1. GENERAL INFORMATION
This Privacy Policy contains information about how we treat, in whole or in part, in an automated or non-automated way, the personal data of users who access our site. Its purpose is to inform stakeholders about the types of data that are collected, the reasons for the collection, and how the user will be able to update, manage or delete this information.
This Privacy Policy was prepared in accordance with Federal Law no. 12.965 of 04/23/2014 (Civil Rights Framework for the Internet in Brazil), with Federal Law no. 13.709, of 08/14/2018 (Personal Data Protection Law) and with EU Regulation no. 2016/679 of 04/27/2016 (European General Data Protection Regulation – GDPR).
This Privacy Policy may be updated as a result of any regulatory update, which is why the user is invited to periodically consult this section.
2. USER RIGHTS
The site is committed to complying with the norms foreseen in the GDPR, respecting the following principles:
– The user’s personal data will be processed in a lawful, loyal and transparent manner (lawfulness, loyalty, and transparency);
– The user’s personal data will be collected only for specific, explicit, and legitimate purposes, and cannot be further treated in a way incompatible with those purposes (limitation of purposes);
– The user’s personal data will be collected in an appropriate, relevant, and limited way to the requirements of the purpose for which they are processed (data minimization);
– The user’s personal data will be accurate and updated whenever necessary so that the inaccurate data is erased or rectified when possible (accuracy);
– The user’s personal data will be preserved in a way that allows the identification of the data holders only for the period required for the purposes for which they are treated (conservation limitation);
– The user’s personal data will be treated securely, protected from unauthorized or illicit treatment, and against its accidental loss, destruction, or damage, adopting the appropriate technical or organizational measures (integrity and confidentiality).
The user of the site has the following rights, conferred by the Personal Data Protection Law and the GDPR:
– Right of confirmation and access: it is the user’s right to obtain from the site the confirmation that the personal data concerning him/her are or are not object of treatment and, if that is the case, the right to access his/her personal data;
– Right of rectification: it is the user’s right to obtain from the site, without undue delay, the rectification of inaccurate personal data concerning him/her;
– Right to data deletion (right to oblivion): it is the user’s right to have his/her data deleted from the site;
– Right to limit the treatment of data: it is the user’s right to limit the treatment of his/her personal data, obtaining it when he/she disputes the accuracy of the data, when the treatment is illegal, when the site no longer needs the data for the purposes proposed and when he/she has opposed the treatment of data and in case of unnecessary data treatment;
– Right of opposition: it is the user’s right, at any time, to object, for reasons related to his/her particular situation, to the treatment of personal data concerning him/her, and may also object to the use of his/her personal data for the definition of marketing profile (profiling);
– Right to data portability: it is the user’s right to receive the personal data that concerns him/her and that he/she has provided to the site, in a structured format, in current use and automatic reading, and the right to transmit that data to another site;
– Right not to be subjected to automated decisions: it is the user’s right not to be subject to any decision taken exclusively on the basis of automated treatment, including the definition of profiles (profiling), which has an effect on its legal sphere or affects it significantly in a similar way.
The user will be able to exercise his/her rights through written communication sent to the site with the subject «RGDP-https://smarthis.com», specifying:
– Full name or corporate name, CPF number (Individual Taxpayer Registry, Federal Revenue Service of Brazil) or CNPJ (National Registry of Legal Entities, Federal Revenue Service of Brazil) and e-mail address of the user and, if it is the case, of his/her representative; – Right that you wish to exercise with the site;
– The request date and user’s signature;
– Any document that can demonstrate or justify the exercise of your right.
The request must be sent to the e-mail: [email protected], or by mail, to the following address:
Avenida das Américas 3500 – Bl.4, Sl.310
Bairro Barra da Tijuca;
Rio de Janeiro – RJ;
Zip Code: 22640-102.
The user will be informed in case of rectification or deletion of his/her data.
3. DUTY NOT TO PROVIDE THIRD PARTY DATA
During the use of the site, in order to safeguard and protect the rights of third parties, the user of the site must provide only his/her personal data, and not those of third parties.
4. INFORMAÇÕES COLETADAS
The collection of data from users will be in accordance with the provisions of this Privacy Policy and will depend on the user’s consent, which is dispensable only in the cases provided for in art. 11, item II, of the Personal Data Protection Law.
4.1. Types of data collected
4.1.1. Data entered in the contact form
The data eventually informed by the user using the contact form available on the site, including the content of the message sent, will be collected and stored.
