1.OBJECTIVE
Inform customers and users of DATUM services about its guidelines for applying the General Data Protection Law (GDPL).
2.SCOPE
Applies to all customers and users of DATUM services.
3.PROCESS DESCRIPTION
DATUM, on certain occasions, may need to collect and process personal data from its customers, or data controlled by them. In this sense, this DATUM Privacy and Personal Data Policy (hereinafter “Privacy Policy”), aims to help our customers to understand what personal data we collect, why we use them, to whom we disclose them and how we protect their privacy when using our services.
4.WHY?
DATUM is committed to protecting the security and privacy of its customers. In this context, it has prepared this Privacy Policy, in order to affirm its commitment and respect for the rules of privacy and protection of personal data.
We want our customers to know the general privacy rules and the terms of data processing that we collect, in strict compliance with the legislation applicable in this area, notably Federal Law nº 13.709, of August 14, 2018 (“General Data Protection Law – GDPL” or simply “GDPL”).
DATUM seeks to respect the best practices in terms of security and protection of personal data, carry out the promotion/awareness of good practices in this field, and the improvement of systems, in order to manage the protection of data made available to it by its customers, in compliance with legal obligations.
Filling out data collection forms and providing data, directly or indirectly, implies knowledge of the conditions of this Policy and any other specific terms, policies and conditions related to the services provided.
5.WHAT IS PERSONAL DATA?
Personal data means any information related to an identified of identifiable natural person (data subject), of any nature and regardless of the respective support. An identifiable person is a person who can be identified directly or indirectly, either through reference to an identification number, or through other specific elements of theis physical, physiognomic, psychological, economic, cultural or social identity.
Personal data may have a different nature in certain situations, classifying them under the GDPL as “sensitive data”. These may relate to the holder’s racial or ethnic origin, his political opinions, his religious or philosophical convictions, genetic information, biometric identifiers, sex life, sexual orientation or about his health.
6.COOKIE DEFINITION
What are Cookies?
Are a set of text that are placed on your computer by the websites you visit. They are widely used to make websites work more efficiently, as well as providing information to website owners.
Datum may use third-party Technologies (not its own), such as Google ADS, Google Analytics, Meta Ads, LinkedIn Ads and RD Station, which, in turn, may contain cookies for marketing purposes and/or monitoring activities performed by users from our website.
Third-part cookies that are activated on Datum’s website have their own privacy notices, so Datum cannot be responsible or control third-party practices. The customer/user of the site must read the privacy notices of the third parties to verify that they agree. You, as Holder of your personal data, may, at any time, choose to disable cookies, at which point we will stop sending you any material for marketing purposes, and may block the use of cookies activated on our website at any time.
7.OTHER IMPORTANT DEFINITIONS
i.Consent of the data subject – expression of will, free, specific, informed and explicit, through which the data subject accepts, by means of an unequivocal positive statement or act, that the personal data concerning him are subject to treatment;
ii.Controller: natural or legal person, public or private, who is responsible for decisions regarding the processing of personal data;
iii.Profiling – any form of automated processing of personal data consisting of the use of such personal data to, in particular, include a natural person in a certain category, regarding their professional performance, their economic situation, health, personal preferences, interests, behavior, location or travel;
iv.Data Protection Officer – “DPO” – person or entity appointed to ensure, in an organization, the compliance of the processing of personal data with GDPL, ensuring efficient communication with data subjects and cooperation with control authorities, also bridging the gap with the different areas of activity within from DATUM. The DPO does not receive instructions regarding the exercise of its functions, responding directly to the management bodies of the entity that appointed it;
v.Responsible for the treatment – natural or legal person, public authority, agency or other body that, individually or jointly with others, determines the purposes and means of processing personal data;
vi.Third party – natural or legal person, service or body other than the data subject, the Controller, the Operator and the persons who, under the direct authority of the Controller or the Operator, are authorized to process personal data;
vii.Data subject – identified or identifiable natural person to whom the personal data relate;
viii.Processing – operation or set of operations carried out on personal data or on sets of personal data, by automated or non-automated means, such as collection, registration, organization, structuring, conservation, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any form of making available, comparing or interconnecting, the limitation, erasure or destruction;
ix.Operator: natural or legal person, public or private, who processes personal data on behalf of the controller;
.
