At Connex Card Inc (“we”, “us”, “our”, “Connex Card"), we regularly collect and use information that could identify an individual ("personal data"), specifically in relation to your purchases or your utilization of our Vet services, products, android or iOS app and the website ("you", "your"). The security of your own information and personal data is vital to us, and we comprehend that we have a responsibility to handle such data with caution, to protect it and to comply with legal requirements. The reason for this privacy policy is to explain for what reason or in what way we collect and use your personal data ("Policy"). This Policy is intended to cover all services provided by Connex Card and all of our partners. If you want to review the terms related to a specific service, you can consult its corresponding chapter within the Policy. Would you please read this Policy carefully? This Policy does not intend to override the terms of any contract that you have established with us or any other entity incorporated with us, or any right to which you may dispose of as established by the applicable Data Protection Regulations GDPR. PROCESSING AND COLLECTION OF PERSONAL DATA? The personal data that we collect or process includes: Contact and payment data and basic information about the user, including their name, address, telephone number, credit card number, email address, gender, date of birth; Special categories of data, which includes: biometric data, data related to your health when you use specific applications; Other information about you, when we do bookings, including your profession, language, location of your device, and time zone; Your advertising preferences, including interests/assignment of advertising lists, registration of authorizations or advertising objections, website data; Your device data and registration information, including unique identifiers of the device (such as IMEI and IMSI numbers, the wireless network interface of the device (MAC address), or mobile phone number used with the device), source URL, IP addresses and data about your use of our websites, cloud services, application store, browsing history, searches or queries, type of browser, and frequency with which you log in; WHEN DO WE COLLECT YOUR PERSONAL DATA? We will collect information about you directly when you use your device when you update your device when you register an account on your device, or on our websites, when you subscribe to receive advertising material, when you purchase or use our products and services, or when you ask us a question, to send us a complaint or a suggestion or when you provide us with any type of comment or assessment. The information is collected through our services when necessary to facilitate the management of our relationship with you. These other sources may include third-party software applications such as the application store and social media platforms such as Facebook, Instagram, Google Play, etc. CHARACTERIZATION OF PERSONAL DATA WE COLLECT When you use our website or app (the " web and app"), we may collect the following data: Information about your device, including information regarding the products you purchase or why you have contacted customer service through the use of the Sites. Information regarding your account: when you enter the Sites for the first time to register, you will be asked to enter certain information, for example, your email address (which will be your User ID), your password, your account number. Telephone, name and address. Information related to your use, which includes: information that involves all the data collected through the Sites, such as, for example, your activity on the Sites (e.g. a daily log that identifies the clicks made by you on the Sites) or information regarding your registration. IP address: The unique address used to identify your computer on the Internet, our server automatically recognizes. Cookies and tracking technologies: we can use technologies, cookies and web beacons (please see the Cookies Policy available here [insert link] for more detailed information on this matter]. FOR WHAT PURPOSE DO WE USE YOUR PERSONAL DATA? We can use your personal data to: Keep you informed about software updates, technical updates, security alerts and administrative help and messages; Help us make, give, create, work, convey, keep up with and work on our items, administrations, content, promoting and persistently further develop your client experience; Evaluate customer satisfaction and link or combine it with information we obtain from third parties to help us understand what your needs are and thus provide you with a better user experience respond to your comments, inquiries, questions, provide customer service and support, and meet your demands; Verify identity, help identify users, and establish adequate services. Communicate with you and send you important notifications or personalized messages, for example, communications regarding purchases and changes to our terms, conditions and policies; Monitor, evaluate and analyze trends, data, transactions, uses and activities related to our products and services; Facilitate internal objectives, such as auditing, data analysis, and research to improve our products, services, and customer communications; Send you advertising materials, news and information that we consider may be of interest to you, such as announcements about our latest products and upcoming events (when we have obtained your consent or, otherwise, when permitted by law); this process may include profiling; Detect, investigate and prevent fraudulent operations and other illegal activities