WELCOME TO HEXAGON MATCH!
These Terms are binding between the person (“You” or the “User”) using the Hexagon Match platform (the “Platform”) and Hexagon Data S.A.P.I. de C.V. (“We” or “Hexagon Data”). The use of the Platform and the service provided herein will be governed by these Terms. This is a binding contract for the use of the Platform located at: https://www.hexagondata.com/match/.
The Data Processing Agreement for Hexagon Match (“DPA Match”) forms part of and is subject to these Terms.
By accessing, using the Platform and/or creating a profile on the Platform, you agree to these Terms.
To use the Platform and be bound by these Terms you must be of legal age. Under no circumstances we allow access and use of the Platform by minors under 18 years. The service is not intended for users as individuals but for businesses and companies (the “Company” and/or “Costumer”).
The Platform offers the Data Onboarding service. It consists of finding a match between offline data and online data of the Company. Hexagon Data may also offer additional and complementary products to this service within the Platform, which will be subject to specific terms. (Collectively referred to as the “Services and Products”).
The specific terms, costs and validity of the Services and Products will depend on the requirements, negotiations and agreements with each Customer. These Terms apply to the general use of the Platform.
The use of the Platform is subject to a License Agreement between the Customer and Hexagon Data (the “Agreement”). Hexagon Data grants a temporary, non-exclusive, revocable and limited license for the Client to use the Platform according to the Agreement and these Terms.
To hire our services, you must follow a registration process (the “Customer Registration”). The main reason for this process is that the Platform is designed for specific niche companies. In commitment with our customers, we want to make sure that your business would benefit from the Services and Products. If it’s not the case, we will refer to another product or service from Hexagon Data that suits your needs best, otherwise, we will inform you that our services are not suitable for your Company. Hexagon Data reserves the right to reject the Customer Registration based on a negative result of the Data Verification process. Under no circumstances will we reject an application based on discrimination against an individual or company.
The Customer Registration process is as follows:
1 To make a request for the Customer Registration (the “Application”), you must complete the automated form in the Platform (the “Registration Form”).
2 Once the Registration Form has been completed, you will receive a response via email or by a phone call in which we will inform you any of the following circumstances:
a. The Application is accepted given that you qualify for the Customer Registration process. We will remain in contact to request additional documentation to complete the Customer Registration.
b. At the moment your Application is rejected and you do not qualify for the Customer Registration process. We will ask your consent to contact you in the future to offer you new services or to invite you to complete a new Registration Form.
c. It is necessary to confirm the information provided.
3 Once the Application has been accepted, we will proceed to sign the License Agreement where the Services and Products hired by the Customer will be specified.
The process takes approximately 15 (fifteen) working days; however, we reserve the right to (i) exceed such period, as well as (ii) in case of not qualifying for the Customer Registration, to delete your Data at any time during the procedure. The Customer Registration process is subject to the “Data Verification” section, applicable to the documentation you have provided. If you wish to know how Hexagon Data processes your data, please read the section of “Privacy and Protection of Personal Data”.
PROFILE CREATION AND DASHBOARD ACCESS
Once the Customer Registration process has been completed, an Administrator Profile will be created for a person designated by the Customer. The Administrator will be able to create other users accounts (jointly the “Users” and individually the “User”). All the Users shall belong or be part of the Company.
The Administration Profile has tools to allow the creation of different User accounts with two access modes: editing and reading. The Administrator chooses at his own discretion the type of access allowed to each User.
Both the Administrator and subsequent Users, upon registration, will receive a welcome email with instructions on how to access the Platform as well as the access code to their “Dashboard”. Every User is bound to these Terms.
The User undertakes to upload only First Party Data collected by the Company itself.
LEAD AD PRODUCT
Lead Ad is a product that is part of Hexagon Match. Its purpose is to keep the user’s records in the Customer’s websites to automate the Onboarding process and get the match rate. The Customer can make Lead Ad campaigns with its own personalized format.
The use of Lead Ad is subject to the License Agreement held between the Customer and Hexagon Data.
The right of each User to use the Platform is personal, limited to its internal business purposes, non-transferable, non-exclusive, revocable and at all times subject to the fulfilment of these Terms.
