This Policy governs the collection and processing of individuals' personal data through automated processes via the Internet. The Policy contains information on the types and purposes of personal data processing, the retention period, security measures, the rights of the data subject, and other information related to the collection and processing of personal data by Maxim Service. The collection and processing of personal data is carried out by Maxim Service. The processing of collected data will be conducted in accordance with Law No. 172-13 on the Protection of Personal Data of the Dominican Republic.

1. List of terms used in this Policy:

1.1. “Personal data” is any information directly or indirectly related to a specific individual (the data subject) and that allows him to be identified.

1.2. “The Service” / “The Maxim Service” is the legal entity that independently organizes or carries out the processing of personal data, determines the purposes of the processing, the composition of the data to be processed, the actions (operations) that will be carried out with the personal data in accordance with this Policy, and provides Users with the right to use the Database that contains updated information on the demand of Applicants regarding the services of the Providers.

1.3. “Website” is a set of computer programs and other data contained in the information system, accessible through the following Internet addresses:

    • Dominican Republic: https://taximaxim.com/do/en/15145-san+pedro+de+macoris/order-a-taxi-online 

The Service uses the Website to provide services on its digital platform through mobile and web application to Requesters and Providers, mediating in the request and offer of private transportation of people, as well as in product delivery services by connecting the customer with a Partner who makes the delivery.

1.4. “Mobile Application” may refer to one of the following programs:

1.4.1. “ Taxsee Driver” is a program integrated with the Service's software and hardware system that allows the Provider to access the Database. It is installed on the Provider's device and allows them to automate access to information about existing orders for specific transport services. Depending on the User's country, the Mobile Application may have an alternative name containing “ Taxsee Driver” and also “Maxim Driver” / “ Taxsee Maxim Driver”.

.

1.4.2. “Maxim” is a program integrated with the Service’s software and hardware system that allows the Applicant to access the Database. It is installed on the Applicant’s device and allows them to automate the process of placing service orders. Depending on the User’s country, the Mobile Application may have an alternative name containing “Maxim”.

1.5. “Services” are the information provided to the Applicant by the Service so that their request may be accepted, processed, and transferred to the Providers, and so that the Provider may be informed of the completion of said request. The purpose and procedure of the services provided to the Applicant by the Providers are determined in accordance with the

Maxim Service Terms of Use, available at:

    • Dominican Republic: https://legal.taximaxim.com/?country=DO

1.6. Categories of personal data subjects whose data are subject to processing in accordance with this Policy:

1.6.1. “Applicant” : individual who has requested services through the Website, Mobile Application or a Call Centre Operator, and has provided their personal data for this purpose.

1.6.2. “Provider” : an individual who, voluntarily, independently, and using their own resources, provides transportation, freight delivery, or transport services to the Applicant and has provided their personal data for this purpose. The Service is not a transportation company, but an intermediary that connects the provider with the applicant.

1.6.3. Website Visitors and other informational resources of the Service.

1.7. “User”: individual, including the Applicant, the Provider and other visitors to the Website and informational resources of the Service, who uses the Mobile Application or the Website and provides their personal data to the Service.

1.8. “Request”: travel request made by the Requester to receive services from the Providers.

1.9. “Processing of personal data”: any action/operation or set of actions/operations performed with personal data, with or without the use of automated tools, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), depersonalization, blocking, deletion and destruction of personal data.

1.10. “Automated processing of personal data”: processing of personal data through the use of computer technology.

1.11. “Provision of personal data”: actions aimed at obtaining the personal data of an individual or group of individuals.

1.12. “Blocking of personal data”: temporary suspension of the processing of personal data (except when processing is necessary for the identification of personal data).

1.13. “Destruction of personal data”: actions that render existing personal data unrecoverable or result in the destruction of the physical media containing personal data.

1.14. “Personal data information system”: combination of personal data contained in the Database, together with information technology and technical means that allow the processing and protection of personal data.

1.15. “Cookies”: a set of data sent by the Website, stored on the computer, mobile phone or other device that the User uses to access the Website, and used to store information about the User's actions on the Website.

