Privacy Policy

PROTEGE PRIVACY AND DATA MANAGEMENT POLICY  (“POLICY”)

  1. INTRODUCTION

The purpose of this Policy is to demonstrate the commitment of

PROTEGE S/A PROTECAO E TRANSPORTE DE VALORES, headquartered at Rua Visconde de Ouro Preto, 72, São Paulo, SP, Brazil, 01303-060 (“We/Us”)

CNPJ (Corporate Taxpayer ID): 43.035.146/0029-86

to the privacy and protection of your Data, in addition to establishing the rules on the Management of your Personal Data, within the scope of the services and features of the website https://www.protege.com.br/ (“Our Environment”), in accordance with the laws in force, with transparency and clarity along with You and the market in general.

As a condition for accessing and using the exclusive features of Our Environment, You declare that you have fully read and understood this Policy, thus granting your free and express agreement with the terms herein, including the collection of Data here mentioned, as well as their use for the purposes specified below. If You do not comply with the provisions of this Policy, You must discontinue your use or access to Our Environment.

SPECIAL NOTE FOR CHILDREN AND TEENAGERS UNDER THE AGE OF 16

Please do not register with Our Environments if you are under 16 years old.

SPECIAL NOTE TO LEGAL REPRESENTATIVES

Although we prohibit the registration of children and teenagers under the age of 16, parents must supervise online activities of their underage children.

The activities and registration of teenagers over 16 and under 18 must be assisted by parents or legal representatives.

  1. DATA COLLECTED
    • How we collect data. Data, including Personal Data, may be collected when You submit it or when You interact with Our Environment and services, which includes:

What do we collect?

What do we collect it for?

Registration data

Full name/Trade name

(i)                 To identify and authenticate You.

(ii)               To manage, provide services and comply with obligations arising from the use of our services.

(iii)             To expand our relationship, inform You about news, features, content and other events that we consider relevant to You.

(iv)              To guarantee the portability of the Registration Data to another Controller within the same branch of our activity, if requested by You, thus complying with the obligation of article 18 of the General Data Protection Act.

(v)                To share with other Protege Group companies for the provision of contracted services.

(vi)              To protect You by performing fraud prevention, credit and associated risks protection, in addition to complying with legal and regulatory obligations.

CPF/CNPJ

E-mail

Address

CEP (Zip Code)

Contact Phone/Cellphone

Digital Identification Data

Source Logic Gate and IP Address

(vii)            To identify and authenticate You.

(viii)          To comply with the legal record keeping obligations established by the Brazilian Civil Rights Framework for the Internet - Law 12.965/2014.

(ix)              To protect You by performing fraud prevention, credit and associated risks protection, in addition to complying with legal and regulatory obligations.

(x)                To manage and record your activities in Our Environment.

Device (operating system version)

Geolocation

Timestamps of each action You take

Screens You have accessed

Session ID

Cookies

Record of interactions with the Protege Group

LinkedIn public data

  • Necessary data. Many of our services depend directly on some data reported in the table above, mainly registration data. If you choose not to provide some of this Data, we may be unable to provide you with some or all of our services.
  • Update and Veracity of Data. You are solely responsible for the accuracy and veracity of the Data you provide. Be aware that it is your responsibility to ensure accuracy of your data and to keep it up to date.
    • Likewise, We are not obliged to process or manage any of your Data if there is reason to believe that such processing or management could imply any breach of any applicable law, or if you are using Our Environment for any illegal, unlawful or contrary to morality purpose.
  • The database formed through the collection of Data is our property and is under our responsibility, and its use, access and sharing, when necessary, will be made within the limits and purposes of the business described in this Policy.
  • Technologies employed. We employ the following technology(ies):
  • Cookies, and it is up to You to configure your Internet browser if you want to block them. In this case, some features that we offer may be limited. To find out more about the Cookies we collect and why we collect them, visit our Cookie Policy.
  • Our Environment uses the Google Analytics tool, which collects your browsing information, such as the IP address, browser used, language settings, pages accessed through cookies, anonymously and for analytical purposes, in accordance with your privacy information located at <https://policies.google.com/privacy?hl=en>.
    • All technologies used will always respect the current legislation and the terms of this Policy.

