Privacy policy
I. PURPOSE
This policy describes our data processing practices, such as collection, use and disclosure of information, in order to assure holders, in all our markets, about the processing to which personal data collected by our products and services may be subjected.
II. REGULATORY ENVIRONMENT
The definitions and rules of this Global Policy take into account the markets in which we operate, in particular: Brazil, United States and Colombia.
• Brazilian General Personal Data Protection Law (LGPD – Federal Law No. 13.709);
• California Consumer Privacy Act (CCPA – AB-375);
• Marco Civil da Internet (MCI – Federal Law No. 12.965);
• General Data Protection Regulation (GDPR – EU Regulation No. 2016/679, as good practices);
• Ley Estatutaria 1581 de 2012 de Colombia (Supplemented by Decree 1377 of 2013 and other rules issued by the Superintendencia de Industria y Comercio - SIC);
• Solinftec's Code of Ethics and Conduct.
III. SCOPE
The policy applies to Solinftec's entire business, including all companies and subsidiaries, investments, products and services, in all countries where we operate. Its principles also guide the relationship with all Solinftec stakeholders, including its shareholders, employees, customers and suppliers.
IV. POLICY TERM
This Policy enters into force on the date of its publication.
SOLINFTEC will update this policy periodically. Please read this document carefully before entering personal data in the forms contained on our websites and applications.
V. GUIDELINES
SOLINFTEC values your privacy and is committed to protecting your personal information. This policy describes our data processing practices, such as collection, use and disclosure of information, in order to assure holders, in all our markets, about the processing to which
personal data collected by our products and services may be subjected.
This is a Global Policy that considers the local legislation of the main markets in which we operate. Your data will be treated according to the strictest rules available on the subject. Specific policies on applications and/or other websites will indicate in more detail what data is collected, the purpose and the retention period.
1. Your consent to SOLINFTEC's Privacy Policies
On our websites and applications we can apply the legal basis of consent whenever we need to process personal data that does not characterize a legal obligation or concerns the object of a contract. Therefore, please read this and the other policies carefully before sending us your personal data.
By browsing, accepting cookies (small files saved on your computer to help store preferences and other information frequently used on web pages) and/or other technologies used on the website, expressly consenting through subscriptions, checkboxes or spontaneous requests, submitting your data to access our services, we consider that you agree to our Privacy Policies.
2. Compliance with privacy laws
The definitions and rules of this Global Policy take into account the markets in which we operate, in particular: Brazil, United States and Colombia.
Therefore, the California Consumer Privacy Act (CCPA – AB-375); the Virginia ConsumerData Protection Act (CDPA – HB 2307); the California Privacy Rights Act (CPRA – Prop 24); the Brazilian Civil Rights Framework for the Internet (MCI – Federal Law No. 12.965); the General Law for the Protection of Personal Data (LGPD – Federal Law No. 13.709); the General Data Protection Regulation (GDPR – EU Regulation No. 2016/679, in order to maintain "good practices" brought by this legislation); and the Ley Estatutaria 1581 de 2012 de Colombia (Regulates the protection of personal data in Colombia, complemented by Decree 1377 of 2013 and other rules issued by the Superintendencia de Industria y Comercio – SIC) were considered.
Thus, for the preparation of this policy, your rights will be protected in accordance with all the regulations listed. Feel free to contact us for information: [email protected].
To avoid confusion or contradictions between laws, since they present different texts and concepts, we adopt the strictest rule in the aforementioned legislation for the processing of your data, especially with regard to the rights of the holders.
We highlight the elaboration and adoption of an Information Update Plan in the National Database Registry of Colombia.
It is important to clarify that privacy laws establish the territory of the data subject for the sphere of action, so in some cases different sections of this policy are considered to meet a specific need.
3. Lifecycle of personal data collected
We collect personal information necessary on our websites and applications in order to offer our products and/or services.
This collection can be carried out in several ways, mainly, but not limited to, filling out forms, registering, contacting us, among other interactions.
The information we collect will be detailed in the policies specific to our websites and apps.
New purposes or new personal data collected will be informed in updates to these policies.