and protect our rights and property; Use your data for purposes associated with our legal and regulatory obligations.] Beyond the purposes indicated above, we will use the personal data that we collect about you on our Sites to: Understand how you use the Sites; Offer you the possibility to benefit from a more satisfactory browsing experience. We have your express consent to continue with your treatment; or Our utilization of your information is essential to play out an agreement with you or to follow steps that lead us to go into a deal with you (e.g., consent to commitments set up in an understanding endorsed among you and us), or Our utilization of your personal data is critical to consent to a lawful or administrative commitment to which we are subject, or Our utilization of your own information is important to help the "legitimate interests" that we have as a business (for example, to improve our products or carry out analysis through our databases) as long as it is done at all times. In a balanced way and respecting your privacy rights. CATEGORIES OF DATA WE MAY COLLECT We may collect special categories of data about you in order to provide our services to you when you use certain applications. To collect or use the special categories of data about you, we will rely on a specific legal ground with respect to that already mentioned above, which will allow us to use this information. Usually, it would be: Your express consent; The establishment, exercise or defence, carried out by third parties, or by use of legal rights; or A specific exemption is obtained from local laws of EU member states and other countries that apply the General Data Protection Regulation. IMPORTANT: Although we have previously warned that we depend on consent as the basis for our data processing activities, we will not rely on this legal basis later on, except when this has been explicitly indicated. IMPORTANT: Even if you have given us your express consent to allow us to process any of your data, you have the possibility to withdraw your consent to such data; we may no longer continue to provide you with certain services. If you decide to withdraw your consent, we will inform you in more detail about the possible consequences. TO WHOM DO WE SHARE YOUR PERSONAL DATA? Service providers, who perform functions on our behalfs, such as meeting demands, delivering packages, sending postal and electronic mail, removing repetitive information from customer lists, analyzing data, providing advertising assistance, providing search results and links (including payment lists and links), manage credit card payments, provide customer service services and provide maintenance or any other service related to our software and/or applications. If we get your data through the app or the website or any third-party account, such as Facebook, Google+ or Twitter, your personal data will be respectively managed by one of these third parties. Please review the privacy policy of third parties, as this Policy will not cover their data processing. Our regulators, such as the relevant European data protection authorities, as well as other regulators and security bodies in the EU and around the world; Other third parties, for the purposes of detecting, preventing or otherwise addressing fraud, technical or security issues, protecting from damage that may be inflicted on the rights, property, or safety of our users or the public. Lawyers and other professional services companies. . ADVERTISING AND MARKETING Your personal data may be used for direct marketing or advertising communications about our products and services or related services, including announcements of our newest products and upcoming events. This could occur through [email, postings, SMS, telephone, or targeted online advertising]. We limit direct mail to a level deemed reasonable and proportionate and to send you communications that we believe may be of interest to you and relevant to you, based on the information we have about you. For the purposes of the General Data Protection Regulation, our management of your personal data for direct advertising purposes is based on your consent, or as provided by law, on our legitimate interests, as detailed in this Policy. You have the right to cancel the receipt of direct mail at any time. We also use your personal data in order to individualize or personalize the advertisements, offers and content available to you in accordance with your use of our mobile applications, websites, platforms or services, and by analyzing the way in which these advertisements work, offers and content, as well as your interaction with them. STORAGE DURATION OF YOUR PERSONAL DATA? We will keep the data as reasonably necessary for the purposes mentioned in this Policy]. In some circumstances, we may keep your personal data for longer periods of time, for example, when we are obliged to do so to comply with legal, regulatory, tax or accounting requirements. In specific circumstances, it is also possible that we keep your personal data for longer periods of time so that we have an accurate record of the operations between you and us in the hypothetical circumstance that a claim or objection arises, or in the event of that, we reasonably believe that there is a possibility of legal action related to your personal data or your operations. [We maintain a data retention policy that we apply to the information we safeguard. When it is not necessary to retain your personal data any longer, we will ensure that it is either securely erased or stored in such a way that it cannot be used any longer in the business environment.] WHAT ARE USER