x.Breach of personal data – breach of security that causes, accidentally or unlawfully, the destruction, loss, alteration, disclosure or unauthorized access to personal data transmitted, stored or subject to any other type of treatment;
xi.Pseudonymisation – the processing of personal data in such a way that they can no longer be attributed to a specific data subject without recourse to supplementary information, provided that such supplementary information is kept separately and subject to technical and organizational measures to ensure that the personal data cannot be attributed to an identified or identifiable natural person;
xii.Anonymization – technique that results from the processing of personal data in order to remove sufficient elements so that it is no longer possible to irreversibly identify the data subject. More precisely, the data must be processed in such a way that they can no longer be used to identify a natural person using the set of means likely to be reasonably used, either by the controller or by third parties.
xiii.National Data Protection Authority – Public administration body responsible for ensuring, implementing and supervising compliance with the law.
8.WHO IS RESPONSIBLE FOR PROCESSING YOUR PERSONAL DATA?
This Privacy Policy aims to inform customers about the terms of processing the data provided by them in the context of the provision of services, which is why it must be considered as a Controller, under the terms of the GDPL.
Thus, when serviced by an independent third party, on behalf of DATUM, this third party will be considered an Operator, under the terms of GDPL. Therefore, if there is any question regarding the privacy of the customer’s data, we request that the competent third party be also indicated, when applicable, for the purposes of investigating any infringement, deceit, negligence, recklessness or mal practice.
9.WHAT PERSONAL DATA DO WE COLLECT AND BY WHAT MEANS?
DATUM collects personal information provided by the customer, information capable of identifying him, or identifying the holder to which they refer. This information collected may vary according to your use of DATUM, as well as the type of information you choose to provide us.
For the smooth running of the service, DATUM customers provide some information about both their individual customers and legal entities, such as: Company name, telephone, e-mail, address, CPF, schooling, registration date, among others. DATUM can use a specific system, through which other information is also provided.
All this information collected by DATUM is cumulative, so that DATUM and its Operators can provide a better service.
10.CATEGORY OF DATA WORKED, MEANS AND FORMS OF COLLECTION
The customer will always be duly informed of the obligation to provide this data to continue the registration processo with DATUM.
DATUM does not collect sensitive data.
11.WHAT ARE THE PURPOSES OF COLLECTING YOUR PERSONAL DATA?
The personal data received may only be used for the contracted purpose. If DATUM carries out treatment other than what was agreed upon, by virtue of the customer’s contractual relationship, it must obtain a new consent from the data subject.
The legal basis used for the processing of personal data is the performance of the contract and the legitimate interest, therefore, there is no need for DATUM to obtain the consent of the data subject. The purpose for processing the data must be specific, except in the legitimate interest of the controller.
We may use the categories of personal information mentioned above for one or more of the following business purposes:
Para processar sua solicitação de informações (por exemplo, produtos/serviços, oportunidades de Consultor Independente).
Para processar transações de produtos e serviços e enviar avisos sobre suas transações.
Fornecer suporte de vendas e atendimento ao cliente, bem como garantia de qualidade.
Para cumprir ou atender o motivo pelo qual as informações são fornecidas.
To provide targeted marketing and advertising, provide service update notices, and make promotional offers based on your communication preferences;
To allow email to friends. We may provide functionality to allow you to send messages about content related to the Site to a friend through the Site. If you wish to use this feature, you can provide us with your friend’s email address so that we can facilitate sending your message to them;
To verify your identity, including account-related issues;
To send you administrative communications regarding the Site, service-related announcements, etc., that are necessary to serve you, respond to your concerns, and provide the high level of customer service that DATUM provides. Because this information may be importante to your use of the Site, you may not opt out of receiving such communications unless you explicity withdraw your consent to our use of your personal information as described in this Privacy Policy;
Para revisar/gerenciar o uso e as operações do Site e para conformidade com nossos Termos de Uso e a lei.
To resolve issues with the Site, our business or our services;
To contact you at any phone number, via a voice call or via text message (SMS) or email as authorized by our Terms and Conditions;
To detect, prevent or investigate security breaches, fraud or other suspicious/prohibited/ilegal activity; or violations of our Privacy Policy;
Maintain appropriate records for internal administrative purposes;
To provide important product safety information;
We use your IP address, and the IP adresses of all users, for purposes of calculating Site usage levels, helping diagnose problems with the Site’s servers, administering the Site, analyzing trends, internal statistics/research including detection and preventing suspicious activity, administering the Site, tracking traffic patterns, and gathering demographic information for aggregate use;
informações demográficas para uso agregado.