It is strictly forbidden to reproduce, modify, alter, distribute any copy, publicly communicate, transform, mutilate, make changes or any type of use or exploitation of the Platform other than the permitted by these Terms, in whole or in part, by any means known or to be known in the future. Likewise, it is strictly forbidden to carry out any process of reverse engineering for the purpose of using or altering any of the modules, source code and/or object of code of the Platform, without prior written authorization from Hexagon Data.
The User shall be solely responsible for ensuring and maintaining the confidentiality and security of the personal key and password used for their Platform User account. The User agrees not to disclose their personal key to any third party and will be held responsible if it is stolen. The User commits to immediately inform Hexagon Data of any suspicion that their password may have been compromised and request Hexagon Data to change their password. Furthermore, the User shall cooperate with Hexagon Data in the investigation of security incidents or risks, as well as to execute the actions agreed to mitigate any incidents and to minimize the risk detected.
All Users must comply with these Terms to make proper use of the Platform. In the case that it is of our understanding that any of the Users do not comply with these Terms, we will notify the Administrator and/or the Company. At the discretion of Hexagon Data, the User may be removed and the information uploaded to the Platform may be deleted. If the breach persists, it can cause the termination of the Agreement.
By accessing, using and/or creating a profile on the Platform you agree and authorize that Hexagon Data, by itself or through an authorized third party, may at any time verify the data you provide, including your identity and of the legal entity you represent.
In case that the information provided to create a Profile is false or inaccurate, Hexagon Data may, at its entire discretion, deny access to the Platform as well as remove any content related to the User. You may exercise your personal data rights at any time, as provided in the section of “Privacy and Protection of Personal Data”.
THIRD PARTY INFORMATION
The Platform is not designed to integrate third party information, in other words, data acquired from sources completely external to the Customer, usually through data providers and brokers. If any User uploads this type of data, Hexagon Data reserves the right to immediately delete and notify the incident to the Administrator and/or Company. Hexagon Data disclaims any liability that may result from failure to comply with this requirement.
Confidential Information is all information that has been, is or will be provided or disclosed, in any medium or form, directly or indirectly, by a party, including its affiliates, subsidiaries and/or customers, unless such information is expressly identified as “Public” or “Non-Confidential”. The confidential information provided, past, present and future, is and will remain the property of the disclosing party.
The User agrees not to take possession of, use or exploit, directly or indirectly, by himself or by third parties, for his own benefit or for the benefit of third parties Hexagon Data’s confidential information, to which he has had, has or will have access. The User agrees to take all reasonable measures to avoid any prohibited disclosure and/or misuse of the confidential information.
PERSONAL DATA PROTECTION AND PRIVACY
Hexagon Data processes data as (a) Controller and (b) Processor.
a. Hexagon Data may process the Customer’s personal data during the Customer Registration process and by virtue of the contractual relationship. We act as the Controller. These personal data will be treated in accordance with the Privacy Notice.
b. While providing the Products and Services, Hexagon Data may process data on behalf of the Customer (including data collected or generated through the use of the Platform). In this case, Hexagon Data is the Processor and is governed by the DPA Match.
If the Customer or any third party would like to exercise their rights over the personal data we process, they can follow the procedure explained in the section “MEANS TO EXERCISE YOUR RIGHTS” of our Privacy Notice. We undertake to use your data only to the extent that you have authorized and in accordance with the provisions of these Terms and the Privacy Notice.
The Platform has a SSL security system. The data files uploaded to the Platform are located in Amazon S3 of AWS thereof the security level is based on the security management standard ISO/IEC 27001:2013. Accordingly, the parties acknowledge that data security within the cloud service shall be governed solely by the terms and conditions stipulated and modified from time to time by Amazon Web Services. For more information, please refer to https://aws.amazon.com/es/security/.
The access to the Platform is restricted by means of authentication elements. To control the access to the Platform, the Users will have: a) User Account and b) Password. The password that Hexagon Data creates is temporary so that the User must change it on their first entry into the Platform. By having a new password created by the User itself, they are responsible for any access to their Dashboard. Since we do not know the passwords, Hexagon Data disclaims any liability for their misuse. To change passwords, the user must follow the procedures outlined within the Platform.