RIGHTS? According to GDPR, you have all the rights. In summary, you can request access to your data, the rectification of any errors in your files, the deletion of records that need not be kept any longer, the application of restrictions on the processing of your data, the objection to the processing of your data, the portability of your data and various information in relation to any decision made automatically and the creation of profiles or the criteria for international transfers. More detailed information on these rights is available below: Access You can ask us for: That we confirm if we are managing your personal data. That we provide you with a duplicate of such data. That we provide you with other information about your personal data, such as: what data we have, what we use it for, to whom is this data disclosed, whether we transfer this information abroad and how we protect it, how long we keep its data, what rights you have, how you can make a claim, where we obtained your data and if we have carried out automatic decision-making or profiling, Rectification You have the right to demand us for the rectification of inaccurate personal data. We may ask to verify the accuracy of the data before rectifying it. Erased In certain cases, you can ask us to remove your personal data: When it is no longer necessary to keep them for the purposes for which they were collected. Or when you had withdrawn the consent given (when the data processing was based on the transfer of your consent). After exercising a right of objection and it has been successful (see below “objection”). Or when your treatment has been carried out illegally. Or in order to comply with a legal obligation We are not obliged to consent to your solicitation to erase your personal data if its processing is necessary: 1. For the fulfilment of a legal obligation; or 2. For the establishment, of legal rights. There are certain circumstances in which we are not required to comply with your request for deletion, although these two are the most likely situations in which we would refuse such a request. Limitation You can request that we limit (for example, keep, yet not use) your personal data, but only: When you have complained about their accuracy (see "rectification" below), to allow us to verify their accuracy; or When the processing of these is illegal, but you do not want them removed; When they are no longer necessary for the purposes for which they were collected, but we still need them to establish, exercise or defend legal rights; or When you have exercised the right of objection and the verification of the imperative reasons is pending. We may continue to use your personal data after a restriction request: When we have your consent; or To establish, exercise or defend legal rights; Portability You can ask us to provide you with your personal data in a machinereadable, commonly used and structured format, or you can ask that it be "ported" directly to another data controller, but in both cases, only when: the processing is based on your consent, or the process is carried out by legislative means. Objection You can object to handling your personal data that has "our legitimate interests" as a legal basis if you consider that your fundamental rights and freedoms override our legitimate interests. Once you have objected, we have the opportunity to show that we have legitimate competing interests that are above your rights. To practice your privileges, you can reach us at Contact@connexcard.com, Identity. We take the secrecy of all records containing individual data very seriously, and we reserve the right to ask you for proof of your identity if you make a request. Payment of fees. We will not ask you to pay a fee to exercise any of your rights in relation to your personal data unless your request for access to the information is unfounded, repetitive or excessive, in which case we will charge an amount that is reasonable or less. Allotted time. Our goal is to respond to any request that is valid within one month unless it is particularly complex or you have made multiple requests, in which case we will try to respond within three months. In the event that we need a period of time that is more than a month, we will let you know. We may ask you to help us by telling us what exactly you expect to receive or what concerns you. This will help us process your request faster. Exemptions. Local laws may provide additional exemptions; for example, in the UK, where you are subject to legal professional secrecy, you may be denied the right to access your personal data in certain circumstances. Rights of third parties. We are not obliged to comply with a request to receive a copy of personal data (even in the exercise of the right to portability) when this would have a negative effect on the rights and freedoms of others. REWARD PROGRAM The Company may offer one or more rewards programs (“ Reward Points “) under which you may have the opportunity to earn points (“ in terms of gift voucher “), which are redeemable for rewards (“ Rewards “). Rewards Programs may include Additional Terms that apply to your participation in activities allowing you to earn points (collectively, “Activities “). However, the Company may limit, suspend or terminate your ability to participate in a Rewards Program in its sole and absolute discretion, and may void any points, Rewards, or potential Rewards you may have earned or accumulated in a Rewards Program. WHAT ARE COOKIES? Cookies are files or sets of data that the website or application installs in the browser or device (Smartphone, tablet, connected television) when accessing