We will not collect sensitive personal information or any other personal data without informing them in our policies and, in the case of forms, without explicit consent.
Data storage is carried out on own or contracted servers, inside or outside Brazil, with technical specifications and state-of-the-art technology for adequate protection.
In the case of the need to share data with third parties, our policies report what this data is and what are the purposes of this processing in these operators.
The retention of this data depends on legal or strategic issues, but will be maintained only as long as it serves a specific purpose. Afterwards, the data will be securely discarded.
4. How We Use Your Information
The information collected will be used according to the purposes described in this policy.
This includes providing requested products and services, improving our services, and complying with legal obligations.
Personal data will not be shared with third parties without your knowledge, as well as personal data will not be sold in markets where this possibility exists.
5. Information Sharing
We do not sell your personal information to third parties. We may share your personal information with service providers, our affiliates, external consultants, business partners, courts of law or police in cases of legal obligation or court order, or any other circumstances provided for by law.
In all cases, we ensure that our agreements with these partners comply with the legal requirements of the places where they operate, in particular the privacy laws mentioned in this policy.
6. International Transfer
Your data may be transferred between the countries in which we operate, especially Brazil, in specific situations such as analysis and processing by our team in the country. All these activities are mapped and follow the criteria for International Data Transfer, considering the maturity of the local laws of the destination country of this data. In the case of a transfer, our policies will make it clear which country, using the principle of transparency, as required by the LGPD, CCPA, CCPR and the Statutory Law 1581 of 2012 of Colombia.
When transferring data to service providers outside the holder's country of origin, we ensure that this data complies with protection standards compatible with this policy, as well as we adopt data protection measures in accordance with the requirements of the CCPA, and we consider the provisions of the European Union General Data Protection Regulation (GDPR) and the Brazilian General Data Protection Law (LGPD), even when not mandatory, in order to ensure the highest level of protection.
In the specific case of Colombia, international transfers of personal data follow the requirements of Title VIII of Law 1581/2012 and Decree 1377/2013, including obtaining prior, express and informed consent from the holders and compliance with contractual and legal security and adequacy requirements. In addition, there may only be international sharing with countries that comply with adequate levels of personal data protection.
Due to the concerns of US government surveillance, the data of European Union holders, when transferred to the US, even if already minimized, will be subject to impact assessment (DPIA) to determine the need for other safeguards. Until then, there are no transfer situations with this characteristic or that could cause concerns to EU holders.
7. Your Rights
The holder, depending on where he/she accesses/uses our websites or applications, has different rights according to the laws considered in this policy. The following is a comparison of rights for verification.
|
Data Subjects' Rights |
LGPD (Brazil) |
GDPR (European Union) |
CCPA/CPRA (California, USA) |
Ley 1581/2012 (Colombia) |
|
Access |
Yes |
Yes |
Yes |
Yes |
|
Rectification |
Yes |
Yes |
- |
Yes |
|
Erasure (Right to be forgotten) |
Yes |
Yes |
Yes (Exclusion) |
Yes (with legal limitations) |
|
Data portability |
Yes |
Yes |
- |
Not Required |
|
Information about sharing with third parties |
Yes |
Yes |
Yes |
Yes |
|
Opposition to processing |
Yes |
Yes |
- |
Yes |
|
Limitation of processing |
Yes |
Yes |
- |
Yes |
|
Not being subjected to automated decisions |
Yes |
Yes |
- |
Yes |
|
Revocation of consent |
Yes |
Yes |
- |
Yes |
|
Opt out |
- |
- |
Yes |
Not applicable |
|
Protection from Discrimination (when exercising your rights) |
- |
Yes |
Yes |
Yes (SIC - Superintendencia de Industria y Comercio) |
As previously established and for the purpose of standardization, our compliance with the demands of the holders will be based on the strictest rule of the laws considered in the preparation of this policy, therefore:
• You may request a copy of your personal information that is in our possession and details of how we use that information. Remembering that the details are available in the policies of each application or website.
• If any information held is incorrect or outdated, you have the right to change or correct it. On our services and websites we provide the option to access your account and change information when necessary. If this is not possible, please contact those responsible for your claim.
