1. Data Controller
Corporate name: AIST PERU S.A.C.;
TAX ID Nº: 20606461730;
Address: Office D, Avenida Luis Gonzales 291, District and Province of Chiclayo, Department of Lambayeque, Republic of Peru;
Mail contact: firstname.lastname@example.org.
2. Processing of Personal Data
Passengers and customers identifying data: name, address, e-mail address, phone number, birth date, sex.
Drivers and delivery partners identifying data: name, birth date, driving license number, validity period of driving license, ID number or foreign ID number and its other relevant details, number and other relevant details of the license or any other official permit required for the provision of services, license plate number, year of manufacture of the vehicle, brand, model, color, seat capacity of the vehicle, presence or absence of A/C in the vehicle, external view and condition of the vehicle. These data and information are collected within the submission of the following documents: 1) ID or foreign ID; 2) driving license; 3) ownership certificate or another document stating the legal right of the driver or delivery partner to drive the vehicle; 4) photo; 5) photo of the vehicle; 6) certificate of no criminal, judicial and police records; 7) Mandatory Traffic Accident Insurance Policy (SOAT); and 8) license or any other official permit required for the provision of services.
Metadata: functional location, including IP address used to connect to the internet from a computer, information about the user’s account, browser type and version, time setting, plug-ins associated, operating system and platform, etc. Also, certain information about the users’ and visitors’ activity on the platform will be compiled. Additionally, information relative to your journeys/orders will be stored; the identification code we internally assign you; your browsing/navigation through the platform (date and time you access, you click, etc.); the hardware, software and browser you use; the type of payment method you use. The technical data from calls between the passengers/customers and drivers/delivery partners, as long as they are made by the platform. The messages between the passengers/customers and drivers/delivery partners, as long as they are made by the platform.
Data referred to the online complaints book: virtual complaint book must contain at least the information consigned on the forms of the present regulation of the complaint books of the Protection and Defense of the Consumer Code, approved by the Supreme Decree N° 011-2011-PCM. In this sense, the following personal data will be processed: 1) name, address, ID or foreign ID number, phone number and e-mail of the complaining consumer; 2) name, address, phone number and e-mail of one of the parents or consumer representatives, in case of a minor; 3) detail of the complaint or claim; 4) identification of the product or service contracted; 5) claim or complain date; and 6) ID or foreign ID copy.
3. Processing purposes and legal basis
1) To provide, personalize, maintain and improve our services. This includes using your personal data to: 1) provide you with services; 2) engage you to provide services; 3) create, administer and update your account; 4) verify your identity; 5) validate your ride and process payments; 6) offer, obtain, provide or facilitate insurance or financing solutions; 7) track the progress of your trip; 8) enable features that personalize your app, such as lists of your favorite places and previous destinations; 9) perform internal operations necessary to provide our services, including troubleshooting software bugs and operational problems, conducting data analysis, testing and research, monitoring and analyzing usage and activity trends; and 10) protect the security or integrity of the services and any facilities or equipment used to make the services available (Legal basis: to perform a contract to which the data subject is party (art. 14°, numeral 5 of the Personal Data Protection Law));
2) To ensure the safety and security of our services and its users. This includes: 1) screening drivers and delivery partners before enabling their use of our services; 2) verifying your identity when you log in to Maxim; 3) using device, location, profile, usage and other personal data to prevent, detect and combat fraud or unsafe activities; 4) sharing drivers and passengers’ location when the emergency button is activated; 5) monitoring compliance with our Work Rules, License Agreement, Policies and other policies and agreements; and 6) detecting, preventing and prosecuting crime (Legal basis: to perform a contract to which the data subject is party (art. 14°, numeral 5 of the Personal Data Protection Law));
3) To resolve customer support issues. For example, we may: 1) investigate and address concerns; 2) monitor and improve our customer support responses; 3) respond to questions, comments and feedback; and 4) inform you about steps taken to resolve customer support issues (Legal basis: to perform a contract to which the data subject is party (art. 14°, numeral 5 of the Personal Data Protection Law));
4) For testing, research, analysis and product development. This allows us to understand and analyze your needs and preferences, protect your personal data, improve and enhance the safety and security of our services, develop new features, products and services, and facilitate insurance and finance solutions (Legal basis: to perform a contract to which the data subject is party (art. 14°, numeral 5 of the Personal Data Protection Law));
5) To investigate and resolve claims or disputes, or as allowed or required by applicable law (Legal basis: legal obligation (art. 14.13 of the Personal Data Protection Law));
6) We may also use your personal data when we are required, advised, recommended, expected or requested to do so by our legal advisors or any local or foreign legal, regulatory, governmental or other authority. For example, we may use your personal data to: 1) comply with court orders or other legal, governmental or regulatory requirements; 2) enforce our Work Rules, License Agreement or other agreements; and 3) protect our rights or property in the event of a claim or dispute (Legal basis: legal Obligation (art. 14.13 of the Personal Data Protection Law));
7) We may also use your personal data in connection with mergers, acquisitions, joint ventures, sale of company assets, consolidation, restructuring, financing, business asset transactions, or acquisition of all or part of our business by another company (Legal basis: consent (art. 13° of the Personal Data Protection Law));
8) To market Maxim and its business partners’ products, services, events or promotions. For example, we may: 1) send you alerts, newsletters, updates, mailers, promotional materials, special privileges, festive greetings; and 2) notify, invite and manage your participation in our events or activities (Legal basis: consent (art. 13° of the Personal Data Protection Law));
9) We may communicate such marketing to you by post, telephone call, short messaging service, in-app engagement, online messaging service as well as push notification, by hand and by email. If you wish to unsubscribe to the processing of your personal data for marketing and promotions, you may click on the unsubscribe link in the relevant email or message. Alternatively, you may also update your preferences in our app settings (Legal basis: consent (art. 13° of the Personal Data Protection Law)).