To improve our website and present the content to you;
For testing, research, analysis and product development;
As described to you when collecting your personal information;
We may use these technologies to collect information for a variety of purposes, such as analyzing how the Site is used, customizing your experience on the Site, or improving our content or offerings. Your browser may provide tools to block or delete cookies. However, if your browser is set to reject cookies or you manually delete them, you may experience some problems accessing and using some of the pages and features that are currently on our Site, or that we may place on our Site in the future (cookies).
12.ON WHAT BASIS DO WE TREAT YOUR PERSONAL DATA?
DATUM is na IT strategy, planning, execution and governance company and, therefore, it is necessary to process some personal data to carry out this service. The GDPL requires, for the processing of personal data to be lawful, that there is an adequate lawfulness basis for each specific treatment.
Regarding the processing of your data carried out by DATUM to improve our services and fulfill our administrative and quality objectives, the appropriate legal basis will be the pursuit of legitimate interests as well as Contractual Compliance, when applicable, in addition to the customer’s own consent. This implies that data subjects may object to the processing of their data for the aforementioned purposes, under the GDPL, if they present valid reasons related to their particular situation. In such an event, the Controller may present legitimate reasons that justify the continuation of that treatment, in which case it reserves the right to continue processing your data for these purposes, as well as in cases where such treatment is necessary for the purposes of declaration, exercise or defense of a right in legal proceedings.
With regard to the processing of data carried out by DATUM in the context of compliance with legal obligations, the legal basis for carrying out such treatments – mostly data communications to external entities – will be the need for processing for the purpose of complying with legal obligations of the Controller, including contractual performance or legitimate interest.
13.WHICH DATUM PROFESSIONALS HAVE ACCESS TO YOUR DATA?
In the context of the processing of your personal data, DATUM observes, at all times, the principles of data protection from conception (privacy by design). Such commitment implies, among other aspects, that your personal data will be limited to people who need to know in the exercise of their functions, to the strict extent necessary for the pursuit of the processing purposes that we have already listed above.
14.WHAT IS THE RETENTION PERIOD OF YOUR PERSONAL DATA?
The controller (customer) sends its database with the personal data that will be processed by DATUM (Operator). Such data are kept in a format that allows the identification of data subjects only for the period necessary for the purposes for which they are processed.
After the end of the services, the data is returned to the customer, however, due to legal security, some data is stored in a cloud (Cloud Services) contracted by DATUM.
.
15.WHAT ARE THE RIGHTS OF DATA SUBJECTS?
Under the terms of the applicable legislation, the data subject may request, at any time, access to personal data concerning him, as well as its rectification, the portability of his data, directly through the e-mail contato@datum.inf.br., or by contacting DATUM in perso
The data subject has the right to:
•Request details of the categories of personal information collected about you and, if permitted and practical, a copy of the personal information (data portability).
•Request deletion of any personal information we have collected from you, subject to certain exceptions. Once your request has been verified, we will proceed with it unless na exception applies. There is a possibility that we may deny your deletion request if retention of the information is necessary for us or our service providers we can:
•Complete the transaction for which we collected the personal information, provide a service you have requested, take reasonably foreseeable actions in the context of our ongoing business relationship with you, or otherwise perform our contract with you.
•Detect security incidents, protect against malicious, deceptive, fraudulent or ilegal activities, or prosecute those responsible for such activities.
•Debug products to identify and repair bugs that detract from existing intented functionality.
•Exercer a liberdade de expressão, garantir o direito de outro consumidor de exercer seus direitos de liberdade de expressão, ou exercer outro direito previsto em lei.
•Comply with the GDPL and relevant legislation.
•Engage in public or scientific, historical, or statistical peer-refused research in the public interest that complies with all other applicable ethics and privacy laws, where deleting the information is likely to make it impossible or seriously jeopardize the performance of the research, if you have been informed in advance your consent.
•Only permit internal uses that are reasonably in line with the consumer’s expectations based on their relationship with us.
•Comply with a legal obligation.
•Make other internal and legal uses of this information that are compatible with the context in which you provided it.
