Last updated: APRIL 08, 2024

This Privacy and Personal Data Processing Policy (hereinafter referred to as the “Policy”) states the procedure by which GUALET SpA, a joint-stock company incorporated under the laws of the Republic of Chile, domiciled for these purposes at Calle Badajoz Nº 100, Office 820, Las Condes, Santiago de Chile, Metropolitan Region (hereinafter also referred to as “BRANDLEX”) collects, uses, maintains and discloses information collected from third parties (hereinafter referred to as the “USERS”), in compliance with the personal data protection regulations that are regulated in Chile in different legal bodies such as Law No. 19,628 of 1999 on the Protection of Privacy, the provisions of Article 19 No. 4 of the Political Constitution of the Republic, and Law No. 20,575 that Establishes the Principle of Purpose in the Processing of Personal Data.

1. BRANDLEX LIABILITY FOR THE USE OF USERS DATA:

BRANDLEX will adopt all the necessary security measures to guarantee the confidentiality of the data collected from USERS by any of the mechanisms described in the following paragraph. For the purposes of this Policy, USERS shall be understood as persons who voluntarily register on any of its BRANDLEX AI LABS software platforms (hereinafter also referred to as “SaaS”) or on the BRANDLEX https://www.brand-lex.com website through the forms specially established for this purpose. On the other hand, “VISITORS” will be understood as those persons who freely access the information available on the BRANDLEX website without the need to register in advance. The data provided by the USERS will be managed exclusively by BRANDLEX, avoiding improper use, alteration, or delivery to third parties. Notwithstanding the foregoing, BRANDLEX shall not be held responsible for the use that third parties may make of the personal data provided by their owners in spaces open to the public, such as social networks, forums or other similar spaces.

2. COLLECTION OF USERS PERSONAL INFORMATION:

2.1 Information that USERS provide to BRANDLEX.
BRANDLEX may collect personal information from USERS in a variety of ways, including, but not limited to, when USERS create an account using a Form on one of its BRANDLEX SaaS software platforms, which includes but is not limited to the following:

i) Data for the creation of the account in the SaaS:
Names and surnames, Profile picture, Email address, Company and Position, Telephone number, Language preference (Spanish or English), Date of birth (age), and Geographical location.
ii) Billing data for SaaS subscription payment: Credit card information, Cardholder name, Billing address. iii) Interaction data for SaaS metrics and continuous improvement: History of conversations and queries, Information about products or services of interest (according to the catalog defined by the USERS), Search and browsing preferences, Behavior on the website or interaction platform.
iv) Technical data for SaaS analytics tools: IP addresses and browsing data, device and browser information. In addition to the above, BRANDLEX may collect personal information from USERS when they visit the BRANDLEX website https://www.brand-lex.com and register on the site, place an order, subscribe to a newsletter, respond to a survey, or fill out a contact form. Such personal information may be used by BRANDLEX to identify or contact USERS.

2.2 Information that BRANDLEX Collects Automatically.
When USERS or VISITORS browse the BRANDLEX website, certain information may also be collected automatically from and about the device used. This may include data such as IP address, information about your visit (such as time, date, duration, and pages viewed), information about the browser used, the operating system, and the referring URL.

2.3 BRANDLEX Cookies and Tracking Technologies.
BRANDLEX uses cookies and similar tracking technologies to collect and use personal information from USERS in compliance with current regulations, which may eventually be used for advertising purposes.

3. USE OF INFORMATION COLLECTED FROM USERS:

3.1 Specific purposes of use of USERS information.
BRANDLEX may collect and use USERS personal information for the following purposes or purposes:

Save session data necessary to access the USER’s (administrator) backoffice options. Train your Intelligent Virtual Advisors of your SaaS software platform. Offer answers based on the catalog of products and services of the USERS. Personalize product and service recommendations according to USERS queries. Analyze the frequency and patterns of use for future improvements, understand the needs of USERS and provide a more enriching and effective experience with respect to SaaS, along with developing valuable metrics that give value to the activities carried out by USERS.

3.2 Improvement of the service provided by BRANDLEX to USERS.
The information provided by USERS to BRANDLEX allows us to respond more effectively to their service requests and support needs, in order to improve the SaaS software platform and offer a more personalized experience to USERS. Such information may help BRANDLEX to better understand the requirements of the USERS and improve the features of the SaaS.

3.3 Personalization of the USERS experience.
The information provided as a whole will allow BRANDLEX to understand the way in which USERS use the SaaS, the webpage, along with the services and resources provided. BRANDLEX may use the feedback provided by USERS to improve products and services. In addition, BRANDLEX may use the data collected to analyze trends and perform data analysis to improve and personalize the USERS experience.

3.4 Sending periodic emails to the USER.
In the event that USERS create an account using a Registration Form and SaaS configurations, register on the BRANDLEX website, place an order, subscribe to the newsletter, respond to a survey, or fill out a contact form, they may receive emails from BRANDLEX that may include company news, updates, SaaS-related information, and more. If at any time USERS wish to unsubscribe from receiving future emails, detailed unsubscribe instructions will be included at the bottom of each email.

3.5 Compliance with legal obligations and prevention of damages.
Notwithstanding the foregoing, BRANDLEX may process and disclose personal information of USERS in the event that such action is necessary to: (i) comply with a legal obligation and/or in response to legal requests by public or judicial authorities (including requests to comply with law enforcement); (ii) protect and defend the rights or property of BRANDLEX; (iii) act in urgent circumstances to protect the personal safety of users of the BRANDLEX site, or the general public; or (iv) protect against legal liability.

3.6 Prior consent of the USERS who own the personal data.
Under no circumstances will these personal data of the USERS be processed by BRANDLEX for purposes other than those mentioned in this clause, without requesting the prior consent of the USERS who own them, either in the registration forms, in the Backoffice of the SaaS AI Legal Agent, and/or in the same interface of the SaaS AI Legal Agent.

4. PROTECTION OF USER INFORMATION:

4.1. Security measures adopted by BRANDLEX.
BRANDLEX declares that it has adopted appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of USERS personal information, usernames, passwords or passwords, transaction information and data stored both in the SaaS and on the BRANDLEX website. These measures include the following: i) Advanced Encryption Technologies: BRANDLEX uses advanced encryption technologies to ensure that USERS data is secure even when it is stored in our database, or if an unauthorized third party manages to access such database, will not be able to read or use that personal data without the appropriate encryption key. In addition, BRANDLEX has established security barriers to protect against unauthorized access, limiting access to the database according to the need to know and use the information, in order to minimize risks. ii) No data sharing: SaaS AI Legal Agent are completely autonomous in their operation, with no data sharing between them. Each Virtual Advisor has its own set of data and performs its tasks without relying on other AI Legal Agent to obtain information or execute actions. iii) Privacy: BRANDLEX SaaS does not store USERS files, unless the latter choose to see them in the responses. In case USERS choose to view the files in the responses provided by the SaaS AI Legal Agent, those files may be temporarily used in the process of generating responses, but they are not stored permanently. iv) Non-individual identification of users: Any data or information recorded in the SaaS cannot be connected or associated back to a particular person who has used the system. In other words, even if information, logs, or data is collected from USERS activities, it will not be possible to determine who performed a specific action or who provided certain data. This is important to maintain the privacy and confidentiality of USERS, ensuring that their activities and personal data cannot be identified or tracked individually. v) Best practices of our vendors: BRANDLEX applies the best security practices of its vendors, such as the Microsoft company and its MS Azure cloud.

4.2 Security measures taken by third parties with whom BRANDLEX operates its SaaS.
OpenAI (https://openai.com) is an American artificial intelligence (AI) research laboratory consisting of the non-profit organization OpenAI Incorporated and its for-profit subsidiary corporation OpenAI Limited Partnership. OpenAI, which conducts AI research with the stated intention of promoting and developing friendly AI. OpenAI systems run on a Microsoft’s Azure-based supercomputing platform. Microsoft Azure (https://azure.microsoft.com/es-es) is a cloud computing platform created by Microsoft to build, test, deploy and manage applications and services through the use of its data centers, which is used by BRANDLEX for its SaaS.

It is necessary to note that the personal data of USERS that are collected by BRANDLEX in accordance with the provisions of this Policy will not be added to the training sets of the OpenAI company, and will be restricted to the SaaS Virtual Advisor in particular, ensuring that the content is kept in a local and confidential environment. OpenAI does not use application programming interface (API) call data to train its artificial intelligence (AI) models. For more information in this regard, USERS can access the following link: https://openai.com/enterprise-privacy.

In addition to the above, Microsoft Azure provides a number of security and privacy measures to ensure that data stored on its platform is not shared without authorization. Among these practices that Microsoft Azure implements are access control, encryption, compliance (regulations and global standards of privacy and security such as GDPR, HIPAA, among others), cloud security, data privacy, authorship, and tracking.

4.3 Links to Other External Sites.
The BRANDLEX website may contain links to other sites that are operated by third parties. If USERS click on a third-party link, they will be directed to that third-party site, so USERS are strongly encouraged to review the Privacy and Personal Data Processing Policy of each site they visit.

5. USERS PERSONAL INFORMATION:

5.1. With third parties outside of BRANDLEX.
BRANDLEX does not sell, trade, or lease USERS personally identifiable information to third parties. Notwithstanding the foregoing, BRANDLEX may from time to time share generic aggregated demographic information not linked to any personally identifiable information of USERS with its business partners, trusted affiliates, and/or advertisers.