1.16. “Device Identifier”: unique information that serves to identify the User's device and that is provided by said device or calculated by the Mobile Application.

1.17. “Account”: a set of information about the User necessary for identification and to provide access to their personal data and personal settings , created through the Website or Mobile Application by providing personal data.

1.18. “Database”: an organized structure composed of a combination of materials, technical means, hardware, software and methods, algorithms or program codes designed to systematize, store, process or convert information according to the database algorithms.

2. Accessing the Website or Mobile Application does not automatically constitute acceptance of the Privacy Policy. The platform requires Users to actively confirm their consent by selecting an acceptance checkbox before registering or using the services. In this way, consent is obtained explicitly and through a clear affirmative action, in compliance with Law 172-13 and Article 58 of Law 358-05. Silence or mere browsing does not constitute consent.

3. The processing of personal data is carried out by the Service without the use of automated tools or with the use of automated tools via the Internet. When processed without the use of automated tools, personal data may be presented in the form of paper documents or electronic data on digital media.

4. Maxim Service verifies the information provided by the User in the cases, to the extent, and in accordance with the procedures established by applicable laws and the Maxim Service Terms of Use. In other cases, the Service cannot verify the authenticity of the information provided or the User's legal capacity to provide it. Therefore, the User is responsible for ensuring that the information provided is authentic and up-to-date, and Maxim Service will take all reasonable steps to verify the information provided.

5.1. During the processing of personal data, the User has the right to:

5.1.1. Receive confirmation of the processing of your personal data.

5.1.2. To know the legal basis and purposes of the processing of your personal data.

5.1.3. To know the methods and purposes used for the processing of your personal data.

5.1.4. Obtain information about the person/entity that carries out the processing, as well as about individuals/entities that are not employees of the Service and that have access to the personal data, or about those to whom the data may be disclosed in accordance with applicable agreements or laws.

5.1.5. Know what personal data is processed and the source of obtaining it, unless applicable laws stipulate another mechanism.

5.1.6. Know the duration of the treatment and the data storage period.

5.1.7. Know the rights of the data subject and how to exercise them in accordance with current legislation.

5.1.8. Obtain information about the person/entity responsible for the processing, whether existing or potential.

    • Dominican Republic 5.1.9. Information on international data transfers, where applicable. 5.1.10. Other information stipulated by applicable legislation.

5.2. The User may request the Service to add to, block or delete data, or limit its processing if it is incomplete, inaccurate, obtained unlawfully or unnecessary for the stated purposes of processing, as well as take the necessary actions to defend the User's rights in accordance with the law.

    • .

5.3. The User may request the Service to stop sending messages and notifications intended to promote products, events or promotional offers of the Service.

5.4 The User may defend his rights, including the power to receive compensation for damages, including through legal action before courts and other competent authorities.

5.5. The User may request the deletion of their data from the Mobile Application by contacting support through their account (Menu → Support) or on the Website using the method specified in the “Contacts” section. They may also request the deletion of their Account if they have created one and there are no outstanding issues (such as incomplete applications, disputes, requests from competent authorities, or debts). Subsequently, the account and data must be deleted within the following timeframes:

    • Dominican Republic: 30 calendar days, except for exceptions permitted by applicable law.

5.6. The User may revoke their consent for the processing of personal data.

5.7. The User has the right not to be affected by decisions based solely on the automated processing of personal data, and to express his disagreement with a decision based on such automated processing.

    • Dominican Republic: 5.8. The User may request to receive a copy of their personal data in a format suitable for subsequent transfer, or request the Service to transfer the personal data to a data processor specified by the data subject.

5.9. The User may file complaints, reports or initiate legal action in accordance with the provisions of the law.

5.10. The User may claim compensation for damages in accordance with current legislation when there is a violation of the provisions on the protection of his personal data.

6. When processing personal data, the Service is obliged to:

6.1. Provide the following information upon request of the User:

    • 6.1.1. Confirmation of the processing of personal data.

    • 6.1.2. Legal basis and purposes of the processing of personal data.

