I. OBJECTIVE
This policy describes our data processing practices, such as collection, use and disclosure of information, in order to assure holders, in all our markets, about the processing to which personal data collected by our products and services may be subjected.
II. REGULATORY ENVIRONMENT
The definitions and rules of this Global Policy take into account the markets in which we operate, in particular: Brazil and the United States.
• Brazilian General Personal Data Protection Law (LGPD – Federal Law No. 13.709).
• California Consumer Privacy Act (CCPA – AB-375).
• Marco Civil da Internet (MCI – Federal Law No. 12.965).
• General Data Protection Regulation (GDPR – EU Regulation No. 2016/679, as good practices).
• Solinftec's Code of Ethics and Conduct.
III. SCOPE
The policy applies to Solinftec's entire business, including investments, products and services, in all countries of operation. Its principles also guide the relationship with all Solinftec stakeholders, including its shareholders, employees, customers, and suppliers.
IV. TERM
This Policy enters into force on the date of its publication.
SOLINFTEC will update this policy periodically. Please read this document carefully before entering personal data in the forms contained on our websites and applications.
V. GUIDELINES
SOLINFTEC values your privacy and is committed to protecting your personal information. This policy describes our data processing practices, such as collection, use and disclosure of information, in order to assure holders, in all our markets, about the processing to which personal data collected by our products and services may be subjected.
This is a Global Policy that considers the local legislation of the main markets in which we operate. Your data will be treated according to the strictest rules available on the subject. Specific policies on applications and/or other websites will indicate in more detail what data is collected, the purpose and the retention period.
1. Your consent to SOLINFTEC's Privacy Policies
On our websites and applications your consent is the legal basis for whenever we need to process personal data that does not characterize a legal obligation or concerns the object
of a contract. Therefore, please read this and other applicable policies carefully before sending us your personal data.
By browsing, accepting cookies (small files saved on your computer to help store preferences and other information frequently used on web pages) and/or other technologies used on the website, expressly consenting through subscriptions, checkboxes or spontaneous requests, submitting your data to access our services, we consider that you agree to our Privacy Policies.
2. Compliance with privacy laws
The definitions and rules of this Global Policy take into account the markets in which we operate, in particular: Brazil and the United States.
Therefore, the California Consumer Privacy Act (CCPA – AB-375); the Virginia Consumer Data Protection Act (CDPA – HB 2307); the California Privacy Rights Act (CPRA – Prop 24); the Brazilian Civil Rights Framework for the Internet (MCI – Federal Law No. 12.965); the General Personal Data Protection Law (LGPD – Federal Law No. 13.709); and the General Data Protection Regulation (GDPR – EU Regulation No. 2016/679, in order to maintain "good practices" brought by this legislation) were considered for the elaboration of this policy, and, therefore, your rights will be protected in accordance with them. Feel free to contact us for more details: [email protected].
To avoid confusion or contradictions between laws, since they present different texts and concepts, we adopt the strictest rule in the aforementioned legislation for the processing of your data, especially with regard to the rights of the holders.
It is important to clarify that privacy laws establish the territory of the data subject for the sphere of action, so in some cases different sections of this policy are considered to meet a specific need.
3. Lifecycle of personal data collected
We collect personal information on our websites and applications in order to offer our products and/or services.
This collection can be carried out in several ways, mainly, but not limited to, filling out forms, registering, contacting us, among other interactions.
The information we collect will be detailed in the policies specific to our websites and apps. New purposes or new personal data collected will be disclosed in updates to these policies. We will not collect sensitive personal information or any other personal data without proper disclosure in our policies and, in the case of forms, explicit consent.
Data storage is carried out on own or contracted servers, inside or outside Brazil, with technical specifications and state-of-the-art technology for adequate protection.
If we need to share data with third parties for any reason, our policies will report what data are shared and what are the purposes and applications of the processing in these operators.
The retention of the data depends on legal or strategic issues, but will be maintained only as long as the information serves a specific purpose. Afterwards, the data will be disposed of securely.
4. How We Use Your Information
The information collected will be used according to the purposes described in this policy. This includes providing requested products and services, improving our services, and complying with legal obligations.
Personal data will not be shared with third parties without your knowledge, as well as personal data will not be sold in markets where this possibility exists.
5. Information Sharing
We do not sell your personal information to third parties. We may share your personal information with service providers, our affiliates, external consultants, business partners, courts of law or police when there is a legal obligation or court order, or any other circumstances provided for by law.
In all cases, we ensure that our agreements with these partners comply with legal requirements of the places where they operate, in particular the privacy laws mentioned in this policy.
6. International Transfer
Your data may be transferred between the countries in which we operate, especially Brazil, in specific situations such as analysis and processing by our team in the country. All these activities are mapped and follow the criteria for International Data Transfer. In the case of a transfer, our policies will make it clear to which country, according to the principle of transparency, as required by the LGPD, CCPA and CCPR.
When transferring data to service providers outside the holder's country of origin, we ensure that the data complies with protection standards compatible with this policy, we also adopt data protection measures in accordance with the CCPA requirements and we consider the provisions of the European Union General Data Protection Regulation (GDPR) and the Brazilian General Data Protection Law (LGPD), even when not mandatory, in order to ensure the highest level of protection
Due to concerns of US government surveillance, data of European Union holders, when transferred to the US, even if already minimized, will be subject to impact assessment (DPIA) to determine the need for other safeguards. Until then, there are no transfer situations with these characteristics or that could cause concerns to EU holders.
