Privacy Police
Revised and valid as of September 18, 2020. This version cancels and replaces all previous ones.

1. GOAL

As privacy is important to everyone, DataEX is committed to respecting your privacy regarding any personal information we need to collect.

This privacy statement applies to everyone employees, suppliers, partners and clients and aims to give the guidelines defined and applied by DataEX in the treatment of your personal information.

This privacy statement is broad in scope and covers all collection and/or processing of personal information, such as collection through various channels such as websites, applications, social networks, sales and events, or processing of data provided by partners, clients and suppliers for the services provision.

Our privacy statement is based on the ethics and values observed by DataEX and complies with the General Data Protection Regulation (GDPR) – LAW No. APRIL 23, 2014, which establishes principles, guarantees, rights and duties for the use of the Internet in Brazil.

By selecting the privacy statement checkbox, you give your acceptance and consent to the information declared herein.

For a better understanding of this privacy statement, it is suggested to check the terms in the Glossary section.

 

2. GLOSSARY  

ANPD – Autoridade Nacional de Proteção de Dados  Not yet defined by the Brazilian Government, it is planned to create several ANPD for specific categories. The ANPD of each sector will be the body that will supervise and guide the application of the LGPD for that sector, as well as be responsible for the application of administrative sanctions in case of violation of the law.

Legal Basis for Treatment – The processing of personal data is allowed by GDPR in accordance with the legal bases provided, such as compliance with legal and/or regulatory obligations by DATAEX, compliance with established contracts, as well as legitimate interests of DATAEX or through the holder's consent.

Biometrics – A measurable physical characteristic or personal behavioral trait used to recognize or verify a person's identity. Facial images, fingerprints, and iris samples are examples of biometrics.
Consent – It is the free, informed and unequivocal expression by which the holder agrees to the processing of his personal data for a specific purpose.
Cookies:  A common practice on almost all professional websites, which are small files that are downloaded to your computer to improve your experience. DATAEX websites may contain cookies, in which case the user will be asked for consent before downloading.
Personal Data Any data related to the identified or identifiable natural person, such as: IP, geolocation, name, RG, CPF, address, telephone, bank account, vehicle data, among others.
Sensitive Personal Data – personal data about racial or ethnic origin, religious conviction, political opinion, membership of a trade union or organization of a religious, philosophical or political nature, data relating to health or sex life, genetic or biometric data, when linked to a natural person.
Right of the subject – Right guaranteed to the subject to access, correct and delete their personal data.
Purpose – Statement of the purpose or motivation for collecting and processing each personal data.
Legitimate Interest – When the collection of a group of personal data is carried out to comply with legislation, to provide services, and to carry out its business.
GDPR - General Data Protection Regulation Law – Law No. 13,709, of August 14, 2018..
Free Access – Right of the holder to access all information regarding the collection and processing of their personal data.
Opposition – It is the right of the holder not to want their data to be collected or processed. This right can be exercised in certain specific situations, especially if they do not harm the legitimate interest.
Retention period – Period defined by DataEX for the period of storage of personal data and subsequent deletion.
Security – Defines the use of actions to protect personal data from unauthorized access and from accidental and/or illegal situations related to unauthorized destruction, loss, alteration, communication or dissemination.
Holder – Natural person to whom the personal data that are processed are referred to.
Treatment – Any operation performed with personal data, such as: collection, processing, use, access, distribution, storage and elimination.
Data processing: Any operation carried out with personal data; as those referring to: access, possibility of communicating with a device, storage medium, network drive, memory, registry, file, etc., in order to receive, provide, or eliminate data.

  

 

3. PERSONAL DATA: WHAT IS COLLECTED, HOW IT IS COLLECTED AND PURPOSE OF COLLECTION

 Depending on the type of holder (employees, suppliers, partners and clients) and how this holder interacts with DATAEX, different categories of information are collected, as follows: 

• Personal contact information: Any information provided with intent to contact, such as name, postal address, email, business address, social media details and telephone number. 

• Account Login Information: Any information that is necessary to give you access to a specific account profile to access our services. Examples include e-mail address, username, password in non-recoverable format and/or security question and answer, among others, to access services provided by us. 

• Technical computer/mobile device information: any information about the computer system or other device you use to access one of our pages, services or applications, IP address used to connect your computer or device to the internet, the type of operating system and web browser type and version, among other browsing information. 

• Financial and Payment Information: Information required to fulfill an order/contract/billing/billing. DataEX warrants that its payment processing service ensures that payment and financial information complies with applicable laws, regulations and security standards. 

• Sensitive Personal Data: Whenever it is necessary to collect and process sensitive personal data for any reason, prior and express consent will be requested (for example, prevention of Covid-19, biometrics for access to facilities or point, etc.). If it is necessary to process sensitive personal data for other purposes, these have a legal basis and DATAEX will provide prior notice to the holder. 

• Children's Personal Data: Whenever it is necessary to collect and process personal data from children and minors, explicit consent will be requested from parents or guardians (eg health plan and other benefits and/or obligations).

 

4. PURPOSE OF USE OF PERSONAL DATA

 The table describes the purposes of personal data, and the different types of Personal Data we collect for each purpose. Please note that not all uses below will be relevant to all individuals..

