In this Privacy Policy, you will find information about how your Personal Data is collected, used, shared and stored through the NeonPass application (the “Application” or “NeonPass”), which consists of an application that, through artificial intelligence and high-precision facial recognition technology, detects and analyzes users’ facial features and facilitates the identification of employees belonging to the company and/or guests to events. Hoobox Robotics Tecnologia do Brasil Ltda. (“Hoobox” or “we”) will make the Application available to registered companies (“company”), their employees (“employees”) and guests (“guests”) who, together, will be users of the Application (“Users”). This Privacy Policy applies to users, who will access Personal Data to enable journey identification through the Application. This Policy must also be followed by all Partners, whether service providers or advertisers, as well as all individuals who use or access the Application. Please remember that by using the Application, you agree to this Privacy Policy and therefore authorize Hoobox to access, collect, use, process and store your Personal Data or Personal Data entered by you in the Application, under the terms set forth herein. Therefore, we ask that you carefully read the Privacy Policy, as well as the TGU, which can be found at www.hoobox.one.
1) Definitions
Whenever mentioned in the TGU and in this Privacy Policy, with capital letters, the following terms will have the meaning attributed to them below:
- “Application”: application called “NeonPass”, developed in iOS and Android format, and available for download on mobile devices through the Apple Store and Play Store.
- “User Account – Employee”: the account that will be activated for Users in the Application, allowing access to limited functions.
- “User Account – Host”: the account that will be activated for Users in the Application, allowing access to limited functions and invitation to visitors.
- “User Account – Master”: the account that will be activated for Users in the Application, allowing access to all application functions, including adding and removing users, including assigning the company database administrator user role, creating units and viewing/managing all units.
- “User Account – Administrator”: the account that will be activated for Users in the Application, allowing access to functions related to the company’s managed unit.
- “User Account – Receptionist”: the account that will be activated for Users in the Application, allowing access to limited functions and viewing of invited visitors.
- “Controller”: natural or legal person responsible for decisions regarding the processing of personal data;
- “Personal Data”: any data that identifies or makes identifiable a natural person.
- “Hoobox”: is the developer, provider and supplier of NeonPass.
- “Enterprise”: these are companies that have contracted NeonPass’ services to manage guests, employees and the flow of people passing through them.
- “Operator”: natural or legal person who carries out the processing of personal data on behalf of the Controller;
- “Employees”: are individuals who register on the Application for the purpose of obtaining identification and identity recognition to enter locations by invitation or workstation;
- “Guests”: are individuals who register on the Application in order to obtain a pass and authorization to participate in scheduled meetings and/or visits.
- “Services”: the provision, by Hoobox, of registration in the Application, of clinical analysis interface and organization of consultations, storage of files and information, intermediation between company, employees and guests.
- “Partners”: are companies that may also interact with Users of the Application. Partners may be, for example, Hoobox partners, service providers or advertisers, as identified in the TGU and in this Privacy Policy.
- “TGU”: document that presents the general terms and conditions for the use of the NeonPass Application, which is available at www.hoobox.one and which must be interpreted in conjunction with this Privacy Policy.
- “Holder” or “Holders”: any and all natural persons whose data, including Personal Data, is entered into the Application, and such data may be contained in documents stored in the Application.
- “User”: any natural person who accesses and/or uses the Application, including the company, employees or guests.
2) Processing of Personal Data
Hoobox is the Controller with respect to the Personal Data of users, whether entered or generated by the Application. To this end, Hoobox must guarantee the integrity of such Data and ensure that Data Subjects are able to exercise their rights with respect to the Personal Data linked to the Application.
In order for Hoobox to provide the Services, as set forth in the TGU, it will be necessary to register and open a User Account. Users will register on the Application by filling out information on the Application itself. Therefore, activation of the User Account will depend on the provision and validation of information, including the User's Personal Data, such as: name, identification documents, CNPJ number, as applicable, among others.