    • 6.1.3. Methods and purposes used for the processing of personal data.

    • 6.1.4. Information about persons/entities who are not employees of the Service and who have access to personal data, or about individuals/entities to whom the data may be disclosed in accordance with applicable agreements or laws.

    • 6.1.5. What personal data is processed and the source of obtaining it, unless applicable laws stipulate another mechanism.

    • 6.1.6. The duration of the processing of personal data and the storage period.

    • 6.1.7. Information on the rights of the data subject and how to exercise them in accordance with applicable legislation.

    • 6.1.8. Information about the person/entity responsible for the processing, whether existing or potential.

    • 6.1.9. Information on international data transfers, including the legal basis and the safeguards applied.

    • 6.1.10. Other information stipulated by applicable Dominican legislation.

6.2. Implement measures to prevent unauthorized access to the User's personal data.

6.3. Publish or provide unlimited access to the document that reflects the personal data processing policy; provide access to information related to the exercise of the privacy policy regarding the processing of personal data.

6.4. The Service may only transfer the User's personal data to a third party in another country if:

6.4.1. The receiving country has an adequate level of data protection, which means that the country has laws and regulations that provide a level of protection comparable to that of Law No. 172-13 on data protection.

6.4.2. The transfer is based on a legal justification, which includes obtaining the User's consent for the transfer, or if the transfer is necessary for the performance of a contract between the User and the Service.

6.4.3. The transfer is subject to appropriate safeguards, which ensure that the data is protected throughout the transfer process.

6.5. Personal data may be transferred to receiving States other than those mentioned in section 6.4, provided that an adequate level of protection is ensured in the receiving country and the personal data are transferred only to permit processing authorized by the controller. The adequacy of the level of protection offered by the third country concerned shall be assessed in light of:

    • 6.5.1. All circumstances surrounding the transfer of personal data in question, including, but not limited to:

    a) The specific purpose of the transfer and its relationship to the provision of the service to the consumer.

    b) The nature and sensitivity of the personal data being transferred.

    c) The volume of data that will be transferred.

    d) The storage and treatment period in the receiving country.

    e) The technical and organizational security measures applied during the transfer and at the destination.

    f) The identity and characteristics of the recipient (whether it is a supplier, partner, subsidiary, etc.).

    g) The level of legal protection in force in the receiving country and the additional contractual guarantees offered.

    h) The existence of informed consent from the consumer or the legal basis that justifies the transfer.

    i) The potential risks to consumer rights and the mitigation measures adopted.

    j) Compatibility with the principles of Law 358-05, especially the right to information, security and protection against abusive clauses.

    • 6.5.2. The nature of personal data.

    • 6.5.3. The purpose and duration of the proposed treatment.

    • 6.5.4. The recipient's country.

    • 6.5.5. The relevant laws in force in the third country.

    • 6.5.6. The professional standards and safety measures that are met in the host country.

7. The purpose of collecting and processing personal data is to provide, personalize and improve services, which includes using personal data for the following purposes:

    • 7.1. Provision of services.

    • 7.2. Participation in the provision of services.

    • 7.3. Creation, administration and updating of accounts.

    • 7.4. Confirmation of identity.

    • 7.5. Creation, acceptance and fulfillment of travel requests, monitoring of request fulfillment, cancellation of requests.

    • 7.6. Payment processing.

    • 7.7. Customization of offers, for example, favorite destination points, previously selected destination points.

    • 7.8. Support, updating, bug fixing and software testing, monitoring and analysis of trends in software use and User activity.

    • 7.9. Security guarantee of the software and hardware used for the provision of services, including, but not limited to:

        ◦ 7.9.1. Supplier Verification.

        ◦ 7.9.2. Identity confirmation when logging into the Account.

        ◦ 7.9.3. Use of User location, device and other data to prevent fraudulent or illegal activities.

        ◦ 7.9.4. Verification of information related to requests received by the support service, provision of responses to said requests and resolution of problems in the operation of the Service.

        ◦ 7.9.5. Monitoring the User's compliance with the Maxim Service Terms of Use, the License Agreement, this Privacy Policy and applicable laws.

