Personal Data and Privacy Protection Policy

We welcome you to our Personal Data and Privacy Protection Policy! It is great that you want to learn more about the way we protect your data.
This Policy will provide you with more information about how we handle your personal data whenever you visit our website or when you use one of our apps. The Policy describes what are your privacy rights and the way the law protects the data holder.
Therefore, if you are looking for further information about the way we, as data controllers, collect, store, use, and share your personal data, you are in the right place!

About personal data collection
For us to provide our services, we will need to collect some personal data. This information may be collected when voluntarily entered or submitted, either by using our website, applications, or services performed by the controller.
Examples of information that may be collected by the controller, but not limited to these ones:

(i) ) full name;
(ii) gender;
(iii) CPF (Brazilian SSN);
(iv) marital status;
(v) parents;
(vi) profession;
(vii) email address;
(viii) mail address;
(ix) phone numbers;
(x) date of birth;
(xi) information about the browser and operating system of the device accessing the website;
(xii) IP address;
(xii) websites visited, including but not limited to, navigation origin websites;
(xiv) clicked links and buttons;

Information related to IP address, used browser, features of the access device, accessed links, and webpages are collected automatically through the use of some technologies, such as cookies.

Our Cookies Policy
Cookies are small files that your browser installs on your computer or device. A cookie itself does not store or collect information. However, when it is read by a server through your browser, it may help a website or application to provide a more intuitive service, for instance, record previous purchase details or an access login.
When first accessing the controller’s Website, and selecting “CONTINUE”, you accepted the above-mentioned cookies to optimize the website functioning. Some of these cookies are used to improve the browsing experience, helping us to understand how you interact with the website, customizing content and ads.
You may, at any moment, delete or deactivate cookies accessing your browser or operating system settings of your mobile device. All the cookies may be deactivated, except the needed cookies, those are essential to the correct functioning of the website or application.

How we use personal data
The personal data handled by the controller may be used for several purposes, the main situations are listed below:

  • For contract sign or previous due diligence
    We will use the data you provided us with to fulfill the purpose informed at the moment of collection.
  • If the controller has any legal or regulatory obligation
    Your personal data may be used to meet any law obligations or applicable sector regulation from government agencies, tax authorities, Judicial Power, and/or another competent authority, and might be used to cooperate and/or follow court order or administrative authority requests.
  • In case of need to regularly exercise the controller’s rights
    Even after the termination of the contract relationship, we may handle some of your personal data to exercise our rights guaranteed by law, also as evidence in lawsuits, administrative or arbitrary, for example, process proceeding of complaint receiving on Ombudsman, and the receiving and creation of response to complaints presented to the controller’s activities auditing entities.
  • In pursuing the legitime interest of the controller
    We may also handle data for legitimate purposes involving the continuity of our operations, such as the controller’s services advertising, sharing information on recent events, functions, contents, news, and further relevant information for the maintenance of the relationship with the controller.

In such cases, the controller will always observe your expectation limits and never damages to interests, handling purposes, retention period, rights, and fundamental freedoms.

Who your data will be shared with
To make it possible to operationalize our service, in some circumstances, the controller will need to share your personal data. Below are the examples of situations when this share may happen:

  • With companies and suppliers in the development and service performance-oriented to the controller’s business operation, since duly approved by information security processes, and the controller’s compliance;
  • With authorities, regulating agencies, government entities, and other third parties for the protection of the controller’s interests, in any type of conflict, including lawsuits, and administrative procedures;
  • In case of transactions and partnership alterations involving the controller, in such a case that the information transfer might be needed to the continuity of services;
  • Upon legal, regulatory, contract, court order, or as per request of administrative authorities that hold legal competence for such request;
  • With companies of financial, legal, accounting processing services;
  • For the regular exercise of rights and/or its protection.

Whenever there is a share of your personal data, it will happen to fulfill a specific purpose. The controller will adopt the necessary measures to assure that any third party receiving your personal data provides adequate protection and dignity.

How we keep your personal data safe
The controller has internal policies and procedures with the objective of preserving your privacy, ensuring the security and protection of your personal data. In this sense, we adopt technical measures capable to keep your personal data safe and protected from non-authorized access, and accidental or unlawful situations of destruction, loss, alteration, communication, or any other form of inadequate or unlawful handling, always in the light of applicable information security and personal data protection laws.
Any personal data in possession of the controller will be stored according to the security measures adopted, which include:

  • Protection from non-authorized access to our systems;
  • Restricted access of specific people to the location where your personal information is stored;
  • Daily information backup download.

Although the controller adopts the best practices to preserve your privacy and protect your personal data, no information transmission is totally secure, being always susceptible to situations of technical failure, virus, or similar actions.

In the remote case of incidence of situations alike, the controller will guarantee the adoption of all appropriate measures to remedy the consequences of the situation, always assuring due transparency to the personal data holder.

Data Storage
Personal data handled may be stored in the controller’s own or contractors’ server for this purpose, either stored in Brazil or abroad, and maybe even stored by cloud computing technology and/or others that may arise in the future.
The controller will eliminate or make the handled personal data anonymous when no longer useful for the purposes for which they were collected, or when you request the deletion, except if there is a need for maintenance for legal and regulatory obligations, for the exercise of rights in lawsuits or administrative procedures by the controller, or other cases provided in the applicable laws.

What are your rights
You have the following rights related to the handling of your personal data:

  • Knowledge if we handle any of your personal data;
  • Knowledge of which of your personal data was handled by us;
  • Correct incomplete, not accurate, or out of date data;
  • Request to be made anonymous, block, or elimination of unnecessary, excessive data, or what has eventually been handled not complying with the law;
  • Request data portability to other service or product suppliers, in case it is expressly requested;
  • Request deletion of the handled data with your consent;
  • Obtain information about public and private agencies with which we shared your data;
  • When the handling activity needs your consent, you may refuse the consent. In this case, if you refuse the consent or request us to withdraw a previously given consent, we will inform you about the consequences of not performing such activity;
  • When the handling activity needs your consent, you may withdraw it at any moment.

An this point, all the requests will be:

  • Freely offered;
  • Submitted to an ID validation form.

General Provisions
The content of this Personal Data and Privacy Policy may be updated or changed at any moment to guarantee our commitment to transparency with you.
If any questions related to the provisions provided in this Personal Data and Privacy Protection Policy or about the handling of your personal data by the controller, contact our Personal Data Handling Supervisor, Willian Matheus de Carvalho, via email: [email protected].

Applicable law and Jurisdiction
The present Personal Data and Privacy Protection Policy will be interpreted according to the Brazilian laws, in the Portuguese language and are subject to the exclusive jurisdiction of the Brazilian courts.