4.1.2. Sensitive data
Sensitive data from users will not be collected, thus understood those defined in articles 9 and 10 of the GDPR and in articles 11 et seq. Of the Personal Data Protection Law. Thus, among others, there will be no collection of the following data:
– Data that reveal racial or ethnic origin, political opinions, religious or philosophical convictions, or the union membership of the user;
– Genetic data;
– Biometric data to uniquely identify a person;
– User’s health data;
– Data related to the user’s sexual life or sexual orientation;
– Data related to criminal convictions or offenses or related security measures.
4.1.3. Collection of data not expressly provided
Eventually, other types of data not expressly provided for in this Privacy Policy may be collected, provided that they are provided with the user’s consent, or that the collection is permitted or imposed by law.
4.2. Legal basis for the treatment of personal data
By using the services of the site, the user is consenting to the present Privacy Policy.
The user has the right to withdraw his/her consent at any time, without compromising the lawfulness of the treatment of his/her personal data before the withdrawal. The withdrawal of consent can be made by e-mail: [email protected], or by mail sent to the following address:
Avenida das Américas 3500 – Bl.4, Sl.310
Bairro Barra da Tijuca;
Rio de Janeiro – RJ;
Zip Code: 22640-102.
The consent of the relatively or absolutely incapacitated, especially of children under 16 (sixteen) years old, can only be done, respectively, if properly assisted or represented.
The treatment of personal data without the user’s consent will only be carried out due to legitimate interest or for the cases provided for by law, that is, among others, the following:
– For the fulfillment of legal or regulatory obligation by the controller;
– To carry out studies by a research agency, ensuring, whenever possible, the anonymization of personal data;
– When necessary for the execution of an agreement or preliminary procedures related to an agreement to which the user is a party, at the request of the data subject;
– For the regular exercise of rights in judicial, administrative, or arbitration proceedings, the latter under the terms of Law no. 9.307, of September 23, 1996 (Arbitration Law);
– For the protection of life or physical safety of the data subject or third parties;
– For the protection of health, in a procedure carried out by health professionals or by health entities;
– When necessary to meet the legitimate interests of the controller or third parties, except where fundamental rights and freedoms of the data subject that require the protection of personal data prevail;
– For credit protection, including the provisions of the relevant legislation.
4.3. Purposes of the treatment of personal data
The personal data of the user collected by the site are intended to facilitate, streamline and fulfill the commitments established with the user and to enforce requests made by filling out forms.
Personal data may also be used for commercial purposes, to personalize the content offered to the user, as well as to provide the site with complementary information to improve the quality and operation of its services.
The treatment of personal data for purposes not provided for in this Privacy Policy will only occur upon prior notification to the user, and, in any case, the rights and obligations provided herein will remain applicable.
4.4. Period of retention of personal data
The user’s personal data will be kept for a period not exceeding that required to fulfill the purposes for which they are processed.
The data retention period is defined according to the following criteria:
The data will be stored for the time necessary for the provision of services provided by the company, which can vary from 1 to 5 years, according to the need to keep in touch for services and after-services.
The personal data of users can only be kept after the end of its treatment in the following cases:
– For the fulfillment of legal or regulatory obligation by the controller;
– For study by a research organization, ensuring, whenever possible, the anonymization of personal data;
– For the transfer to a third party, as long as the data treatment requirements provided for in the legislation are respected;
– For the exclusive use of the controller, access by a third party is prohibited and provided that the data is anonymized.
4.5. Recipients and transfer of personal data
Google Brasil Internet Ltda.
Av. Brigadeiro Faria Lima, 3477
Itaim Bibi – São Paulo – SP – Brazil
Zip Code 04538-133
Facebook Serviços Online do Brasil Ltda.
Rua Leopoldo Couto de Magalhães Júnior, 700 – 5º andar
Itaim Bibi – São Paulo – SP – Brazil
Zip Code 04542-000
5. TREATMENT OF PERSONAL DATA
5.1. The data controller
The data controller, responsible for the treatment of the user’s personal data, is the natural person or legal entity, the public authority, the agency, or other body that, individually or in conjunction with others, determines the purposes and means of treating personal data.
On this site, the person responsible for treating personal data collected and the Privacy Policy is Allexley Pacheco Bernacchi Alves, who can be contacted by e-mail: [email protected] or at:
Avenida das Américas 3500 – Bl.4, Sl.310
Bairro Barra da Tijuca;
Rio de Janeiro – RJ;
Zip Code: 22640-102.
The person responsible for treating the data will be directly responsible for treating the user’s personal data.
5.2. Data protection officer
The data protection officer is the professional in charge of informing, advising, and controlling the data controller, as well as the employees who treat the data, regarding the obligations of the site under the terms of the GDPR, the Law Protection of Personal Data, and other data protection provisions in national and international law, in cooperation with the competent supervisory authority.
