January 1, 2023 - Hexagon Data

January 1, 2023by Itzayana TlacuiloHexagon Match

Data Processing Addendum Hexagon Match

The Data Processing Addendum applies to the personal data processed by Hexagon Data Group on behalf of the Client, by virtue of the use of the Hexagon Match platform (the “Platform”), and as set forth in this Agreement, if and to the extent that (i) the Federal Law on the Protection of Personal Data in the Possession of Individuals and its Regulation (“LFPDPPP”) applies or (ii) any other data protection law identified herein.

When we refer to “Hexagon Data Group”, “we”, “us”, or the “Company”, we mean Hexagon Data, S.A.P.I. de C.V., a company incorporated in Mexico, Hexagon Data Colombia, S.A.S., a company incorporated in Colombia, Agradecemos Tu Pago, S.A.P.I. de C.V., a company incorporated in Mexico, and its affiliates, meaning any entity that directly or indirectly controls, is controlled by, or is under common control, that processes personal data in accordance with the terms described herein. We have a legitimate interest in protecting the information that our Customers share with us.

The Customer accepts on its own behalf, and on behalf of its represented parties, what has been agreed in this document.

This Addendum on Data Processing (the “Agreement” and/or “DPA Match”) is part of the Service Agreement between Hexagon Data Group and the Customer. It conveys the agreement between the parties regarding the processing of the Customer Data. The Parties agree to comply with the following provisions and aim to act reasonably and in good faith during the validity of this Agreement.

Definitions

Affiliate: refers to any entity that directly or indirectly controls, is controlled by, or is in joint control with the Customer. “Control” means direct or indirect ownership or control of 50% of the stock votes of the entity.
Agreement: it refers to the agreement by which Hexagon Data Group grants a License to use the Platform subscribed directly with Hexagon Data Group or through an authorized Partners. We subscribe exclusive contracts with each Customer to meet specific needs, where the terms of the License as well as the duration of the same are outlined. This DPA Match is part of the Agreement.
Anonymization: and/or dissociation, is understood as the procedure by which personal data cannot be associated with the data subject or allow, due to its structure, content or degree of disaggregation, the identification of the data subject.
CCPA: means the California Consumer Privacy Act which regulates the data of the residents of the State of California in the United States of America.
Controller: means the natural or legal person, alone or jointly with others, determines the purposes and means of the processing of personal data.
Customer: for purposes of this Agreement, the term “Customer” means the natural or legal person, including its affiliates, who hires the use of the Platform.
Customer Data: also referred to as “your Data”, means any data and/or information that the Customer shares with Hexagon Data Group. It includes the personal data of its users and/or consumers and data collected through tags and/or scripts that observe the behavior of its users and/or consumers on its website, APIs, apps and/or newsletters. It incudes any database shared by the Customer.
Data Protection Laws and Regulations: means all laws and regulations applicable to the protection of personal data. In Mexican territory, particularly the Federal Law of Protection of Personal Data in Possession of Individuals and its Regulations (“LFPDPPP”); for Colombia, in particular the Law 1581 of 2012 ant the Decree 1377 of 2013. At the international level, the leading instruments are the GDPR of the European Union, and the CCPA of the State of California, United States of America.
Data Protection Officer: The GDPR requires companies to appoint a person responsible for supervising how personal data is handled and for informing and advising employees who handle data about their obligations. Hexagon Data Group has appointed a Data Protection Officer. The designated person can be contacted at [email protected].
Data Subject: means the identified or identifiable natural person to whom the personal data corresponds.
First Party Data: the type of data depends on the means by which is acquired. First Party Data is data that is acquired “first hand” from the Customer. In other words is information that the Customer collects from its own sources, such as its website, APIs, apps, newsletters and/or through direct interaction with its users and/or consumers. It is information from users who have interacted with the Customer, have been interested in the product or service, and have given their data and may already be customers.
GDPR: refers to Regulation (EU) 206/679 of the European Parliament and the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and the free movement of such data.
Hexagon Match Platform: is a platform that offers Data Onboarding. The process consists of finding the match between the offline data and the online data of the Customer.
Personal Data: any information concerning an identified or identifiable natural person.
Processing, and/or “treatment”, refers to the collection, use, disclosure or storage of personal data, by any means. Use includes any action to access, handle, exploit, transfer or dispose of personal data.
Processor: means a natural or legal person which processes personal data on behalf of the controller.
Sensitive Personal Data: any personal data that affects the most intimate sphere of the data subject or whose improper use may give rise to discrimination against or entail a serious risk for the data subject. Sensitive data is considered one that may reveal aspects such as racial or ethnic origin, present and future health status, genetic information, religious, philosophical and moral beliefs, trade union membership, political opinions or sexual preference.
Sub-Processor: is the person to whom Hexagon Data Group entrusts the processing of the Customer Data and/or the person who provides a service to Hexagon Data Group that is required for the performance of the Services for the Customer.
Third-party information: The type of data depends on the means by which is acquired . Third-party information is “third-party” data that is acquired from sources completely external to the Customer, usually through data-providing companies and data brokers. These data are aggregated and anonymized, and can be acquired on a large scale already selected, processed and segmented according to the type of audience. The Platform does not accept this type of data, so the Customer agrees not to include this type of data in its use.
Transfer: means any communication of data made to a person other than the Controller or Processor.

All capitalized terms not defined herein shall have the meaning set forth in this Agreement.

Clauses

1 Personal Data Processing

1.1 Relationship between the Parties. The Parties agree that in relation to the processing of the Customer Data, the Customer is the Controller and Hexagon Data Group is the Processor; who may assign sub-processors on the terms described herein.

1.2 Processing Details. Annex A sets out the object, nature and purpose of the processing by Hexagon Data Group, the duration, the types of data and categories of Data Subjects. Each party shall comply with the obligations under the data protection laws and regulations and this DPA Match.

1.3 Processing of personal data by the Customer. Before using the Platform, the Customer shall be responsible for informing the Data Subjects of the processing that Hexagon Data Group will do with their data as Processor and for obtaining their consent. The Customer is responsible for the accuracy, quality and legality of the data and the means by which the Customer acquired these data. In this regard, the Customer agrees to only use data collected by himself, i.e. First Party Data.

1.4 Processing of Customer Data. Hexagon Data Group may process personal data on behalf of and according to the instructions of the Customer. We undertake to treat the data as Confidential Information, unless otherwise provided by the Customer.

1.5 Purposes of Processing. Hexagon Data Group only processes Customer Data in accordance with (i) the written instructions of the Customer (ii) the terms of this DPA Match, and (iii) the License Agreement subscribed by the Parties. Hexagon Data may process certain categories of personal data on behalf of the Customer for certain defined purposes as set forth in Annex A.

2. Data Subject’s rights

At all times the Data Subjects have the right to modify and/or revoke their consent to the processing of their personal data. Likewise, they have the right to be forgotten and all other rights that the corresponding regulation grants them. Hexagon Data Group undertakes to comply with, and to assist with, such regulations at all times.

In the event that Hexagon Data Group receives a request from a user and/or consumer, for whom the Customer is the Controller, to exercise their ARCO rights or any rights specific to their jurisdiction, Hexagon Data Group will notify the Customer. To the extent permitted by law, Hexagon Data Group will assist the Customer with appropriate technical and organizational measures to fulfill their obligation to respond to the Data Subject’s request under the Data Protection Laws and Regulations.

If the Customer or any interested third party would like to exercise their rights over personal data for which we are the Controller, they may exercise their rights by following the procedure explained in the section “MEANS TO EXERCISE YOUR RIGHTS” of our Privacy Notice

3. Hexagon Data Group’s employees

Hexagon Data Group has a team of developers, analysts and employees (the “employees”) trained to offer high quality Services to our Customers. We are committed to the protection of the data we process. Thus we implement internal measures for the processing of data and train the employees to process data according to the standards described in this Agreement. The following security measures are designed to protect the security and privacy of our Customers:

3.1 Confidentiality. We make sure that the team dedicated to the processing of data is informed of the confidential character of the Customers Data, receive suitable training on their responsibilities and sign written agreements of confidentiality. These confidentiality obligations survive the termination of their Agreement.

3.2 Access limitation. Access to Customers Data is limited to the employees who perform the Services in accordance with the Agreement. In addition, each member is provided with a computer for the exclusive use during their relationship with Hexagon Data Group. Any work they perform with respect to the Service will be on Hexagon Data Group’s equipment.

3.3 Data Protection Officer. Hexagon Data Group has appointed a Data Protection Officer. The designated person can be contacted at [email protected].

4. Sub-processors

The Customer agrees and authorizes that Hexagon Data Group may engage third parties (the “Providers”) in connection with the provision of the Services, who shall be deemed to be Sub-Processors in accordance with this DPA Match. Hexagon Data Group signs a written agreement with each Sub-Processor which contains obligations regarding the protection of personal data no less protective than those in this DPA Match. The list of Sub-Processor is set forth in Annex B.

In the event that Hexagon Data Group wishes to make a change of Sub-Processor, it will notify the Customer and must obtain his consent to make such change. The Customer may object to Hexagon Data Group’s use of a new Provider within 5 (five) days of notification. If the Customer fails to respond and continues to act in accordance with the Agreement, the proposal shall be deemed to be accepted.

When contracting the Providers we commit ourselves to :

to engage recognized and market-leading companies that implement security measures no less protective than those established in this Agreement to comply with data protection, insofar as they are applicable to the nature of the services provided by the Sub-Processor;
restrict the Sub-Processor’s access to the Customer Data only to the extent necessary to maintain or provide the services to the Customer;
Hexagon Data Group is responsible for compliance with the obligations of this Agreement and for any acts or omissions that a Sub-Processor may cause to breach any of the obligations contained herein, except as otherwise provided.

5. Security

Hexagon Data Group implements appropriate technical and organizational measures to protect the security, confidentiality and integrity of the Customer Data.

5.1 Security measures. We establish and maintain administrative, technical and physical security measures to protect personal data against damage, loss, alteration, destruction or unauthorized use, access or treatment. We do not adopt security measures less protective than those we maintain for our information.

