EMPTOR FORMS

PRIVACY POLICY AND TERMS OF SERVICE

PRIVACY POLICY

Effective Date: 27.10.2022

Spanish Language Version/Versión en Español

Emptor, Inc. (“Emptor”) takes privacy matters very seriously and is committed to privacy protection. This Privacy Policy (“Privacy Policy”) is meant to inform users (“User”, “You”) of the Emptor Forms platform (“Service”) about how Emptor collects, uses and manages information, as well as any applicable safeguards in place to protect the information and Users.  

In order to use the Service You must be 18 year of age or the age of majority in your jurisdiction. If you do not meet this criteria You shall refrain from using the Service. Emptor does not provide the Service for children or adolescents and any data added to the Service will be deleted and disregarded.

This Privacy Policy applies to the Service, to access our Website and Dashboard Privacy Policy, please access this link: [link]  

1. Which Information is collected

The information collected by Emptor for the execution of the Service falls into the following categories:

• Identification information: information that identifies the User such as name, date of birth, documentation numbers, driver’s license number, address, e-mail address.

• Identity verification information: information used to guarantee that the information submitted by the User to the Service or shared by the Client with Emptor is correct and valid, this includes collection of information related to the validity of document numbers and other identifiers provided for the execution of the Service.

• Civil and criminal records information: information in previous legal procedures involving the User, such as lawsuits, subpoenas and arbitration proceedings. 

• Driving Records: information related to the User’s history as a driver, such as traffic violations, fines and information on vehicles under your control.

During the use of Emptor website, Emptor may collect information related to the internet or network activity from the persons that access its website, these informations and their processing are accounted for at Emptor’s Website Privacy Policy, available at: [link]

2. How Information is collected

The information described in the previous section is collected in the following manner:

• Information you submit to perform the Service: whenever filling out the submission fields in the Service page you submit basic information so Emptor can perform the reports requested by the Client that sent you to the page.

• Information shared by Clients with Emptor to perform the service: to create the link that you receive in your email to access the Service, the Client submits that email address to Emptor; Clients may also share additional information needed to complete reports requested by them. 

• Public Records: Emptor searches for information related to Users through sources that are available to the general public, such as open government websites and databases, court and judiciary websites and databases, open search engines, among others. 

• Private Records: with the appropriate agreements and authorizations Emptor may search for information in sources that are private or restricted, such as educational databases, governmental databases that require special access, among others. 

3. How Information is used

Emptor uses Your information to perform the Service, in accordance with Emptor’s agreements with Clients and the applicable legislation. Clients (“Clients”) are the businesses that enter into agreements with Emptor – given that we are a B2B company, we only perform services to benefit other companies or corporations. If You access the Service, You were directed here by one of our Clients, only they have access to specific links that allow access to the Service. 

The Service includes the performance of identity verification reports and background check reports, as well as functionalities related to those reports. Emptor only executes the reports requested by its Clients for each specific candidate, that is, You. These reports are performed in accordance with the law, based on the legitimate interest of our Clients, whenever applicable, or, on Your consent, that must be collected by the Client prior to directing You to this platform. The Client, according to the applicable legislation, is the controller of Your information in this situation, that is, the party that will decide what information Emptor should request, how it should be processed, which reports are to be executed, with whom they will be shared and how they will be accessed. IF YOU USE THE SERVICE, THAT IS, IF YOU SUBMIT ANY INFORMATION TO THE EMPTOR FORMS PLATFORM IN ANY CAPACITY, YOU AGREE THAT YOU HAVE BEEN PREVIOUSLY INFORMED BY THE CLIENT ABOUT THE BASIS FOR DATA PROCESSING AND THE CONSEQUENCES OF YOUR AGREEMENT TO USE THE SERVICE. EMPTOR IS NOT RESPONSIBLE, IN ANY CAPACITY, FOR THE COLLECTION OF YOUR CONSENT OR FOR THE ADEQUATION TO THE CLIENT’S LEGITIMATE INTEREST IN THIS DATA PROCESSING.

Emptor may also use the information collected to comply with legal and regulatory requirements, whenever requested in connection with lawsuits, subpoenas, governmental requests or any other kind of legal proceedings. 

4. With whom Information is shared

Emptor only shares information with the appropriate authorized Clients, as referred to in the previous section (How Information is Used), and with legal authorities, whenever required to.

Emptor does not participate in any form of sale of information to third parties. 

5. How does Emptor protect Information

Emptor adopts technical and administrative measures to protect all information to which we have access against any type of security incident, including unauthorized access, destruction, loss of integrity, communication or any other form of illicit or inappropriate treatment. We always follow market-appropriate security standards and good personal data governance practices.

From a technical point of view, Emptor performs end-to-end encryption of all the information it manages, from the moment of collection to its disposal. We also have technical protection processes present in all data storage locations, such as access via VPN with different degrees of access and cloud security through our partners (eg AWS).

From an administrative point of view, we maintain Confidentiality Agreements with all our employees and collaborators, in addition to limiting the access and use of information to those who need access for the execution of the Service. 

In addition, whenever we share your data with any of our suppliers or use storage services (as described above), we ensure that they also adopt security standards and good practices that are in accordance with the security levels we adopt internally and according to market standards. 

6. Data Subject’s Rights and how to exercise them

Under applicable legislation, the Users – that is, You – are considered to be Data Subjects in what regard the information collected and used to perform the Service, that is, the Users are the persons to which the information refers, which the information identifies and the most interested parties on how the information is handled. This is what justifies this Privacy Policy, that has, as its primary objective, the goal to inform any Data Subject about the paths the information takes to perform the Service and to determine how Data Subjects can exercise their rights. Data Subjects have the right of access, change, oppose to processing or delete any information pertaining to themselves.

In this sense, it is important to highlight that Emptor is the Processor of the information during the performance of the Service, that means that Emptor only collects, uses, stores and shares personal information in accordance to the company’s Clients orientations. The Client’s are the Controllers of the data (as informed in Section 3 of this policy – How Information is Used). 

Since Emptor has no authorization to share, change, delete or in any other way interfere with information beyond the scope given by our agreements with Clients, You should make requests directly to the Client, that is, the company that directed you to access the service. If you choose to make a request directly to Emptor through the Contact Information linked at the end of this Privacy Policy, Emptor will reach out to the Client in order to get authorization before sharing information or in any other form interfering with it. In order to ensure that fraud does not occur, we may require the data subject to submit certain information, confirming their identity.

Emptor will not under any circumstances deny services or engage in any type of discrimination to anyone who has exercised their rights herein. However, it is necessary to keep in mind that Emptor cannot provide the Service if someone has requested that all of their information be deleted. The impossibility of providing the Service may result in disqualification in any processes within the Clients structure You may be participating in.

7. International data transfer

Emptor may use cloud computing services such as AWS for storage and processing capacity purposes. Currently, Emptor storage is primarily held in the United States of America. If you are located in another country, this means that the storage and processing of Your information implies an International Data Transfer. 

Emptor maintains Data Protection Agreements with its Clients that ensure they are regularly informed about any International Data Transfer that happens within the scope of the provision of the Service. Furthermore, Emptor ensures that any cloud computing services or storage units used for the provision of the Service have security measures in place that are in accordance with market practices. 

8. Privacy Policy Updates

This Privacy Policy will be updated from time to time. Therefore it is imperative to regularly review this Privacy Policy as changes may occur over time. 

9. Contact information

If You have any questions regarding the terms described in this Privacy Policy or wish to exercise any of the rights described above, You may contact Emptor at info@www.emptor.io.