Executive Summary
This Privacy Policy outlines the protocols for collecting, processing, and protecting personal and operational data within the DXA ecosystem. As DXA transitions to serving global enterprises, this policy ensures compliance with international privacy standards while maintaining transparency regarding data usage for "Digital Architect" services and Digital Twin implementations.
1. Definitions and Scope
Company: Refers to David X. Avila (DXA), operating from Medellín, Colombia. Service: Refers to the Website (davidxavila.com) and associated professional Digital Architecture services. Personal Data: Any information relating to an identified or identifiable individual. Usage Data: Data collected automatically during Service interaction (e.g., IP addresses, browser types).
2. Collection and Use of Data
DXA collects and uses personal, professional, and, where applicable, enterprise operational data only to deliver requested services, manage communications, support project onboarding, and fulfill contractual obligations. Data collection is limited to what is necessary for these purposes and is processed in accordance with confidentiality, security, and applicable privacy-law requirements.
2.1 Personal Data
We collect identifiable information only when voluntarily provided (e.g., through contact forms or project onboarding). This includes name, email address, and professional affiliation.
2.2 Enterprise & Operational Data
For clients engaged in Digital Twin or Full-Stack projects, DXA may process industrial or operational data. This data is handled under strict confidentiality as per the Mutual NDA (2026-04-12-Mutual-NDA-Template-V1) and is used solely to provide the contracted immersive services.
3. Data Processing and Storage
Location: Primary data processing occurs in Colombia. However, for global clients, data may be transferred to and maintained on servers located outside your state or country where data protection laws may differ. Security: DXA utilizes industry-standard encryption (TLS 1.3) and AES-256 for data at rest, following the Technical Standards SOP (03.3.1).
4. Disclosure of Data
DXA does not sell personal or enterprise data. Disclosure may only occur:
With Consent: To fulfill specific project requirements with third-party providers. Legal Requirements: If required by law or in response to valid requests by public authorities.
5. Global Compliance (GDPR/CCPA)
Users in the European Union (EU) or California (USA) have specific rights regarding their data, including the right to access, rectify, or request deletion. Requests can be initiated via info@davidxavila.com.