JXBS
Back to jxbs.ai

Version 2025-05-19

Privacy and Personal Data Protection Policy

At JXBS S.A.S. (hereinafter, "JXBS"), we value your privacy and are committed to protecting your personal data. This Privacy and Personal Data Protection Policy describes how we collect, use, and protect your personal data when you use our website and provide such data. Please read this Policy carefully to understand our procedures and practices.

1. LEGAL FRAMEWORK AND LEGAL BASIS.

In compliance with the Constitution of the Republic of Ecuador, the Organic Law on Personal Data Protection (hereinafter, "LOPDP"), the General Regulations of the Organic Law on Personal Data Protection (hereinafter, the "Regulations"), and other applicable regulations, JXBS publishes this Privacy and Personal Data Protection Policy (hereinafter, the "Policy"), which explains how we protect your personal data, your rights as a data subject, how the law protects you, and the criteria under which JXBS processes personal data that is collected, processed, stored, and used by the company.

2. CONTROLLER

JXBS acts as the controller of data processing. Company contact details are as follows. Tax ID (RUC): 0195153892001 Address: Victor Manuel Albornoz 555 Phone number: 0995284006 Email: felipe@jxbs.ai

3. SCOPE OF APPLICATION

This Policy is mandatory for employees, consultants, business partners, suppliers, and related parties acting on behalf of JXBS. Observance and respect of this Policy are essential requirements in activities involving personal data. This commitment also extends to the public sphere, since the Policy is duly published on the JXBS website for general awareness.

4. DEFINITIONS

i. Personal Data Protection Authority: Refers to the Superintendency of Personal Data Protection. ii. Database: A structured set of data, regardless of form, method of creation, storage, organization, support type, processing, location, or access, whether centralized, decentralized, or geographically distributed. iii. Personal Data: Information that identifies or makes a natural person identifiable, directly or indirectly. iv. Sensitive Data: Data relating to ethnicity, gender identity, cultural identity, religion, ideology, political affiliation, judicial record, migration status, sexual orientation, health data, biometric data, genetic data, and any data whose improper processing may lead to discrimination or may infringe fundamental rights and freedoms. v. Data Protection Officer: Natural person responsible for informing the controller or processor of legal obligations on data protection, supervising compliance, cooperating with the Personal Data Protection Authority, and acting as contact point between the Authority and the processing entity. vi. Recipient: Natural or legal person to whom personal data has been disclosed. vii. Processor: Natural or legal person, public or private entity, public authority, or other body that processes personal data on behalf of the controller. viii. Controller: Natural or legal person, public or private entity, public authority, or other body that determines the purpose and means of personal data processing, alone or jointly. ix. Data Subject: Natural person whose personal data is processed. x. Processing: Any operation or set of operations performed on personal data, whether automated, partially automated, or non-automated, such as collection, recording, organization, structuring, storage, custody, adaptation, modification, deletion, indexing, extraction, consultation, use, transfer, disclosure, access enabling, comparison, interconnection, restriction, suppression, destruction, and any other use of personal data. xi. Transfer or communication: Any manifestation, declaration, delivery, consultation, interconnection, assignment, transmission, dissemination, disclosure, or any other form of revealing personal data to a person other than the data subject, controller, or processor. Data communicated must be accurate, complete, and up to date.

5. RIGHTS OF DATA SUBJECTS

JXBS recognizes and guarantees to data subjects the rights set forth in the LOPDP: 5.1 Information: Right to be informed about how we collect and process personal data, including who we are, how we use personal data, and your rights. 5.2 Access: Right to know whether JXBS processes your personal data and to access the processed data. 5.3 Rectification and update: Right to request correction or update of inaccurate or outdated personal data. 5.4 Deletion: Right to request erasure of personal data when processing: (i) does not comply with legal obligations; (ii) is unnecessary; (iii) has fulfilled its purpose; (iv) retention period has expired; (v) affects fundamental rights; or (vi) consent has been withdrawn. 5.5 Objection: Right to object to processing when it does not affect fundamental rights and is not related to public information or public interest. 5.6 Portability: Right to receive personal data in a compatible format and/or request transfer to another controller. 5.7 Suspension: Right to request suspension of processing when: (i) data accuracy is contested, (ii) processing is unlawful and restriction is requested instead of deletion, (iii) JXBS no longer needs the data but the data subject needs it for claims, or (iv) objection is pending verification of legitimate grounds. 5.8 Review of decisions based solely on automated processing: Right to object, request explanations, and request human review of decisions based exclusively on automated processing that affect your interests.

6. EXERCISE OF DATA SUBJECT RIGHTS

Data subjects may exercise rights of access, rectification and update, deletion, suspension, objection, portability, and the right not to be subject to decisions based solely or partially on automated assessments. To exercise these rights, data subjects may use the following mechanism, providing proof of identity: 6.1 Submit a request by email: felipe@jxbs.ai In accordance with the LOPDP, JXBS will respond to rights requests within a maximum of fifteen (15) days from receipt, unless clarification or expansion is necessary. If clarification or additional information is required, JXBS will request it within five (5) days of receiving the request. The data subject will have ten (10) days, counted from the day after notification, to provide the requested information. If the data subject does not clarify or expand the request within that period, JXBS will archive the request and notify the data subject, without prejudice to submitting a new request. The data subject has the right to file a claim directly before the Personal Data Protection Authority if rights have been violated by the response given, or if no response is received within the legal term. Please note that exercising rights may be subject to limitations set by applicable law.