7. Your Rights
The holder, depending on where they access/use our websites or applications, is protected by different rights according to the laws considered in this policy. The following is a comparison of rights for verification.
Data Subjects' Rights | LGPD (Brazil) | GDPR (European Union) | CCPA/CPRA (California, USA) |
Acess | Yes | Yes | Yes |
Rectification | Yes | Yes | - |
Erasure (Right to be forgotten) | Yes | Yes | Yes (Exclusion) |
Data portability | Yes | Yes | - |
Information about sharing with third parties | Yes | Yes | Yes |
Opposition to processing | Yes | Yes | - |
Limitation of processing | Yes | Yes | - |
Not being subjected to automated decisions | Yes | Yes | - |
Revocation of consent | Yes | Yes | - |
Opt-out | - | - | Yes |
Protection from discrimination (when exercising your rights) | - | Yes | Yes |
As previously established and for the purpose of standardization, our compliance with the demands of the holders will be based on the strictest rule set out by the laws considered in the preparation of this policy, therefore:
• You may request a copy of your personal information in our possession and details of how we use that information. These details are also available in the policies of each application or website.
• If any information held is incorrect or outdated, you have the right to change or correct it. On our services and websites, we provide the option to access your account and change information when necessary. If this is not possible, please contact the responsible for your claim.
• You also have the right to request the disposal of your personal information; the interruption of the processing of your personal information; the limitation of the processing of your personal information; or to object to automated processing and profiling; and/or that we provide your personal information in a portable format.
• Where processing is based on consent, you may revoke your consent. This does not apply in cases of legal determination for the continuity of processing.
• If you believe we may have incorrect personal information or would like a copy of the personal information we hold, or to exercise any other data protection right, please contact us.
For all of the situations described, please note that we will need you to prove your identity before we can provide you with any information.
You also have the right to lodge a complaint with a relevant supervisory authority in your home country if you feel the need to do so.
8. Security Information
SOLINFTEC maintains reasonable administrative, technical and physical data security practices to protect the confidentiality, integrity and accessibility of your personal data. Only authorized personnel and necessary partners will have access to any data made available, and access is always limited to the specific need.
SOLINFTEC is unable to guarantee or be responsible for actions resulting from security incidents if, through the sole fault of a third party or the holder itself, the information is made available on the internet or on public networks or computers.
9. Data on minors
SOLINFTEC understands the importance of protecting children's personal data and privacy, particularly in online interactions. Our website does not contain information harmful to this audience, has no limiter or does any information collection that distinguishes the user age, that is, it was not designed for and has no intention of collecting data from children under 13 years of age. The safety of children and adolescents online should be closely monitored by parents and guardians.
Despite the intentional non-treatment, if it occurs, it is necessary to establish that for each place of action the law conceptualizes the subject in a different way. Therefore, if you are responsible for a minor and for any reason you wish to register them on your behalf, it is necessary to reach out to us and we will take the following precautions:
Concepts | LGPD (Brazil) | GDPR (European Union) | CCPA/CPRA (Califórnia, EUA) |
Definition of Minor | Individuals under 18 years of age. Child up to 12 years old, according to the ECA (Brazilian Child and Adolescent Statute). | Individuals under 16 years of age (may be reduced by Member States to not less than 13 years of age). | Individuals under 16 years of age. |
Consent | If the processing of data of minors is necessary, specific and prominent consent by at least one parent or legal guardian is required. | If the processing of data of minors is necessary, parental consent is required for minors under 16 years of age, unless the law of the member state allows a lower age (not less than 13 years of age). | Only necessary in the case of the sale of the data, which is not carried out by SOLINFTEC. |
Special Protections | No special protection is required since the purpose of our websites and applications is not related to advertising for this audience. | The information on our websites and applications is not directed to minors, but whenever possible we use language accessible to all audiences. | No special protection is required as the purpose of our websites and applications is not the processing or sale of minors' data. |
10. Cookies, links to external websites and other technologies
Our websites and applications use anonymous cookies to facilitate the understanding of how users use our pages and forms and to determine the performance of our marketing actions for the regions in which we operate.
All our websites are described in our management tool, available in the footer, through which it is possible to determine which categories of cookies can be downloaded to your computer.
Once accepted, these cookies will be used again when you access the website, as they create unique identifiers that, although they do not collect personal data or identify you as a person, assist the available functionalities.
Some sections of the website or features may be unavailable if you do not accept the proposed cookies.
We are not responsible for external content not produced by us. Please read the policies of each of the websites carefully before providing personal data.
11. Changes to Our Privacy Policy
This policy will be updated when necessary or at least every two years. Any changes will be posted on this page with the updated revision date.
12. Contact Us
E-mail: [email protected]
DPO: Samir Oliveira de Falco [email protected]
VI. POLICY MANAGEMENT
The management of this policy is the responsibility of the Compliance Management area and the Personal Data Privacy Committee, and may be changed as necessary, provided that employees and spokespersons are notified.