We do not use any type of solely automated decision that may impact You.

  1. HOW WE SHARE DATA AND INFORMATION
    • Data sharing hypotheses. The collected data and recorded activities can be shared:
  • With competent judicial, administrative or governmental authorities, whenever there is a legal determination, request, requisition or court order; and
  • Automatically, in case of corporate movements, such as merger, acquisition and incorporation.
  • With our partners, in order to fulfill the obligations arising from the use of our services, statistical studies and market intelligence, to develop offers and promotions and to inform about news, features, content and other events relevant to maintaining the relationship with You.
    • Data Anonymization. For market intelligence research purposes, disclosure of data to the press and advertising, the data provided by You will be shared anonymously, that is, in such a way that does not allow your identification.
  1. HOW WE PROTECT YOUR DATA AND HOW YOU CAN ALSO PROTECT IT
    • Sharing passwords. You are also responsible for the confidentiality of your Personal Data and you should always be aware that sharing passwords and access data violates this Policy and may compromise the security of your Data and of Our Environment.
    • Safety rules You should follow. It is very important that You protect your Data against unauthorized access to your computer or cellphone, account or password, in addition to making sure to always click “log out” when you are finished browsing on a shared computer. It is also very important that You know we will never send electronic messages requesting confirmation of data or containing attached executable files (extensions: .exe, .com, among others) or links to any kind of download.
    • Access to Personal Data, proportionality and relevance. Internally, Personal Data collected is accessed only by duly authorized professionals, respecting the principles of proportionality, necessity and relevance to our business objectives, in addition to the commitment to confidentiality and preservation of your privacy under the terms of this Policy.
    • External links. When You use Our Environment, You may be linked to other portals or platforms, which may collect your information and have their own Data Management Policy.
      • It is up to you to read the Privacy and Data Management Policies of such portals or platforms outside of Our Environment, and it is your responsibility to accept or reject them. We are not responsible for the privacy and data management policies of third parties, nor for the content of any websites, content or services linked to environments other than ours.
      • Partner services. We have business partners who, occasionally, can offer services through features or websites that can be accessed from Our Environment. Data provided by You to these partners will be their responsibility alone, thus being subject to their own data collection and use practices.
    • Third-party processing under our guideline. When third-party companies carry out Personal Data Management on our behalf, they will mandatorily respect the conditions set forth herein and all information security standards.
    • Communication by email. In order to optimize and improve our communication, we may receive a notification that you have opened an email sent to You by us, as long as this feature is available. It is important to stay alert, as emails are sent only through this domain: @protege.com.br.
  2. HOW WE STORE YOUR PERSONAL DATA AND ACTIVITY LOG
    • Personal Data collected and activity logs are stored in a safe and controlled environment for a minimum period, according to the table below:

STORAGE PERIOD

LEGAL BASIS

Registration data

5 years after the end of the relationship

Art. 12 and 34 of the Consumer Defense Code

Digital identification data

6 months

Art. 15, Brazilian Civil Rights Framework for the Internet

Other data

While the relationship lasts and there is no request of erasure or revocation of consent

Art. 9, Item II of the General Data Protection Act

  • Longer storage times. In order to ensure the audit, security, fraud control, credit protection and preservation of rights, we may keep the registration history of your Data for a longer period in the event that the law or regulatory standard so establishes or for the preservation of rights.

The collected Data will be stored on our servers located in Brazil, as well as in an environment of use of resources or servers in cloud computing, which may require a transfer and/or processing of this Data outside Brazil.

