Privacy Policy – for End User Software License Agreement

THIS END USER LICENSE AGREEMENT (“EULA“) CONSTITUTES A LEGAL AGREEMENT THAT REGULATES THE BUSINESS RELATIONSHIP BETWEEN YOU, AN INDIVIDUAL/COMPANY (THE “USER” OR “YOU”) AND YUBIX LIMITED. (THE “COMPANY” OR “WE“), WITH REGARD TO YOUR USE OF THE YUBIX’S VERTEX PRO, Vetex Suite,   and respective Modules (Byngo, Push, Skoop) , Buzz Now, Buzz Flash, Buzz Jungle(THE “APPLICATIONS”). ANY DOWNLOAD, INSTALLATION OR USE OF THE APPLICATION, INCLUDING ANY UPDATED VERSION OF THE APPLICATION, IS SUBJECT TO, AND SHALL REMAIN SUBJECT TO, THE CONDITIONS OF THIS EULA, AT ANY TIME.

BY DOWNLOADING/INSTALLING AND/OR USING THE APPLICATIONS ON A DESKTOP AND MOBILE DEVICE OR ANY OF THEM (“DEVICES“), YOU CONFIRM THAT YOU UNDERSTOOD THE TERMS OF THIS EULA, AND CONSENT TO BE BOUND BY THE TERMS OF THIS EULA. THE COMPANY RESERVES THE RIGHT TO MAKE CHANGES IN THIS EULA, IN ITS SOLE DISCRETION BY PUBLISHING AMENDED EULA. YOUR CONTINUED USE OF THE APPLICATION AFTER THE POSTING BY THE COMPANY OF AN UPDATED EULA, CONSTITUTES YOUR AGREEMENT TO ANY AMENDED VERSION OF THE EULA.

Introduction

YUBIX LIMITED (“Yubix”, “us“, “we” or “Company“) respect the privacy of our users (each, “you” or “User“) and are committed to protect the privacy of Users who access, download, install or register to our desktop, mobile or web application (VLR) (the “Applications“), or any other online services we provide (collectively: the “Services“).

Safety is Yubix's mission. We know that our clients are concerned about the security and confidentiality of their personal data. We are therefore committed to building a relationship of trust with our clients and being completely transparent about their personal data.

That is why, with the entry into force on 25 May 2018 of European Regulation 2016/679 of 27 April 2016 on the protection of personal data (hereinafter the "GDPR"), we have redefined and formalized our personal data protection policy.

This Data Protection Policy is therefore intended to inform you about the technical and organizational commitments and measures we have put in place to ensure protection of your personal data.

We encourage you to read the Privacy Policy carefully and use it to make informed decisions. By using the Services, you agree to the terms of this Privacy Policy and your continued use of the Services constitutes your ongoing agreement to the Privacy Policy. If you do not agree with this Privacy Policy, please do not supply any information and uninstall the software.

App usage is restricted for legal age users. It is forbidden for minors under legal age to use the App.

The Privacy Policy is a part of the Terms of Use and is incorporated therein by reference.

In this Privacy Policy you will read about, among other things:

• The App

• Data collection and processing

• With whom we share the information and for what purpose

• For how long we retain the information

• How we protect your information

• How to contact us

The App

1. License. Yubix hereby grants You a nonexclusive license to reproduce and use one copy of the App (as defined below) on Your mobile device, solely as a component of the System, provided You comply with the restrictions set forth below in Section Restrictions on Software Rights. The license in the preceding sentence does not include use by any third party, and You shall not permit any such use. (The “App” means Yubix’s downloadable Vertex Pro, Vertex Suite and respective  Byngo, Push and/or Skoop modules, Buzz Now, Buzz Flash, and Buzz Jungle. The App is a component of the System – which includes a web-based administrator backoffice - and is included in references thereto.)