5.2. With BRANDLEX Service Providers.
BRANDLEX may share USERS personal information with companies that provide services on its behalf, such as hosting providers, consultants, marketing providers, analytics providers, and customer service providers.

5.3. With authorities and third parties in the event of an investigation.
BRANDLEX may share USERS personal information with competent authorities, parties to litigation and/or third parties in connection with any investigation or legal proceeding.

6. CHANGES TO PRIVACY POLICIES:

BRANDLEX shall have the discretion to update this Policy at any time. In the event that this occurs, it will be reviewed and its update date will be modified. USERS may request this information directly from BRANDLEX and/or check the https://www.brand-lex.com website to be informed about it.

7. USERS ACCEPTANCE OF THESE TERMS:

By creating an account through a Registration Form and SaaS configurations, or by registering on the BRANDLEX website, or by placing an order, subscribing to a newsletter, responding to a survey, or filling out a form, USERS signify their acceptance of these Policies.

The continued use of the SaaS after the publication of changes to these Policies will be considered as the acceptance of the USERS to such changes, without prejudice to the fact that their consent may be expressly required both in the SaaS (in the Backoffice and/or in the USERS interface), and on the BRANDLEX website.

8. USERS RIGHTS:

USERS, in their capacity as owners of their personal data, and in accordance with the rights granted by Law No. 19,628 on the protection of private life and its subsequent amendments, may exercise their rights of access, rectification, deletion, limitation, portability and opposition, in accordance with the applicable legal provisions on data protection. Specifically, they may: 

i) Request access to the data relating to their person, their origin and recipient, the purpose of storage and the individualization of the persons or bodies to whom their data are regularly transmitted.

ii) Request the modification or rectification of your personal data when they are erroneous, inaccurate, equivocal or incomplete.

iii) Request the deletion or cancellation of your personal data when its storage lacks a legal basis or is out of date, unless there is a legal exception.

iv) Request the temporary suspension of any processing operation of their personal data when the USERS have voluntarily provided their data or they are used for informative communications and do not wish to continue appearing in the respective registry temporarily or permanently, or when the accuracy of the personal data cannot be established or whose validity is doubtful and in respect of which the cancellation does not apply.

v) Object to your personal data being used for the purposes of advertising, market research or opinion polls. To exercise any of these rights, USERS may contact BRANDLEX by using the contact information provided in clause FIFTEENTH of this Policy.

9. ACCURACY OF USERS PERSONAL DATA:

The information provided and the data provided by USERS to BRANDLEX must be accurate and, if necessary, updated. Provided that BRANDLEX has taken all reasonable measures to ensure that the USERS personal data are deleted or rectified without delay, BRANDLEX shall not be liable if the inaccurate data: a) Were obtained by BRANDLEX directly from the USERS; or (b) Have been obtained from a public registry by BRANDLEX.

10. INTERNATIONAL DATA TRANSFERS:

Since BRANDLEX operates in different countries, it may be necessary to transfer USERS personal information to countries outside of the country from which it was originally provided. To the extent that BRANDLEX transfers USERS personal information to other countries, such information will be protected in the manner described in this Policy.

11. DATA RETENTION:

BRANDLEX will keep USERS personal information in its possession for as long as necessary for the purposes described in this Privacy Policy and Personal Data Processing, unless a specific retention period is required or permitted by law.

Notwithstanding the foregoing, the personal data of USERS that have been collected through the SaaS or the BRANDLEX website may be kept and processed for statistical purposes, provided that it is impossible to identify their owners.

12. INFORMATION REGARDING UNDERAGE USERS:

Both the SaaS and the BRANDLEX website are not intended for underage children, and therefore BRANDLEX does not knowingly collect personal information from USERS that corresponds to underage children.

13. OWNERSHIP OF RIGHTS:

BRANDLEX has all rights, including Intellectual Property rights, with respect to the contents, forms or publications of any kind that appear both in the SaaS and on the BRANDLEX website, which have been made by its collaborators and/or by third parties hired by it.

The publicly accessible content present on the BRANDLEX website may be used by USERS for non-commercial purposes. Prior written authorization from BRANDLEX is required for commercial use.

14. PROTECTION OF BRANDLEX SAAS, WEBSITE AND PLATFORMS:

With the sole purpose of safeguarding the security of the SaaS, the website, the systems and platforms available to BRANDLEX, the latter reserves the right to block any suspicious and/or malicious access that may affect the security and continuity of its platforms. To this end, BRANDLEX will constantly monitor the IP addresses that enter its systems, blocking access to those that present potential risks.

15. CONTACT DETAILS:

In case of any doubt or query that USERS may have in relation to this Policy, they may contact BRANDLEX through the following email: info@brand-lex.com

GUALET SpA

https://www.brand-lex.com
Badajoz Nº 100, Office 820, Las Condes, Santiago de Chile, Metropolitan Region