Security measures include: (a) restricted access to the Platform; (b) we protect the security of your information during transfer to or from Hexagon Data Group websites, APIs, applications, products or services through the use of encryption software and protocols; (c) we create specific access keys for each party involved in data processing; (d) we adopt internal measures for the processing of data by the employees; and (e) we ensure that our Providers comply with the highest standards of data security and privacy, in accordance with applicable Laws.

a. Restricted access to the platform. Access to the Platform is restricted by means of authentication elements. After the Customer Registration process, Hexagon Data Group will create an exclusive profile for the Customer which will be provided with a User Account and a Password. The password that Hexagon Data Group creates is temporary so the Customer must change it on their first entry to the Platform. Please read the Terms of Use of the Platform for more information.

5.2 Confidentiality. At all times, Hexagon Data Group will treat Customer Data as Confidential Information and ensures that all employees responsible for processing such data sign confidentiality agreements that will govern the access, use and treatment of Customer Data.

5.3 Management and notification of security incidents. In the event of security incidents, Hexagon Data Group will notify the Customer as soon as it becomes aware of the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of or access to Customer Data, including data that has been anonymized, transmitted, stored or otherwise processed by Hexagon Data Group or its Sub-Processors.

Hexagon Data Group will make reasonable efforts to identify the cause of any incident and will take the necessary and reasonable actions to remedy the cause to the extent within Hexagon Data Group’s reasonable control. The obligations set forth herein shall not apply to incidents caused by the Customer or the Customer’s users.

6. Data transfer

We transfer data the least possible. If we do so, it will be with our Providers, who are Sub-Processors under the terms described in the corresponding section within this DPA. The transfers we make are only those allowed by the Data Protection Laws and Regulation. Likewise we ensure that it is to jurisdictions that meet the same or higher security standards than those described in this Agreement.

7. Data deletion

During the contractual relationship with the Customer, we may store Customer Data in any of our databases. We undertake to only store the data that is strictly necessary and to delete it within the next 3 months after terminating the use of the Platform or until the legal deadline. Likewise, as far as possible and prior request, we undertake to return the Customer Data by transferring the data in physical form through a CSV file.

8. Additional information for specific jurisdictions

We provide additional information about the privacy, collection and use of personal information of current and prospective Hexagon Data Group customers located in certain jurisdictions.

8.1 European Union: GDPR

Hexagon Data Group processes personal data, in the best of its abilities, in accordance with the requirements of the GDPR directly applicable to the provision of its Services and the needs of its Customers. The Customer specifically acknowledges that his use of the Platform will not violate the rights of any Data Subject under the protection of the GDPR.

8.2 CCPA

Hexagon Data Group processes personal data, in the best of its abilities, in accordance with the requirements of the CCPA directly applicable to the provision of its Services and the needs of its Customers. Within or by virtue of our Services, we do not sell databases or Personal Data of the Customer nor its users and/or consumers. The Customer specifically acknowledges that its use of the Platform will not violate the rights of any Data Subject who has chosen not to sell or disclose its personal data as applicable under the CCPA.

9 Miscellaneous

9.1 Modifications. We are constantly updating our policies to offer the best possible protection. Hexagon Data Group reserves the right to make modifications and adaptations to this Agreement. In the event we consider that there are substantial changes, we will notify you by posting a visible notice on our website or by any of the available means of communication. As the effective date it will be deemed to be accepted by you. We suggest constantly review our website during the term of our relationship.

9.2 Validity. This Agreement remains effective during the contractual relationship with the Customer and/or as long as the Customer, by itself or its Users, makes use of the Platform. Any obligations or liabilities in force up to the termination date shall remain valid until they have been fulfilled.

This Agreement will be legally binding once made available to Customer. It will be understood that the Customer consents to the processing of his data, when having made this Agreement available to him, he does not express his opposition to it and continues to use the Platform.

Annex A

Processing Details

1.1. Nature of the processing

Hexagon Data Group processes personal data to provide its Products and Services within the Platform and as indicated by the Customer.

In the event that, under the Agreement, it is agreed that a cloud-based service will be given by a Provider (Amazon Web Services, Google or other), the parties acknowledge that any personal data processed within the cloud service shall be governed solely by the terms and conditions thereof as stipulated and modified from time to time by the Provider.

1.2. Purpose of processing

The purpose of processing Customer Data may be any of the following:

Generate a match table
Generate anonymous audiences
ID Syncing
Improve the efficiency of the Platform
Transfer the audiences to the sources indicated by the Customer
Store in one place the contact information

1.3. Processing Duration

In accordance with the section on the validity of the DPA Match, Hexagon Data Group processes Customer Data during the validity of the contractual relationship with the Customer and/or as long as the Customer, by itself or its Users, makes use of the Platform.

1.4. Types of Personal Data

The data we process comes from two sources:

Data that the Customer, by itself or its Users, uploads to the Platform. The types of data may include, but are not limited to:
- Address
- Age
- Age range
- Country code in two characters
- Email address
- First and last name
- Gender
- Marital status
- Number of children
- Postal Code

Data that Hexagon Data Group may collect on behalf of the Customer through tags and/or scripts directly from the Customer’s website, APIs, apps and newsletter. Through the tag, Hexagon Data Group may create a Unique ID to collect the data to use in the match; at no time will it match data of different Customers. The types of data may include, but are not limited to:
- Cell phone
- Customer ID
- Email

When the Client uploads its Data to the Platform, a data source is generated; the Client may choose to encrypt (anonymize) the data, otherwise the data will not be anonymized, and among those data some may be personal data. Regardless of the Customer’s choice, when the data is transferred to the sources indicated by the Customer, it will be anonymized. The data processed to fulfill the intended use of the Platform is at the sole discretion of the Customer.

1.5. Categories of Data Subjects

The personal data is First Party Data that the Client collects by himself. The Customer Data is related to the following categories of Data Subjects:

Consumers
Users

1.6. Special Category of Data

Sensitive Personal Data. Hexagon Data Group does not process sensitive data in the Platform.

Third Party Information. The data we process is Customer Data collected by the Customer himself or on request to a third party, but for which the Customer is the “Controller”. The Platform is not designed to process third party information other than that collected by the Customer.

Annex B

Sub-Processors

Amazon Web Services, Inc.
Oracle Corporation
Facebook, Inc.
Google LLC.
Linkedln Corporation
Lotame Solutions, Inc.
Salesforce.com, Inc.
TikTok Pte. Ltd.

January 1, 2023by Itzayana TlacuiloPrivacy

Data Processing Addendum

The Data Processing Addendum applies to the Customer Data processed by Hexagon Data Group on behalf of the Customer pursuant to their contractual relationship and as set forth in this Agreement, if and to the extent that (i) the Federal Law on the Protection of Personal Data in the Possession of Individuals and its Regulation (“LFPDPPP”) applies or (ii) any other data protection law identified herein.

The Customer accepts on its own behalf, and on behalf of its represented parties, what has been agreed in this document. This Addendum on Data Processing (the “Agreement” and/or “DPA”) is part of the Agreement between Hexagon Data Group and the Customer. It conveys the agreement between the parties regarding the processing of the Customer Data. The Parties agree to comply with the following provisions and aim to act reasonably and in good faith during the validity of this Agreement.

Definitions

Affiliate: refers to any entity that directly or indirectly controls, is controlled by, or is in joint control with the Customer. “Control” means direct or indirect ownership or control of 50% of the stock votes of the entity.
Anonymization: and/or dissociation, is understood as the procedure by which personal data cannot be associated with the data subject or allow, due to its structure, content or degree of disaggregation, the identification of the data subject.
CCPA: means the California Consumer Privacy Act which regulates the data of the residents of the State of California in the United States of America.
Contract: Hexagon Data Group establishes its business relationship with its Customers through contracts, service orders, and/or commercial agreements where the bilateral agreements between the parties are established (the “Contract”). We subscribe exclusive contracts with each Customer to address specific needs, specifying the type of data to be collected, the duration and the purpose. This Agreement is part of the Contract.
Controller: means the natural or legal person, alone or jointly with others, determines the purposes and means of the processing of personal data.
Customer: for purposes of this Agreement, the term “Customer” means the legal entity, including its affiliates, who hires Hexagon Data Group’s Services.
Customer Data: for purposes of this Agreement, means any data and/or information that the Customer shares with Hexagon Data Group. It includes the Customer Database.
Customer Database: refers to databases containing general information on the behavior of its users and which, on special occasions and expressly indicated as such by the Customer, may include personal data of the Customer’s users and/or consumers.
Data Protection Laws and Regulations: means all laws and regulations applicable to the protection of personal data. In Mexican territory, particularly the Federal Law of Protection of Personal Data in Possession of Individuals and its Regulations (“LFPDPPP”), for Colombia, in particular the Law 1581 of 2012 ant the Decree 1377 of 2013. At the international level, the leading instruments are the GDPR of the European Union, and the CCPA of the State of California, United States of America.
Data Protection Officer: The GDPR requires companies to appoint a person responsible for supervising how personal data is handled and for informing and advising employees who handle data about their obligations. Hexagon Data Group has appointed a Data Protection Officer. The designated person can be contacted at [email protected].
Data Subject: means the identified or identifiable natural person to whom the personal data corresponds.
First Party Data: the type of data depends on the means by which it is acquired. First Party Data is data that is acquired “first hand” from the Customer. In other words is information that the Customer collects from its own sources, such as its website, APIs, apps, newsletters and/or through direct interaction with its users and/or consumers. It is information from users who have interacted with the Customer, have been interested in the product or service, and have given their data and may already be customers.
GDPR: refers to Regulation (EU) 206/679 of the European Parliament and the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and the free movement of such data.
Personal Data: any information concerning an identified or identifiable natural person.
Processing, and/or “treatment”, refers to the collection, use, disclosure or storage of personal data, by any means. Use includes any action to access, handle, exploit, transfer or dispose of personal data.
Processor: means a natural or legal person which processes personal data on behalf of the controller.
Pseudonymisation, also known as reversible dissociation. It means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the personal data are not attributed to an identified or identifiable natural person.
Sensitive Personal Data: any personal data that affects the most intimate sphere of the data subject or whose improper use may give rise to discrimination against or entail a serious risk for the data subject. Sensitive data is considered one that may reveal aspects such as racial or ethnic origin, present and future health status, genetic information, religious, philosophical and moral beliefs, trade union membership, political opinions or sexual preference.
Services: Hexagon Data Group provides services customized to the Customer needs. Our general services consist of being the administrator of the Customer’s account in DMP platforms. Additionally we make analyses, create audiences, reports and generate connections between different databases. The service requirements are indicated by the Client and are included in the Contract.
Sub-Processor: is the person to whom Hexagon Data Group entrusts the processing of the Customer Data and/or the person who provides a service to Hexagon Data Group that is required for the performance of the Services for the Customer.
Transfer: means any communication of data made to a person other than the Controller or Processor.