• You also have the right to request the disposal of your personal information; the interruption of the processing of your personal information; the limitation of the processing of your personal information; or to object to automated processing and profiling; and/or that we provide your personal information in a portable format.
• Where processing is based on consent, you may revoke your consent. This does not apply in cases of legal determination for the continuity of processing.
• If you believe we may have incorrect personal information, or would like a copy of the personal information we hold about you, or to exercise any other data protection right, please contact us.
For all of the situations described above, please note that we will need you to prove your identity before we can provide you with any information.
You also have the right to lodge a complaint with a relevant supervisory authority in your home country if you feel the need to do so.
8. Security Information
SOLINFTEC maintains reasonable administrative, technical and physical data security practices to protect the confidentiality, integrity and accessibility of your personal data. Only authorized personnel and necessary partners will have access to any date made available, and access is always limited to the specific need.
SOLINFTEC is unable to guarantee or be responsible for actions resulting from security incidents if, through the sole fault of a third party or the holder itself, the information is made available on the internet or on public networks or computers.
9. Data on minors
SOLINFTEC understands the importance of protecting children's personal data and privacy, particularly in online interactions. Our website does not contain information harmful to this audience, has no limiter or does any information collection that distinguishes the age of the user, that is, it was not designed for and has no intention of collecting data from children under 13 years of age. The safety of children and adolescents online should be closely monitored by parents and guardians.
Despite the intentional non-treatment, if it occurs, it is necessary to establish that for each place of action the law conceptualizes the subject in a different way. Therefore, if you are responsible for a minor and for any reason you wish to register on your behalf, it is necessary to inform us and we will take the following precautions:
|
Letter Grade |
LGPD (Brazil) |
GDPR (European Union) |
CCPA/CPRA (California, USA) |
Ley 1581/2012 (Colombia) |
|
Definition of Minor |
Individuals under 18 years of age; Child up to 12 years old, according to the ECA (Brazilian Child and Adolescent Statute). |
Individuals under 16 years of age (may be reduced by Member States to not less than 13 years of age) |
Individuals under 16 years of age |
Individuals under 18 years of age; Child up to 12 years old, according to the Código de la Infancia y la Adolescencia |
|
Consent |
If the processing of data of minors is necessary, specific and prominent consent by at least one parent or legal guardian is required |
If the processing of data of minors is necessary, parental consent is required for minors under 16 years of age, unless the law of the member state allows a lower age (not less than 13 years of age) |
Only necessary in the case of the sale of the data, which is not carried out by SOLINFTEC |
Law 1581/2012 prohibits the processing of personal data of children and adolescents, except those of a public nature. |
|
Special Protections |
No special protection is required since the purpose of our websites and applications is not related to advertising for this audience |
The information on our websites and applications is not directed to minors,but whenever possible we use language accessible to all audiences. |
No special protection is required as the purpose of our websites and applications is not the processing or sale of Minors' data. |
It is not necessary, since there will be no data processing of this public |
10. Cookies, links to external websites and other technologies
Our websites and applications use anonymous cookies to facilitate the understanding of how users use our pages and forms and to determine the performance of our marketing actions for the regions in which we operate.
All our websites are described in our management tool, available in the footer, through which it is possible to determine which categories of cookies can be downloaded to your computer.
Once accepted, these cookies will be used again when you access the website, as they create unique identifiers that, although they do not collect personal data or identify you as a person, they assist the available functionalities.
Some sections of the website or features may be unavailable if you do not accept the proposed cookies.
We are not responsible for external content not produced by us. Please read the policies of each of the websites carefully before providing personal data.
11. Changes to Our Privacy Policy
This policy will be updated when necessary or at least every two years. Any changes will be posted on this page with the updated revision date.
VI. DATA PROTECTION AND CONTACT OFFICER
E-mail: [email protected]
DPO: Senefonte e Silva Ltda registered with CNPJ 34.315.969/0001-73 represented by its partner Fernando Martins Silva
VII. POLICY MANAGEMENT
The management of this policy is the responsibility of the Compliance Management area and the Personal Data Privacy Committee, and may be changed as necessary, provided that employees and spokespersons are informed.