Welcome!
This Privacy and Personal Data Protection Policy aims to inform you, the Personal Data Holder, about how we process your Personal Data, about your Rights and how to exercise them, and about the security measures we adopt in order to process Personal Data, and is composed of the following items:
-
General information and definitions
-
Scope of this Privacy Policy
-
What personal data do we process?
-
For what purposes do we Process your Personal Data?
-
What legal bases do we use to carry out the Processing of Personal Data?
-
Personal Data of Children and Adolescents
-
Who do we share your Personal Data with?
-
How and for how long is your Personal Data retained?
-
International data transfer parameters
-
What are your rights and how to exercise your rights as Personal Data Holders?
-
Security measures complied with
-
What are the laws applicable to Data Processing operations?
-
Final Provisions
-
Policy Update
1. General information and definitions
To understand this policy, we must consider the definitions as detailed below:
Personal Data Processing Agents: Controller and Operator, defined below;
Anonymization: use of profitable technical means available at the time of Processing, through which data loses the possibility of association, directly or indirectly, with an individual;
National Data Protection Authority (ANPD): Public administration body responsible for overseeing, implementing and monitoring compliance with the General Data Protection Law (LGPD) throughout the national territory.
Database: structured set of Personal Data, configured in one or more locations, in electronic or physical support.
Blocking: temporary suspension of any processing operation, through storage of Personal Data or the Database;
Consent: free, informed and unequivocal manifestation of the Holder's Agreement with the Processing of their Personal Data for a specific purpose;
Data Controller: natural or legal person responsible for making decisions regarding the Processing of Personal Data;
Cookies: text files sent to the user's browser with the aim of collecting and storing information about their visit, as well as their preferences, making their navigation more personalized and enjoyable.
Anonymized Data: data without the possibility of association, directly or indirectly, with an individual after the use of technical means available at the time of processing;
Personal Data: information linked or linkable to an identified or identifiable natural person;
Sensitive Personal Data: Personal Data about racial or ethnic origin, religious truth, political opinion, membership of a trade union or organization of a religious, philosophical or political nature, data relating to health or sexual life, genetic or biometric data, when linked to a natural person;
Deletion: deletion of data or a set of data stored in the Database, regardless of the procedure used;
Data Controller: natural or legal person appointed by the Operator or Controller to act as a communication channel between the Controller, Data Subjects and the National Data Protection Authority (ANPD);
General Personal Data Protection Law (LGPD): Federal Law No. 13,709, of August 14, 2018, which provides for the Processing of Personal Data, including in digital media, by a natural person or by a legal entity under public or private law, with the aim of protecting the fundamental rights of freedom and privacy and the free development of the natural person's personality;
Operator: natural or legal person who carries out the Processing of Personal Data on behalf of the Controller;
Platforms: websites and applications aimed at employees, partners, business partners and customers of SITE NAME , with their own URLs, as well as those aimed at third parties in general, including B2C applications, e-commerce and minisites maintained on third-party social networks.
Holder of Personal Data: natural person to whom the Personal Data subject to Processing refers;
Personal Data Processing: any operation carried out with Personal Data, such as those relating to collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation or control of information, modification, communication, transfer, dissemination or removal.
Legal Bases: requirements necessary for the processing of Personal Data.
Legitimate interest: more flexible possibilities of legal authorization for the processing of Personal Data.
2. Scope of this Privacy Policy
This Privacy Policy applies to all those who have personal data processed by SITE NAME , whether physically or digitally, including via Platforms.
3. What personal data do we process?
The main Personal Data processed by SITE NAME related to your experience on our Platforms are: Registration data and that you provide to us on our Platforms and Physical Stores
You, as Data Holder and customer of SITE NAME , may choose to register on our Platforms. To register, the following are requested: “Full Name”; “CPF”; “Date of Birth”; “Gender”; “Telephone”, “Address for delivery of orders”.