Therefore, the following Personal Data will necessarily be collected and processed to activate a Master User Account:
- Full User Name;
- Date of birth;
- E-mail;
- Password;
- Gender;
- Access Log (including IP);
- Cell phone identifier;
- Cell phone;
- Copy of identification document (RG, CNH, RNE or Passport);
- Individual Taxpayer Registration Data;
- Data present in the identification document;
- Health plan/insurance details;
- Copy of health plan/insurance card;
- Proof of life video;
- Profile photo;
- Application crash data;
- Business address;
- CNPJ;
Additionally, for services to be performed for other users such as Employees and guests:
- Full User Name;
- Date of birth;
- E-mail;
- Password;
- Gender;
- Access Log (including IP);
- Cell phone identifier;
- Cell phone;
- Copy of identification document (RG, CNH, RNE or Passport);
- Individual Taxpayer Registration Data;
- Data present in the identification document;
- Health plan/insurance details;
- Copy of health plan/insurance card;
- Proof of life video;
- Profile photo;
- Application crash data;
Users who submit information and Personal Data of themselves or third parties in the Application will be solely and exclusively responsible for the veracity and quality of the information, Personal Data and documents they insert in the Application, and Hoobox cannot be held responsible if the poor quality or inaccuracy of the data and information inserted by Users in the Application causes any damage to themselves or third parties.
By accessing or using the Application, Professionals consent to the processing of their Personal Data by Hoobox and Partners authorized by Hoobox, as set forth in this Privacy Policy.
Users declare that they are aware and consent that Hoobox may use their Personal Data collected to send newsletters, communications, marketing and content that optimize their experience, always in accordance with the provisions of the LGPD. Furthermore, the data stored by Hoobox may be used for statistical purposes (Analytics), so that Hoobox can understand how Users interact with the Application.
Hoobox also records usage data when the User accesses or otherwise uses the Application Services. The Application uses the accesses, cookies, device information and addresses internet protocol (“IP”) to identify the User or record their use and access.
If you do not agree with the receipt of this information or any specific processing of Personal Data mentioned in this Policy, you must submit a request for its deletion (opt-out) via email bunker@hoobox.one or via the request via the NeonPass app located in the support section.
The request for deletion of the registration made by the user and/or the company in cases of employee dismissal does not prevent Hoobox from keeping encrypted and storing relevant data for possible legal proceedings that may be claimed by any of the interested parties, and that the application usage data may be implicated as evidence and/or proof for such an event. This data must be stored in accordance with the applicable laws for each of the cases that are necessary.
Valuing the transparency and privacy of Professionals registered on the Application and their respective users, below are the legal bases that justify the use of Personal Data by Hoobox, as well as the purposes of such use:
Enterprise | ||
Purpose | Personal Data | Legal Basis |
Access log | IP address and geolocation | Compliance with Legal Obligation |
Registration and login | E-mail, name, address, CPF, date of birth, telephone, CRM, specialization, academic history and academic experiences and photo | Execution of contract or preliminary procedures to the contract and Legitimate Interest |
Payment | Name, CNPJ, address, card details (name on card, card number, security code and validity) and country for payment of expenses via the App | Contract execution |
Sending essential communications | Name and email | Execution of contract or preliminary procedures to the contract |
Sending of newsletters, and personalized content | Name, Email, phone number and token for sending notifications push | Legitimate Interest |
Analytics and Marketing | Advertising ID (unique user ID generated by advertising platforms) analytics and digital advertising) and interest profile (interactions and likes) | Consent and Legitimate Interest (the latter if the data is anonymized) |
Support | E-mail and other information that the user sends during the service, e.g. name, telephone number, CPF and card details (name on the card, card number, security code and validity period.) | Legitimate Interest |
Provision of identification services | Photos and videos | Consent |
Other Users | ||
Purpose | Personal Data | Legal Basis |
Access log | IP address and geolocation | Compliance with Legal Obligation |
Registration and login | Email, name, address, CPF, date of birth, telephone number and photo | Execution of contract or preliminary procedures to the contract and Legitimate Interest |
Sending essential communications | Name and email | Execution of contract or preliminary procedures to the contract |
Sending of newsletters, and personalized content | Name, Email, phone number and token for sending notifications push | Legitimate Interest |
Analytics and Marketing | Advertising ID (unique user ID generated by advertising platforms) analytics and digital advertising) and interest profile (interactions and likes) | Legitimate Interest (considering that the data is anonymized, otherwise User Consent will be requested) |
Support | E-mail and other information that the user sends during the service, e.g. name, telephone number, CPF and card details (name on the card, card number, security code and validity period.) | Legitimate Interest |
Provision of identification services | Photos and videos | Consent |
Hoobox undertakes to collect and process Personal Data in accordance with applicable legislation, including, but not limited to, the General Personal Data Protection Law.
