GENERAL PRIVACY AND PERSONAL DATA PROTECTION POLICY
This Privacy and Personal Data Protection Policy was established with the purpose of establishing guidelines and procedures for processing personal data, being committed to the security of the information of registered users and visitors to the website www.intercroma.com, establishing the rules on the collection, registration, storage, use, sharing and elimination of personal data collected, as determined by Law no. 13.709/2018 - General Personal Data Protection Regulation (LGPD).
The COMPANY INTERCROMA S.A. acts in compliance with the LGPD, always preserving the privacy of the personal data of all users, customers, employees and partners, prioritizing the integrity of personal data and privacy.
For this, initially, it is important that you understand some concepts addressed by the LGPD:
PROCESSING AGENTS: the data controller and the data operator, as provided for in art. 5, item IX, of the LGPD.
DATA CONTROLLER: individual or legal entity, governed by public or private law, who is responsible for decisions regarding personal data processing, as provided for in art. 5, item VI, of the LGPD.
DATA OPERATOR: individual or legal entity, governed by public or private law, that processes personal data on behalf of the data controller, as provided for in art. 5, item VII, of the LGPD.
PERSONAL DATA: any and all information related to an identified or identifiable individual. Ex: Name; Social Name; Date of birth; Last name; Taxpayer´s ID no.; Identity card; National driver's license (CNH); Age; Nationality; E-mail; Place of birth; Home address; Business address; Marital status; Gender; Home phone; Business phone; Mobile phone, as provided for in article 5, item I, of the LGPD.
SENSITIVE PERSONAL DATA: personal data on racial or ethnic origin, religious conviction, political opinion, membership of a union or organization of a religious, philosophical or political nature, data related to health or sexual life, genetic or biometric data, when linked to an individual, as provided for in art. 5, item II, of the LGPD.
DATA SUBJECT: individual to whom the personal data being processed refers, as provided for in art. 5, item V, of the LGPD.
PROCESSING: any operation carried out with personal data, such as those related to the collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation or control of information, modification, communication, transfer, dissemination or extraction, as provided for in art. 5, item X, of the LGPD.
PERSONAL DATA PROCESSING OFFICER (DPO): person appointed by the data controller and operator to act as a communication channel between the data controller, the data subjects and the Brazilian Data Protection Authority (ANPD). Among the main responsibilities of the personal data processing officer is to receive complaints and communications from the data subjects, provide the necessary clarifications, adopt the measures of interest to the data subjects and communicate with the ANPD, as provided for in art. 5, item VIII, of the LGPD.
2. WHO IS RESPONSIBLE FOR PROCESSING PERSONAL DATA?
The COMPANY will be considered a CONTROLLER of personal data of its employees and suppliers, as well as in all situations in which it falls under the legal definition of the LGPD, i.e., when it is responsible for decisions about data processing.
The COMPANY, as a service provider and in cases where it has no interference in relation to the activities of processing personal data, will act as an "Operator" of the personal data of the customer of said "Controlling" company.
In addition, the data collected by the COMPANY as DATA CONTROLLER may be processed and stored on internal servers or by an external server.
When the COMPANY acts as OPERATOR, the data of the data subjects will be processed and stored in the CONTROLLER's systems, which act in accordance with security policies and mechanisms, specific contractual clauses related to privacy and protection of personal data. As CONTROLLER, the COMPANY will be responsible for the personal data processing activities of the following processes, according to the legal bases of articles 7, II, V and IX and article 11, II, a and d, of the LGPD.
As an OPERATOR, the COMPANY will respond on behalf of the CONTROLLER for the personal data processing activities of the following processes, according to the legal basis defined by the CONTROLLER
3. WHO DOES THE COMPANY COLLECT AND PROCESS PERSONAL DATA FROM?
The COMPANY, using the legal bases set forth above and among all the provisions determined by law, may collect and process the data of customers, users who visit its website, partners, suppliers, employees, service providers, legal representatives, candidates for vacancies, managers, administrators, partners and others who maintain any link with the company.