Payment details
Data required to make purchases through our Platforms: “Bank Details” (including “Card Details”). To issue a payment slip, the same information contained in the registration data is possible.
Data we collect automatically
We collect and store Personal Data through customer interaction on our Platforms. We use Cookies and obtain information about when you click on ads, access our website or access content and ads served by us on other sites. Among these, we highlight: cookies; logins; passwords; IP addresses; access and query records, etc. To learn more, you can consult our Cookies Policy, as well as control your preferences using the Cookie-Script tool pop-up, in the bottom right corner of our website page.
Whatsapp Sales
On our Platforms, there is the option to make an inquiry with a seller about a possible purchase to be made by you. To do so, we request: "Name” and "Telephone”.
3.1 How Do We Collect User Personal Data?
- Registration data: collected through our Platforms (website and application) and when you register in our physical stores.
- Payment data: collected through our Platforms (website and application), and when you make a purchase in our physical stores;
- Data we collect automatically: collected through our Platforms (website and application);
- Whatsapp Sales: collected through our Platforms (website and application);
4. For what purposes do we Process your Personal Data?
The Processing of your Personal Data is necessary so that we can offer our services with excellence to you, the user, in order to guarantee security, speed and personalization of your experience with our products. Learn now about some of the purposes of the Processing of your Personal Data by SITE NAME :
- Provide SITE NAME products, under the terms and quality agreed with customers, in order to guarantee the best possible experience, whether in the physical or digital environment;
- Improve our services and our customers’ experience, on our Platforms or physical stores, for administrative and people and product management purposes;
- Identify the profile, desires or needs of users, in order to improve the products and/or services offered by the company;
- Send information about products or services that interest your users;
- Protect your rights and the rights of other users of the SITE NAME services, as well as the rights of the company;
- Coordinate the delivery and availability of products purchased on the SITE NAME network;
- Send information about the status of your orders;
- Ensure the exchange or return of products, as established by the Consumer Protection Code;
- Carry out market analysis and research;
- To conduct selection processes;
- Admission or dismissal of employees;
- Ensuring the security of the SITE NAME facilities and protection of life;
- Disclose changes, innovations or promotions about SITE NAME products and services and its partners.
- Comply with obligations relating to the competent authorities.
5. What legal bases do we use to process Personal Data?
The LGPD requires the linking of the Processing of Personal Data to the legal bases admitted by it. Each Personal Data Processing operation of SITE NAME has an adequate legal basis in relation to the purpose of the processing. Below, we list the bases used for Data Processing by SITE NAME :
-
COMPLIANCE WITH LEGAL OR REGULATORY OBLIGATIONS: Compliance with obligations under the legal system for consumer, labor, tax purposes, among others related to the activities carried out by SITE NAME ;
-
CONSENT: Free, informed and unequivocal expression by which the Holder agrees to the Processing of his/her Personal Data for a specific purpose;
-
EXECUTION OR PREPARATION OF CONTRACTS: Purpose of executing and/or managing purchase and sale, employment and service provision contracts in general with clients, employees, partners and/or suppliers, as well as other types of contracts necessary for the exercise of the activities of SITE NAME ;
-
REGULAR EXERCISE OF RIGHTS: Guarantee of the regular exercise of rights in judicial, administrative or arbitration proceedings;
-
LEGITIMATE INTEREST: Legitimate interest of the company or third parties for legitimate purposes and which considers, based on specific situations, your expectations and respect for your fundamental rights and freedoms.
-
CREDIT PROTECTION: Purpose of granting or not granting credit to the Personal Data Holder, as well as defining their credit limits, through the analysis of their compliance information.
In any case, this Privacy Policy is aligned with the principles of the LGPD, strictly followed during all Personal Data Processing operations carried out by NOME DO SITE , which are:
-
Purpose: carrying out the Processing for legitimate, specific, explicit purposes informed to the Holder, without the possibility of subsequent Processing in a manner incompatible with these purposes;
-
Adequacy: compatibility of the Processing with the purposes informed to the Holder, in accordance with the context of the Processing;
-
Necessity: limitation of the Processing to the minimum necessary to achieve its purposes, covering pertinent, proportional and non-excessive data in relation to the purposes of the Data Processing;
-
Free access: guarantee, to the Holders, of easy and free consultation on the form and duration of the Processing, as well as on the integrity of their Personal Data;
-
Data quality: guarantee to Data Subjects of accuracy, clarity, relevance and updating of Data, according to the need and to fulfill the purpose of its Processing;
-
Transparency: guarantee, to the Holders, of clear, precise and easily accessible information about the performance of the Treatment and about the respective Treatment Agents, observing commercial and industrial secrets;
-
Security: use of technical and administrative measures capable of protecting Personal Data from unauthorized access and accidental or unlawful destruction, loss, alteration, communication or dissemination;
-
Prevention: adoption of measures to prevent the occurrence of damages due to the Processing of Personal Data;
-
Non-discrimination: impossibility of carrying out the Processing for discriminatory, unlawful or abusive purposes;
-
Accountability and accountability: demonstration, by SITE NAME , of the adoption of effective measures capable of proving observance and compliance with Personal Data protection standards and, including, the effectiveness of these measures, as established by this Privacy Policy.
We only use your Personal Data for the specific purposes set out in this Privacy Policy. This Policy will be reviewed and updated periodically, either due to new regulations on Data Processing or the updating of our Processing operations and internal procedures. The updated Privacy Policy will always be available on our Platforms for consultation.
6. Personal Data of children and adolescents**
THE NAME OF THE SITE does not sell products to children and adolescents, and the products must be purchased by adults over 18 years of age. In this sense, in order to make the purchase, minors must always be accompanied by their parents or guardians, and therefore their Personal Data will not be Processed. It is emphasized that NOME DO SITE is not responsible for the misuse of its Platforms, and it is the responsibility of parents and/or guardians to control the browsing experience of children and adolescents.
7. With whom do we share your Personal Data?
Your Personal Data is protected by SITE NAME and will only be shared when necessary to:
a. Comply with a judicial or administrative request from a competent authority;
b. Adequate provision of services on the SITE NAME network;
c. Facilitate businesses and/or services offered by SITE NAME that depend on the transfer of data to partners;
d. Intermediation of payments and financial transactions with partner companies;
e. Storage of information with external providers;
f. Marketing and Remarketing within the SITE NAME network;
g. Disclosure.
THE NAME OF THE SITE does not sell any information that can identify you. We only transfer your Personal Data to service providers, companies in the same group or competent authorities. Regarding the Processing of Data and information controlled by third parties, SITE NAME is responsible for:
a. Amend all current contracts with partners and/or service providers, in order to ensure commercial relationships are only operated with partners that maintain adequate Personal Data Processing parameters;
b. Commit to the continued education and training of its employees regarding data governance and the ethical, responsible and legitimate use of Personal Data processed by SITE NAME .
8. How long is your Personal Data retained?
THE NAME OF THE SITE will only retain your Personal Data for as long as necessary to fulfill the purpose for which it was collected, including to comply with applicable laws and regulations and court orders.
9. Parameters of international data transfer
The global nature of the Internet may require the transfer of your Personal Data to other countries. Should this occur, all Data Processing operations will be carried out based on the LGPD and other relevant national and international legislation, subject to the responsibilities of the Parties (Controller and Operator) guaranteed in legal agreements, in order to guarantee the security of your Personal Data, in accordance with international data transfer protection mechanisms and safeguards and in accordance with the terms of this Policy.
10. What are your rights and how to exercise them as a Personal Data Holder?
The Data Subject will be guaranteed the following rights in relation to the Personal Data processed, in accordance with the LGPD:
a. Right of confirmation and access;
b. Right of correction;
c. Right to Anonymization, Blocking or Deletion;
d. Right to portability;
e. Right to information;
f. Right to erasure (Personal Data processed with Consent);
g. Right to petition;
h. Revocation of Consent;
i. Review of automated decisions based on interest, or on the person's profile.
a. Right of confirmation and access: The Holder of Personal Data has the right to confirm with SITE NAME about the Processing or not of your Personal Data, as well as to confirm whether your Sensitive Personal Data is processed in any way by NOME DO SITE . In the case of the Processing of Personal Data, its Holder has the right to access it, thus having full knowledge of which of his/her Personal Data is processed.
b. Right to correction: The Holder of Personal Data has the right to request the rectification of his/her incomplete, inaccurate or outdated Personal Data, with SITE NAME having the right to the obligation to rectify them.
c. Right to Anonymization, Blocking or Deletion: the Holder has the right to request from SITE NAME the Anonymization, Blocking or Elimination of your Personal Data that is unnecessary, excessive or processed in non-compliance with the LGPD.
d. Right to portability: the Holder of Personal Data may request the portability of his/her Personal Data, by means of an express request, in accordance with ANPD regulations and in compliance with commercial and industrial secrets;
e. Right to information: The Holder of Personal Data has the right to be informed about the forwarding and sharing of his/her Personal Data to other entities, whether public or private.
f. Retention of Personal Data and right to erasure (Personal Data processed with Consent): Personal Data is retained only for the time necessary to fulfill the purpose of its Processing. The right to Erasure is the right of the Data Subject to have their Personal Data processed with their consent removed from the SITE NAME Database. This right is not absolute and may be denied in whole or in part. The LGPD authorizes the retention of Personal Data in the following cases: a) compliance with a legal or regulatory obligation by the Controller; b) study by a research body, ensuring, whenever possible, the Anonymization of Personal Data; c) transfer to third parties, provided that the requirements for Processing of Personal Data are met; or d) exclusive use by the Controller, prohibiting access by third parties, and provided that the Personal Data is Anonymized.
g. Right to petition: Under the terms of art. 18, §1º of the LGPD, the Holder has the right to file a complaint with the ANPD, whenever there is a demand that has not been resolved by the SITE NAME Manager. or if you feel that any of your rights have been violated due to the improper processing of your Personal Data.
h. Revocation of Consent: Whenever technically possible, the SITE NAME Platforms will contain banners, pop-ups and redirect links to a "Consent Management Form", through which the Holder may, in the most granular way possible, customize the consents granted to SITE NAME , including exercising their right to revoke any Consent previously given.
i. Review of automated decisions based on interest, or on the person's profile: the Data Subject has the right to request SITE NAME the review of decisions taken solely on the basis of automated processing of Personal Data that affect your interests, including decisions intended to define your personal, professional, consumer and credit profile or aspects of your personality.
You can exercise your rights through the email address: YOUR STORE CONTACT EMAIL
11. Security measures complied with
In order to guarantee the security of Personal Data processed by SITE NAME , the Processing Agents are responsible for the confidentiality of Personal Data provided by their Holders, adopting security measures for Data Processing since the conception of our Platforms.
SITE NAME has certifications and uses technologies. All payment transactions, whether by credit card or not, are carried out using SSL (Secure Socket Layer) technology, which guarantees the security of our customers' Personal Data traffic, such as delivery address, credit card details and order history, protected by strong encryption. SSL protects against improper disclosure, transmission and tampering of Personal Data.
We are certified by Site Blindado, a data security company focused on the protection and security of e-commerce platforms.
Furthermore, all information and Personal Data provided at the time of customer registration are stored with state-of-the-art encryption.
Our web and internal systems have preventive and reactive devices against invasions and cyberattacks, such as IPS (Intrusion Prevention System), Network and Application Firewalls and Anti-DDOS systems (prevention of denial of service attacks), ensuring the permanence of our services with greater protection for you.
If there is any security attack on the SITE NAME database that could cause damage or compromise the full privacy of the Personal Data being processed, we will inform the National Data Protection Authority and its Holders within a reasonable period of time.