The User agrees and undertakes to apply and keep updated all the security mechanisms suggested by Hexagon Data in these Terms and those indicated whilst the business relationship.
Hexagon Data will ensure the proper functioning of the Platform as long as it is run on the proper parameters, operational capacity and computer systems, including adequate Internet connection. Any malfunction of the Platform or any failure generated by causes directly attributable to the User or the Suppliers, Hexagon Data shall not be held liable.
Hexagon Data guarantees the originality and proper functioning of the Platform. However, it is not guaranteed that the Platform is free of errors, bugs or vulnerabilities. Therefore, during the validity of the Agreement, we will provide free of charge the technical support necessary to use the Platform on a regular basis.
In this regard, Hexagon Data will respond to any inquiry or failure report within 5 (five) working days after notified to the email address [email protected] and in https://hexagondata.atlassian.net/servicedesk/customer/portals. The report must include the date and time, description of the failure, name, email and phone number of the person reporting the failure. Hexagon Data will have a maximum of 5 (five) working days to correct and repair any error or failure in the Platform, unless Hexagon Data informs to require additional time. Hexagon Data will send back a report on the repair carried out.
The Parties recognize that all intellectual property rights that correspond to each Party are their exclusive property and will continue to be. Therefore, nothing in these Terms grants in favor of any of the Parties the right to use or exploit the Intellectual Property of the other Party, except as expressly provided herein.
Ownership of the Platform. Hexagon Data is the sole and exclusive owner of the proprietary rights of the Platform. The Platform constitutes a work in accordance with the provisions of the Federal Copyright Law in force in Mexico. In this sense, it is expressly understood between the Parties that the Platform is granted under a non-exclusive and temporary license for use during the validity of the Agreement. The Platform may not be rented, leased, lent or transmitted in any way without the express authorization of Hexagon Data.
All the material contained in the Platform, including not limited to: designs, drawings, computer programs (source code and object code) databases, graphic, audiovisual and photographic material, texts, inventions, models, patents, among others Intellectual Property rights are the sole and exclusive property of Hexagon Data and are protected by the Federal Copyright Law, the Industrial Property Law, as well as by the Intellectual Property laws of other countries and International Treaties to which Mexico is party.
The Customer, its affiliates, users and consumers retain all rights with respect to all data, personal data or other information that the Customer, or other party on the Customer’s behalf, provides to Hexagon Data (“Customer Data”). For avoidance of doubt, Customer Data is considered Confidential Information.
The Customer shall defend, indemnify and hold Hexagon Data harmless from and against any and all costs, damages, expenses and liabilities arising from any claim or action by any third party relating to any actual or alleged infringement of a third party’s intellectual property rights caused by the Customer Data.
Hexagon Data does not seek or accept unsolicited ideas, suggestions or materials relating to, among other things, the development, manufacture, marketing or processing of our products and services. Acceptance of these Terms avoids any misunderstanding of intellectual property with the public in general who submit comments or ideas concerning the products, services or concepts developed by Hexagon Data. Therefore, any unsolicited idea may be used at Hexagon Data’s discretion for any purpose, including commercial, without creating any relationship with the person submitting the idea or any right to compensation.
Hexagon Data may block, interrupt, or restrict the use and access to the Platform when it deems necessary, as well as remove or cancel the Platform or any of its parts. The Users shall at all times have the right to remove their Profile form the Platform.
Any use of the Platform other than its normal use and destination is strictly prohibited. It is also prohibited to allow any third party other than its employees, partners, shareholders or staff, access and use the Platform. Similarly, it is strictly forbidden to resell access to the Platform.
These Terms are effective from the date of their publication and continue to be as long as the Platform remains accessible to the public.
This Platform is controlled and operated by Hexagon Data from Mexico. Hexagon Data does not warrant, either expressly or implicitly, that the information and material contained in the Platform, including without limitation to information and other materials promoting the commercial activities, products or services described herein, are appropriate or available in other locations.
Mexican law shall govern these Terms and you expressly waive any protection by a jurisdiction that may apply by reason of your domicilie, present or future, and expressly submit to the jurisdiction and competence of the court of Mexico City to solve all matters related to these Terms.