All capitalized terms not defined herein shall have the meaning set forth in this Agreement.

Clauses

1 Personal Data Processing

1.1 Relationship between the Parties. The Parties agree that in relation to the processing of the Customer Data, the Customer is the Controller and Hexagon Data Group is the Processor; who may assign sub-processors on the terms described herein.

1.3 Processing of personal data by the Customer. The Customer is responsible for obtaining the consent of the Data Subjects and informing them of the processing of the data; as well as, when possible, submit the data to anonymization or pseudonymization, before instructing us their processing. The Customer is responsible for the accuracy, quality and legality of the data and the means by which the Customer acquired these data.

The Customer commits to only share and/or give access to data collected by himself, or under request to his provider or authorized third parties, but that at all times is First Party Data. The Customer is the only responsible for these data. Hexagon Data Group disclaims any liability and/or claims that its provider or authorized third parties may make against the Customer, since all actions taken by Hexagon Data Group are at the Customer’s request and instructions.

1.4 Processing of Customer Data. Hexagon Data Group may process Personal Data on behalf of and according to the instructions of the Customer. We undertake to treat the data as Confidential Information, unless otherwise provided by the Customer.

1.5 Purposes of Processing. Hexagon Data Group’s Services are customized to the needs and interests of each Client, the specifications are inscribed in each corresponding Contract. In this regard, Hexagon Data Group only processes Customer Data in accordance with (i) the written instructions of the Customer (ii) the terms of this DPA, and (iii) any Contract and/or agreement between the Parties. Hexagon Data Group may process certain categories of personal data on behalf of the Customer for certain defined purposes as set forth in Annex A.

2 Data Subject’s rights

At all times the Data Subjects have the right to modify and/or revoke their consent to the processing of their Personal Data. Likewise, they have the right to be forgotten and all other rights that the corresponding regulation grants them. Hexagon Data Group undertakes to comply with, and to assist with, such regulations at all times.

If the Customer or any interested third party would like to exercise their rights over Personal Data for which we are the Controller, they may exercise their rights by following the procedure explained in the section “MEANS TO EXERCISE YOUR RIGHTS” of our Privacy Notice.

3 Hexagon Data Group’s employees

Hexagon Data Group has a team of specialists, analysts and employees (the “employees”) trained to offer high quality Services to our Customers. We are committed to the protection of the data we process. Thus we implement internal measures for the processing of data and train the employees to process data according to the standards described in this Agreement. The following security measures are designed to protect the security and privacy of our Customers:

3.2 Access limitation. Access to Customers Data is limited to the employees who perform the Services in accordance with the Contract. In addition, each member is provided with a computer for the exclusive use during their relationship with Hexagon Data Group. Any work they perform with respect to the Service will be on Hexagon Data Group’s equipment.

3.3 Data Protection Officer. Hexagon Data Group has appointed a Data Protection Officer. The designated person can be contacted at [email protected].

4 Sub-processors

The Customer agrees and authorizes that Hexagon Data Group may engage third parties (the “Providers”) in connection with the provision of the Services, who shall be deemed to be Sub-Processors in accordance with this DPA. Hexagon Data Group signs a written contract with each Sub-Processor which contains obligations regarding the protection of personal data no less protective than those in this DPA. The list of Sub-Processor is set forth in Annex B.

When contracting the Provider we commit ourselves to :

a. to engage recognized and market-leading companies that implement security measures no less protective than those established in this Agreement to comply with data protection, insofar as they are applicable to the nature of the services provided by the Sub-Processor;

b. restrict the Sub-Processor’s access to the Customer Data only to the extent necessary to maintain or provide the services to the Customer;

c. Hexagon Data Group is responsible for compliance with the obligations of this Agreement and for any acts or omissions that a Sub-Processor may cause to breach any of the obligations contained herein, except as otherwise provided.

5 Security

Hexagon Data Group implements appropriate technical and organizational measures to protect the security, confidentiality and integrity of the Customer Data.

Security measures include: (a) anonymization and/or pseudonymization of personal data, to the possible extent; (b) we protect the security of your information during transmission to or from Hexagon Data Group websites, APIs, applications, products or services through the use of encryption software and protocols; (c) we create specific access keys for each party involved in data processing; (d) we adopt internal measures for the processing of data by the employees; and (e) we ensure that our Providers comply with the highest standards of data security and privacy, in accordance with applicable Laws.

5.2 Confidentiality. At all times, Hexagon Data Group will treat Customer Data as Confidential Information and ensures that all employees responsible for processing such data sign confidentiality agreements that will govern the access, use and treatment of Customer Data.

6 Data transfer

We transfer data the least possible. If we do so, it will be with our Providers, who are Sub-Processors under the terms described in the corresponding section within this DPA. The transfers we make are only those allowed by the Data Protection Laws and Regulations. Likewise we ensure that it is to jurisdictions that meet the same or higher security standards than those described in this Agreement.

7 Data deletion

During the contractual relationship with the Customer, we may store Customer Data in any of our databases. We undertake to only store the data that is strictly necessary and to delete it once the purpose for which it was collected has been fulfilled or until the legal deadline. Likewise, as far as possible and prior request, we undertake to return the Customer Data at the end of the contractual relationship.

8 Additional information for specific jurisdictions

We provide additional information about the privacy, collection and use of personal information of current and prospective Hexagon Data Group customers located in certain jurisdictions.

8.1 European Union: GDPR

Hexagon Data Group processes personal data, in the best of its abilities, in accordance with the requirements of the GDPR directly applicable to the provision of its Services and the needs of its Customers. The Customer specifically acknowledges that his use of the Services will not violate the rights of any Data Subject under the protection of the GDPR.

8.2 CCPA

Hexagon Data Group processes personal data, in the best of its abilities, in accordance with the requirements of the CCPA directly applicable to the provision of its Services and the needs of its Customers. Within or by virtue of our Services, we do not sell databases or Personal Data of the Customer nor its users and/or consumers. The Customer specifically acknowledges that its use of the Services will not violate the rights of any Data Subject who has chosen not to sell or disclose its Personal Data as applicable under the CCPA.

9 Miscellaneous

9.2 Validity. This Agreement remains effective during the contractual relationship with the Customer. Any obligations or liabilities in force up to the termination date shall remain valid until they have been fulfilled.

Annex A

Processing Details

1.1. Nature of the processing

Hexagon Data Group processes Customer Data for the purpose of providing the Services to the Customer and as instructed by the Customer. Occasionally, Hexagon Data Group may require access to the Customer’s data sources. We will only access the data necessary to provide the contracted Services and under the Customer’s instructions.

In the event that, under the Contract, it is agreed that a cloud-based service will be given by a Provider (Amazon Web Services, Google or other), the parties acknowledge that any Personal Data processed within the cloud service shall be governed solely by the terms and conditions thereof as stipulated and modified from time to time by the Provider.

1.2. Purpose of processing

The purpose of processing Customer Data may be any of the following:

Analysis services that may include analysis of campaigns, websites, and/or databases
Connection to Customer databases
Creation of campaign reports
Cross device matching
Customized content delivery
Data connection to displays chosen by the Customer
Generate audience insights
Maintenance and administration of the accounts on behalf of the Client
Market Research

1.3. Processing Duration

In accordance with the section on the validity of the DPA, Hexagon Data Group processes Customer Data during the validity of the contractual relationship with the Customer.

1.4. Types of Personal Data

Hexagon Data Group collects the data by direct transfer from the Customer or by access to the Customer’s databases. At all times it is the Customer, either by itself or by an authorized third party, who collects the data. It is the Customer’s First Party Data.

The types of Personal Data may include, but are not limited to

Address
Age
Cookie IDs
Email address
First and last name
Gender
Inaccurate geolocalization data
Inferred and declared behavioral data
Information on the use of mobile applications
Marital status
Mobile Advertising IDs
Number of children
Web browsing information

1.5. Categories of Data Subjects

The Customer Data is related to the following categories of Data Subjects:

Users, consumers and prospects
Clients and Client’s vendors

1.6. Sensitive Personal Data

Hexagon Data Group does not process sensitive data.

Annex B

Sub-Processors

Amazon Web Services, Inc.
Datorama, Inc.
Google LLC.
LinkedIn Corporation
Lotame Solutions, Inc.
Microsoft Power Bi
QlikView de QlikTech Inc.
Tableau Software LLC.
TapClicks, Inc.
TikTok Pte. Ltd.

January 1, 2023by Itzayana TlacuiloHexagon Match

HEXAGON MATCH: Terms of Use

PLEASE READ CAREFULLY THESE TERMS OF USE (the “Terms”) BEFORE USING OUR PLATFORM

WELCOME TO HEXAGON MATCH!

These Terms are binding between the person (“You” or the “User”) using the Hexagon Match platform (the “Platform”) and Hexagon Data S.A.P.I. de C.V. (“We” or “Hexagon Data”). The use of the Platform and the service provided herein will be governed by these Terms. This is a binding contract for the use of the Platform located at: https://www.hexagondata.com/match/.

The Data Processing Agreement for Hexagon Match (“DPA Match”) forms part of and is subject to these Terms.

By accessing, using the Platform and/or creating a profile on the Platform, you agree to these Terms.

DISCLOSURES

To use the Platform and be bound by these Terms you must be of legal age. Under no circumstances we allow access and use of the Platform by minors under 18 years. The service is not intended for users as individuals but for businesses and companies (the “Company” and/or “Costumer”).

These Terms apply generally to every service and product offered on the Platform. Every User who accesses and makes use of the Platform does it on behalf of the Company to which they belong and is subject to these Terms of Use. Any breach of these Terms enables us to end any relationship with the User and/or Company without a judicial requirement.

THE SERVICES

The Platform offers the Data Onboarding service. It consists of finding a match between offline data and online data of the Company. Hexagon Data may also offer additional and complementary products to this service within the Platform, which will be subject to specific terms. (Collectively referred to as the “Services and Products”).

