NextPXM

PERSONAL DATA PROCESSING POLICY - NEXT PXM S.A.S.

Effective Date: March 1, 2026

1. IDENTIFICATION OF THE DATA CONTROLLER

NEXT PXM S.A.S. (hereinafter, "THE CONTROLLER"), a commercial entity identified with NIT [Insert Tax ID], with its main domicile in the city of [Insert City], Colombia.

  • Address: CL 36SUR 68D 44
  • Email: info@nextpxm.com

2. LEGAL FRAMEWORK

This policy is governed by the Political Constitution of Colombia, Statutory Law 1581 of 2012, Regulatory Decree 1074 of 2015, and any other regulations that modify or supplement them.

3. PURPOSES OF DATA PROCESSING

NEXT PXM S.A.S. will collect, store, and use the personal data of clients, providers, employees, and users for the following purposes:

  • Service Provision: Managing the PXM (Product Experience Management) platform, catalog optimization, and data services.
  • Communication: Sending service updates, technical notifications, security alerts, and administrative support.
  • Marketing and Prospecting: Conducting marketing activities, sending newsletters, commercial offers, and advertising for the company or its partners (subject to prior consent).
  • Product Improvement: Analyzing user behavior through cookies and analytical tools to enhance the interface experience and AI functionalities.
  • Legal Compliance: Addressing requests from authorities, managing invoicing, accounting, and anti-money laundering (SARLAFT) prevention.

4. RIGHTS OF THE DATA SUBJECTS

As a data subject, you have the right to:

  1. Access, update, and rectify your personal data.
  2. Request proof of the authorization granted.
  3. Be informed about how your data has been used.
  4. File complaints with the Superintendence of Industry and Commerce (SIC) for violations of current regulations.
  5. Revoke authorization or request the deletion of data when there is no legal or contractual duty to remain in the database.
  6. Access your processed personal data free of charge.

5. PROCESSING OF SENSITIVE DATA AND MINORS

NEXT PXM S.A.S. does not routinely collect sensitive data (biometrics, health, political orientation, etc.). If necessary, the subject will be informed that they are not obliged to authorize its processing. Processing of data from minors will not be carried out unless authorized by a legal representative, ensuring respect for their fundamental rights.

6. INTERNATIONAL DATA TRANSFER AND TRANSMISSION

For the provision of cloud services (such as AWS, Google Cloud, or Azure) or the use of AI tools, data may be transmitted or transferred to third countries. NEXT PXM S.A.S. will take the necessary measures to ensure these third parties comply with security and privacy standards equivalent to those in Colombia.

7. COOKIE AND TRACKING POLICY

We use cookies to personalize the user experience. By browsing our site, you accept the use of:

  • Technical Cookies: Essential for the platform's operation.
  • Analytical Cookies: To understand how users interact with the software and improve product management tools.
  • Marketing Cookies: To offer relevant content based on your interests.

8. PROCEDURE FOR EXERCISING RIGHTS (Habeas Data)

The [Customer Service / Data Protection] department is responsible for processing your requests.

  • Channel: [Insert email address]
  • Requirements: The request must include full name, ID number, a description of the facts, and a means to receive a response.
  • Timelines: Inquiries will be addressed within a maximum of ten (10) business days; claims within fifteen (15) business days.

9. INFORMATION SECURITY

NEXT PXM S.A.S. implements technical, human, and administrative measures necessary to provide security to the records, preventing their alteration, loss, unauthorized consultation, use, or fraudulent access.

10. EFFECTIVE DATE

This policy comes into effect on March 1, 2026. The databases will remain valid for as long as the commercial or legal relationship with the subject is maintained, plus the legal statute of limitations for obligations.