DISCLAIMER OF WARRANTIES
LIMITATION OF LIABILITY
Hexagon Data shall not be liable for any damages of any kind, including without limitation, special or consequential damages, arising out of the access or inability to access the Platform, as well as its use or information contained in the Platform.
Hexagon Data is under no obligation to update the Platform or the information contained herein, thereof shall not be liable for failure to update such information. Additionally, Hexagon Data is not responsible for the use of other Internet sites to which the User may have access through links included in the Platform. These links and other resources referred to are provided solely as a service to users of the “World Wide Web” and their inclusion in the Platform does not constitute an endorsement of, or affiliation with, Hexagon Data.
MODIFICATIONS AND UPDATES
We reserve the right to: (i) add or modify these Terms at any time, (ii) offer new services and/or products through the Platform, and (iii) update, change and/or substantially modify the Platform.
The new version will become effective on the date indicated at the beginning of these Terms. In the event we consider that there are substantial changes, we will notify you in advance by posting a visible notice on our website or by any of the available means of communication. However, Hexagon Data constantly updates and makes innovations to improve the Platform that are considered ordinary events, in which case we will not give prior notice. Your continued use of the Platform is deemed to be your acceptance of such changes. We suggest constantly check these Terms during your use of the Platform.
The Data Processing Addendum applies to the personal data processed by Hexagon Data on behalf of the Client, by virtue of the use of the Hexagon Match platform (the “Platform”), and as set forth in this Agreement, if and to the extent that (i) the Federal Law on the Protection of Personal Data in the Possession of Individuals and its Regulation (“LFPDPPP”) applies or (ii) any other data protection law identified herein.
When we refer to “Hexagon Data,” “we,” “us,” or the “Company,” we mean Hexagon Data, S.A.P.I. de C.V. and its affiliates that process personal data in accordance with the terms described herein. We have a legitimate interest in protecting the information that our Customers share with us.
The Customer accepts on its own behalf, and on behalf of its represented parties, what has been agreed in this document.
This Addendum on Data Processing (the “Agreement” and/or “DPA Match”) is part of the Service Agreement between Hexagon Data and the Customer. It conveys the agreement between the parties regarding the processing of the Customer Data. The Parties agree to comply with the following provisions and aim to act reasonably and in good faith during the validity of this Agreement.
- Affiliate: refers to any entity that directly or indirectly controls, is controlled by, or is in joint control with the Customer. “Control” means direct or indirect ownership or control of 50% of the stock votes of the entity.
- Anonymization: and/or dissociation, is understood as the procedure by which personal data cannot be associated with the data subject or allow, due to its structure, content or degree of disaggregation, the identification of the data subject.
- CCPA: means the California Consumer Privacy Act which regulates the data of the residents of the State of California in the United States of America.
- Contract: it refers to the License Agreement by which Hexagon Data grants a License to use the Platform and establishes a business relationship with the Customers. We subscribe exclusive contracts with each Customer to meet specific needs, where the terms of the License as well as the duration of the same are outlined. This Agreement is part of the License Agreement.
- Controller: means the natural or legal person, alone or jointly with others, determines the purposes and means of the processing of personal data.
- Customer: for purposes of this Agreement, the term “Customer” means the natural or legal person, including its affiliates, who hires the use of the Platform.
- Customer Data: also referred to as “your Data”, means any data and/or information that the Customer shares with Hexagon Data. It includes the personal data of its users and/or consumers and data collected through tags and/or scripts that observe the behavior of its users and/or consumers on its website, APIs, apps and/or newsletters. It incudes any database shared by the Customer.
- Data Protection Laws and Regulations: means all laws and regulations applicable to the protection of personal data. In Mexican territory, particularly the Federal Law of Protection of Personal Data in Possession of Individuals and its Regulations (“LFPDPPP”); for Colombia, in particular the Law 1581 of 2012 ant the Decree 1377 of 2013. At the international level, the leading instruments are the GDPR of the European Union, and the CCPA of the State of California, United States of America.
- Data Protection Officer: The GDPR requires companies to appoint a person responsible for supervising how personal data is handled and for informing and advising employees who handle data about their obligations. Hexagon Data has appointed a Data Protection Officer. The designated person can be contacted at [email protected].