What we use your Personal Data for	Goal
Client/Customer Service. We use personal data to provide consumer/customer services, including responding to inquiries and enforcing contracts. Requires the use of some personal contact information and information about the reason for the inquiry (e.g. service quote request, technical issue, product or service question and inquiry).	• Fulfill contractual obligations and legal obligations; • Improve and develop new products and services; • Be more efficient.
Recruitment, selection and admission. Handling candidate recruitment and selection processes. For those not selected, your data remains in our talent banks for future selection processes. Upon admission, more personal and some sensitive data may be collected (biometrics for access to facilities and time, health plan data, dependent information for benefits).	• Carry out the selection of candidates; • Perform candidate admission; • Fulfill legal obligations.
Marketing campaign. We use personal data to organize events/trainings and provide our services. Advertise and market to you, including sending you event communications, targeting advertisements and presenting services relevant to you.	• Conduct event/training campaign • Conduct service campaign

 

5. USE OF SIMILAR COOKIES/TECHNOLOGIES, LOG FILES AND WEB BEACONS

• Cookies (Browsing Trackers)

5.1. How and why do we use Cookies?
We use Cookies to improve the use and functionality of DATAEX's pages and services and to better understand how our visitors use them, as well as the tools and services offered there. Cookies help us to adapt DATAEX pages and services to your personal needs, make their use even easier, receive satisfaction feedback and communicate with you from other places on the internet.

What types of Cookies can be used on the pages and services of DATAEX and its partners?

We may use the following types of Cookies:
– Session cookies
– Statistical cookies

5.2 Other Similar Technologies.
DATAEX's or its partners' pages or services may also use other tracking technologies, including IP addresses, log files and web beacons, which also help us to adapt DATAEX's websites to your personal needs.

 

6. PROCESSING OF PERSONAL DATA

DATAEX may process the personal data collected to: 

• Execution of relationship activities and customer service;
• Sale of products and/or services;
• Granting of benefits;
• Recruitment and admission processes and training, to comply with our labor obligations with professionals/employees;
• Execution of contractual activities with customers and service providers, including financial obligations, related to products and/or services purchased;
• Compliance with legal and regulatory obligations;
• Respond to requests from customers, former customers, prospects;
• Improve the products and services offered;
• Comply with the determinations of competent authorities;
• Juridical processes;
• Notification about the situation (status) and eventual changes in our products and services;
• Perform internal operations (financial, accounting, labor, among others), troubleshooting, data analysis, data integration and consolidation;
• Manage risk and detect, prevent and/or remediate fraud or other potentially illegal or prohibited activities and violations of applicable policies, contracts or terms of use;
• Comply with legal or regulatory obligations, or as required in a legal proceeding, by any law enforcement or government agency.

  The end of the processing of personal data will occur:

• When the purpose for which the personal data was collected is achieved or the personal data collected is no longer necessary;
• When the Holder requests the deletion of his data in compliance with current legislation;
• When there is a legal determination in this regard.

 The storage of data and information will be:

• For the time required by law and/or compliance with legal or regulatory obligations;
• Until the end of the processing of personal data, as above;
• Respecting the Information Security Policy guidelines.

 7. Data sharing

Sharing of data and information may take place to:

• Service providers, to act in the operation and execution of the contracted services;
• The banking units, exclusively for carrying out contractual or labor transactions;
• Regulatory bodies, judicial or administrative authorities, where we may share personal information to provide the competent authorities with all information that is requested in connection with the Holder investigation of suspected violations of law, or to combat any other suspicion of non-compliance with our policies and contracts;

For cases not provided for above in which it is necessary to share personal data, the holder of the personal data will be asked for express authorization (consent), by sending a notification with information about the sharing.

 8. COVID-19 - ITEM APPLICABLE TO EMPLOYEES AND VISITORS

Due to Covid-19 contagion prevention and control measures, DATAEX may also collect personal information from its employees, service providers and visitors, such as:

• Health status and history in relation to Covid-19;
• Workplace information;
• Body temperature.

This data collection is intended to help reduce the risk of contagion of Covid-19 on DATAEX premises.

Thermal measurement measures temperature anonymously and does not retain this information. If the temperature is equal to or greater than 37.7 degrees Celsius, your entry will be denied and/or you will be asked to leave the premises.

According to legislation, the use of masks is mandatory and their lack prevents access to DATAEX.

 9. RIGHTS OF THE TITULAR

The holders of personal data have, in view of the legislation, the rights to:

• Confirmation of the existence of processing of personal data;
• Confirmation of which personal data of the holders are in DATAEX;
• Request for the correction of incomplete, inaccurate or outdated data;
• Deletion of data, when it is processed based on the consent of the Owner or when the data is unnecessary, excessive or treated in violation of applicable legislation;
• Request for information about possible shared use of data;

 For security reasons, upon request to fulfill these rights, additional data or information may be requested to confirm the Owner's identity and authenticity.

The Holder may contact DataEX via the email address dpo@dataex.com.br .

 10. PRACTICES that everyone should follow 

Everyone plays an important role in protecting your personal data. When creating an online account, a password be sure to set a password that is difficult to guess and never reveal the password to other people. Each is responsible for keeping the password confidential. When using a shared or public computer, never choose to remember login ID, email address, login or password and always make sure you log out of your account (“logout”). Use any privacy settings or controls that are provided on our website, services or applications. 

 11. CHANGES TO THIS STATEMENT

 Whenever DATAEX changes forms and objectives in the collection and treatment of personal data, this declaration will be updated.

DATAEX reserves the right to make changes to its practices and this Privacy Statement at any time.

It is requested that this statement be periodically accessed.

12. CONTACT

 To ask questions about our privacy practices or to make a request, please contact us at dpo@dataex.com.br.

DATAEX - EXECUTIVE BOARD