3) User Obligations and Declarations
Users declare and acknowledge that, if they enter Personal Data of third parties into the Application, directly or contained in documents:
- previously informed the respective holders and took all necessary measures so that the holders were aware of and/or consented to the processing of their Personal Data by Hoobox and the company;
- the information entered into the Application, including any Personal Data, is complete, truthful and up-to-date, and does not violate any third-party rights;
- for users with access to the Web platform, sharing images from the application is strictly prohibited. It is also prohibited to copy (including “prints”), send and/or retransmit partially and/or fully images and/or prints from the platform to third parties without prior authorization from Hoobox, whether the copy contains sensitive data or only screen elements;
The User undertakes to be diligent in safeguarding and not sharing their access data to the Application (i.e. login and password) with any third parties, as well as being responsible for the activities they carry out in the Application or for the information, including Personal Data, that they enter, directly or through documents, in the Application.
If the above statements are not entirely correct and/or the obligations assumed herein are not adequately fulfilled, Users are exclusively and fully responsible for any damages caused to Hoobox or any third parties.
The User further declares that when accessing the Application, he/she will be diligent and will use the documents, Personal Data and information made available by users only for the purposes authorized and compatible with the Services provided within the Application.
In the event that Hoobox is sued, at any time, due to facts or acts for which the responsibility is attributed to the User, the company or the Guests, under the terms of this Privacy Policy, the responsible party must: (i) voluntarily intervene in the case, requesting the immediate exclusion of Hoobox from the dispute, that is, it must voluntarily join any legal actions filed against Hoobox and request the exclusion of Hoobox as Defendant, (ii) assume full and exclusive responsibility for the payment and/or measures requested, and (iii) fully reimburse Hoobox for any costs and expenses incurred as a result of the lawsuit. If said exclusion does not occur, the responsible party will be responsible for the payment and full compliance with the decision, or, if applicable, must immediately reimburse Hoobox.
4) Sharing of Personal Data and Information
Hoobox preserves the privacy of Users and other Holders of Personal Data included in the Application and undertakes not to share such information with companies, organizations and other individuals, except (i) if expressly authorized by the User, the Data Holder, by the Privacy Policy or (ii) in one of the following circumstances:
- Group companies : Hoobox may share information, including users' Personal Data with potential investors, whenever such sharing is important for the proper execution of the Application Services, for compliance with legal obligations and/or is in the legitimate interest of Hoobox.
- Corporate operations : As a result of possible corporate restructuring operations, mergers, acquisitions, incorporations and similar, Hoobox may share or even transfer information, including users' Personal Data, to individuals or legal entities involved in any way in the operation.
- Service Providers : Hoobox may share information, including users' Personal Data, with companies, organizations or individuals that provide services on behalf of or for Hoobox, for example, to implement security measures, provide Information Technology services, maintenance, storage on servers or in the cloud, among others. These companies will be allowed to obtain only the information necessary to provide the service properly and may be required to maintain the confidentiality of the information. Whenever possible and compatible with the functionalities of the Application, the information will be provided to these third parties in a way that preserves the anonymity of the Users, and/or the holders of the Personal Data stored in the Application.