- Data Subject: means the identified or identifiable natural person to whom the personal data corresponds.
- First Party Data: the type of data depends on the means by which is acquired. First Party Data is data that is acquired “first hand” from the Customer. In other words is information that the Customer collects from its own sources, such as its website, APIs, apps, newsletters and/or through direct interaction with its users and/or consumers. It is information from users who have interacted with the Customer, have been interested in the product or service, and have given their data and may already be customers.
- GDPR: refers to Regulation (EU) 206/679 of the European Parliament and the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and the free movement of such data.
- Hexagon Match Platform: is a platform that offers Data Onboarding. The process consists of finding the match between the offline data and the online data of the Customer.
- Personal Data: any information concerning an identified or identifiable natural person.
- Processing, and/or “treatment”, refers to the collection, use, disclosure or storage of personal data, by any means. Use includes any action to access, handle, exploit, transfer or dispose of personal data.
- Processor: means a natural or legal person which processes personal data on behalf of the controller.
- Sensitive Personal Data: any personal data that affects the most intimate sphere of the data subject or whose improper use may give rise to discrimination against or entail a serious risk for the data subject. Sensitive data is considered one that may reveal aspects such as racial or ethnic origin, present and future health status, genetic information, religious, philosophical and moral beliefs, trade union membership, political opinions or sexual preference.
- Sub-Processor: is the person to whom Hexagon Data entrusts the processing of the Customer Data and/or the person who provides a service to Hexagon Data that is required for the performance of the Services for the Customer.
- Third-party information: The type of data depends on the means by which is acquired . Third-party information is “third-party” data that is acquired from sources completely external to the Customer, usually through data-providing companies and data brokers. These data are aggregated and anonymized, and can be acquired on a large scale already selected, processed and segmented according to the type of audience. The Platform does not accept this type of data, so the Customer agrees not to include this type of data in its use.
- Transfer: means any communication of data made to a person other than the Controller or Processor.
All capitalized terms not defined herein shall have the meaning set forth in this Agreement.
1 Personal Data Processing
1.1 Relationship between the Parties. The Parties agree that in relation to the processing of the Customer Data, the Customer is the Controller and Hexagon Data is the Processor; who may assign sub-processors on the terms described herein.
1.2 Processing Details. Annex A sets out the object, nature and purpose of the processing by Hexagon Data, the duration, the types of data and categories of Data Subjects. Each party shall comply with the obligations under the data protection laws and regulations and this DPA Match.
1.3 Processing of personal data by the Customer. Before using the Platform, the Customer shall be responsible for informing the Data Subjects of the processing that Hexagon Data will do with their data as Processor and for obtaining their consent. The Customer is responsible for the accuracy, quality and legality of the data and the means by which the Customer acquired these data. In this regard, the Customer agrees to only use data collected by himself, i.e. First Party Data.
1.4 Processing of Customer Data. Hexagon Data may process personal data on behalf of and according to the instructions of the Customer. We undertake to treat the data as Confidential Information, unless otherwise provided by the Customer.
1.5 Purposes of Processing. Hexagon Data only processes Customer Data in accordance with (i) the written instructions of the Customer (ii) the terms of this DPA Match, and (iii) the License Agreement subscribed by the Parties. Hexagon Data may process certain categories of personal data on behalf of the Customer for certain defined purposes as set forth in Annex A.
2. Data Subject’s rights
At all times the Data Subjects have the right to modify and/or revoke their consent to the processing of their personal data. Likewise, they have the right to be forgotten and all other rights that the corresponding regulation grants them. Hexagon Data undertakes to comply with, and to assist with, such regulations at all times.
In the event that Hexagon Data receives a request from a user and/or consumer, for whom the Customer is the Controller, to exercise their ARCO rights or any rights specific to their jurisdiction, Hexagon Data will notify the Customer. To the extent permitted by law, Hexagon Data will assist the Customer with appropriate technical and organizational measures to fulfill their obligation to respond to the Data Subject’s request under the Data Protection Laws and Regulations.