    • 7.10. Dispute resolution in accordance with applicable laws.

    • 7.11., Promotion of products, services, events and promotional offers of the Service and its contractors, including, sending messages and notifications with advertising materials, information about planned events and other information via telephone, email, messaging services, text messages (SMS), push notifications and applications (the User has the right to refuse to receive such messages and notifications).

    • 7.12. Sending non-promotional messages to the User (for example, notifications about the status of the Application, responses from the support service, notifications about changes in the operation of the Mobile Application).

8. The User provides their personal data voluntarily. If the User does not agree with the terms and conditions of this Policy, they have the right not to accept them.

However, in order for the Service to function properly and fulfill its essential purposes, it is necessary for the User to provide certain basic data: full name and telephone number.

The lack of this data, or the provision of insufficient information, may prevent the proper functioning of some functions of the Service and limit the User's ability to use it fully.

8.1. In addition to receiving the User's personal data directly, the Maxim Service may obtain such personal data through the Mobile Application or the Website (e.g., location data).

9. The User's personal data is stored in electronic containers and processed by automated personal data processing systems.

10. The Service may collect and process the following personal data of the Applicant:

10.1. First name, middle name and last name.

10.2. Date of birth.

10.3. Telephone number.

10.4. Direction.

10.5. Email address.

10.6. Gender.

10.7. Identity document.

10.8. Nationality.

10.9. Photography.

11.1. First name, middle name and last name.

11.2. Date of birth.

11.3. Telephone number.

11.4. Series, number and date of issue of the document that certifies the right to drive a vehicle (driver's license).

11.5. Direction.

11.6. Email address.

11.7. Identity document (identity and electoral card; if foreign, passport and residence permit).

11.8. Photograph (recent color photograph of the driver's face).

11.9. Criminal record certificate (Certification of No Criminal Record).

11.10. Insurance information (vehicle insurance and civil liability policy).

11.11. Vehicle registration plate.

11.12. Type, color, model and make of vehicle.

11.13. Vehicle Identification Number (VIN).

11.14. Proof of vehicle ownership or notarized rental agreement .

11.15. Technical inspection approval (INTRANT approvals).

12. The Service also collects and processes the following data from the Provider, which is not considered personal data, as it is not directly related to the Provider and cannot be used to identify the Provider:

12.1. Vehicle registration plate.

12.2. Type, color, model and make of the vehicle.

12.3. Vehicle Identification Number (VIN).

13. The Mobile Application does not access or process the entire contents of the user's gallery. Access permission may be requested only for specific technical functions, such as uploading a profile picture or required documents, and only if the user voluntarily chooses to use that function. The Service does not review, store, or monitor the user's personal gallery content beyond the specific file selected by the user. Access is entirely under the user's control through their device settings and can be denied at any time without affecting the essential use of the Mobile Application.

14. In some cases, the User may provide personal data of third parties to the Service (for example, by giving the contact information of acquaintances or family members, or by creating a travel request for a third party).

15. In compliance with Law 136-03, the Mobile Application and the Service recognize and guarantee the fundamental rights of children and adolescents to privacy, honor, reputation and the protection of their image.

    • Article 18 – Right to privacy: The personal data of minors may not be subject to arbitrary or unlawful interference by the Service or third parties. Their private and family life is fully respected.

    • Article 26 – Right to protection of image: The disposal or disclosure of the image and data of minors is prohibited in ways that may affect their physical, moral, psychological or intellectual development, their honor or reputation, or that constitute arbitrary or illegal interference in their private life and family privacy.

Consequently:

    • If a User provides personal data of a minor, they confirm that they are acting as the minor's legal representative or that they have the express consent of the legal representative, and accept the rules established in this Policy.

    • The Service will not disclose or use the image or data of minors in a way that may affect their rights recognized by Law 136-03.

    • If the User is a minor, they acknowledge the obligation to obtain the consent of their legal representative before accepting this Policy, thus guaranteeing the protection of their rights in accordance with current legislation.

A minor is understood to be a person under the age of 18.