The specific terms, costs and validity of the Services and Products will depend on the requirements, negotiations and agreements with each Customer. These Terms apply to the general use of the Platform.

LICENSE

The use of the Platform is subject to a License Agreement subscribed directly with Hexagon Data or through an authorized Partner (the “Agreement”). Hexagon Data grants a temporary, non-exclusive, revocable and limited license for the Client to use the Platform according to the Agreement and these Terms.

REGISTRATION PROCESS

To hire our services, you must follow a registration process (the “Customer Registration”). The main reason for this process is that the Platform is designed for specific niche companies. In commitment with our customers, we want to make sure that your business would benefit from the Services and Products. If it’s not the case, we will refer to another product or service from Hexagon Data that suits your needs best, otherwise, we will inform you that our services are not suitable for your Company. Hexagon Data reserves the right to reject the Customer Registration based on a negative result of the Data Verification process. Under no circumstances will we reject an application based on discrimination against an individual or company.

The Customer Registration process is as follows:

1 To make a request for the Customer Registration (the “Application”), you must complete the automated form in the Platform (the “Registration Form”).

2 Once the Registration Form has been completed, you will receive a response via email or by a phone call in which we will inform you any of the following circumstances:

a. The Application is accepted given that you qualify for the Customer Registration process. We will remain in contact to request additional documentation to complete the Customer Registration.

b. At the moment your Application is rejected and you do not qualify for the Customer Registration process. We will ask your consent to contact you in the future to offer you new services or to invite you to complete a new Registration Form.

c. It is necessary to confirm the information provided.

3 Once the Application has been accepted, we will proceed to sign the License Agreement where the Services and Products requested by the Customer will be specified.

The process takes approximately 15 (fifteen) working days; however, we reserve the right to (i) exceed such period, as well as (ii) in case of not qualifying for the Customer Registration, to delete your Data at any time during the procedure. The Customer Registration process is subject to the “Data Verification” section, applicable to the documentation you have provided. If you wish to know how Hexagon Data processes your data, please read the section of “Privacy and Protection of Personal Data”.

PROFILE CREATION AND DASHBOARD ACCESS

Once the Customer Registration process has been completed, an Administrator Profile will be created for a person designated by the Customer. The Administrator will be able to create other users accounts (jointly the “Users” and individually the “User”). All the Users shall belong or be part of the Company.

The Administration Profile has tools to allow the creation of different User accounts with two access modes: editing and reading. The Administrator chooses at his own discretion the type of access allowed to each User.

Both the Administrator and subsequent Users, upon registration, will receive a welcome email with instructions on how to access the Platform as well as the access code to their “Dashboard”. Every User is bound to these Terms.

The User undertakes to upload only First Party Data collected by the Company itself.

LEAD AD PRODUCT

Lead Ad is a product that is part of Hexagon Match. Its purpose is to keep the user’s records in the Customer’s websites to automate the Onboarding process and get the match rate. The Customer can make Lead Ad campaigns with its own personalized format.

The use of Lead Ad is subject to the License Agreement.

USE RESTRICTIONS

The right of each User to use the Platform is personal, limited to its internal business purposes, non-transferable, non-exclusive, revocable and at all times subject to the fulfilment of these Terms.

It is strictly forbidden to reproduce, modify, alter, distribute any copy, publicly communicate, transform, mutilate, make changes or any type of use or exploitation of the Platform other than the permitted by these Terms, in whole or in part, by any means known or to be known in the future. Likewise, it is strictly forbidden to carry out any process of reverse engineering for the purpose of using or altering any of the modules, source code and/or object of code of the Platform, without prior written authorization from Hexagon Data.

The User shall be solely responsible for ensuring and maintaining the confidentiality and security of the personal key and password used for their Platform User account. The User agrees not to disclose their personal key to any third party and will be held responsible if it is stolen. The User commits to immediately inform Hexagon Data of any suspicion that their password may have been compromised and request Hexagon Data to change their password. Furthermore, the User shall cooperate with Hexagon Data in the investigation of security incidents or risks, as well as to execute the actions agreed to mitigate any incidents and to minimize the risk detected.

All Users must comply with these Terms to make proper use of the Platform. In the case that it is of our understanding that any of the Users do not comply with these Terms, we will notify the Administrator and/or the Company. At the discretion of Hexagon Data, the User may be removed and the information uploaded to the Platform may be deleted. If the breach persists, it can cause the termination of the relationship between the parties.

DATA VERIFICATION

By accessing, using and/or creating a profile on the Platform you agree and authorize that Hexagon Data, by itself or through an authorized third party, may at any time verify the data you provide, including your identity and of the legal entity you represent.

In case that the information provided to create a Profile is false or inaccurate, Hexagon Data may, at its entire discretion, deny access to the Platform as well as remove any content related to the User. You may exercise your personal data rights at any time, as provided in the section of “Privacy and Protection of Personal Data”.

THIRD PARTY INFORMATION

The Platform is not designed to integrate third party information, in other words, data acquired from sources completely external to the Customer, usually through data providers and brokers. If any User uploads this type of data, Hexagon Data reserves the right to immediately delete and notify the incident to the Administrator and/or Company. Hexagon Data disclaims any liability that may result from failure to comply with this requirement.

CONFIDENTIAL INFORMATION

Confidential Information is all information that has been, is or will be provided or disclosed, in any medium or form, directly or indirectly, by a party, including its affiliates, subsidiaries and/or customers, unless such information is expressly identified as “Public” or “Non-Confidential”. The confidential information provided, past, present and future, is and will remain the property of the disclosing party.

The User agrees not to take possession of, use or exploit, directly or indirectly, by himself or by third parties, for his own benefit or for the benefit of third parties Hexagon Data’s confidential information, to which he has had, has or will have access. The User agrees to take all reasonable measures to avoid any prohibited disclosure and/or misuse of the confidential information.

PERSONAL DATA PROTECTION AND PRIVACY

Hexagon Data processes data as (a) Controller and (b) Processor.

a. Hexagon Data may process the Customer’s personal data during the Customer Registration process and by virtue of the contractual relationship. We act as the Controller. These personal data will be treated in accordance with the Privacy Notice.

b. While providing the Products and Services, Hexagon Data may process data on behalf of the Customer (including data collected or generated through the use of the Platform). In this case, Hexagon Data is the Processor and is governed by the DPA Match.

If the Customer or any third party would like to exercise their rights over the personal data we process, they can follow the procedure explained in the section “MEANS TO EXERCISE YOUR RIGHTS” of our Privacy Notice. We undertake to use your data only to the extent that you have authorized and in accordance with the provisions of these Terms and the Privacy Notice.

DATA SECURITY

The Platform has a SSL security system. The data files uploaded to the Platform are located in Amazon S3 of AWS thereof the security level is based on the security management standard ISO/IEC 27001:2013. Accordingly, the parties acknowledge that data security within the cloud service shall be governed solely by the terms and conditions stipulated and modified from time to time by Amazon Web Services. For more information, please refer to https://aws.amazon.com/es/security/.

The access to the Platform is restricted by means of authentication elements. To control the access to the Platform, the Users will have: a) User Account and b) Password. The password that Hexagon Data creates is temporary so that the User must change it on their first entry into the Platform. By having a new password created by the User itself, they are responsible for any access to their Dashboard. Since we do not know the passwords, Hexagon Data disclaims any liability for their misuse. To change passwords, the user must follow the procedures outlined within the Platform.

The User agrees and undertakes to apply and keep updated all the security mechanisms suggested by Hexagon Data in these Terms and those indicated whilst the business relationship.

GUARANTEES

Hexagon Data will ensure the proper functioning of the Platform as long as it is run on the proper parameters, operational capacity and computer systems, including adequate Internet connection. Any malfunction of the Platform or any failure generated by causes directly attributable to the User or the Suppliers, Hexagon Data shall not be held liable.

The data processing and storage components of the Platform are located at Amazon Web Services, which is committed to a high level of service indicated in the AWS Service Level Agreement (SLAs). For more information please refer to https://aws.amazon.com/legal/service-level-agreements/?nc1=h_ls. The parties acknowledge that any malfunctions of the Platform related to he AWS service shall be exclusively ruled by the provisions of Amazon Web Services, including but not limited to the SLA and its Terms of Use, available at https://aws.amazon.com/service-terms/?nc1=h_ls.

TECHNICAL SUPPORT

Hexagon Data guarantees the originality and proper functioning of the Platform. However, it is not guaranteed that the Platform is free of errors, bugs or vulnerabilities. Therefore, during the validity of the Agreement, we will provide free of charge the technical support necessary to use the Platform on a regular basis.

In this regard, Hexagon Data will respond to any inquiry or failure report within 5 (five) working days after notified to the email address [email protected] and in https://hexagondata.atlassian.net/servicedesk/customer/portals. The report must include the date and time, description of the failure, name, email and phone number of the person reporting the failure. Hexagon Data will have a maximum of 5 (five) working days to correct and repair any error or failure in the Platform, unless Hexagon Data informs to require additional time. Hexagon Data will send back a report on the repair carried out.

INTELECTUAL PROPERTY

The Parties recognize that all intellectual property rights that correspond to each Party are their exclusive property and will continue to be. Therefore, nothing in these Terms grants in favor of any of the Parties the right to use or exploit the Intellectual Property of the other Party, except as expressly provided herein.

Ownership of the Platform. Hexagon Data is the sole and exclusive owner of the proprietary rights of the Platform. The Platform constitutes a work in accordance with the provisions of the Federal Copyright Law in force in Mexico. In this sense, it is expressly understood between the Parties that the Platform is granted under a non-exclusive and temporary license for use during the validity of the Agreement. The Platform may not be rented, leased, lent or transmitted in any way without the express authorization of Hexagon Data.

All the material contained in the Platform, including not limited to: designs, drawings, computer programs (source code and object code) databases, graphic, audiovisual and photographic material, texts, inventions, models, patents, among others Intellectual Property rights are the sole and exclusive property of Hexagon Data and are protected by the Federal Copyright Law, the Industrial Property Law, as well as by the Intellectual Property laws of other countries and International Treaties to which Mexico is party.

CUSTOMER DATA

The Customer, its affiliates, users and consumers retain all rights with respect to all data, personal data or other information that the Customer, or other party on the Customer’s behalf, provides to Hexagon Data (“Customer Data”). For avoidance of doubt, Customer Data is considered Confidential Information.