  1. YOUR RIGHTS AND HOW TO EXERCISE THEM
    • Your basic rights. You can request confirmation of the management of Personal Data, in addition to the display or rectification of your Personal Data, through our Customer Service Channel or contact our Data Protection Officer through privacy@protect.com.br.
    • Limitation, opposition and exclusion of data. Through our Service Channels, you can also request:
  • Limiting the use of your Personal Data;
  • Express your opposition and/or revoke consent regarding the use of your Personal Data; or
  • Request the deletion of your Personal Data collected by Us.
    • Bear in mind that, if You withdraw your consent to purposes which are critical to the regular functioning of Our Environment and services, such environments and services may become unavailable to You.
    • If You request the deletion of your Personal Data, the Data may need to be kept for longer than the request for deletion, pursuant to Article 16 of the General Data Protection Act, in order to (i) comply with a legal or regulatory obligation, (ii) be studied by a research body, and (iii) be transferred to a third party (subject to the data management requirements set forth by the same Act). In all cases by means of the anonymization of Personal Data, whenever possible.
    • After the maintenance period and the legal need, Personal Data will be deleted using safe disposal methods or used anonymously for statistical purposes.
  1. INFORMATION ABOUT THIS POLICY
    • Update and content change. You hereby acknowledge our right to change the content of this Policy at any time, according to our purpose or need, such as for the adequacy and legal compliance to a provision of law or standard that has equivalent legal force, and it is your responsibility to check it whenever you access to Our Environment.
      • In the event of updates to this document, which require a new collection of consent, You will be notified through the contact channels You have informed.
    • If any point of this Policy is considered unenforceable by the Data Management or Legal Authority, the remaining conditions will remain in full force and effect.
    • Electronic Communication. You acknowledge that all communication carried out by email (to the addresses informed in your registration), text message, instant communication applications or any other digital form, are also valid, effective and sufficient for the disclosure of any subject that refers to the services we provide, to your Data and to the conditions of its provision or to any other matter addressed in it, with the exception of whatever this Policy provides as such.
    • Service Channels. In case of any doubt regarding the provisions contained in this Privacy and Data Management Policy, contact us through the service channels within Our Environment at “Fale Conosco” (https://www.protege.com.br/fale-conosco/), or directly at our office at Rua dos Coqueiros, 1300, Santo André – SP, CEP (Zip Code): 09,080-010.
    • Applicable law and jurisdiction. This Policy shall be construed in accordance with the Brazilian law, in Portuguese language, being the jurisdiction of your domicile chosen to settle any dispute involving this document, except for specific provisions of personal, territorial or functional competence by the applicable legislation.
      • If you are not domiciled in Brazil, and since the services are offered by the Company only in the Brazilian territory, you hereby submit to the Brazilian law, and therefore agree that, in the event of a dispute to be resolved, the proceedings shall be brought into the Judicial District of São Paulo.
  1. GLOSSARY
    • For the purposes of this Policy, the following definitions and descriptions shall be considered for your better understanding:
  • Anonymization: Use of reasonable and available technical means at the time of Management, whereby data loses the possibility of association, directly or indirectly, with an individual.
  • Cloud Computing: A service virtualization technology built from the interconnection of more than one server through a common information network (e.g. the Internet), aiming to reduce costs and increase the availability of sustained services.
  • Access Account: Credential required to use or access the features of Our Environments.
  • Cookies: Small files sent by the Platform, which are saved on your devices and store preferences and other minor information, in order to personalize your browsing experience according to your profile.
  • Data: Any information entered, managed or transmitted through Our Environments.
  • Personal data: Data related to identified or identifiable natural person.
  • Sensitive Personal Data: Personal data concerning racial or ethnic origin, religious belief, political opinion, union membership, organization of religious, philosophical or political character, data relating to health or sexual life, and genetic or biometric data, linked to a natural person.
  • Solely automated decisions: These are decisions that affect a user which have been programmed to function automatically, without the need for human operation, and are based on automated management of personal data.
  • Data Protection Officer (DPO): Person appointed by Us to act as a communication channel between the controller, data holders and the National Data Protection Authority (ANPD).
  • Protege Group: Defines the economic group to which Protege is inserted, with the companies:
  • Session ID: Identification of user session when accessing Our Environment.
  • IP: Abbreviation for Internet Protocol. It is an alphanumeric set that identifies users’ devices on the Internet.
  • Logs: Activity logs of any users using Our Environment.
  • Our Environment: Designates Protege's website https://www.protege.com.br/ made available for access to our users and other audiences.
  • Management: Any operation performed with Personal Data, such as those referring to the collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, elimination, evaluation or control of information, modification, communication, transfer, diffusion or extraction.

 

Update: September 18, 2020.

Top