16. The Service has the right to send promotional materials to the User's email address. The User has the right to opt out of receiving such materials by sending a request to the Service.

17. The User's personal data must be deleted by the Service in the following cases:

17.1. After fulfilling the purpose of the processing of personal data, except in cases where there is another reason to retain them, for example, compliance with legal or contractual obligations, legal actions before dispute resolution authorities.

17.2. If the User revokes their consent for the processing of their personal data.

18. The deletion of personal data must be implemented in a way that renders it unrecoverable. Deletion is carried out if there are no obstacles related to the requirements of applicable laws or mutual obligations between the Service and the User.

If there are obstacles to the deletion of personal data, the Maxim Service retains the User's request until the end of the storage period stipulated by applicable laws or until the obstacles are removed.

The User may request the deletion of their personal data in the Mobile Application by contacting support from their account (Menu → Support), or by sending a request by email, completing the corresponding form on the website, or otherwise in accordance with clause 21 of this Policy.

For the Dominican Republic:

30 calendar days, except where retention is required by applicable laws (e.g., tax, labor, financial, or judicial obligations). In such cases, disposal will occur immediately after the statutory period expires, or once the impediment to disposal is removed.

19. Access to personal data is granted only to individuals/entities directly involved in providing services. The Service has the right to grant access to the User's personal data to its employees. The Service and its employees are not authorized to disclose the User's personal data.

Personal data may also be collected, stored, and processed through other software products owned or used by the Service, in accordance with usage agreements entered into by the Service.

The Service may also provide access to the User's personal data to third parties if the User consents to the transfer of their personal data, or if such transfer is necessary to provide the User with a corresponding service or to fulfill an agreement or contract previously entered into with the User.

In such cases, the collection, storage and processing of personal data is carried out to the extent specified in this Policy, in accordance with the purposes set out therein, and guaranteeing the level of protection of personal data required by applicable laws.

In cases provided for by applicable laws, the Service also provides access to personal data to any government authority, security authorities, central or local executive bodies, and other officials, government agencies or courts to which the Service is required to provide information upon request, in accordance with applicable laws.

By accepting this Privacy Policy, the User agrees to the terms and conditions specified above.

20. The Service adopts the following measures to prevent unauthorized access to the User's personal data:

20.1. Hire employees responsible for organizing the processing of personal data.

20.2. Implements organizational and technical measures to ensure the security of the User's personal data. These measures include:

20.2.1. Detection of security risks in the system during the processing of personal data.

20.2.2. Application of security systems in buildings where information systems are housed, in order to prevent access by unauthorized persons to said buildings.

20.2.3. Ensure the security of personal data storage.

20.2.4. Approval of the list of persons authorized to access personal data in the exercise of their official functions.

20.2.5. Use of necessary measures to protect personal data against unauthorized access.

20.2.6. Evaluation of the measures taken.

20.2.7. Ensure the possibility of detecting unauthorized access to personal data.

20.2.8. Restoration of data that has been deleted or damaged as a result of unauthorized access (if possible).

20.2.9. Regulation of access to personal data within the system after processing.

20.2.10. Control of the measures adopted to protect personal data and the level of protection of information systems.

21. The exercise of the User's rights listed in this Policy and provided for by applicable laws, as well as requests for clarification of this Policy, are carried out by sending a written request to the Maxim Service by mail, email, or by personally delivering such request to the Service's headquarters. These requests must contain the following: the User's or their representative's identity document number, the date of issue of said document, the User's residential address, information confirming joint activities between the User and the Service (User identification number) or information that, in any way, confirms the processing of the User's personal data, a request for the addition, blocking, or deletion of the User's personal data, a notification of revocation of consent for the processing of personal data, or another request from the User, and the signature of the User or their representative.