4. FOR WHAT PURPOSES DO WE USE THE USER'S PERSONAL DATA?
When you interact commercially with the COMPANY, we use various tools to process the personal data collected. The legal bases that we rely on and that allow us to legally process personal data may be the execution of a contract, compliance with legal obligations and legitimate interest.
If the Data Subject decides to provide their personal information on the COMPANY's website to enjoy the Online Services or any other, such information will be processed in compliance with the specific purposes previously defined or as described in the service agreement.
The Data Subject reserves the right, at any time, including at the time of making personal information available, to inform the COMPANY, through the communication channels available for the registration of such information, of the non-interest in receiving such announcements, including by e-mail (opt-out), in which case the COMPANY will interrupt such services in the shortest possible time.
5. WHAT PROCESSING WILL BE CARRIED OUT WITH PERSONAL DATA?
The COMPANY, under the terms of the legislation, may collect, receive, classify, use, access, transmit, store, file, delete, share with third parties, end, carry out all the activities provided for in Article 5, X of the LGPD, always in strict compliance with said legislation. Your personal data and registration information will be used when necessary to achieve the agreements made between the parties and also in other cases based on legitimate purposes, such as support and promotion of activities, or to provide services that benefit others involved in the process.
6. ABOUT SHARING YOUR PERSONAL DATA
The COMPANY may share personal data with partner companies in order to improve its products, services and processes, as permitted by applicable law and in accordance with this policy, as provided for in art. 5, XVI, of Law 13.709/2018.
We emphasize that new online services, made available by the COMPANY, will automatically be subject to the Privacy Policy in force at the time of their use.
To execute the activities listed above, whenever necessary, we may share your personal data with other partner companies, payment and processing service providers, partners or regulatory bodies. We never sell personal data.
The following is a summary of these possibilities:
We will share the personal data of the Data Subject if we believe, in good faith, that it is necessary for our legitimate interest, or that of Service Providers.
In order to provide our services with quality, we rely on the collaboration of some service providers, who process the personal data collected on our behalf and in accordance with our instructions. These service providers act mainly to assist us in data processing and payment processing, anti-fraud analysis, payment intermediation, hosting and maintenance, database enrichment and cloud storage.
It may also be necessary to share the personal data of the Data Subject with the judicial, police or governmental Authorities. We must provide personal data of Customers and/or Users, in compliance with the court order, requests from administrative authorities, legal or regulatory obligation, as well as to act collaboratively with government authorities, in general in investigations involving unlawful acts.
7. DATA STORAGE AND INTERNATIONAL TRANSFER
The personal data processed as a result of the use of the Services will be processed by the COMPANY in accordance with the applicable legislation in force. The company is headquartered in Brazil, but may process personal data in other countries, by hiring partner companies, which, in turn, will be subject to the obligations of this Privacy Policy.
In cases where the COMPANY needs to carry out some type of international transfer of personal data, as well as if such event occurs due to its partners and customers, all personal data processing activities are in accordance with the personal data protection legislation, observing compliance with the principles and rights of the data subject legally provided for in the LGPD. Such protection occurs through security and confidentiality policies and mechanisms, as well as through specific contractual clauses for international transfers.
8. YOUR RIGHTS AS A PERSONAL DATA SUBJECT
In compliance with the applicable regulations, the Company ensures the Personal Data Subject the right to demand at any time the application of the provisions of article 18, and items, of Law 13.709/2018, which provides as follows:
I - Confirmation of the existence of processing;
II - Access to data;
III - Correction of incomplete, inaccurate or outdated data;
IV - Anonymization, blocking or deletion of unnecessary, excessive or processed data in violation of the provisions of this Law;
V - Portability of data to another service or product provider, upon express request, in accordance with the regulations of the national authority, subject to commercial and industrial secrets;
VI - Elimination of personal data processed with the consent of the data subject, except in the cases provided for in art. 16 of this Law;
VII - information from public and private entities with which the data controller made shared use of data;
VIII - information on the possibility of not providing consent and on the consequences of refusal;
IX - Revocation of consent, pursuant to paragraph 5 of art. 8 of this Law.