In the event of incidents in which Data Subjects were affected, SITE NAME will inform via email which Personal Data was compromised, as well as which Data Subjects were directly affected, the risks generated by the attack, the security measures taken prior to the attack and what new measures will be adopted to reverse the effects generated.
12. What are the laws applicable to Data Processing operations?
The current Privacy Policy was designed and defined in accordance with Brazilian law, the Internet Civil Rights Framework, and Labor Laws, with an approach that goes beyond the General Personal Data Protection Law (“LGPD”). Any demand arising from the Processing of Data by SITE NAME will be processed under Brazilian law, and the jurisdiction of the Holder’s domicile will be competent to resolve any doubts arising from this Privacy Policy.
If the Holder is not domiciled in Brazil, disputes related to this Privacy Policy must be brought exclusively in the Court of the City of São Paulo.
13. Final Provisions
The Holder of Personal Data declares to be fully aware of his/her rights and the most appropriate way to exercise them, declaring to be informed that:
(i) cases of violation or suspected violation of this Privacy Policy may be reported to SITE NAME through the following contacts: YOUR STORE'S EMAIL or LINK TO YOUR STORE'S CONTACT PAGE
(ii) questions, suggestions or comments about this Privacy Policy can be sent to: YOUR STORE'S E-MAIL or LINK TO YOUR STORE'S CONTACT PAGE under the terms of art. 18, §1, of the LGPD, is aware of your right to propose permission to the ANPD body.
SITE NAME emphasizes that this Privacy Policy, the "Terms and Conditions of Use" and the "Cookies Policy" of SITE NAME include an integrated and inseparable set of rules. If there are potential conflicts between the internal rules and guidelines of SITE NAME , employees must guide their conduct considering the most restrictive rule/guideline.
14. Updating this Policy
This Policy will be reviewed and updated periodically, whether due to new regulations on Data Processing or the updating of our Processing operations and internal procedures. The updated Privacy Policy will always be available on our platforms for consultation.
Welcome!
This Privacy and Personal Data Protection Policy aims to inform you, the Personal Data Holder, about how we process your Personal Data, about your Rights and how to exercise them, and about the security measures we adopt in order to process Personal Data, and is composed of the following items:
-
General information and definitions
-
Scope of this Privacy Policy
-
What personal data do we process?
-
For what purposes do we Process your Personal Data?
-
What legal bases do we use to carry out the Processing of Personal Data?
-
Personal Data of Children and Adolescents
-
Who do we share your Personal Data with?
-
How and for how long is your Personal Data retained?
-
International data transfer parameters
-
What are your rights and how to exercise your rights as Personal Data Holders?
-
Security measures complied with
-
What are the laws applicable to Data Processing operations?
-
Final Provisions
-
Policy Update
1. General information and definitions
To understand this policy, we must consider the definitions as detailed below:
Personal Data Processing Agents: Controller and Operator, defined below;
Anonymization: use of profitable technical means available at the time of Processing, through which data loses the possibility of association, directly or indirectly, with an individual;
National Data Protection Authority (ANPD): Public administration body responsible for overseeing, implementing and monitoring compliance with the General Data Protection Law (LGPD) throughout the national territory.
Database: structured set of Personal Data, configured in one or more locations, in electronic or physical support.
Blocking: temporary suspension of any processing operation, through storage of Personal Data or the Database;
Consent: free, informed and unequivocal manifestation of the Holder's Agreement with the Processing of their Personal Data for a specific purpose;
Data Controller: natural or legal person responsible for making decisions regarding the Processing of Personal Data;
Cookies: text files sent to the user's browser with the aim of collecting and storing information about their visit, as well as their preferences, making their navigation more personalized and enjoyable.
