Eximus logo
Legal

Privacy Policy and Personal Data Processing

How Eximus SAS collects, uses, stores, shares, and protects personal data across contact, delivery, and support channels.

Last updated: 2026-05-01

1. Introduction

At Eximus SAS, we respect privacy and recognize the importance of protecting personal data. This Privacy Policy explains how we collect, use, store, share, and protect personal information from clients, prospects, suppliers, partners, applicants, and users of our website and communication channels.

By providing personal data or interacting with our services, you accept the processing of your information in accordance with this policy and the applicable regulations.

2. Data controller

The controller of personal data is Eximus SAS.

3. Personal data we may collect

Depending on the interaction, we may collect:

  • Identification data, such as name, ID number, role, and company.
  • Contact data, such as email address, phone number, and address.
  • Commercial and contractual data, such as company details, billing information, quotes, proposals, and contracts.
  • Technical and browsing data, such as IP address, browser type, device, operating system, visited pages, timestamps, cookies, and similar technologies.
  • Support and communication data, such as messages sent through forms, email, WhatsApp, Teams, chat, or similar channels.
  • Recruitment data, such as CV, experience, education, and related information.
  • Files and shared-content data, such as documents or attachments voluntarily uploaded or sent for support, service delivery, or requirement review.

Eximus does not intentionally request sensitive personal data or data from minors. If we receive it exceptionally, we will handle it with the legal safeguards that apply and request express authorization when required.

4. How we collect data

We collect personal data when:

  • you complete forms on our website;
  • you contact us by email, phone, WhatsApp, Teams, social media, or other channels;
  • you request a proposal, meeting, demonstration, or support;
  • you enter into a contract or commercial relationship with Eximus;
  • you browse our website;
  • you participate in recruitment processes;
  • you interact with tools, bots, automations, or integrations operated by Eximus.

5. Why we use personal data

We process personal data to:

  • respond to inquiries, contact requests, and commercial needs;
  • prepare and send proposals, quotes, and pre-contractual documents;
  • manage contractual, commercial, and service relationships;
  • provide software, support, consulting, migration, development, automation, implementation, and integration services;
  • manage projects, incidents, tickets, credentials, access, and communication channels;
  • handle billing, collections, payments, reconciliations, and legal or tax obligations;
  • verify identity, prevent fraud, manage risk, and reinforce information security;
  • improve the website, user experience, and service quality;
  • send corporate, technical, or commercial information where there is a valid legal basis;
  • manage hiring and talent processes;
  • comply with legal, regulatory, contractual, or authority requirements;
  • preserve traceability for activities, communications, supporting records, and service evidence.

6. Legal basis for processing

We process personal data on one or more of the following bases:

  • prior, express, and informed authorization where required;
  • the need to carry out pre-contractual or contractual steps;
  • compliance with legal or regulatory obligations;
  • Eximus's legitimate interest, where applicable and where your rights do not prevail.

7. Cookies, consent, and embedded third-party tools

Our website uses a consent layer to distinguish between essential cookies and optional cookies or similar technologies. The exact technologies in use may change over time as the site evolves, but our current operating approach is the following:

  • Essential cookies may be used to keep the site functioning, remember language or interface choices, preserve security-related behavior, and store your cookie preference itself.
  • Analytics, tags, and other non-essential trackers are not intended to load by default. We only enable them after the user gives consent through the banner or preferences panel.
  • If non-essential cookies are accepted, Eximus may enable Google Tag Manager to manage analytics or measurement tags configured for the site.
  • On the contact page, the embedded HubSpot form can load third-party resources when you decide to enable it. Depending on HubSpot's configuration and abuse-prevention checks, that interaction may also involve Google reCAPTCHA or similar verification services associated with the form flow.
  • Some third-party tools may place or read their own cookies subject to their own notices and policies once activated.

You can change your choice at any time from the Cookie preferences control available in the site footer. You may also use browser settings to block or delete cookies, although some features may no longer behave as expected.

8. Data we share

Eximus may share personal data only when necessary and under reasonable security measures, for example with:

  • hosting, cloud, email, analytics, CRM, support, messaging, or collaboration providers;
  • technology partners or subcontractors supporting service delivery;
  • providers involved in optional site functions that you choose to activate, such as Google Tag Manager, HubSpot, or associated verification services used in the contact flow;
  • financial, accounting, tax, or insurance entities where applicable;
  • administrative or judicial authorities where there is a legal obligation or valid request.

We do not sell personal data to third parties.

9. National and international transfers

Your data may be stored or processed in Colombia or other countries, directly by Eximus or by technology providers acting as processors. In those cases, Eximus adopts reasonable measures so the information receives an adequate level of protection under applicable law and contractual safeguards.

10. Information security

Eximus adopts reasonable technical, administrative, and organizational measures to protect personal data against loss, unauthorized access, alteration, disclosure, or destruction. These measures may include:

  • access controls,
  • credentials and role-based permissions,
  • restricted storage,
  • encryption or equivalent mechanisms where appropriate,
  • backups,
  • monitoring and traceability,
  • confidentiality agreements and internal good practices.

No system is completely infallible, so Eximus cannot guarantee absolute security.

11. Data retention

We retain personal data only for as long as necessary to fulfill the purposes described in this policy, meet legal or contractual obligations, resolve disputes, and preserve reasonable technical, administrative, or commercial traceability.

Once the purpose is fulfilled and the applicable retention periods expire, data will be deleted, anonymized, or blocked as appropriate.

12. Data subject rights

As a data subject, you may exercise the rights recognized by the applicable regulations, including the right to:

  • know what personal data we hold about you;
  • request access to your data;
  • update or correct inaccurate, incomplete, or outdated information;
  • request proof of authorization where applicable;
  • revoke authorization or request deletion where legally appropriate;
  • be informed about how your data is used;
  • submit inquiries or complaints;
  • contact the competent data protection authority if you believe your rights have been violated.

If the GDPR applies to you, you may also exercise rights such as portability, restriction of processing, and objection where relevant.

13. Procedure for inquiries and complaints

To exercise your rights, write to info@eximus.com.co with a subject such as Personal data protection.

Your request should include at least:

  • full name,
  • contact method,
  • a clear description of the request,
  • documents or information needed to validate your identity where necessary.

Eximus will respond within the time limits established by the applicable law.

14. Authorization

Where required by law, Eximus will request prior, express, and informed authorization for the processing of personal data. That authorization may be obtained through physical, electronic, digital, verbal, or other unequivocal means permitted by law.

15. Third-party data provided by the user

If you provide personal data belonging to third parties, you declare that you have valid authorization or a sufficient legal basis to share it. In that case, you assume responsibility before those third parties and hold Eximus harmless from claims arising from unauthorized disclosure.

16. Minors

Our services and website are not primarily directed to minors. We do not intentionally collect personal data from minors without the corresponding authorization from their legal representatives. If you identify such a case, you may contact us so we can review it and delete the information if necessary.

17. Links to third-party sites

Our website or communications may contain links to third-party sites, platforms, or services. Eximus does not control or take responsibility for those third parties' privacy practices, so we recommend reviewing their policies before sharing personal information.

18. Changes to this policy

Eximus may update this policy at any time to reflect legal, regulatory, operational, or technological changes. The current version will be the one published on our website with its update date.

19. Contact

For questions, complaints, or requests related to this policy or the processing of personal data, contact: