO LESS THAN SIX MONTHS UNLESS THERE IS A LEGITIMATE INTEREST TO DO SO UNDER ARTICLE 14, PARAGRAPH 3 OF LAW NO. 25.326 OF THE REPUBLIC OF ARGENTINA. THE ENFORCEMENT AUTHORITY (IN THE REPUBLIC OF ARGENTINA, AGENCIA DE ACCESO A LA INFORMACIÓN PÚBLICA, THE SUPERVISING ORGAN OF LAW NO. 25.326), HAS THE AUTHORITY TO DEAL WITH COMPLAINTS AND CLAIMS PRESENTED CONCERNING THE NON- COMPLIANCE WITH PERSONAL DATA PROTECTION REGULATIONS.
### 8. RETENTION OF PERSONAL DATA
8.1. DRIXIT will conserve the Personal Data collected from the Users for 2 years after the conclusion of the Service, to ensure the rights of the Parties and Platform’s performance. After this period, DRIXIT will use the appropriate methods to destroy them securely, or in some cases will anonymize it.
### 9. CORPORATIVE CHANGES
### 10. EXCEPTIONS
– To prevent a legal responsibility;
– To comply with a legal requirement, such as a warrant, court order or citation;
– To comply with a governmental or other regulatory requirement; and/or
– To protect the rights, property or safety of DRIXIT, the User, or a third party.
### 12. CONTACT
### 13. DEFINITIONS