The Customer shall defend, indemnify and hold Hexagon Data harmless from and against any and all costs, damages, expenses and liabilities arising from any claim or action by any third party relating to any actual or alleged infringement of a third party’s intellectual property rights caused by the Customer Data.

UNSOLICITED IDEAS

Hexagon Data does not seek or accept unsolicited ideas, suggestions or materials relating to, among other things, the development, manufacture, marketing or processing of our products and services. Acceptance of these Terms avoids any misunderstanding of intellectual property with the public in general who submit comments or ideas concerning the products, services or concepts developed by Hexagon Data. Therefore, any unsolicited idea may be used at Hexagon Data’s discretion for any purpose, including commercial, without creating any relationship with the person submitting the idea or any right to compensation.

PLATFORM AVAILABILITY

Hexagon Data may block, interrupt, or restrict the use and access to the Platform when it deems necessary, as well as remove or cancel the Platform or any of its parts. The Users shall at all times have the right to remove their Profile form the Platform.

NON-COMPLIANCE

In the event of breach of any of the obligations under these Terms of Use and the applicable law, Hexagon Data at its discretion, may suspend access to the Platform, delete the User Profile and/or terminate the relationship between the parties. The foregoing, without waiving the legal actions available to Hexagon Data when any conduct of the User generates a loss or damage.

Any use of the Platform other than its normal use and destination is strictly prohibited. It is also prohibited to allow any third party other than its employees, partners, shareholders or staff, access and use the Platform. Similarly, it is strictly forbidden to resell access to the Platform.

VALIDITY

These Terms are effective from the date of their publication and continue to be as long as the Platform remains accessible to the public.

JURISDICTION

This Platform is controlled and operated by Hexagon Data from Mexico. Hexagon Data does not warrant, either expressly or implicitly, that the information and material contained in the Platform, including without limitation to information and other materials promoting the commercial activities, products or services described herein, are appropriate or available in other locations.

Mexican law shall govern these Terms and you expressly waive any protection by a jurisdiction that may apply by reason of your domicilie, present or future, and expressly submit to the jurisdiction and competence of the court of Mexico City to solve all matters related to these Terms.

DISCLAIMER OF WARRANTIES

Hexagon Data makes no warranty as to the services or levels of security provided by any supplier, including but not limited to Amazon Web Services. Consequently, the parties acknowledge that any malfunctioning of the Platform shall be governed exclusively by the terms of use, service levels and the stipulations of such supplier.

LIMITATION OF LIABILITY

Hexagon Data shall not be liable for any damages of any kind, including without limitation, special or consequential damages, arising out of the access or inability to access the Platform, as well as its use or information contained in the Platform.

Hexagon Data is under no obligation to update the Platform or the information contained herein, thereof shall not be liable for failure to update such information. Additionally, Hexagon Data is not responsible for the use of other Internet sites to which the User may have access through links included in the Platform. These links and other resources referred to are provided solely as a service to users of the “World Wide Web” and their inclusion in the Platform does not constitute an endorsement of, or affiliation with, Hexagon Data.

MODIFICATIONS AND UPDATES

We reserve the right to: (i) add or modify these Terms at any time, (ii) offer new services and/or products through the Platform, and (iii) update, change and/or substantially modify the Platform.

The new version will become effective on the date indicated at the beginning of these Terms. In the event we consider that there are substantial changes, we will notify you by posting a visible notice on our website or by any of the available means of communication. However, Hexagon Data constantly updates and makes innovations to improve the Platform that are considered ordinary events, in which case we will not give prior notice. Your continued use of the Platform is deemed to be your acceptance of such changes. We suggest constantly check these Terms during your use of the Platform.

OTHERS

If any term, condition or provision of these Terms of Use is void to be illegal, invalid, or for any reason unenforceable, the validity and enforceability of the remaining provisions shall not be affected or impaired. This document constitutes the entire agreement between the User and Hexagon Data.

January 1, 2023by Itzayana TlacuiloPrivacy

Privacy Notice short

At Hexagon Data Group we are committed to protect the interests of the data subject and to provide full transparency and clarity regarding the use we make of its data. We work to develop self-regulatory measures that serve as a reference of good practices in the interactive marketing and digital advertising industry. In other words, we want to create a culture of data processing, personal and non-personal, reflected on how we would like other companies to treat ours.

CONTROLLER

Hexagon Data Group is responsible for collecting and processing your personal data. The general address to hear and receive notices is Filadelfia 128, Int. 101, Colonia Nápoles, Alcaldía Benito Juárez, 03810, Mexico City, Mexico. At any time you can contact us by email at [email protected].

PROCESSING PURPOSES

Processing purposes	Purpose category
When you use our Website (e.g. visitors or Internet users)
The Website uses different types of cookies to automatically collect and store information about your usage in order to improve its performance and user experience. For more information, please read our Cookie Policy.	Necessary for our legal relationship.
When you contact us (e.g.: through forms on our website or by e-mail)
•Answer your questions •Offer a personalized product or service to each client •Personalize your experience •Provide technical support •To maintain communication	Necessary for our legal relationship.
When you create your user account (“Profile”)
•Create your profile within any of our platforms •Give access to your company’s dashboard	Necessary for our legal relationship.
When you share personal data for marketing purposes (e.g. by subscribing to our newsletter or by contacting us on social media)
•To establish a business connection (networking) •To send newsletters or other marketing communications •To respond to requests and keep ongoing communication •For direct marketing	Not necessary for our legal relationship.
When we process your job application
•To process and assess your job application •To consider you as a candidate for the position •To manage the employment relationship	Necessary for our legal relationship.
When we process personal data of our providers and partners
•Maintain contact •For the fulfillment of the applicable agreement •Issue invoice(s)	Necessary for our legal relationship.
When we process personal data of our customers
•Maintain contact •To provide our products and services •For the fulfillment of the applicable agreement •To offer new products and services •Issue invoice(s)	Necessary for our legal relationship.

FULL TEXT OF THE PRIVACY NOTICE

We only collect, use and process your personal data as provided and exclusively for the purposes indicated in our Privacy Notice. If you would like more information about the processing of your personal data, please refer to the comprehensive Privacy Notice

January 1, 2023by Itzayana TlacuiloPrivacy

Privacy Notice

Welcome!

We respect your privacy.

At Hexagon Data Group we are committed to protect the interests of the data subject and to provide full transparency and clarity regarding the processing of your data. We work to develop self-regulatory measures that serve as a reference of good practices in the interactive marketing and digital advertising industry. In this regard, we rely on the highest standards set by international leaders such as the General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”). In other words, we want to create a culture of data processing, personal and non-personal, reflected on how we would like other companies to treat ours.

When we refer to “Hexagon Data Group”, “we”, “us”, or the “Company”, we mean Hexagon Data, S.A.P.I. de C.V., a company incorporated in Mexico, Hexagon Data Colombia, S.A.S., a company incorporated in Colombia, Agradecemos Tu Pago, S.A.P.I. de C.V., a company incorporated in Mexico, and its affiliates, meaning any entity that directly or indirectly controls, is controlled by, or is under common control, that processes personal data in accordance with the terms of this Notice. The general address to hear and receive notices is Filadelfia 128, Int. 101, Colonia Nápoles, Alcaldía Benito Juárez, 03810, Mexico City, Mexico. If you access from Colombia, please review the specific section addressed below.

Through our business activities we process personal data as (a) Controller and (b) Processor.

a. Hexagon Data Group may process personal data of customers, users, providers, and persons who are in the process of entering into a contractual relationship with Hexagon Data Group. In these cases we act as the data Controller (also known as “data responsible”). The collected personal data will be processed in accordance with this Privacy Notice (the “Privacy Notice” or “Notice”).

b. While providing our products and services, we may process data on behalf of our customers who shall be responsible for obtaining consent and complying with applicable laws. In this case, Hexagon Data Group is the Processor and we process according to the instructions of the controller as well as to the provisions established in our Data Processing Addendums.

The intent of this Privacy Notice is to inform the privacy and data protection policies applicable to the processing of your personal data that we undertake as a Controller. We only collect, use and process your personal data as provided and exclusively for the purposes indicated herein. Please read carefully this Privacy Notice which we make available to you in compliance with the Federal Law on the Protection of Personal Data in Possession of Individuals, as well as other applicable laws (the “Law”).

DATA WE COLLECT AND ITS PURPOSE

When you use our Website (e.g. visitors or Internet users)

Type of personal data we collect	Processing purposes	Purpose category	Legal basis
Cookies to track your activity on our Website. For more information, please read the Cookie Policy	The Website uses different types of cookies to automatically collect and store information about your usage in order to improve its performance and user experience	These purposes give rise to and are necessary for our legal relationship. (Necessary purposes)	•Consent •Legitimate interest (for essential cookies)

When you contact us (e.g.: through forms on our website or by e-mail)

Type of personal data we collect	Processing purposes	Purpose category	Legal basis
•Full name •Company name •E-mail address •Telephone •Country of residence •Any other information you decide to share with us	•Answer your questions •Offer a personalized product or service to each client •Personalize your experience •Provide technical support •To maintain communication	These purposes give rise to and are necessary for our legal relationship.	•Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps prior to entering into a contract •Consent

When you create your user account (“Profile”)

Type of personal data we collect	Processing purposes	Purpose category	Legal basis
•Full name •Company name •E-mail address •Telephone •Sector which you belong to (e.g. publisher, advertiser, agency)	•Create your profile within any of our platforms •Give access to your company’s dashboard	These purposes give rise to and are necessary for our legal relationship.	•Processing is necessary for the fulfilment of the contract between the your company and Hexagon Data Group •Consent

When you share personal data for marketing purposes (e.g. by subscribing to our newsletter or by contacting us on social media)

Type of personal data we collect	Processing purposes	Purpose category	Legal basis
•Full name •E-mail address •Telephone	•To establish a business connection (networking) •To send newsletters or other marketing communications •To respond to requests and keep ongoing communication •For direct marketing	These purposes are secondary or accessory in our legal relationship.	•Consent