Without prejudice to any other administrative or judicial remedy, the data subject is entitled to file a complaint with the ANPD or another competent control authority under the terms of the law, if he considers that his data are not being subject to legitimate treatment by part of DATUM, pursuant to the applicable legislation and this Policy.
16.WHAT ARE THE SECURITY MEASURES ADOPTED BY DATUM?
A DATUM está empenhada em assegurar a confidencialidade, proteção e segurança dos dados pessoais dos seus clientes, através da implementação das medidas técnicas e organizativas adequadas para proteger os seus dados contra qualquer forma de tratamento indevido ou ilegítimo e contra qualquer perda acidental ou destruição destes dados. Para o efeito, dispomos de sistemas e equipes destinados a garantir a segurança dos dados pessoais tratados, criando e atualizando procedimentos que previnam acessos não autorizados, perdas acidentais e/ou destruição dos dados pessoais, comprometendo-se a respeitar a legislação relativa à proteção de dados pessoais dos clientes e a tratar estes dados apenas para os fins para que foram recolhidos, assim como a garantir que estes dados são tratados com adequados níveis de segurança e confidencialidade.
DATUM may, in some cases, transmit your personal data to its collaborators and internal and outsourced service providers. DATUM has defined clear contractual rules for the processing of personal data with its employees, internal and outsourced service providers and requires that they adopt the appropriate technical and organizational measures to protect their personal data. However, in some cases, we may be required by law to disclose your personal data to third parties (such as supervisory authorities) over whom we have limited control regarding the protection of personal data.
As it is necessary – by law, legal process, litigation and/or requests from public and governmental authorities within or outside your country of residence – for DATUM to disclose your personal information. We may also disclose your information if we determine that, for purposes of national security, law enforcement or other matters of public importance, disclosure is necessary or appropriate.
We may also disclose your information if we determine that disclosure is reasonably necessary to enforce our terms and conditions or protect our operations or users. Furthermore, in the event of a reorganization, merger or sale, we may transfer any and all personal information we collect to relevant third parties.
17.UNDER WHAT CIRCUMSTANCES IS DATA COMMUNICATED TO THER ENTITIES?
DATUM uses other entities to provide certain services. Eventually, this provision of services may imply access, by these entities, to the personal data of their customers.
Thus, any entity that characterizes itself as a sub-operator will process the personal data of our customers, under the strict obligation to follow the instructions of the Controller (customer). DATUM ensures that such entities that are characterized by being sub-operators offer sufficient guarantees for the execution of appropriate technical and organizational measures, so that the treatment meets the requirements of the applicable law and ensures the security and protection of the rights of the data subjects, pursuant to the contract agreement entered into with the Controller.
A DATUM poderá, ainda, transmitir dados pessoais dos seus clientes a entidades terceiras, quando julgue tais comunicações de dados como necessárias ou adequadas:
i.under the applicable law,
ii.in the fulfillment of legal obligations/judicial orders, and;
iii.to respond to requests from public or governmental authorities.
In this sense, DATUM may transmit your personal data to any Contracting Public Entity, to the Courts, Solicitors, to the criminal police bodies or to the Public Prosecutor’s Office when notified for that purpose or when this is necessary for the fulfillment of legal obligations, as per legally provided.
In any of the situations mentioned above, DATUM undertakes to take all reasonable measures to guarantee the effective protection of the personal data it processes.
18.CONTACT US
You may contact DATUM’s Data Protection Officer (“DPO”) for more information about the processing of your personal data, as well as any questions related to the exercise of the rights attributed to you by the applicable legislation and, in particular, those referred to in this Privacy Policy, through the following contacts: e-mail: contato@datum.inf.br
.
19.RIGHT TO NON-DISCRIMINATION FOR THE EXERCISE OF YOUR PRIVACY RIGHTS
We will not discriminate against you for exercising any of the rights described above. This includes, but is not limited to: (i) denying you services; (ii) charge you different prices or fees for services, including through the use of discounts or other benefits or by imposing penalties; (iii) provide a different level or quality of services; or (iv) suggest that you will receive a different price or rate for services or a different level of quality of services.
20.HOW DO I FIND OUT ABOUT CHANGES TO THE PRIVACY POLICY?
DATUM reserves the right, at any time, to make changes or updates to this Privacy Policy, these changes being duly updated on our Platforms. We suggest that you consult them regularly to be aware of any changes.