The provision of your personal data to us is on a voluntary basis. However, if you do not provide your personal data or if insufficient personal data is supplied to us when requested, this may affect our ability to fulfill the purposes mentioned above and your ability to enjoy the full range of benefits provided by us under our services.
4. Storage period
The personal data that Maxim compiles are stored in the database called “Users”. The personal data will be stored for a maximum period of (ten) 10 years, counted from the date when you are no longer our user. This storage period is strictly related to the statutes of limitations existing in the regulation/legal system, since Maxim could be required some type of responsibility resulting from the contractual relation or due to legal obligations to retain documents or information, as well for historical, statistical or scientific reasons.
It should be noted that Maxim will carry out semi-annual reviews in order to comply with the proportionality and quality principles. In this sense, once the personal data are no longer relevant for the purposes for which they were compiled, they must be destroyed.
5. Security measures
6. National/Domestic transfer. Disclosure of personal data
The personal data will be processed internally. Eventually, your personal data could be shared with third parties for certain purposes. These third parties include:
1. Other users of Maxim. For example, if you are a passenger, we may share your pick-up and drop-off locations with drivers. If you are a driver, we may share your personal data with your passenger, including your full name and photo, your vehicle mark, model, license plate number, location and average rating.
2. Third parties in connection with a ride. For example, we may share your location with third parties when a passenger activates the emergency button.
4. Our legal advisors and governmental authorities. We may share your personal data with our legal advisors, law enforcement officials, government authorities and other relevant third parties.
In all possible cases, Maxim compromises to enter into a confidentiality and personal data protection agreement in accordance with the provisions of current legislation.
7. International Transfer
Personal data will be stored on the servers of (and hereby you give your prior, informed, explicit, unambiguous and unconditional consent for this international transfer in accordance with art. 15°, numeral 7 of the Personal Data Protection Law):
Corporate name: Maxim.Technology LLC;
Tax ID Nº: 4501226750;
Address: 17 Radionova Street, Office 205, Kurgan, 640003, Kurgan Oblast, Russia;
Type of company: Hosting;
Purpose: So that our website is hosted on a server.
The personal data will be transferred with subsidiaries and related companies.
Corporate name: HTMC LTD;
Address: Office 302B, Center Point, 4 Nicolaou Nikolaide Avenue, 8010 Paphos, Republic Of Cyprus;
Tax ID Nº: 10366633S;
Type of company: Technology;
Purpose: So that the related companies can analyze the services carried out with the aim of improving services.
8. Minors’ and third parties’ personal data
10. Exercise of rights
The personal data protection right allows people to control their personal information. To that end, the regulations provide rights that allow people to require that their personal data are processed properly. These rights are called “ARCO”:
1. Access: everyone has the right to obtain information about themselves that is processed in public or private databases, the way in which their data was compiled, the reasons/purposes that motivated its compilation and at whose request the data was compiled, as well as the transfers made or planned to be made of them.
2. Rectification (update, include): it is the data subject right to modify data partially or totally inaccurate, incomplete, erroneous or false.
3. Erasure (cancellation): the data subject may request the erasure or cancellation of its personal data from a data base when they are no longer necessary or relevant for the purpose for which they have been compiled; the period established for its processing has expired; the consent for the processing has been revoked and in other cases they are not being processed in accordance with the law and regulations.
4. Opposition (restriction): every person has the possibility of opposing, for a legitimate and based reason, referring to a specific personal situation, to appear in a database or to the processing of their personal data, whenever the law does not provide otherwise.
In order to exercise the aforementioned rights, you must present at the previously specified address, the respective request in the terms established by the Personal Data Protection Law (including: data subject name and address or other means to receive a response; documents that prove your identity or legal representation; clear and precise description of the data regarding those you seek to exercise your rights and other elements or documents that facilitates its location). If you consider that you have not been attended in the exercise of your rights, you can file a claim to the National Authority for Personal Data Protection, by contacting the Reception Desk of the Ministry of Justice and Human Rights: Calle Scipion Llona 350, Miraflores, Lima, Peru.