If the Customer or any interested third party would like to exercise their rights over personal data for which we are the Controller, they may exercise their rights by following the procedure explained in the section “MEANS TO EXERCISE YOUR RIGHTS” of our Privacy Notice
3. Hexagon Data’s employees
Hexagon Data has a team of developers, analysts and employees (the “employees”) trained to offer high quality Services to our Customers. We are committed to the protection of the data we process. Thus we implement internal measures for the processing of data and train the employees to process data according to the standards described in this Agreement. The following security measures are designed to protect the security and privacy of our Customers:
3.1 Confidentiality. We make sure that the team dedicated to the processing of data is informed of the confidential character of the Customers Data, receive suitable training on their responsibilities and sign written agreements of confidentiality. These confidentiality obligations survive the termination of their contract.
3.2 Access limitation. Access to Customers Data is limited to the employees who perform the Services in accordance with the Contract. In addition, each member is provided with a computer for the exclusive use during their relationship with Hexagon Data. Any work they perform with respect to the Service will be on Hexagon Data’s equipment.
3.3 Data Protection Officer. Hexagon Data has appointed a Data Protection Officer. The designated person can be contacted at [email protected].
The Customer agrees and authorizes that Hexagon Data may engage third parties (the “Providers”) in connection with the provision of the Services, who shall be deemed to be Sub-Processors in accordance with this DPA Match. Hexagon Data signs a written contract with each Sub-Processor which contains obligations regarding the protection of personal data no less protective than those in this DPA Match. The list of Sub-Processor is set forth in Annex B.
In the event that Hexagon Data wishes to make a change of Sub-Processor, it will notify the Customer and must obtain his consent to make such change. The Customer may object to Hexagon Data’s use of a new Provider within 5 (five) days of notification. If the Customer fails to respond and continues to act in accordance with the Agreement, the proposal shall be deemed to be accepted.
When contracting the Providers we commit ourselves to :
- to engage recognized and market-leading companies that implement security measures no less protective than those established in this Agreement to comply with data protection, insofar as they are applicable to the nature of the services provided by the Sub-Processor;
- restrict the Sub-Processor’s access to the Customer Data only to the extent necessary to maintain or provide the services to the Customer;
- Hexagon Data is responsible for compliance with the obligations of this Agreement and for any acts or omissions that a Sub-Processor may cause to breach any of the obligations contained herein, except as otherwise provided.
Hexagon Data implements appropriate technical and organizational measures to protect the security, confidentiality and integrity of the Customer Data.
5.1 Security measures. We establish and maintain administrative, technical and physical security measures to protect personal data against damage, loss, alteration, destruction or unauthorized use, access or treatment. We do not adopt security measures less protective than those we maintain for our information.
Security measures include: (a) restricted access to the Platform; (b) we protect the security of your information during transfer to or from Hexagon Data websites, APIs, applications, products or services through the use of encryption software and protocols; (c) we create specific access keys for each party involved in data processing; (d) we adopt internal measures for the processing of data by the employees; and (e) we ensure that our Providers comply with the highest standards of data security and privacy, in accordance with applicable Laws.
5.2 Confidentiality. At all times, Hexagon Data will treat Customer Data as Confidential Information and ensures that all employees responsible for processing such data sign confidentiality agreements that will govern the access, use and treatment of Customer Data.
5.3 Management and notification of security incidents. In the event of security incidents, Hexagon Data will notify the Customer as soon as it becomes aware of the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to Customer Data, including data that has been anonymized, transmitted, stored or otherwise processed by Hexagon Data or its Sub-Processors.
Hexagon Data will make reasonable efforts to identify the cause of any incident and will take the necessary and reasonable actions to remedy the cause to the extent within Hexagon Data’s reasonable control. The obligations set forth herein shall not apply to incidents caused by the Customer or the Customer’s users.
6. Data transfer
We transfer data the least possible. If we do so, it will be with our Providers, who are Sub-Processors under the terms described in the corresponding section within this DPA. The transfers we make are only those allowed by the Data Protection Laws and Regulation. Likewise we ensure that it is to jurisdictions that meet the same or higher security standards than those described in this Agreement.
7. Data deletion
During the contractual relationship with the Customer, we may store Customer Data in any of our databases. We undertake to only store the data that is strictly necessary and to delete it within the next 3 months after terminating the use of the Platform or until the legal deadline. Likewise, as far as possible and prior request, we undertake to return the Customer Data by transferring the data in physical form through a CSV file.