On this site the data protection officer is Allexley Pacheco Bernacchi Alves, who can be contacted by e-mail: [email protected].
6. SECURITY IN THE TREATMENT OF USER’S PERSONAL DATA
The site undertakes to apply technical and organizational measures to protect personal data from unauthorized access and situations of destruction, loss, alteration, communication, or dissemination of such data.
To ensure security, solutions will be adopted that take into account: the appropriate techniques; application costs; the nature, scope, context, and purposes of the data treatment; and the risks to the user’s rights and freedoms.
The site uses an SSL (Secure Socket Layer) certificate which ensures that personal data is transmitted in a secure and confidential manner, so that the transmission of data between the server and the user, and in feedback, occurs in a fully encrypted manner.
However, the site disclaims liability for the sole fault of third parties, such as in the event of a hacker or cracker attack, or the exclusive fault of the user, as in the case where he/she transfers his/her data to a third party. The site also undertakes to notify the user within an adequate period of time in the event of any type of breach of the security of his/her personal data that may pose a high risk to their personal rights and freedoms.
The breach of personal data is a breach of security that causes, accidentally or unlawfully, the destruction, loss, alteration, disclosure, or unauthorized access to personal data transmitted, stored, or subject to any other type of treatment.
Finally, the site undertakes to treat the user’s personal data with confidentiality, within legal limits.
7. NAVIGATION DATA (COOKIES)
Cookies are small text files sent by the site to the user’s computer and which are stored there, with information related to the navigation of the site.
Through cookies, small amounts of information are stored by the user’s browser so that our server can read them later
For example, data about the device used by the user, as well as its location and time of access to the site, can be stored.
Cookies do not allow any files or information to be extracted from the user’s hard drive, and it is not possible to access personal information that has not come from the user or the way he/she uses the site’s resources.
It is important to note that not all cookies contain information that allows the user to be identified, and certain types of cookies can be used simply for the site to be loaded correctly or for its functionalities to work.
The information eventually stored in cookies to identify a user is considered personal data.
Accordingly, all rules provided for in this Privacy Policy are also applicable to them.
7.1. Third-party cookies
Some of our partners may set cookies on the devices of users who access our site.
These cookies, in general, aim at enabling our partners to offer their content and services to the user who accesses our site in a personalized way, by obtaining navigation data extracted from their interaction with the site.
The user will be able to obtain more information about third-party cookies, and about the way the data obtained thereof is treated, in addition to having access to the description of the cookies used and their characteristics, by accessing the following link:
Google Analytics: https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage
The entities in charge of collecting the cookies may transfer the information obtained to third parties.
7.2. Management of cookies and browser settings
The user will be able to oppose the registration of cookies by the site, just by disabling this option in his/her own browser or device.
The deactivation of cookies, however, may affect the availability of some tools and functionalities of the site, compromising its proper and expected functioning. Another possible consequence is the removal of user preferences that may have been saved, hindering his/her experience.
Below, there are some links to the help and support pages of the most used browsers, which can be accessed by the user interested in obtaining more information about the management of cookies in his/her browser:
Internet Explorer: https://support.microsoft.com/pt-br/help/17442/windows-internet-explorer-delete-manage-cookies
Safari: https://support.apple.com/pt-br/guide/safari/sfri11471/mac
Google Chrome: https://support.google.com/chrome/answer/95647?hl=pt-BR&hlrm=pt
Mozila Firefox: https://support.mozilla.org/pt-BR/kb/ative-e-desative-os-cookies-que-os-sites-usam
Opera: https://www.opera.com/help/tutorials/security/privacy/
8. COMPLAINT TO A CONTROL AUTHORITY
Without prejudice to any other means of administrative or judicial appeal, all data subjects are entitled to file a complaint with a supervisory authority. The complaint may be made to the authority of the site’s headquarters, the user’s country of habitual residence, his/her place of work, or the place where the infraction was allegedly committed.
9. CHANGES
This version of this Privacy Policy was last updated on: 05/07/2020.
The editor reserves the right to modify, at any time and without any prior notice, the site to the present standards, especially to adapt them to the evolution of the smarthis.com.br site, either by making new features available, either by deleting or modifying existing ones.
Thus, the user is invited to periodically consult this page to check for updates.
By using the service after any changes, the user demonstrates his/her agreement with the new standards. Should the user disagree with any of the changes, he/she should immediately stop accessing the site and submit his/her reservation about it to the customer service, if he/she so wishes.
10. GOVERNING LAW AND JURISDICTION
In order to resolve disputes arising from this instrument, Brazilian law will be fully applied.
Any disputes must be presented in the court of the district where the site editor is located.