or during the tour of certain web pages or applications, and they serve to store information about your visit. "Web beacons" are tiny images that carry a unique identifier and work like cookies. They allow us to count the users who visit certain pages on the Sites and thus help us to determine the effectiveness of promotions and advertising campaigns. When used in HTML-formatted emails, web beacons can identify the sender if the email message was opened. Compared to cookies, which are stored on the hard drive of the user's computer, web beacons are invisibly integrated into web pages. We can also use Adobe or flash cookies. However, since Flash or Adobe web beacons and cookies are similar to simple cookies, we will also request your prior consent before having them. Why do we use them? When you browse the Sites, some Cookies are installed on your computer. Cookies fulfil various functions, such as allowing you to navigate efficiently through the pages, guaranteeing your preferences and improving your overall browsing experience on the Site. Cookies will also allow us to record information related to your browsing through our Sites in order to be able to track your behaviour pattern. WHAT TYPE OF COOKIES DO WE STORE? Operating cookies. These Cookies are necessary for the operation of our Sites and will allow you, for example, to access secure areas of our Sites. These cookies do not collect information about you [and can be used for advertising purposes] or to allow your internet browsing history to be saved. This type of Cookies cannot be deactivated. Performance and analytics cookies. They allow us to recognize and count the number of visitors and to understand how visitors behave on our Sites. This helps us measure and improve the functionality of the Sites, for example, by ensuring that users can easily find the content they are looking for. Our Sites use Google Analytics, a third-party cookie. The data collected by Google Analytics will be transmitted and stored by Google on its servers in accordance with its privacy policy. Please visit the Google privacy policy for further details: Functional cookies. They are used to recognize you when you visit our Website again (having done so previously). This enables us to personalize our content and remember your preferences (for example, your choice of language or zone). These cookies do not collect information to identify you. All information collected by cookies is anonymous and is only used to improve the operation of our Website. Advertising cookies. They are used to allow us to serve you with advertisements that are relevant to your interests. Advertising Cookies on our Sites are mostly provided by third parties (for example, Amazon) and may also allow third parties to deliver relevant advertisements to you on other websites you visit. HOW CAN YOU DISABLE OR DELETE COOKIES? Except for Operational Cookies (cookies that are essential for our Sites to function), we will always ask for your prior consent before inserting Cookies. In the following paragraph, we will detail the procedure to follow if you wish to deactivate or unlink from those Cookies that are not essential for the operation of our Sites. Most browsers can be configured to inform you when you receive a cookie; You may also decide to block cookies from your browser, but if you do, you will not be able to benefit from the personalized user features enjoyed by other visitors to the Sites. You may not be able to continue accessing certain areas of the Sites (for example, if you deactivate the functioning Cookies). You can disable cookies by changing your browser settings, which allows you to refuse the installation of all or some of the cookies. Disabling a cookie or type of cookie does not remove them from your browser, as removal requires a specific action to be taken. You should, therefore, be aware that if you have deactivated one or more analytical Cookies, we can still use the information collected by the Cookies installed before deactivation unless you request the deletion of such information. However, we will stop using disabled cookies to collect new information. If you want to change your cookie settings, please open the "Options" or "Preferences" menu of your browser. For more information on this, consult the "Help" option in your browser. PRIVACY RIGHTS IN CALIFORNIA Under the CCPA, California Consumers have certain rights that they can work out, either freely or through an approved specialist. CCPA rights demands are dependent upon a recognizable proof and confirmation measure. We will not fulfil a CCPA request unless sufficient information has been provided to us so that we can reasonably verify that the requestor is the Consumer about whom we collected the IP. Some Consumer IP that we retain (e.g. clickstream data) is not sufficiently associated with the Consumer IP for us to verify that it is a particular consumer's IP. If we are unable to consent to a solicitation, we will clarify the reasons in our reaction. You are not needed to make an account with us to make a solicitation. We will use the IP provided in your request only to verify your identity or authority to complete the request and to track and document responses to requests unless you have provided the IP for another purpose. We will use commercially reasonable efforts to identify the Consumer IP that we collect, use, store, disclose, or otherwise treat, and respond to requests for privacy rights from California Consumers. In some cases, particularly with voluminous or generally irrelevant data, we may provide you with a summary of your IP and allow you to choose whether you want