When we process your job application

Type of personal data we collect	Processing purposes	Purpose category	Legal basis
•Full name •E-mail address •Telephone •Resume (CV) •Any other information you decide to share with us	•To process and assess your job application •To consider you as a candidate for the position •To manage the employment relationship	These purposes give rise to and are necessary for our legal relationship.	•Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps prior to entering into a contract •Consent •Legitimate interest (to assess the candidate)

When we process personal data of our providers and partners

Type of personal data we collect	Processing purposes	Purpose category	Legal basis
•Full name •Company name •E-mail address •Telephone •Address •Financial information (when applicable) •Any other information you decide to share with us	•Maintain contact •For the fulfillment of the applicable agreement •Issue invoice(s)	These purposes give rise to and are necessary for our legal relationship.	•Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps prior to entering into a contract •Legitimate interest (related to the contractual relationship)

When we process personal data of our customers

Type of personal data we collect	Processing purposes	Purpose category	Legal basis
•Full name •Company name •E-mail address •Telephone •Address •Financial information (when applicable) •Any other information you decide to share with us	•Maintain contact •To provide our products and services •For the fulfillment of the applicable agreement •To offer new products and services •Issue invoice(s)	These purposes give rise to and are necessary for our legal relationship.	•Processing is necessary for the performance of a contract to which the data subject is party or in order to take steps prior to entering into a contract •Legitimate interest (related to the contractual relationship)

If you reside or are using the services in Mexico or in any territory governed by privacy laws under which “consent” is the only or most appropriate legal basis for processing personal data, your acceptance of this Privacy Notice will be deemed to be your consent to the processing of your personal data for the necessary purposes detailed in this Notice. You may revoke your consent at any time as provided in the Section entitled “MEANS TO EXERCISE YOUR RIGHTS”. We do not sell your personal information for the intents and purposes of the CCPA.

Provided your explicit consent we may send you notices and advertisements about new products and services, offers, events or information that we think you will find valuable. If you do not wish to receive such promotional information, click on the “Unsubscribe” link included in all the marketing emails and your request will be automatically received.

SENSITIVE PERSONAL DATA

The personal data considered sensitive is the one which affects the most intimate aspects of the data subject or whose improper use may give rise to discrimination against or entail a great risk. Sensitive data is considered one that may reveal aspects such as racial or ethnic origin, present and future health status, genetic information, religious, philosophical and moral beliefs, trade union membership, political opinions or sexual preference.

Hexagon Data Group does not collect nor process sensitive personal data.

TRANSFER OF PERSONAL DATA

We only transfer your personal data under the following cases:

We hire providers for support services necessary to fulfill our services (e.g. system administration and hosting, work management and expert advice among others). We may transfer your personal data to these providers. Hexagon Data Group holds a written contract with each provider that includes contractual clauses no less protective than those described herein. We hire recognized, market-leading companies that implement high level security measures for the protection of your personal data.

According with the Law, the transfer of data does notrequire consent in the following cases:
- when the transfer is required by the Law or an applicable International Treaty;
- when the transfer is made to holding companies, subsidiaries or affiliates under the common control of the Controller, or to a parent company or any company in the same group of the Controller operating under the same internal processes and policies;
- when the transfer is necessary by virtue of a contract entered into or to be entered into in the interest of the data subject, by the Controller and a Third Party;
- when the transfer is necessary or legally required for the safeguard of a public interest, or for the procurement or administration of justice;
- when the transfer is necessary for the recognition, exercise or defense of a right in legal proceedings; and
- when the transfer is necessary for the maintenance or fulfillment of a legal relationship between the Controller and the data subject.

INTERNATIONAL TRANSFERS AND DATA LOCATION

Your personal data may be collected, transferred and stored by Hexagon Data Group and our providers in Colombia, Mexico, Spain, the United States of America and other locations, as necessary for the proper execution and delivery of our services or as required by applicable laws. Although privacy laws may vary between jurisdictions, Hexagon Data Group is committed to protect personal data in accordance with this Privacy Notice, customary industry standards and contractual terms that secure adequate protection of data, regardless of any lesser legal requirements that may apply in the jurisdiction to which such data is transferred.

DATA RETENTION

We retain personal data for as long as is necessary to fulfill our legal and contractual obligations or in compliance with the blocking period provided by law. After the retention period has expired, we will delete your personal data and, when possible and prior request, we will return it.

MEANS TO EXERCISE YOUR RIGHTS

You may limit or revoke the use, disclosure or consent to the processing of your personal data at any time. When the limitation interferes with the hired service, the processing will continue as authorized until the termination of the service. At any time you may access, rectify, cancel or oppose the use of your personal data (exercise your ARCO Rights). To exercise your rights, please send a request to the email [email protected], that belongs to the area in charge of personal data within Hexagon Data Group. Such request must include the following:

name of the data subject and address or other means the respond to your request;
the documents that prove your identity or the legal representation of the data subject;
a clear and precise description of the personal data on which you wish to exercise the ARCO Rights;
any other document that assists the location of the personal data; and
in case of rectification, the documentation that supports your request.

We will inform you of the decision taken within a maximum of 20 (twenty) working days from the date we receive the request. If applicable, we will make it effective within a period of 15 (fifteen) working days from the date we communicate the answer. Under justified circumstances, the above-mentioned deadlines may be extended by equal periods.

CHANGES TO THE PRIVACY NOTICE

We are constantly trying to improve our services, so we reserve the right to change and update this Privacy Notice. The new version will be effective on the date indicated at the beginning of this Notice. In the event we consider that there are substantial changes, we will notify you by posting a visible notice on our website or by any of the available means of communication. As the effective date it will be deemed to be accepted by you. We suggest constantly review our website during the term of our relationship.

USE OF COOKIES AND OTHER TRACKING TECHNOLOGIES

Our website uses cookies, anonymous identifiers, tags and other technologies to provide our services, ensure they function properly, analyze our performance, carry marketing activities and to personalize your experience. For more information, see our Cookie Policy.

DATA SECURITY

Hexagon Data Group implements appropriate technical and organizational measures to protect the security, confidentiality and integrity of your personal data. We establish and maintain administrative, technical and physical security measures to protect personal data against damage, loss, alteration, destruction or unauthorized use, access or processing. We do not adopt security measures less protective than those that we maintain for the handling of our information.

Security measures include: (a) anonymization and/or pseudonymization of personal data, to the possible extent; (b) we protect the security of your information during transfer to and from Hexagon Data Group websites, APIs, applications, products or services through the use of encryption software and protocols; (c) we create specific access keys for each actor involved in data processing; (d) we adopt internal measures for collaborators who handle data; (e) we make sure that our providers comply with the highest standards of data security and privacy, in accordance with applicable Laws; and (f) we make sure that the contracts held with the Processors include clauses that clearly establish their duty to guarantee the security and privacy of the personal data.

ADDITIONAL NOTICES

CHILDREN

At Hexagon Data Group, we do not collect personal data from children under the age of 18 years. If you are a minor and for any reason you gave us such information, upon learning thereof, we will immediately delete your personal data. If you believe that personal data about a minor may be within our records, please contact us by email at [email protected].

DATA PROTECTION OFFICER (GDPR)

Itzayana Tlacuilo has been appointed by the company to supervise how we process personal data, as well as to inform and advise the employees about their obligations regarding data protection. To contact her please send an email to [email protected].

ADDITIONAL INFORMATION FOR COLOMBIA

If you reside in Colombia and/or have a business relationship with Hexagon Data Group in Colombia, we indicate as our address to hear and receive notifications related to this Notice, the one located at 98 # 22-64 P 12, Bogotá D.C., Colombia; telephone +57 3123403064.

We undertake to act under the legal guidelines and as provided by the applicable rules, in particular the Law 1581 of 2012, the Decree 1377 of 2013 and other rules that modify, supplement or repeal them, relating to the processing of personal data carried out in Colombian territory or when the Controller or Processor not established in national territory is subject to Colombian law under international standards and treaties.

In addition to the rights mentioned in the section “MEANS TO EXERCISE YOUR RIGHTS”, the data subject may request proof of the authorization granted to the Data Controller, except when expressly exempted as a requirement for the Processing. Therefore, Hexagon Data Group requests that the owners give their express consent, through any means, before sharing their data with the Company. We are committed to put at your disposal different mechanisms to make this right effective, however, if the data subjects do not give their explicit consent and still make available their personal data, then they release Hexagon Data Group from this requirement.

January 1, 2023by Itzayana TlacuiloPrivacy

Cookie Policy

This site uses different types of cookies and similar technologies to automatically collect and store information about the use of the web site in order to improve its performance and your user experience. We use the general term “cookies” to refer to all technologies that automatically collect information when you use the site https://www.hexagondata.com/, all pages included (our “Website”).

If you do not accept the use of cookies, please disable them by following the instructions described in this policy. You may change or revoke your consent to the use of cookies at any time.

For more information about who we are and how we treat your personal data, please read our Privacy Notice.

COOKIES

Cookies are small files that are stored in the browser of your device to save certain information. We use two categories of cookies: “First Party Cookies” set by us on your device to remember your information the next time you visit our Website and “Third Party Cookies” that belong to another website but are placed on our Website for analytics purposes.

Hexagon Data Group maintains full control of the data collected through First Party Cookies by storing the data on servers owned and controlled by Hexagon Data Group. The data is not shared with any other company for sale, market research or commercial purposes.

The cookies can remain on your computer or mobile device for different periods of time. Some cookies are “session cookies”, which means they only exist while the browser is open and are automatically deleted once you close the browser. Other cookies are “persistent cookies”, which means they remain after you close your browser and can be used to recognize your computer when you open the browser and surf on the Internet.

TYPE OF COOKIES AND THEIR PURPOSE

Necessary Cookies

These cookies make the website usable by enabling basic functions such as page navigation and access to secure areas. The website cannot function properly without these cookies and they cannot be disabled on our systems. These cookies do not store personally identifiable information.