2. Restrictions on Software Rights. Copies of the App created or transferred pursuant to this Agreement are licensed, not sold, and You receive no title to or ownership of any copy or of the App itself. Furthermore, You receive no rights to the App other than those specifically granted in the Terms of Use. Without limiting the generality of the foregoing, You shall not: (a) modify, create derivative works from, distribute, publicly display, publicly perform, or sublicense the App; (b) use the App in any way forbidden below, in the Terms of Use or as defined by your employer or company; (c) reverse engineer, decompile, disassemble, or otherwise attempt to derive any of the App’s source code; or (d) print screen or photograph and/or publish any part or content made available on the App.

Data collection and processing

We may collect two types of data and information from our Users.

The first type of information is un-identified and non-identifiable information pertaining to you, which may be made available or gathered via your use of the Services (“Non-personal Information“). We are not aware of the identity from which the Non-personal Information is collected. Non-personal Information which is collected may include your aggregated usage information and technical information transmitted by your device, including certain software and hardware information about your device (e.g., the device you use, the type of browser and operating system your device uses, language preference, access time and the website’s domain name from which you linked to the Services, etc.), in order to enhance the functionality of the Services. We may also collect information about your activity on the Services (e.g., clicks, actions, online browsing, etc.).

The second type of information is individually identifiable information, namely information that identifies an individual or may with reasonable effort identify an individual (“Personal Information“). Such information may include:

–  Account Information: When you sign-up and register to the Services, you will be asked to provide us certain details about yourself. Please note that your account may be created and managed by your employer or company.

Registering through the Application: When you register to the Services through the Application, we may collect from you the following information: full name, ID number, phone number, email address, profile picture, home and office address, birthdate, gender, as well as any other information you agreed to share with us.

– Voluntary Information: We may collect information, which you provide us voluntarily. For instance, when you respond to communications from us, communicate with us via email or share additional information about yourself through your use of the Services. We may also collect the feedback, suggestions, complaints and reports which you send to us. Please note that we may also collect complaints about you from other Users, which may include your Personal Information.

–  Device Information: We may collect Personal Information from your device. Such information may include geolocation data, IP address, unique identifiers, as well as other information which relates to your activity through the Services.

–  Work related information: We may collect work related information generated or introduced while working with the App, such as but not limited to reports, which include texts, images and videos, created by the User, as part of their job or assigned tasks.

For avoidance of doubt, if we combine Personal Information with Non-personal Information, the combined information will be treated as Personal Information as long as it remains combined.

Data collection and processing

Yubix collects and processes personal data necessary for the management of its clients’ private security personnel (whether these are staff of the client itself or of its subcontractors), incident management, visitor management, as well as management of facilities and assigned personnel.

To do this, Yubix ensures it collects and processes only data that is adequate, relevant and limited to what is necessary for the purposes for which it is processed. This is how we respect the principle of data minimization set by the GDPR. If you find any data excessive or unnecessary, please contact our DPO at dpo@yubixsolutions.com.

How we use the information (or Purposes of data processing)

Every type of data we collect has a specific purpose. Our purposes are determined, legitimate, explicit and compatible with our assignments for management of activities related to the human protection and security of our clients' sites, management of facilities and assigned personnel, as well as for management of risk or security events and reports.

The defined purpose determines the relevance of the data to be collected: only data that is adequate and strictly necessary to achieve the purpose is collected and processed by Yubix.

Your Personal Information may be used for the following purposes:

–  To set up your account and to provide the Services;

–  To allow you to share and view content shared on the Services;

–  To identify and authenticate your access to certain features of the Services;

–  To deliver instructions and recommendations in case of any event report and/or evacuation or reaction plan;

–  To send you relevant push notifications, which are based on different activities offered by the Services, such as: automatic SMS after a call, etc.

–  To communicate with you and to keep you informed of our latest updates;

–  To perform a research or to conduct analytics in order to improve and customize the Services to your needs and interests;

–  To support and troubleshoot the Services and to respond to your queries;

–  To investigate and resolve disputes in connection with your use of the Services;

–  To detect and prevent fraudulent and illegal activity or any other type of activity that may jeopardize or negatively affect the integrity of the Services; and

–  To investigate violations and enforce our policies, and as required by law, regulation or other local or governmental authority, or to comply with a subpoena or similar legal process or respond to a government request.

