Aksi Service Privacy Policy

INTRODUCTION

The Aksi service privacy policy, hereinafter referred to as the privacy policy, is an indispensable part of the terms of use of the Aksi service, hereinafter referred to as the terms of use. The Aksi service is provided for you by Insight Technology d.o.o. (data controller for your personal data). Our policies are in accordance with GDPR, and the privacy policy and terms of use define how we manage privacy, security, and the use of our services. We strive to work only with third parties who, in accordance with GDPR, allow users to set their preferences independently of our services. We also have a data protection officer or DPO, who acts as an independent advocate for the proper handling and use of our customers' information.

AKSI MAINTAINS THE CONFIDENTIALITY OF YOUR INFORMATION

 In the age of a multitude of unwanted electronic messages, you can rely on Aksi to maintain the confidentiality of your information. We never share or sell your data and documents to third parties unless you expressly authorize us to do so, and we never send you promotional e-mails. We are a company that protects the privacy of its customers. Below are details on how seriously we take your privacy. Information collected from our users or about them will never be sold, shared, or given to others in ways and for purposes not disclosed in this privacy statement.

TYPES OF INFORMATION AND DATA THAT WE COLLECT, STORE, AND USE

We collect, store, and use the following types of information and data:

  • personal identification information (PII);
  • non-personal information (NPI);
  • your shared communications (messages and documents that you exchange in the process of registration or claim resolution at the insurance company and with another participant in the accident).

Personal Identification Information

  • Personal identification information (PII) is information that can be used to identify an individual, including information such as IP addresses, account details, e-mail addresses, physical addresses, names, driver's license data and insurance policy, list of witnesses, and all similar information obtained when entering data when completing the European accident report or later in the process of reporting and claiming a damage case at the insurance company.
  • We collect, store, and use data solely for the purpose of providing you with our services. We use Amazon Web Services (AWS) infrastructure for data storage. In addition to AWS security policies, we take a variety of measures to ensure that your data is never read by anyone else. We ensure that every transfer is secured with HTTPS, so that no one else can access your data. To achieve this, we use strong protocols (TLS 1.2), strong key exchange (ECDHE_RSA), and strong encryption (AES_128_GCM) with industry-standard 256-bit encryption using TLS/SSL (HTTPS).

Non-Personal Information

Non-personal information (NPI) is information that cannot be used to identify an individual, such as technical information about your device, location, time zone, usage activity, performance metrics, configuration settings, anonymous behavioral information, and other aggregated information. Every time you interact with our services, we automatically receive and record "cookie" information from your browser or device. "Cookies" are identifiers that we transfer to your browser or device and allow us to recognize your browser or device and tell us how and when pages and features in our services are visited and by how many people. You may be able to change the settings of your browser or device to prevent or limit this, but this may deter you from taking advantage of some of our features. NPI is used to customize content for you and to provide service functionality. NPI is also used to improve the user experience when using our services. We use internal and external processing and analytical systems to analyze user experience, behavior, and trends with NPI.

  • Web Survey Data:  To enhance the websites, online stores, or applications of our clients, we may use web surveys. We only collect information that you provide to us. We securely store this information and do not share it with third parties. All responses are processed anonymously.
  • Cookies: Our website requires cookies to function properly. A cookie is a small file sent by a web server and stored on your computer's hard drive. The cookie contains anonymous information about your visit to the website, which helps us improve our services on it.
  • Google Analytics: We use Google Analytics to track the performance of our website. This information is not customized. For example, we do not know how much time you spend on a particular page. We do not store information about your individual behavior on our website or your personal data.
  • Personal Settings: We also use cookies to store your settings, so you don't have to adjust the language or close the same display every time you visit our website.

Shared communication

  • Messages and documents that you exchange within Aksi with other participants in an accident or with an insurance company are also stored in the Aksi cloud, some of this content is stored locally on your device. It is used exclusively to provide our services. Aksi must process messages and communication between participants to provide our services. We understand the responsibility of handling such data, so we have implemented the highest security measures to protect your data. Exchanged messages and documents are considered shared communication, which cannot be unilaterally deleted.

THIRD-PARTY SERVICES

We strive to work only with third parties who publish a privacy policy that governs their collection, storage, processing, and use of PII and NPI. Such service providers include, without limitation and subject to change, Amazon Web Services (AWS), Microsoft Azure KeyVault, Fabric, Sentry, Regula, OpenAI, Mixpanel, NetResults, Zendesk, MailChimp, Appsflyer, and Google Analytics. Please read their terms of use and privacy policies to better understand their privacy practices.

DATA DURATION

Given the purpose of the Aksi service, i.e., assistance in completing the European accident report and documenting the damage and circumstances for the fastest possible damage claim at the insurance company, Aksi does not store data permanently. User data is accessible on Aksi for 60 days from the date of data entry.

Regardless of the previous paragraph, Aksi may retain anonymized data about cases even after the expiration of the period stated in the previous paragraph for the purposes of improving the service, providing audit trails, and developing new services.