Name	Provider	Purpose	Expiry
OptanonAlertBoxClosed	Hexagon Data	This cookie is set by OneTrust after visitors have seen a cookie notice. It enables the website not to show the message more than once to a user. It contains no personal information.	1 year
OptanonConsent	Hexagon Data	This cookie is set by OneTrust to store information about the categories of cookies the site uses and whether visitors have given or withdrawn consent. It contains no information that can identify the site visitor.	1 year

Performance Cookies

These cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

Name	Provider	Purpose	Expiry
__hssc	Hexagon Data	Used to recognise the visitor’s browser upon reentry on the website.	1 day
__hssrc	Hexagon Data	This cookie name is associated with websites created on the HubSpot platform. Used to recognise the visitor’s browser upon reentry on the website.	Session
__hstc	Hexagon Data	Sets a unique ID for the session. This allows the website to obtain data on visitor behaviour for statistical purposes.	390 days
AWSALBCORS	hexagondata.us-5.evergage.com / trinitymedia.ai	This cookie is managed by AWS and is used for load balancing.	7 days
AWSALB	hexagondata.us-5.evergage.com / trinitymedia.ai	AWS ELB application load balancer.	7 days
_ga	Hexagon Data	Registers a unique ID that is used to generate statistical data on how the visitor uses the website.	2 years
_ga_VYLFRPGG9Z	Hexagon Data	Registers a unique ID that is used to generate statistical data on how the visitor uses the website.	729 days

Funcionality Cookies

These cookies allow the website to remember information that changes the way the site behaves or looks, such as your preferred language. These cookies allow the site to offer better functionality and personalization.

Name	Provider	Purpose	Expiry
hubspotutk	Hexagon Data	Sets a unique ID for the session.	390 days
pll_language	Hexagon Data	This cookie is used to determine the preferred language of the visitor and sets the language accordingly on the website, if possible.	1 year

Targeting Cookies

These cookies are placed by our advertising partners. They are used to create a profile of your interests and show you relevant ads on other sites. They do not store personal information directly, but are based on the unique identification of your browser and Internet access device. At the moment we do not have these types of cookies; this may change at any time.

Other

Unclassified cookies are cookies that we are in the process of classifying. At the moment we do not have these types of cookies; this may change at any time.

COOKIES SETTINGS

At any time you can allow, block or delete the cookies installed on your computer by modifying the setting of the browser installed on your computer:

We may continue to use the information collected before you update your cookies preferences; however, we will stop collecting more information from the moment you change the settings.

When disabling the cookies you will still be able to browse the Website. However, the use of some of its services may be limited and our Website may experience some functional restrictions therefore your browsing experience may be less satisfactory.

“Do not track” option

The “Do not track” option, upon request to Internet browsers, allows visitors to prevent websites from tracking their online activity. However, these features are not yet uniform and there is no universally accepted regulatory standard. We do not track users through third-party websites, so we do not undertake to respond to “Do not track” signals.

CHANGES TO THE COOKIES POLICY

We try to improve our services constantly, so we reserve the right to change and/or update this Cookie Policy. We may modify it when required by law or when there is a variation in the cookies used on the Website. The new version will take effect on the date indicated at the beginning of this Cookie Policy. We recommend reviewing this policy periodically.

CONTACT

If you have any questions about this Cookie Policy, or about privacy issues in general, please contact us by email at [email protected].

January 1, 2023by Itzayana TlacuiloCompliance

Responsible Business Policy

Declaration

Here we establish our intentions, which materialize through individual and collective actions that define our company. We are the sum of team work, which is why we are accountable for creating a diverse, inclusive, creative, intelligent, responsible and friendly work environment to grow as professionals and individuals, being proud of what we have built.

We care as much about what we do as how we do it. We want to exceed our goals, but not at every cost. Our ethics, the wellbeing of our team and our social responsibility must have a significant value in all the decisions that we take.A good exercise to keep us on track is to take a long-term view and apply it to our relationships at work, with our customers and our ecosystem. Starting from long-term thinking grounds us in our communications, our work as consultants and keeps us aware of the impact that our behaviors and especially our actions have.

Hexagon Data Group is dedicated to improve the interactions between Customers/ Consumers and Brands / Companies, through the proper usage of information and Artificial Intelligence, Marketing and Advertising technologies. We humanize the experience that people have with different brands. This means that we use the data to create long-term relationships between people and brands, generating conversations with context and relevance.

In line with this idea, or mission, the main skills that we want to measure and develop are: Be Hexpert, Be Hexcellent, Be Hextraordinary.

Be Hexpert: To become experts we must keep a hunger for knowledge. Experts have strong foundations in their domain area, mixed with their own working experience and solutions to multiple problems related to their area of knowledge. An expert is curious, likes to try different approaches and learn, they do not wait for everything to be solved for them.

Be Hexcellent: Excellence is a broad concept, but it comes from the desire to be better every day and to know that we are doing everything we can to satisfy our customers, such as delivering and finishing on time. To be excellent at work we have to exceed the expectations of the customers, therefore it is essential to know what they are expecting from us.

Be Hextraordinary: Being extraordinary is about awareness of the impact we have, not only for our customers but also with our work team. It is sharing knowledge, being proactive, positive and finding ways to solve all kinds of obstacles. Delivering is good, but being extraordinary is even better!

Finally, one of our core values is “Create more value than you capture” by Tim O’reilly. If we perform under this mantra we will be sure that we 1) understand what has value for the people we work with; and 2.) are willing to deliver what we know is expected and give an extra. The best way to always give value is to be experts, excellents and extraordinaries.

Welcome to Hexagon Data Group!

WE ARE HEXAGON DATA

We want to create strong personal, professional and business bonds that contribute positively to each other’s lives. Therefore we work to have a positive impact on our community, including our customers and collaborators, and at the same time we encourage a culture of environmental awareness within the company. Humanize Brand Experiences. This Responsible Business Policy (“Policy”) is written to share our principles and values. We consider that the commitment must be mutual: let us work together for an excellent business environment!

We undertake to make every possible effort to meet and exceed the expectations of our services, which address the needs of customers, users and suppliers. We want the companies that hire us to have successful data management that grows their business. Similarly, we want to do business with people who share our principles and values aimed at responsible business conduct.

Communication is paramount to any human relationship, so from our side it will be clear, direct and continuous. We are interested in your opinion and we believe that any doubt or suggestion is very valuable. It is also important to remember the “art of giving and receiving”. We encourage you to have the confidence to open the channel of communication.

This Policy applies to Hexagon Data Group, its customers, suppliers and any third party with whom it has or is in the process of having a business relationship. When we refer to “Hexagon Data Group” or “our company” we mean Hexagon Data, S.A.P.I. de C.V., Hexagon Data Colombia, S.A.S., Agradecemos Tu Pago, S.A.P.I. de C.V., and its affiliates, meaning any entity that directly or indirectly controls, is controlled by, or is under common control. We invite you to read this Policy carefully and commit to it!

Mission

Hexagon Data Group’s mission is to make consumer data the foundation of great experiences.

Vision

Our vision is to be a benchmark company with the best practices in consumer data that provides transparency to the entire marketing value chain. We want to improve the results of advertising investment in every channel and enable the delivery of quality content, both with a truly user-focused experience.

Values

At Hexagon Data Group these values are the cornerstones of our people and company. We believe that all of our activities must be guided by these values in order to create strong personal and professional bonds.

a. Respect

We listen before we speak. No one is more or less important than anyone. We respect different points of view, sexual orientation, cultural, racial and social differences. Being respectful also includes doing things right, being well-intentioned, being on time (respecting other’s time), completing tasks and expressing ourselves correctly towards the team members and our customers.

Treat others as you would like to be treated. Given the volume and type of data we work with, we must always bear in mind the respect for privacy.

b. Responsibility and honesty

We are responsible and honest with our work. We are transparent and we never disguise reality. Honesty is part of our culture, so we must have the ability and peace of mind to act honestly. That includes expressing ourselves in a direct but always well-intentioned way.

c. Dynamism and flexibility

We are flexible but focused. There is always something we can improve on. We like to make things happen instead of waiting for them. We must be able to adapt to the business needs as individuals, team and company.

d. Trust

We are in the business of trust. We understand that trust is earned every day and lost in a single action. Our customers require a company that they can trust to reach their goals and expand their knowledge. When we make decisions on their behalf, they must always have the peace of mind of knowing that we are acting in the best of their interests including those in the long term. Their interests go beyond ours.

We create a work environment in which we all trust each other. Besides counting on everyone personally, professionally we must rely on each other’s intellectual capacity and commitment.

e. Customer focus

We are customer-oriented. We lead by example with intelligence, discipline and focus. Sharing knowledge makes us grow. The more we know, the more value we have.

f. Social responsibility

We are a company that cares for the welfare and future of our community. We actively contribute to economic, social and environmental development to preserve the environment and the sustainability of future generations.

g. Adaptability

We are aware that we live in a globalized world where technology plays an important role. We have the capability to adapt to changes and new circumstances in an effective and efficient way

WE RESPECT PEOPLE AND THE PLANET

NON-DISCRIMINATION

At Hexagon Data Group we do not accept any form of discrimination on any grounds. We are against discrimination and harassment. We base our actions in non-discrimination and equal opportunity principles without distinction as to race, color, gender, sexual orientation, religion, national or social origin, political opinion, age or disability. We treat people equally and fairly, are inclusive and respectful, and do not harass or bully.

ANTI-HARASSMENT POLICY

Any kind of harassment or bullying is prohibited, meaning any unwanted or non-reciprocated comments, gestures, actions, suggestion, symbols and/or physical contact. For example, those related to personal, sexual and work harassment, including those acts that could be considered as denigrating, humiliating, intimidating, mistreatment and threats of physical, verbal or psychological nature.

EQUAL EMPLOYMENT OPPORTUNITIES

At Hexagon Data Group equal opportunity is one of the company’s core values. We have a diverse work environment that is open to different opinions and ideas. Therefore, we encourage the professional development of all team members that, in turn, results in creating greater value for the customer.

NO CHILD LABOUR AND FORCED LABOUR

We have a policy of zero tolerance for child labour and forced labour. At Hexagon Data Group we recognize and protect the rights of children in accordance with current legislation as well as the United Nations “International Bill of Human Rights” and the standards on child labour set by the International Labour Organization.

Forced labour is work done against someone’s will and/or without due remuneration. We duly compensate each worker, as well as recognize and protect each worker’s rights.

ENVIRONMENT

Together we take care of the planet!

We strive to reduce our negative impact on the environment. In our physical offices we have guidelines that aim to minimize the environmental impact, such as recycling measures, garbage separation, avoiding single-use plastics, promoting the use of mugs, reusable packaging and sustainable materiales, and prioritizing energy saving. As for the home office, we invite all the team to continue with these measures from their homes.