With whom we share the information and for what purpose

We do not rent, sell or share your Personal Information with third-parties except as described in this Privacy Policy.

We may share Personal Information with the following recipients: (i) our subsidiaries; (ii) affiliated companies; (iii) subcontractors and other third-party service providers; and (iv) auditors or advisers of our business processes.

Your personal data is therefore intended only for specific recipients, entitled to receive it, in this case and according to the case, Yubix and its subcontractors, Yubix clients and their subcontractors, as well as any other person, organization, or entity that clients will want to communicate or share the data with, and only for the purpose of private security services or facilities management.

In addition to the purposes listed in this Privacy Policy, we may share Personal Information with our recipients for any of the following purposes: (i) storing or processing Personal Information on our behalf (e.g., cloud computing service providers); (ii) processing such information to assist us with our business operations; (iii) performing research, technical diagnostics, personalization and analytics. Yubix ensures all its subcontractors and partners comply with the best security and privacy standards and enters into written agreements with all of them.

We may also disclose Personal Information, or any information you submitted via the Services if we have a good faith belief that disclosure of such information is helpful or reasonably necessary to: (i) comply with any applicable law, regulation, legal process or governmental request; (ii) enforce our policies, including investigations of potential violations thereof; (iii) investigate, detect, prevent, or take action regarding illegal activities or other wrongdoing, suspected fraud or security issues; (iv) to establish or exercise our rights to defend against legal claims; (v) prevent harm to the rights, property or safety of us, our affiliates, our Users, yourself or any third-party; (vi) for the purpose of collaborating with law enforcement agencies; and (vii) in case we find it necessary in order to enforce intellectual property or other legal rights.

Communications within the App

The App integrates chat tools with Agora's technology. This chat tools only allows communications between Admin and Users and never between users or groups of users. The chat purposes are defined by the Organization that is using the App and should rely on training, doubts, reporting and/or emergency events.

Agora is a third-party reliable partner that has implemented security best practices and has in place the most suitable certifications, applying GDPR standards to all data. If you want to know more about Agora’s GDPR commitment, security and compliance , please visit https://www.agora.io/en/compliance/ .

For how long we retain the information

We respect your privacy rights and therefore you may contact us at any time and request: (i) to access, delete, change or update any Personal Information relating to you (for example, if you believe that your Personal Information is incorrect, you may ask to have it corrected or deleted); or (ii) that we will cease any further use of your Personal Information (for example, you may ask that we will stop using or sharing your Personal Information with third-parties) or that we shall remove your Personal Information (subject to any other legal obligation that may require us to keep the information).

Please note that your data and profile management will rely on your employer or company. If you intend to request any of the above rights, you should contact directly your system administrator or security manager or HR manager or Data Protection Officer, or other named accountable.

Yubix only retains its clients' users personal data for the time required for the operations for which it was collected and in compliance with the regulations in force.

This data is automatically deleted after a maximum of 5 years after the end of the contractual relationship, according to the settings defined by each client.

Management of data retention periods is accomplished by the client. Each client can set internally the retention periods according to the nature of the personal data concerned and will act on his own responsibility when permanently deleting data.

Please note that for security and protection reasons, we may retain some of your data for longer periods to comply with legal obligations, for reasons of public task or for collaboration with legal authorities.

How we protect your information

We take great care in implementing and maintaining the security of the Services and your information. We employ industry standard procedures and policies to ensure the safety of your information and prevent unauthorized use of any such information. Although we take reasonable steps to safeguard information, we cannot be responsible for the acts of those who gain unauthorized access or abuse the Services, and we make no warranty, express, implied or otherwise, that we will prevent such access.

Yubix determines and implements the means necessary for the protection of personal data to avoid risks resulting in particular from the destruction, loss, alteration, unauthorized disclosure of personal data transmitted, retained or otherwise processed, or from unauthorized access to such data, accidentally or unlawfully.

These means include, among others and every time possible and/or necessary:

• Pseudonymisation and encryption of personal data;
• Means to ensure the constant confidentiality, integrity, availability and resilience of data processing systems and services;
• Means to restore the availability of personal data and access to it in good time in the event of a physical or technical incident;
• A procedure to test, analyze and assess regularly the effectiveness of the technical and organizational measures to ensure data processing security.