8. Additional information for specific jurisdictions
We provide additional information about the privacy, collection and use of personal information of current and prospective Hexagon Data customers located in certain jurisdictions.
8.1 European Union: GDPR
Hexagon Data processes personal data, in the best of its abilities, in accordance with the requirements of the GDPR directly applicable to the provision of its Services and the needs of its Customers. The Customer specifically acknowledges that his use of the Platform will not violate the rights of any Data Subject under the protection of the GDPR.
Hexagon Data processes personal data, in the best of its abilities, in accordance with the requirements of the CCPA directly applicable to the provision of its Services and the needs of its Customers. Within or by virtue of our Services, we do not sell databases or Personal Data of the Customer nor its users and/or consumers. The Customer specifically acknowledges that its use of the Platform will not violate the rights of any Data Subject who has chosen not to sell or disclose its personal data as applicable under the CCPA.
9.1 Modifications. We are constantly updating our policies to offer the best possible protection. Hexagon Data reserves the right to make modifications and adaptations to this Agreement. In the event we consider that there are substantial changes, we will notify you in advance by posting a visible notice on our website or by any of the available means of communication. As the effective date it will be deemed to be accepted by you. We suggest constantly review our website during the term of our relationship.
9.2 Validity. This Agreement remains effective during the contractual relationship with the Customer and/or as long as the Customer, by itself or its Users, makes use of the Platform. Any obligations or liabilities in force up to the termination date shall remain valid until they have been fulfilled.
This Agreement will be legally binding once made available to Customer. It will be understood that the Customer consents to the processing of his data, when having made this Agreement available to him, he does not express his opposition to it and continues to use the Platform.
1.1. Nature of the processing
Hexagon Data processes personal data to provide its Products and Services within the Platform and as indicated by the Customer.
In the event that, under the Contract, it is agreed that a cloud-based service will be given by a Provider (Amazon Web Services, Google or other), the parties acknowledge that any personal data processed within the cloud service shall be governed solely by the terms and conditions thereof as stipulated and modified from time to time by the Provider.
1.2. Purpose of processing
The purpose of processing Customer Data may be any of the following:
- Generate a match table
- Generate anonymous audiences
- ID Syncing
- Improve the efficiency of the Platform
- Transfer the audiences to the sources indicated by the Customer
- Store in one place the contact information
1.3. Processing Duration
In accordance with the section on the validity of the DPA Match, Hexagon Data processes Customer Data during the validity of the contractual relationship with the Customer and/or as long as the Customer, by itself or its Users, makes use of the Platform.
1.4. Types of Personal Data
The data we process comes from two sources:
- Data that the Customer, by itself or its Users, uploads to the Platform. The types of data may include, but are not limited to:
- Age range
- Country code in two characters
- Email address
- First and last name
- Marital status
- Number of children
- Postal Code
- Data that Hexagon Data may collect on behalf of the Customer through tags and/or scripts directly from the Customer’s website, APIs, apps and newsletter. Through the tag, Hexagon Data may create a Unique ID to collect the data to use in the match; at no time will it match data of different Customers. The types of data may include, but are not limited to:
- Cell phone
- Customer ID
When the Client uploads its Data to the Platform, a data source is generated; the Client may choose to encrypt (anonymize) the data, otherwise the data will not be anonymized, and among those data some may be personal data. Regardless of the Customer’s choice, when the data is transferred to the sources indicated by the Customer, it will be anonymized. The data processed to fulfill the intended use of the Platform is at the sole discretion of the Customer.
1.5. Categories of Data Subjects
The personal data is First Party Data that the Client collects by himself. The Customer Data is related to the following categories of Data Subjects:
1.6. Special Category of Data
Sensitive Personal Data. Hexagon Data does not process sensitive data in the Platform.
Third Party Information. The data we process is Customer Data collected by the Customer himself or on request to a third party, but for which the Customer is the “Controller”. The Platform is not designed to process third party information other than that collected by the Customer.
- Amazon Web Services, Inc.
- Oracle Corporation
- Facebook, Inc.
- Google LLC.
- Lotame Solutions, Inc.
- Salesforce.com, Inc.