ACCESS TO DATA

Except as described elsewhere in these terms, no employee, contractor, agent, or other personnel of Aksi (collectively referred to as Aksi personnel) will access or use your data in a way that would identify you as an individual. We have strict controls and procedures aimed at limiting access and use of your data by Aksi personnel. All members of Aksi personnel who have or need access to your data as part of their Aksi services are bound by our policies regarding your data. We treat the privacy and security of your data with the utmost respect.

Staff at Aksi may need access to your data for troubleshooting, responding to issues, system maintenance or updates, or other activities in the normal course of operating our services. In most cases, we will notify you and request your permission before allowing a member of the Aksi staff to access your data. However, we may access certain data and disclose it if we believe in good faith that such access, use, preservation, or disclosure of your data is reasonably necessary to comply with any applicable law, regulation, legal process, or enforceable governmental request; to enforce these terms, including investigating potential violations; to detect, prevent, or address fraud or security issues; and/or to protect the rights, property, or safety of Aksi, our users, or the public, as required or permitted by law.

HOW AKSI PROTECTS YOUR DATA

Data Protection and Our Commitments

  • We will never sell, resell, or otherwise share your data outside of Aksi, except in the ways described in the Usage Policy. We are committed to implementing the necessary security measures in accordance with European law. This avoids the loss, illegal use, or alteration of personal data. Of course, you can always write to us or call us if you have a question about our privacy policy.

Data storage

  •  Aksi is a cloud-based application. To ensure the secure and reliable operation of our services, we rely on the most advanced and secure solution available in the industry - Amazon Web Services (AWS). In addition to AWS security policies, we encrypt all data between the client and our service. For encryption and client authentication, we use a strong protocol (TLS 1.2), strong key exchange (ECDHE_RSA), and strong encryption (AES_128_GCM) with industry-standard 256-bit encryption using TLS/SSL (HTTPS).

System Access

  • To provide our services, Aksi stores personal information, including email address and the content of forms and documents that are the subject of the Aksi service. This may include (but is not limited to) attachments, documents, images, and videos. We limit access to personal data only to those employees, contractors, and service providers for whom we believe reasonably need access to this information to operate our services. We have physical, electronic, and procedural security measures designed to protect users' personal data in accordance with the law. We only allow access to our systems from a secure VPN address.

VULNERABILITY DISCLOSURE POLICY

At Aksi, trust is our most important principle and we take the protection of our customers' data seriously. The Aksi security team recognizes the valuable role of independent security researchers in internet security. Therefore, we encourage responsible reporting of any vulnerabilities that you may find in our web service. Aksi is committed to working with security researchers to verify and address any vulnerabilities reported to us. Before testing and/or reporting a vulnerability, please review these policies. Aksi is committed not to initiate legal action against researchers for penetration or attempted penetration of our systems if they adhere to this policy.

Vulnerability Testing:

  • When a test version or developer version is available, perform all vulnerability tests on such a version of the service. Always use test or demo accounts when testing our web services.

Reporting a Potential Vulnerability:

  • Share details of suspected vulnerabilities with Aksi by sending an email to support@aksi.ai
  • Provide full details of suspected vulnerabilities so that the Aksi security team can verify and reproduce the issue.

Aksi does not permit the following types of security research; although we encourage responsible discovery and reporting of any vulnerabilities, the following actions are expressly prohibited:

  • Conducting actions that would negatively impact Aksi or its users (e.g., spamming, brute force attacks, denial-of-service attacks...)
  • Accessing or attempting to access data or information that does not belong to you.
  • Destroying or corrupting, or attempting to destroy or corrupt, data or information that does not belong to you.
  • Conducting any physical or electronic attack on Aksi's staff, property, or data centers.
  • Engaging in social engineering against Aksi's support staff, employees, or contractors.
  • Conducting vulnerability tests on participating services using anything other than test accounts (e.g., developer versions or trial versions).
  • Violating laws or breaching agreements with the purpose of discovering vulnerabilities.

Aksi Security Team Commitment:

  • Please do not share or publicly post unresolved vulnerabilities with third parties. If you responsibly submit a vulnerability report, the Aksi security team and associated development organizations will do their best to: respond in a timely manner and confirm receipt of your vulnerability report;
  • Respond promptly and confirm receipt of your vulnerability report.
  • Provide an estimated timeframe for addressing the vulnerability report.
  • Notify you when the vulnerability has been addressed.
  • We are grateful to each individual researcher who submits a vulnerability report, as they help us improve the overall security posture at Aksi.

CHANGE OF OUR PRIVACY POLICY

We are constantly striving to improve our services, so this policy may change from time to time. We reserve the right to change the terms at any time. When we do, we will update the date to make it clear that a new version has been created. In the Aksi service, there is always a link to the current version of these terms. If you do not agree with the new terms, this unfortunately means that you will no longer be able to use our services. Continued use of the services after the implementation of the change in terms means that you agree to any change in the terms.

Politika zasebnosti storitve Aksi, verzija 1.0, 1.1.2024

Any more questions?

For further assistance, please contact us.

Stay up to date - subscribe to our e-newsletter.

Hvala!
Bodite pozorni na prihajajoče novice in dogodke!
Ups! Nekaj je šlo narobe. Prosim ponovno vpišite vaš email naslov.
Copyright © 2024 - All Rights Reserved.