In particular, access to data is secured by strong security systems according to client choice, each defining the level of security appropriate to its business and its needs: identification by certificate, double authentication and other processes implemented by Yubix or the Client.

The Client must undertake to implement the mandatory internal policies regarding users equipment’s password protection and on premise IT management on the desktop or laptop used for system administrator access.

If you feel that your privacy was treated not in accordance with our policy, or if any person attempted to abuse the Services or acted in an inappropriate manner, please contact us directly.

If you have reasonable doubt that your access credentials or your device may be compromised, contact your supervisor immediately.

Rights of individuals

Any natural person whose personal data is subject to processing is entitled to oppose the collection and processing of their personal data, the right of access to said data, rectification or erasure thereof (the right to be forgotten), the right not to be the subject of a decision based exclusively on automated data processing, including profiling, the right to limitation of processing of data concerning them, the right to have information about the persons to whom the data controller has transmitted personal data concerning them, as well as the right to portability of said data.

Yubix ensures that the platform is prepared to respond to all requests from data subjects. Even so, all requests for the exercise of rights related to the privacy of the individuals should be addressed directly to the Client's designated manager, as he is the one who manages the platform after its implementation.

Data transfer

In principle, Yubix does not transfer client data from one country or subsidiary to another worldwide. If such a transfer were to be necessary, in this case to a country outside the European Union, that transfer would be part of the purpose of the processing for which the data is intended.

In this case, data recipients would only have communication of the categories of data necessary for the achievement of that purpose.

More generally, Yubix would transfer the data only in accordance with the provisions of articles 44 to 50 of the GDPR. In the context of international data transfers, Yubix will ensure that the third party entity adopts technical and organisational measures in accordance with European legislation, always following (at least) one of the below procedures:

• Individual contract or standard contract clauses adopted directly by the European Commission or by a supervisory authority;
• Participation of the outsourcer in an EU accredited or recognised certification scheme or standard for ensuring an adequate level of protection;
• Acknowledgement that the processor's binding corporate rules (BCR) ensure an adequate level of data protection, issued by the supervisory authorities.
• The existence of an adequacy decision with regard to the specific third country, territory or sector within that third country, or with regard to the international organisation concerned.

The rules for cross-border data transfers will not apply to operations that are occasional and necessary for the performance of a contract or in the context of litigation (judicial, administrative, regulatory or similar proceedings).

Data Protection Officer

In connection with entry into force of the GDPR on 25 May 2018, Yubix has appointed an independent Data Protection Officer (DPO) directly reporting to the Board.

The DPO constantly ensures compliance of all processing of personal data taking place in Yubix. Any question or suggestion can be send to dpo@yubixsolutions.com .

Corporate transaction

We may share information, including Personal Information, in the event of a corporate transaction (e.g., sale of a substantial part of our business, merger, consolidation or asset sale of an asset or transfer in the operation thereof) of the Company. In the event of the above, the acquiring company or transferee will assume the rights and obligations as described in this Privacy Policy.

Updates or amendments to the Privacy Policy

We may revise this Privacy Policy from time to time, in our sole discretion, and the most current version will always be posted on our website or Application. In the event of a material change to the Privacy Policy, we will notify you through the Services or via email, or you may be notified within the Application. We encourage you to review this Privacy Policy regularly for any changes.

Your continued use of the Services, following the notification of such amendments, constitutes your acknowledgement and consent of such amendments to the Privacy Policy and your agreement to be bound by the terms of such amendments.

Vertex PRO: Account deletion process

To delete the user account associated with Vertex PRO, users will need to make a simple request to support@yubixsolutions.com, with the title "User Deletion Request". Our support team will promptly reach out to you to validate your identity and proceed with the deletion.

Vertex PRO: Account deletion data

Once delete, the user statistics and logs will be kept, but completely anonymized. We will not store any personal data such as phone numbers, emails, names, addresses or profile pictures.

‍

Version: 1.1

Date: August 2023

‍