We have an ongoing program called Green Frontier through which we generate a forum for discussion, learning and promotion of sustainable environmental practices aimed at reducing our footprint and contributing to the mitigation of the environmental crisis we are living through. We hope that every member of Hexagon Data Group will do their bit for the environment.

WE PURSUE BUSINESS EXCELLENCE

We respect national laws, regulations and standards, as well as applicable international legislation. We adopt best practices and proactively join the global trend of personal data protection based on the General Data Protection Regulation (“GDPR”) and the California Consumer Privacy Act (“CCPA”).

FAIR COMPETITION

We stand for free competition and applaud fair competition!

Our mission is to be leaders in managing and optimizing consumer data to improve the experience and results of advertising investment, always in compliance with competition laws. In the marketing industry it is of paramount importance to promote transparency on marketing campaigns and market segmentation to respect the user’s privacy while preserving transparency with the customer.

At Hexagon Data Group we compete fairly without adopting aggressive practices to obtain a dishonest advantage over our competitors. Even further, we are committed to both our clients and their consumers. We promote data management with respect to the people, bearing in mind the protection of the user’s data.

INTERNATIONAL TRADE

We undertake to conduct business in accordance with the international laws and regulations applicable to the place where the business is held. This includes compliance with all export control restrictions, embargoes and economic sanctions, anti-boycott, customs, product/country of origin marking and other trade controls in place wherever we do business. We comply with U.S., Canadian, European Union and United Nations regulations.

RULES AGAINST CORRUPTION

At Hexagon Data Group we carry out legal activities and promote an ethical culture amongst all the involved participants. We extend these measures to all individuals and companies with whom we have any kind of commercial and/or business relationship. Please read carefully the following rules that are essential to prevent corruption.

No bribery

We do not allow any kind of bribery at any time. At Hexagon Data Group we do not offer, promise, deliver, authorize, solicit or accept any improper advantage, financial or otherwise, related to the entire business and within our internal and external relationships. As a company, we do not engage in these types of activities nor do we tolerate our team doing so.

Bribery is specifically prohibited in relation to government officials, whether international, national or local, as well as political parties, party officials or candidates for political office and in relation to directors, officers or employees of our customers, suppliers and/or interested third parties. Especially if it is related to a project assignment.

Prevention of money laundering and financing of terrorism

We only do business with individuals, entities and companies that are in compliance with their tax obligations. We do not facilitate operations with resources of illegal origin (money laundering), financing of terrorism and other activities of ilegal origin. In addition, we do not do business with persons, entities and companies that are linked or subject to legal proceedings for committing these crimes.

CONFLICT OF INTEREST

We avoid conflicts between commercial and personal interests. At Hexagon Data Group, each member has the responsibility of taking decisions in the best interest of the company and/or the business relationship. A conflict of interest may arise when a customer or supplier works with a family member, friend or acquaintance at Hexagon Data Group and that fact may be in detriment to the business relationship between the companies.

If a conflict of interest could or seems to exist, we ask for transparency and communication of the situation to determine the appropriate measures. On our account, if we are aware of an interest in detriment of the company, customers and/or suppliers, we will immediately inform you.

HEALTHY RELATIONSHIPS

WORK TEAM

All members of Hexagon Data Group have a key position in the company. As a team we materialize the objectives and projections we have planned for Hexagon Data Group. Together we can make sure that the data generates social and environmental impact, as well as creates real value and economic growth.

We are a company that seeks the comprehensive development of its participants and encourages proactive and result-based work, sometimes through financial compensation. We want them to have a satisfactory experience of personal and professional growth. The objective is to create an optimal work environment for the whole team; in this sense, the following measures are adopted:

Everyone has an employment contract, in accordance with the law.

Everyone is treated with respect and dignity. We follow a non-discrimination policy while hiring and throughout the entire relationship.
Each worker is compensated financially for their work. We do not engage in forced labour or slavery for any reason.
We do not employ minors.

For Hexagon Data Group its team is of utmost importance. We do not tolerate any disrespect or mistreatment directed at any member of the team. Individual principles and values are a priority. If a third party commits a fault in this regard, the relationship with Hexagon Data Group may be affected.

OUR COMPANY

INTELLECTUAL PROPERTY

We are committed to respect and ensure the protection of intellectual property of our customers, suppliers and/or interested third parties, available to us, licensed and/or of which we have knowledge within the contractual relationship and/or business.

At Hexagon Data Group our work is protected by intellectual property rights that apply, without limitation, to our trademarks, logos, image, products, trade secrets, software, know-how, confidential information and innovations, as well as any developments, algorithms, models, lines of code made within Hexagon Data Group. They are part of our most important assets as they represent a competitive advantage and build our reputation.

During your relationship with Hexagon Data Group, you may be subject to measures to protect our intellectual property. We ask you to respect the intellectual property rights of others as well. For more information please contact our Legal Affairs area.

PRIVACY AND DATA PROTECTION

At Hexagon Data Group we are committed to protect the interests of the data subject and to provide full transparency and clarity regarding the use we make of their data. Besides complying with applicable laws, we work to develop self-regulatory measures that serve as a reference of good practices in the interactive marketing and digital advertising industry. In this regard, we rely on the highest standards set by international leaders such as the GDPR and the CCPA. In other words, we want to create a culture of data processing, personal and non-personal, reflected on how we would like other companies to treat ours.

We protect personal data and privacy of our customers, consumers, users, suppliers, work team and interested third parties. Our Privacy Notice explains how we process personal data.

Internal measures for data protection

The protection of your data is taken seriously. By the nature of our business we may have access to our customers and their users’ data. Our commitment is to look after the interests of all stakeholders. To these means the Hexagon Data Group team is subject to various Security Policies.

CONFIDENTIAL INFORMATION

Given the commercial activities, we are constantly in contact with confidential information both internal and external. Therefore, we keep every information shared with us strictly confidential, except as provided by applicable law. At the same time, we ask for the same level of commitment.

Confidential information may include, but is not limited to, ideas, formulas, databases, standards, articles, studies, brochures, publications, manuals, systems, procedures, reports, technical reports, minutes, know-how, trade secrets, patents, copyrights, software, licenses, data, inventions, algorithms, techniques, processes, marketing plans and projects, advertising, strategies, forecasts, confidential information of third parties, or any other information whether technical, economic, or business related.

FINANCIAL STATEMENTS

The accounts, books, records and financial statements faithfully reflect all transactions made on behalf of the company and comply with the requirements of applicable regulations. Expenses must be supported at all times. Any distortion of the nature of any transaction or document misrepresentation is prohibited. We keep the documents according to the applicable regulations. In the same sense of honesty, this information should never be made-up or modified for the benefit of the company. It is what it is.

BREACHES TO THIS POLICY

At Hexagon Data Group we trust all the people and companies we do business with. We believe that if we sustain a relationship is because we share the same ethical principles and values. However, it is important to mention that in the event of committing a fault, the same will be evaluated and the consequences may vary in relation to its severity.

If you are subject of, observe or are aware of any conduct that is contrary to the provisions herein, please contact the CFO. She can be reached out at any time at [email protected]. It is everyone’s responsibility to respect and follow the conducts referred to in this Policy.

The CFO will be the first point of contact who will investigate the event, consider the necessary confidentiality measures and analyze the seriousness of the event. Together with the Directors, she will proceed to issue a resolution and take the appropriate measures. We undertake to investigate objectively, responsibly, immediately and thoroughly such events. At all times, the confidentiality of all involved parties will be maintained.

Hexagon Data Group reserves the right to determine the applicable consequence to the conduct that is contrary to this Policy and applicable laws. Notwithstanding the foregoing, in the event that the misconduct constitutes a criminal act, it will be referred to the relevant authorities and Hexagon Data Group will follow their decision.

You can always approach the responsible of the Legal Affairs area for any concerns regarding this Policy. Please send an email to [email protected].

Together we create more value than we capture!

I want to...

Definitions

Clauses

1 Personal Data Processing

2. Data Subject’s rights

3. Hexagon Data Group’s employees

4. Sub-processors

5. Security

6. Data transfer

7. Data deletion

8. Additional information for specific jurisdictions

9 Miscellaneous

Annex A

Processing Details

Annex B

Sub-Processors

Definitions

Clauses

1 Personal Data Processing

2 Data Subject’s rights

3 Hexagon Data Group’s employees

4 Sub-processors

5 Security

6 Data transfer

7 Data deletion

8 Additional information for specific jurisdictions

9 Miscellaneous

Annex A

Processing Details

1.1. Nature of the processing

1.2. Purpose of processing

1.3. Processing Duration

1.4. Types of Personal Data

1.5. Categories of Data Subjects

1.6. Sensitive Personal Data

Annex B

Sub-Processors

WELCOME TO HEXAGON MATCH!

DISCLOSURES

THE SERVICES

LICENSE

REGISTRATION PROCESS

PROFILE CREATION AND DASHBOARD ACCESS

LEAD AD PRODUCT

USE RESTRICTIONS

DATA VERIFICATION

THIRD PARTY INFORMATION

CONFIDENTIAL INFORMATION

PERSONAL DATA PROTECTION AND PRIVACY

DATA SECURITY

GUARANTEES

TECHNICAL SUPPORT

INTELECTUAL PROPERTY

CUSTOMER DATA

UNSOLICITED IDEAS

PLATFORM AVAILABILITY

NON-COMPLIANCE

VALIDITY

JURISDICTION

DISCLAIMER OF WARRANTIES

LIMITATION OF LIABILITY

MODIFICATIONS AND UPDATES

OTHERS

CONTROLLER

PROCESSING PURPOSES

FULL TEXT OF THE PRIVACY NOTICE

Welcome!

DATA WE COLLECT AND ITS PURPOSE

SENSITIVE PERSONAL DATA

TRANSFER OF PERSONAL DATA

INTERNATIONAL TRANSFERS AND DATA LOCATION

DATA RETENTION

MEANS TO EXERCISE YOUR RIGHTS

CHANGES TO THE PRIVACY NOTICE

USE OF COOKIES AND OTHER TRACKING TECHNOLOGIES

DATA SECURITY

ADDITIONAL NOTICES

CHILDREN

DATA PROTECTION OFFICER (GDPR)

ADDITIONAL INFORMATION FOR COLOMBIA