Política de Privacidad y Términos – AKI Collector
Effective date: November 2025
Responsible Entity: Dumas SpA, Apoquindo 2930, Office 201, Las Condes, Santiago, Chile
1. Introduction and Scope
Dumas SpA (“Dumas”, “we”, “our”) is committed to protecting the privacy and security of information processed through its SaaS solution AKI Collector. This policy describes how Dumas collects, uses, stores, and protects data within the AKI Collector platform, whether it is hosted in Dumas’s Azure tenant or in a customer’s Azure tenant. AKI Collector operates under a licensing model; Dumas retains ownership of the software in all cases. Customers’ access and use of the system depend on a valid license agreement explicitly stated in their service contract.
AKI Collector is a SaaS solution designed to centralize, structure, and manage operational or business data that would otherwise remain dispersed in local files. The product enables organizations to capture information through predefined web forms, providing traceability, version control, and a governance layer that ensures data quality and availability. AKI Collector does not perform advanced analytics on its own; rather, it serves as a capture and consolidation point, allowing the collected data to be later used in analytical platforms or corporate systems.
2. Data We Collect
AKI Collector requires a user email address for authentication and account management. Dumas does not store user passwords. Authentication credentials are managed through secure identity providers or encrypted mechanisms, ensuring that no party—including Dumas—can retrieve or view user passwords, even in the event of an incident.
Beyond this, the data content within the platform is defined entirely by each customer, who determines what operational, strategic, or business data are uploaded through configured forms. Users may enter information manually through input fields or upload structured data files (such as Excel or CSV) as sources for form-based data entry.
Metadata automatically captured by the system include:
- user identifier and email;
- upload timestamp and form reference;
- change history and log events used for governance and auditing.
AKI Collector does not manage or store unstructured file attachments (such as PDFs, images, or videos). Structured files (Excel or CSV) and manual inputs are processed to extract and store data in tabular form and may be retained only for audit and traceability purposes.
Usage logs and access records are maintained to ensure traceability and system performance. Although the platform may contain sensitive or confidential data, Dumas protects all information according to Microsoft Azure’s security standards and internal policies aligned with ISO/IEC 27001 practices.
3. Purpose of Processing
Data collected and stored in AKI Collector are used to:
- Operate, maintain, and improve the service.
- Ensure governance, auditability, and data integrity.
- Provide secure APIs for integration with external analytical or business systems.
Data are not used for advertising, marketing, or profiling purposes.
4. Hosting, Licensing, and Responsibility Models
AKI Collector operates under a licensing system managed exclusively by Dumas. Licenses are required for operation regardless of whether the platform is deployed in Dumas’s Azure tenant or the customer’s Azure tenant. Use of the system is contingent upon active license validity as defined in the customer contract.
AKI Collector may operate under two deployment models:
- Dumas Tenant: Dumas is responsible for the secure storage and management of all customer data within its Azure environment (default region: East US 2, subject to change upon request or operational needs). Dumas acts as both data controller and processor, in full compliance with ISO/IEC 27001 practices and Microsoft Azure security controls.
- Customer Tenant: The customer hosts and controls all operational data within its own Azure environment. However, Dumas retains full ownership and control of the AKI Collector software and its licensing system.
The platform’s use and functionality remain subject to an active Dumas license, which governs access rights and service continuity.
Dumas acts solely as a data processor regarding customer data, accessing it exclusively for maintenance or technical support under a confidentiality agreement included in the service contract.
Backup and retention procedures follow Azure’s built-in redundancy and encryption features. A customized data retention and deletion policy may be defined by each customer.
5. User Roles and Data Access Governance
To ensure transparency and alignment with data governance best practices, AKI Collector defines distinct user roles and responsibilities regarding access, processing, and stewardship of data within the platform.
The following table summarizes the scope of access, capabilities, and governance obligations for each user category.
These roles are aligned with the principle of shared responsibility between Dumas, its customers, and the underlying Microsoft Azure infrastructure.
| Role | Access Scope | Capabilities | Governance Responsibility | Data Governance Notes |
| Form Owner (End User) | Access limited to assigned forms and periods | Manually input or upload structured data (Excel/CSV) into predefined forms; view and correct own submissions | Accountable for the accuracy, completeness, and timeliness of submitted information | Considered the Data Owner of the submitted dataset; ensures that data loaded adhere to internal quality and governance policies |
| Client Master User (Data Steward) | Full visibility of all forms and users under the client’s domain | Review, validate, and approve form submissions; manage user permissions and data-access requests | Ensures proper governance, access control, and adherence to organizational data policies | Acts as the Data Steward responsible for ensuring overall data quality and stewardship practices within the client’s environment |
| Dumas Support (Service Layer) | Full administrative access to application configuration and metadata | Manage form structures, enable user access, handle configuration, troubleshoot issues, and maintain application performance | Supports data governance operations but does not alter customer datasets without authorization | Operates under strict confidentiality agreements; interacts with metadata and data structures, not content |
| Dumas System (Product Layer) | Access to all product components and environments under licensing control | Maintain and monitor platform logic, APIs, data flow, and license validation | Guarantees system availability, integrity, and compliance with security standards | Retains full ownership and licensing control over AKI Collector as Dumas intellectual property |
| Azure Platform Services | Infrastructure-level access only | Execute data encryption, backup, redundancy, and network security | Provides the cloud infrastructure where all processing occurs | Governed under Microsoft Azure’s compliance framework (ISO/IEC 27001, SOC 2, etc.) |
6. Information Security
Dumas maintains internal information-security policies that include:
- Access control and multi-factor authentication.
- Encryption of data in transit and at rest.
- Periodic audits, logging, and backup routines.
- Incident-response and vulnerability-management procedures.
Dumas operates in alignment with the ISO/IEC 27001 standard and expects to achieve certification in Q2 2026.
7. Data Retention, Transfer, and User Rights
Data remain stored indefinitely unless the customer specifies a deletion or retention policy. Information is hosted by default in Microsoft Azure’s East US 2 region. Upon customer request and subject to technical feasibility, Dumas may deploy and process data in another Azure region agreed commercially and contractually with the customer. Access to data is controlled through master user accounts managed by the customer. These users may request access, correction, or deletion of data at any time through official support channels.
8. Artificial Intelligence
AKI Collector does not currently employ artificial-intelligence or machine-learning components. Future releases may incorporate AI-based validation features for data-quality improvement, which will comply with the same privacy and governance principles described in this policy.
9. Contact
For privacy-related inquiries, please contact: soporte@dumas.cl
10. Changes to This Policy
Dumas may update this Privacy Policy periodically to reflect technological, legal, or operational changes. Any updates will be posted at https://www.dumas.cl/privacy-policy-akicollector with a revised effective date.
Empresa líder mundial en el diseño de soluciones que permiten a la industria minera transformar y mejorar sus procesos a través del conocimiento de los datos