us to provide you with the complete set of data. Or we can tell you how you can access and copy the sensitive IP yourself. If we determine that the demand justifies a price or refuse to comply with the request, We will notify you explaining why we made that decision. In the event that we apply a fee, we will provide an estimate of the cost and the opportunity to accept that fee before charging you to respond to your request. Disclosure rights You reserve the privilege to demand that we uncover the accompanying data for a time of a year preceding the mentioned date. Requests from consumers of this type may be made a maximum of two times in a 12- month period. Regarding points (1) and (2) below, we will provide this information in a portable format and, if technologically possible, easy to use. The IP classifications we have gathered about you. The classifications of sources from which we have gathered your IP. The business or business purposes for our assortment of your IP. The particular bits of IP that we have gathered about you. The classifications of outsiders to whom we have unveiled your IP. A list of IP categories disclosed for business purposes in the previous 12 months (or a statement that such disclosure did not occur). A list of the categories of IP sold about you in the previous 12 months, including the categories of third parties to whom we sell the IP about you and the business or commercial purposes for the sale (or a statement that such sale did not occur). Verification for disclosure Clients without an online account or Sherwin-Williams charge account cannot be reasonably validated. See the table above to understand what IP we have collected, the purpose of the collection and with whom we have been able to share it. Customers with an online account will be asked to log into their account at a specific time slot. Upon successful login, we will provide you with the IP categories that we have collected specifically for you. Rights to "Do Not Sell" We do not sell IP from California Consumers as defined in the CCPA, and until such time as we do not change our practices by updating our Privacy Notice, we will treat IP collected pursuant to this Notice as subject to a “no to sell". Some browsers have signals that can be characterized as "do not track" signals, but we do not believe they work that way or that they signify a "do not sell" request. We believe that various parties are developing “do not sell” signals, and we may recognize certain such signals if we conclude that such a program is appropriate. Suppression Rights You may request that we delete the IP that we have collected directly from you. Under the CCPA, we may refuse to delete your IP under certain circumstances, for example, if we need the IP to complete transactions or provide services that you have requested or that are reasonably intended, for security purposes, for legitimate internal business purposes (including for the maintenance of business records), to comply with the law or to exercise or defend legal claims. Also, note that we are not required to delete your IP, which we do not collect directly from you. PRIVACY RIGHTS FOR EU CITIZENS The legal bases of our treatment activities are the following: For our legitimate business purposes, including: provide you with materials, products and services, that you request (for example, complete your registration in a loyalty program and send you product samples) and personalize your experience with our Services; including analyzing the utilization of our services and products to determine the effectiveness of our advertising; To maintain the integrity of our Services. To carry out the contracts we have with you, including the treatment of your purchases and transactions. Our website or app may use web analytics services such as Google Analytics, provided by Google, Inc. and other third-party providers. These services use "cookies" to analyze how visitors use online services. The information generated by cookies about your use of online services (including your IP address) will be transmitted and stored by these providers, also outside the EU, in third countries such as the United States, which may not have laws of data protection or other laws as exhaustive as those of your country. If your IP address does not fall in the category of IP anonymization, the full IP address may be transferred to thirdparty non-EU providers. You can refuse the use of cookies as described in this Policy, and some providers offer you the ability to prevent the collection and processing of data generated by cookies and related to your use of the website (including the address IP) by downloading and installing a browser plug-in. COPPA RULE We are not deemed to collect any personal data relating to children under the age of 13 unless otherwise provided by law without clearly stating that such information should be provided only with parental consent if required by applicable laws. Group will only use children's personal data to the extent permitted by law when the necessary parental or guardian consent has been obtained. UPDATE TO THIS POLICY From time to time, we may make changes to this Policy in order, for example, to update it or to comply with legal requirements or changes in our business procedures. We will notify you of all significant changes [by sending an email message to the last address you provided us by posting a notice prominently on our website. We invite you to regularly consult and review this Policy so that you will always know what information we collect, how we use it, and with whom we share it. This Privacy Policy was updated in November 2022