9. STORAGE TIME AND END OF PERSONAL DATA PROCESSING
According to art. 15 and 16 of the LGPD, personal data will be processed and stored in accordance with the Retention and Disposal Policy adopted by the COMPANY, for the time necessary to execute the purposes listed above and will be deleted after a determined period or at the request of the data subject in the exercise of their rights, when applicable, except for storage when complying with a legal or regulatory obligation on the part of the COMPANY.
10. HOW DO WE PROCESS YOUR INFORMATION SECURELY?
Access to personal information collected, stored or otherwise processed by the COMPANY is restricted to professionals authorized for the direct use of this information and necessary to provide services, and use for other purposes is limited. Every organization or individual hired to provide support services is also required to comply with the Privacy Policy adopted by the Company.
In all processes, from the beginning to the end of data processing, plausible technical measures are adopted from the current state of technology, in order to ensure the security of personal data and avoid its alteration, loss, unauthorized access or any other processing other than the main purpose, whether from human action or natural, physical or electronic actions.
11. UPDATING INFORMATION
The COMPANY reserves the right to improve the functionalities of its internal processes, constantly seeking to improve the experience of our users and customers. Thus, our personal data processing practices may change with the inclusion of new functionalities and services, except in case of legal prohibition, to include the implemented modifications.
By continuing to use our Services after the privacy policy update, you agree to the changes made and in effect at the time of access.
We value transparency in the way we process your personal data. Whenever any relevant condition of this Privacy Policy is changed, these changes will be valid, effective and binding after the new version is published on our website.
12. CONTACT WITH THE OFFICER (DPO) – REQUESTS AND COMPLAINTS
If after reading this Privacy and Personal Data Protection Policy there is any doubt to the user, whether it is a request or complaint, or for any reason they need to communicate for matters involving their personal data, the contact can be made through the channels below:
Officer (DPO):
helder.boaretto@intercroma.com / compliance@intercroma.com
When contacting the Officer (DPO), you will have to provide personal data to confirm your identity. From time to time, other information may be requested so that we can confirm your identity in order to better respond to your request or complaint.
13. GENERAL PROVISIONS
Any omissions or mere tolerances of the parties in requiring strict and full compliance with this Privacy Policy and/or prerogatives arising therefrom or from the law will not constitute novation or waiver, nor will they affect the exercise of any rights provided herein, which may be fully and completely exercised at any time. If a provision is found to be void, the remaining provisions of this Privacy Policy will remain in full force and effect and a valid term will supersede the null term, reflecting our intent as much as possible.
We hope that this Privacy Policy has helped you to better understand our commitments regarding Personal Data Protection.
On the other hand, if you do not agree with the content of this document, we emphasize that you can freely choose to use or not the services offered by the COMPANY INTERCROMA, and may, however, request the non-sharing of certain personal data, aware that such a decision may prevent the use of some functionalities or services.
14. GOVERNING LAW AND DISPUTE RESOLUTION
Any and all disputes arising from the terms set forth in this Privacy Policy will be resolved in accordance with Brazilian law, and the jurisdiction of the city of São Bento do Sul (SC) is competent, to the exclusion of any other, however preferable it may be. It is also clear that the use of Services and orders commanded outside Brazilian territory, or those resulting from operations initiated abroad, may also be subject to the legislation and jurisdiction of the authorities of the countries where they are commanded or initiated.
Update: 08/01/2023.
Created by: Intercroma S.A.
Approval Date: August/2023
Reviewed by: CMMR Advogados
Approved by: Intercroma´s Executive Board