Privacy Notice

In accordance with the provisions of the Federal Law on the Protection of Personal Data held by Individuals, its regulations, and the guidelines of the Privacy Notice, we inform you that Xpinnit Company, S.A.P.I. de C.V., (hereinafter Xpinnit), known for its platform called “Task Manager”, which can be accessed from its website www.xpinnit.com, www.xpinnit.com.mx, www.xpinnit.mx, as well as the mobile application or APP of “Xpinnit”, all located at Franz Peter Schuber, number 5250, colonia La Estancia, C.P. 45030, Zapopan, Jalisco, with e-mail contacto@xpinnit.com and stating that in the same address you can hear and receive notifications, is responsible for the personal data collected, in terms of use, security and confidentiality to be given to them, under the following details:

PERSONAL DETAILS

First: List of data. The personal data that will be processed are as follows:

1. Name (s)
2. Surname
3. Telephones
4. E-mail address
5. Billing information
6. Credit card information

In addition, the Facebook Profile can be used, and photographs and other information of the different users can even be stored at the user’s discretion. Therefore, in order to prevent any interpretation of article 16, last paragraph, of the Law and article 20, section III, and twenty-third of the Guidelines, Xpinnit considers stored photographs as sensitive personal data in relation to accessory purposes.

Second: Purpose and origin of the legal relationship. The purpose of the processing of the data that give rise to the legal relationship between Xpinnit and the Data Controller (also known as the user or software licensee), both on the platform of its website www.xpinnit.com as in the APP, is only for storage, since it is obtained through the rental of software use license for the user to enjoy the service of the software to manage tasks, projects, meetings, and activities of users who want to manage themselves better and be more productive according to the objectives of the Holder.

Third. Accessory purposes. Once the service has been contracted through its website www.xpinnit.com or its APP platform, Xpinnit has no control over, or responsibility for, the information other than that requested in the first point, since the entry of the stored information, its administration, and other changes are made by the user himself. In this way it is established that the only purpose that gives rise to the legal relationship between Xpinnit and the user is the rental of the software license and for which it requests the personal data indicated, however, the user may contract existing versions of Xpinnit software whose secondary purpose is to offer advertising between the different software licensees or third parties.

Another accessory purpose may be provided through the software as a tool for instilling productivity among different users, so the licensee at his discretion will establish objectives that are reached by the end user, the scheduled advertising or awards will be received only by the end user.

Finally, as an accessory purpose, it will also be used to make known and provide the software and services you have requested, to send you information that the Xpinnit team considers important to you, and to evaluate the quality of the service that Xpinnit provides you.

ELECTRONIC TRADING

Fourth. The procedure for electronic sales and purchases. Xpinnit displays electronically (website under the domain www.xpinnit.com or APP) its catalog of products that provide the services indicated, so that the direct user can choose the categories and prices, in relation to the terms and conditions displayed in the same source. Xpinnit will be able to provide you with a button to make payment on this platform, for which it also requests billing and transfer details, or payment by credit card, debit card, cash payment by reference at OXXO, payment by electronic transfer. Xpinnit provides a reference number under the conditions chosen in the same system. (Pay U)

DATA SECURITY AND BACKUP

Fifth. Security and privacy. Xpinnit uses virtual servers contracted on the Amazon Web Services (AWS) platform through its authorized distributor for Mexico CompuCloud, which provides us with scalable IT infrastructure services (cloud computing).

The technology platform is secure and long-lasting as it is certified and audited by industry recognised organisations such as PCI DSS Level 1, ISO 27001, FISMA Moderate, FedRAMP, HIPAA and SOC 1 (previously known as SAS 70 and/or SSAE 16) and SOC 2 audit reports. Services and data centres have multiple layers of operational and physical security to ensure the security of their data.

Network firewalls are integrated into AWS WAF allowing Xpinnit to have a private network and control access to instances and applications used securely. Encryption in transit with TLS is used for all services offered by Xpinnit through its website and APP, for which SSL/TLS certificates are available for these applications. In addition, resilience to distributed denial-of-service (DDoS) attacks is provided.

With respect to the original purpose and accessories, Xpinnit has reasonable administrative, logistical, physical and managerial measures in place to protect our customers’ information against loss, theft and unauthorized access, use and modification. Unfortunately, no security system is 100% secure, so Xpinnit cannot guarantee the absolute security of your information. Therefore, later in this notice, the measures available to the user to make use of his or her constitutional ARCO rights will be indicated.

If necessary, Xpinnit may share the user’s personal data with other users of contracted services and when it deems it appropriate with third parties for the performance of activities related to Xpinnit’s products and services.

In terms of the law of the matter, Xpinnit may disclose the personal data that such legislation and related data require, or the competent authorities in terms of the applicable legislation. In short, Xpinnit does not transfer your personal data without your consent, except for the exceptions provided for in Article 37 of the LFPDPPP.

Sixth. Limit use or disclosure of personal data. At Xpinnit, the customer may limit the use or disclosure of personal data, as well as the possibility of requesting the cancellation of messages, for which the procedure consists of sending their request via e-mail to contacto@xpinnit.com

USE OF COOKIES

Seventh. Use of cookies. When you access the Xpinnit website, files called cookies are generated, which contain information that is sent to your computer and used to obtain your personal data, which is stored on your computer’s hard drive. Most cookies expire after a certain period of time. In this sense, the user can erase the cookies at any time he wishes or request his Internet browser to notify him when he receives a cookie so that he can accept or reject it.

However, even in the case of ancillary purposes, the user may “unlogin” from Xpinnit’s blog or other services in order not to receive information or to be contacted by distributors or other suppliers.

LICENCE FEES

Eighth. Means to exercise the rights of access, rectification, cancellation or opposition (ARCO rights).

The customer or his legal representative may send an e-mail to contacto@xpinnit.com at any time exercising their rights of access, rectification, cancellation or opposition (hereinafter “ARCO Rights”). In order to exercise ARCO Rights, the Holder or legal representative must submit the application, identifying him/herself with the following documentation:

• Name of the Holder.

• Registered Address.

• Documents that prove your identity (credentials from the Federal Electoral Institute or the National Electoral Institute, Passport).

• Precise description of the data concerning which you are seeking to exercise any of the ARCO Rights.

If the corresponding documents are not attached or if there are errors or omissions in the application within 3 (three) business days following receipt of the application, Xpinnit will require that you provide the necessary documents to process the application and the Holder will have 5 (five) business days to resolve the application. If no reply is received within this period, the application shall be deemed not to have been lodged.

Ninth. Mechanisms to revoke consent. In the event that the customer wishes to express his or her refusal to process his/her personal data for accessory purposes, he/she may do so within the 5 calendar days following the date on which he/she shared his/her data on the Xpinnit platform, by writing to the following e-mail address: contacto@xpinnit.com. However, by denying the data, it is understood that the receipt of the software and services from Xpinnit is rejected, and therefore the user will act in accordance with its terms and conditions of use and license to use the software.

CONTACT

Tenth. Updating of Privacy Notice. Privacy notice updated March 28, 2018. Each update or change to the privacy notice will be posted here and the date of the new update will be indicated.

Eleventh Grade. Questions, comments and notifications. We would like to inform you that for any doubt, comment, notification and/or complaint regarding the handling of your personal data, please contact us at contacto@xpinnit.com.