7. PERSONAL DATA THAT IS PROCESSED

7.1 Types of Personal Data JXBS processes personal data voluntarily provided when using our website, by email, or through communication platforms enabled and recognized by JXBS for this purpose. Such data may be contained in digitized media or recordings (such as interviews), and may include, among others: • Identification data: first name, last name, identification document number. • Contact data: home address, email address, phone numbers. • Academic data: academic background (degree), degree registry, languages. • Professional data: information included by each candidate in their curriculum vitae (CV), recommendation letters, work experience, and skills. • Interview videos: when requested by the employer as part of the selection process. • Results of psychometric and technical assessments. • Practical case materials.

8. PURPOSES OF PROCESSING

JXBS processes personal data under the legal bases established in Article 7 of the LOPDP: consent; compliance with legal obligations; execution of pre-contractual measures or contractual obligations; compliance with court orders; public-access databases; protection of vital interests of the data subject or third parties; fulfillment of a mission carried out in the public interest; and legitimate interest. Collected personal data is used to evaluate applications and manage job opportunities within the JXBS web application, which includes: • Reviewing and evaluating CVs and information provided by candidates. • Communication with candidates about job opportunities, interviews, and selection processes. • Analysis of test or assessment responses. • Analysis and feedback of interview videos, psychometric tests, and practical cases. • Inferences and conclusions derived from analysis of videos, tests, and practical cases. • Statistical analysis, professional competency analysis, and topics related to our services. • Customer service activities such as responding to inquiries, suggestions, or complaints. • Sending information related exclusively to employability and education, such as course offers or job opportunities.

9. TRANSFERS AND ACCESS BY PROCESSORS OF PERSONAL DATA

JXBS stores your personal information on platforms such as AWS, Digital Ocean, Typeform, and Videoask. Transfer or communication of personal data is carried out only when necessary for the previously established purposes. Likewise, JXBS may share personal data with group companies, affiliates, branches, or related entities, which will use it exclusively for the purposes described in this Policy. Such communications occur only with third parties with whom JXBS has a contractual, legal, or judicial obligation. In this regard, the company applies strict supplier selection criteria to ensure adequate personal data protection. Processing of personal data may involve international transfers, especially regarding information storage services. In these cases, JXBS requires recipients to comply with adequate protection, confidentiality, and security standards, particularly when data is transferred to jurisdictions that do not provide equivalent protection levels under applicable law and guidance of the Personal Data Protection Authority.

10. RETENTION OF YOUR PERSONAL DATA

JXBS stores personal data for the time necessary according to the purposes that justify processing, in compliance with applicable provisions and the administrative, accounting, tax, legal, and historical aspects of the information. Personal data is stored in an information system created for this purpose in a way that guarantees its security. Once the processing purpose or purposes are fulfilled, and without prejudice to legal rules that provide otherwise, personal data will be deleted, unless anonymized. In such case, the data loses its personal nature and may be used at JXBS discretion. Notwithstanding the foregoing, personal data must be retained when required to comply with legal, contractual, or audit obligations, and for the limitation period of legal actions.

11. REFUSAL TO PROVIDE DATA

If the data subject chooses not to provide personal data or objects to its processing, JXBS will be unable to fulfill the purposes set out in this Policy and, therefore, unable to meet the data subject requirements.

12. ERRONEOUS OR INACCURATE DATA

Providing erroneous or inaccurate personal data impacts fulfillment of the purposes set out in this Policy. Therefore, it is the sole responsibility of data subjects to ensure that the personal data provided is correct, complete, and up to date. The data subject is responsible for any false, inaccurate, or outdated information voluntarily provided, as well as direct or indirect damages this may cause. If required personal data is not provided, JXBS will be unable to fulfill the purposes set out in this Policy.

13. USE OF PERSONAL DATA

13.1 Limitation of Use Collected personal data will be used solely for the JXBS purposes stated in this Policy and will not be used for other purposes. JXBS S.A.S. is committed to maintaining an appropriate and optimal privacy and personal data handling policy to protect user interests while such data remains under its control, and not with third parties outside its internal policies. Regarding transfer or communication to third parties, the purpose and type of activity of such third party will always be aligned with the activities and purposes carried out by JXBS S.A.S.

14. SECURITY MEASURES

JXBS has adequate technical and organizational measures to guarantee protection of personal data, ensuring confidentiality, integrity, and availability. Security measures seek to prevent loss, alteration, unauthorized access, or unlawful processing of personal data, considering volume and categories of data, state of the art, implementation costs, and applicable risks. Employee training and awareness are a fundamental complement to this Policy. For third parties external to JXBS, this Policy is publicly available on the company website.

15. POLICY UPDATES

JXBS periodically reviews and updates this Policy in response to regulatory changes and guidelines issued by the Personal Data Protection Authority. You may review updates to this Policy by accessing it through JXBS channels where it is available. In case of modifications, JXBS will timely notify personal data subjects. The latest update to this Policy was made on May 19, 2025.