← Back to OnixLand🇵🇪 Español
B2B SaaSonixland.cloud

Privacy Policy

Version 2026-04 · Last updated: April 1, 2026

Compliant with Ley N.° 29733 — Peru · GDPR applicable per client jurisdiction

1. Data Controller

CompanyMultiservicios Kada EIRL (OnixLand)
AddressJr. Arica 280, Miraflores, Lima, Peru
Emailprivacidad@onixland.cloud
Websiteonixland.cloud

Roles in Data Protection

OnixLand as controller: contact data of client companies (business name, representative, email, phone) and billing data.

OnixLand as processor: data of drivers, passengers and trips that the Client enters into the platform. The Client is the controller of that data.

2. Data We Process as Controller

Data of the client company and its representative:

  • Business name, tax ID (RUC), registered address
  • Name and position of legal representative
  • Corporate email and contact phone
  • Billing data and payment method
  • Transaction history with OnixLand
  • Platform usage data (logs, access, configurations)

3. Data We Process as Processor

The Client enters third-party data into the platform (drivers, passengers, employees). OnixLand processes it exclusively to provide the contracted service:

  • Driver data: name, ID, license, documents, GPS location, wallet
  • Passenger data: name, phone, trip history (if the client registers them)
  • Hotel staff: name, email, phone

The Client is responsible for obtaining the appropriate legal bases to process this data and informing data subjects in accordance with applicable regulations.

4. Purpose of Processing (Client Data)

  • SaaS service provision: managing subscriptions and access
  • Billing: issuing electronic invoices (SUNAT)
  • Technical support: resolving issues and improving the service
  • Commercial communications: product updates (with opt-out option)
  • Legal compliance: tax and regulatory obligations

5. Legal Basis

  • Contract performance: data necessary for service delivery
  • Legal obligation: electronic invoicing and tax regulations
  • Legitimate interest: platform security, fraud prevention
  • Consent: marketing communications (revocable at any time)

6. Sub-processors (Technology Providers)

ProviderServiceCountry
Hostinger VPSServer infrastructureEU / Global
PostgreSQLDatabase (self-hosted)Own VPS
Twilio / WhatsAppNotificationsUSA
MapboxMaps and geolocationUSA
NubefactElectronic invoicing (SUNAT)Peru
Titan (Hostinger)Corporate emailEU

7. Data Retention

  • Billing data: 7 years (Peruvian tax obligation)
  • Active account data: for the duration of the contract
  • Data after account closure: 90 days for export, then permanent deletion
  • Security logs: 12 months

8. Your Rights (ARCO Rights)

Representatives of client companies may exercise rights over their personal data:

🔍 Access

Know what personal data we process about you

✏️ Rectification

Correct inaccurate data

🗑️ Erasure

Delete data when no longer necessary

🚫 Objection

Object to processing for marketing purposes

Exercise your rights:

Email: privacidad@onixland.cloud

Response within 20 business days. Please attach a copy of your ID document.

You may also lodge a complaint with Peru's Directorate General for Personal Data Protection (MINJUS).

9. Data Portability

The Client may at any time request an export of all their data (trips, drivers, invoices) in CSV/JSON format through their admin panel or by writing to privacidad@onixland.cloud. OnixLand will deliver the data within a maximum of 15 business days.

10. Security

  • TLS encryption in transit and encryption at rest in the database
  • Production access restricted to authorized personnel with 2FA
  • Daily encrypted backups with 30-day retention
  • Full audit log of sensitive actions
  • Security breach notification within ≤ 72 hours

11. Changes to This Policy

Any material changes to this policy will be notified to the Client 30 days in advance by email. The current version will always be available on this page.

Terms of ServiceCookie PolicyDelete My DataOnixLand Home