- Legal measures and legal obligations : Hoobox may disclose or share information, including Users' Personal Data, if it believes, in good faith, that access, use, conservation or disclosure of the information is reasonably necessary to (i) comply with any law, regulation, court order or governmental request; (ii) investigate possible violations of rights; (iii) detect or prevent fraud, as well as resolve technical or security issues; (iv) ensure the security of the Application, Hoobox, Users and third parties; (v) protect the rights and prevent liabilities of Hoobox (vi) investigate, prevent or take action regarding suspected or actual illegal activities, or to cooperate with public agencies, and; (vii) comply with legal obligations or any other determination before government and judicial bodies, including, but not limited to, Ministries and/or Government Secretariats, federal agencies, regulatory agencies and/or legal authorities (e.g. regional police stations), consumer protection agencies, judicial bodies and others. As per Hoobox’s decision, Users may be notified of legal demands regarding their Personal Data, unless prohibited by law or court order or if the request is urgent. We may contest these demands if we believe the requests are excessive, vague or made by incompetent authorities, but we will not commit to contesting all demands.
- Partners : Hoobox may share User activity records with Third Parties for the purpose of personalizing the advertisements displayed on the Application.
- “Graduates”: Hoobox may share certain personal data of users who register as “guests” and/or invitees with entities that have contracted the NeonPass license, in order to enable the pre-check-in and/or entry processes of these users within the establishments that have such contracted license. The data shared will be those obtained through the registration process in the application, with the user, and will be restricted to the personal data previously agreed between Hoobox and the Neonpass licensee, as necessary to enable the pre-check-in.
- Transaction information : Hoobox reserves the right to keep in its database all information transmitted through the Application, including information on operations, volume, sales and market value of products, quotations, among others. This information may be shared by Hoobox with third parties and disclosed to the market, in any media, as long as there is no link between the information and the Users, that is, the information will be anonymized.
Images, texts, figures or anything inserted in the Neonpass WEB platform may only be disclosed or provided to employees and collaborators of the company and to third parties in order to comply with a legal obligation and/or determination by a competent government authority, or with the prior and express consent and authorization of the other Party.
5) Use of Cookies
The Application may use cookies or other technologies to help personalize your experience. Cookies are small text files stored in your computer's memory. A cookie contains information that can later be read by a server located in the domain that issued it. The information that the cookies collect include the date and time of your visit and browsing history. The cookies allow you to identify old Users when they return to the Platform, enabling them to be directed to personalized content and/or similar services. cookies They also save time, making it unnecessary to enter the same information, such as registration data and payment details, several times on the platform.
6) Information Security
Hoobox makes every effort to protect the information collected and maintain information security standards in order to preserve its confidentiality and integrity, both as Controller and Operator. To this end, it uses encryption, double authentication of login and password, in addition to other security measures considered to be market standard. Hoobox is committed to continually improving its security controls, keeping your information safe throughout the entire flow of transmission, processing and storage. In addition, all Hoobox employees are subject to contractual confidentiality obligations and may be prosecuted or even dismissed if they fail to comply with such obligations. However, there is no electronic storage method that is completely secure. Therefore, although we strive to protect the information processed in the Application, we cannot guarantee that data processing and information storage will be free from errors or exposure to external attacks.
7) Access Log
When the User leaves the Application, the Privacy Policy will no longer apply. We suggest that you check the terms and policies of any website and/or application to which you are directed when this occurs. The User agrees not to hold Hoobox liable for any losses, damages or other problems of any kind that may arise from the use of websites that contain links to the Application, or whose links are available on the Application, and is also aware that any negotiation or sharing of data and/or information and documents with such websites does not involve, bind and/or obligate Hoobox.
8) Control of your Personal Data
Hoobox will provide means for Users to access, correct, delete or modify data entered into the Application.
The options for exercising rights, as provided for by law, are listed below:
Data deletion:
The User may request the deletion of his/her Personal Data from the Application without the need to provide any justification. As soon as it receives the request, Hoobox will delete the data, as provided for in the Data Protection Legislation, observing the applicable exceptions.
Changing or correcting data:
The User may request updates, changes or corrections to their Personal Data entered in the Application when they are incomplete, inaccurate or out of date.
Revocation of consent:
For cases in which the User has granted consent to Hoobox to process their Personal Data, the User may, at any time, revoke this consent.
Right to access your data:
The User may request a copy of the Personal Data processed by Hoobox through the Application, which will be made available in a readable and electronic format.
Channels to exercise your rights:
To exercise the rights listed above, the User must send an email to the Data Protection Officer at bunker@hoobox.one. The request must include: (i) the User’s qualification, as applicable (full name, CPF, login); (ii) the specification of the measure that the User requested and; (iii) if applicable, the User must specify the data that is the subject of the request.
There are situations in which Hoobox will need to maintain and/or will not be able to change the data provided by Users and, for this reason, will not be able to meet Users' requests. By way of example, the following cases are cited: [eg compliance with legal and/or judicial obligations, obligations entered into with third parties, etc.]
If the User believes that the Application violates their rights regarding their Personal Data or data under their control, they may notify Hoobox via the Data Protection Officer's email, but Hoobox reserves the right to remove or maintain such content, in accordance with the rules and guidelines of this Privacy Policy and applicable legislation.
Nothing in this Privacy Policy is intended to exclude or limit any condition, warranty, right or liability that may not be lawfully excluded or limited. Some jurisdictions do not allow the exclusion of certain warranties or conditions or the limitation or exclusion of liability for damages. Accordingly, only the limitations that are permitted by law in your jurisdiction will apply to you. In cases where exclusion of liability is not possible, but limitation of liability is legally applicable, Hoobox's total liability will be limited to R$ 1,000.00 (one thousand Reais).
9) International Transfer and Storage of Personal Data
Hoobox processes data, including Personal Data, within Brazil and in other countries depending on the activities of Users in the Application. Your data may be stored on national or international servers, owned or contracted by Hoobox and by accepting this Privacy Policy the User, as the Holder of Personal Data, consents to the transfer of his/her Personal Data for this specific purpose.
We only store your Personal Data for the period necessary to fulfill the purposes of the Application and the purposes listed in this Policy, or to comply with applicable legislation. You may, at any time, request the deletion of your Personal Data from Hoobox's databases, except for the storage of data whose maintenance is required of Hoobox due to contractual, legal or regulatory obligations or, furthermore, whose maintenance is necessary for evidentiary and registration purposes of the commercial relationship, to comply with a judicial/administrative order and/or to resolve questions from third parties.
We have the right to change the content of this Privacy Policy at any time, depending on the purpose or need, such as for legal adequacy and compliance with the provision of law or regulation that has equivalent legal force, and it is the User's responsibility to check it whenever they access the Application. If there are updates to this document that require new consent collection, you will be notified through the Application itself. If the Policy is changed, you will be duly notified and the new Privacy Policy will come into effect after that period.
If any provision of this Privacy Policy is found to be illegal or unenforceable by any governmental authority, the remaining provisions will remain in full force and effect.
General Provisions
Any dispute or litigation related to this Privacy Policy must be submitted to the Court of the District of São Paulo, State of São Paulo, Brazil, which will prevail over any other, however privileged it may be or may become, and will be judged in accordance with the laws of the Federative Republic of Brazil.
Hoobox indicates the email bunker@hoobox.one, as responsible for assisting and guiding you in all matters relating to the Privacy Policy, to answer your questions and respond to your requests regarding the processing of your Personal Data.