The Service's contact information is available at:

https://taximaxim.com/do/en/site/contacts/

AIST Dominicana , SRL, National Taxpayer Registry (RNC): 1-33-56192-1

Address: Avenida Carlos Pérez Ricart no. 6, Viejo Arroyo Hondo, DN, Dominican Republic, Postal Code: 10510

Email: [email protected]

22. Maxim Service is not responsible for the proper functioning or security of the User's device or the network through which the User transfers their personal data; this responsibility lies with the device manufacturer and the network provider. To increase the level of security, the Service recommends that the User follow the following precautions (without, however, guaranteeing the prevention of incidents related to the aforementioned reasons):

22.1. Log in and use the Mobile Application and Website only when using trusted networks.

22.2. Refrain from visiting unsafe websites.

22.3. Be wary of calls, emails, messages and other notifications received from unidentified sources; refrain from following suspicious links.

malware protection available on the User's device.

23. The Service receives information about the geographical location of the Applicant and the Provider through the Mobile Application.

23.1. This information is transferred to the Service only when the Mobile Application is used. The Applicant and the User have the right to restrict this transfer at their discretion by configuring their devices. If the transfer of geographic location information is restricted, the Service cannot guarantee the proper functioning of the Mobile Application.

23.2. To complete a request, the Service may transfer information about the geographical location of the Requester to the Suppliers who have accepted the request to fulfill the order, as well as information about the geographical location of the Supplier to the Requesters.

24. The Applicant and the Provider may provide payment information to the Service.

24.1. The Applicant and the Provider may link a bank card in the Mobile Application to make payments while using the Mobile Application in order to provide and receive services:

24.1.1. Bank card number.

24.1.2. Validity period of the bank card.

25. The Service receives information about the User's device.

25.1. Information about the User's device does not contain personal data and is not part of the data set that can be used to identify the User.

25.2. This information is collected for the purpose of internal monitoring of users of the Mobile Application and the Website, and to improve the functioning of the Mobile Application and the Website.

26. The Service receives information about the mobile network operator that provides services to the User through the Mobile Application.

26.1. Information about the mobile network operator providing services to the User does not contain personal data and is not part of the data set that can be used to identify the User.

26.2. This information is collected for the purpose of automatically selecting the User's country of residence and the User's interface language in the Mobile Application settings.

27. The Service stores information about the order history of the Applicant and the User.

27.1. Route records include the start time of the request, the vehicle's arrival address, the destination address and the selected routes, the applicable fare, the payment method and other information provided by the Applicant.

27.2. This information is collected for the purpose of improving the quality of services by automatically filling in the application parameters using previously provided information, in order to reduce the time required to fulfill the application.

28. The Service may use the following cookies:

28.1. Strictly Necessary Cookies. These cookies are mandatory for browsing the Website. They are used when the User registers or logs into the system. Without them, the services are not available. They are first -party cookies and can be either persistent or session cookies. Without them, the Website will not function correctly.

28.2. Performance Cookies. These cookies collect statistical data about the use of the Website. They do not collect personal data about the User. All data collected by performance cookies is statistical and non-identifiable. These cookies can be either persistent or session cookies. They can also be first-party or second -party cookies . They are used for:

28.2.1. Collect website usage statistics;

28.2.2. Evaluate the effectiveness of advertising campaigns.

28.3. Functional Cookies. These cookies are used to store information provided by the User (e.g., User name, language, or location). These files use anonymous information and do not track User activity on other websites. These cookies can be either persistent or session cookies. They can also be first-party or third-party cookies. They are used for:

28.3.1. store information about the services provided to the Applicant;

28.3.2. Improve the performance of the Website, generally by saving the User's choices.

28.4. Advertising Cookies. These cookies are used to limit the number of ad views and to evaluate the effectiveness of advertising campaigns. Advertising cookies are used to control promotional content on the Website. They are placed by third parties, such as advertisers and their agents. These cookies can be either persistent or session cookies. These files are linked to the advertisements on the Website, which are provided by external companies.

29. Blocking, deleting or limiting the activity of cookies can be done in the User's browser settings.

AIST Dominicana , SRL

National Taxpayer Registry (RNC): 1-33-56192-1

Address: Avenida Carlos Pérez Ricart No. 6, Viejo Arroyo Hondo, DN, Dominican Republic, Postal Code: 10510

Email: [email protected]