Anonymized Data: data without the possibility of association, directly or indirectly, with an individual after the use of technical means available at the time of processing;
Personal Data: information linked or linkable to an identified or identifiable natural person;
Sensitive Personal Data: Personal Data about racial or ethnic origin, religious truth, political opinion, membership of a trade union or organization of a religious, philosophical or political nature, data relating to health or sexual life, genetic or biometric data, when linked to a natural person;
Deletion: deletion of data or a set of data stored in the Database, regardless of the procedure used;
Data Controller: natural or legal person appointed by the Operator or Controller to act as a communication channel between the Controller, Data Subjects and the National Data Protection Authority (ANPD);
General Personal Data Protection Law (LGPD): Federal Law No. 13,709, of August 14, 2018, which provides for the Processing of Personal Data, including in digital media, by a natural person or by a legal entity under public or private law, with the aim of protecting the fundamental rights of freedom and privacy and the free development of the natural person's personality;
Operator: natural or legal person who carries out the Processing of Personal Data on behalf of the Controller;
Platforms: websites and applications aimed at employees, partners, business partners and customers of SITE NAME , with their own URLs, as well as those aimed at third parties in general, including B2C applications, e-commerce and minisites maintained on third-party social networks.
Holder of Personal Data: natural person to whom the Personal Data subject to Processing refers;
Personal Data Processing: any operation carried out with Personal Data, such as those relating to collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation or control of information, modification, communication, transfer, dissemination or removal.
Legal Bases: requirements necessary for the processing of Personal Data.
Legitimate interest: more flexible possibilities of legal authorization for the processing of Personal Data.
2. Scope of this Privacy Policy
This Privacy Policy applies to all those who have personal data processed by SITE NAME , whether physically or digitally, including via Platforms.
3. What personal data do we process?
The main Personal Data processed by SITE NAME related to your experience on our Platforms are: Registration data and that you provide to us on our Platforms and Physical Stores
You, as Data Holder and customer of SITE NAME , may choose to register on our Platforms. To register, the following are requested: “Full Name”; “CPF”; “Date of Birth”; “Gender”; “Telephone”, “Address for delivery of orders”.
Payment details
Data required to make purchases through our Platforms: “Bank Details” (including “Card Details”). To issue a payment slip, the same information contained in the registration data is possible.
Data we collect automatically
We collect and store Personal Data through customer interaction on our Platforms. We use Cookies and obtain information about when you click on ads, access our website or access content and ads served by us on other sites. Among these, we highlight: cookies; logins; passwords; IP addresses; access and query records, etc. To learn more, you can consult our Cookies Policy, as well as control your preferences using the Cookie-Script tool pop-up, in the bottom right corner of our website page.
Whatsapp Sales
On our Platforms, there is the option to make an inquiry with a seller about a possible purchase to be made by you. To do so, we request: "Name” and "Telephone”.
3.1 How Do We Collect User Personal Data?
- Registration data: collected through our Platforms (website and application) and when you register in our physical stores.
- Payment data: collected through our Platforms (website and application), and when you make a purchase in our physical stores;
- Data we collect automatically: collected through our Platforms (website and application);
- Whatsapp Sales: collected through our Platforms (website and application);
4. For what purposes do we Process your Personal Data?
The Processing of your Personal Data is necessary so that we can offer our services with excellence to you, the user, in order to guarantee security, speed and personalization of your experience with our products. Learn now about some of the purposes of the Processing of your Personal Data by SITE NAME :
- Provide SITE NAME products, under the terms and quality agreed with customers, in order to guarantee the best possible experience, whether in the physical or digital environment;
- Improve our services and our customers’ experience, on our Platforms or physical stores, for administrative and people and product management purposes;
- Identify the profile, desires or needs of users, in order to improve the products and/or services offered by the company;
- Send information about products or services that interest your users;
- Protect your rights and the rights of other users of the SITE NAME services, as well as the rights of the company;
- Coordinate the delivery and availability of products purchased on the SITE NAME network;
- Send information about the status of your orders;
- Ensure the exchange or return of products, as established by the Consumer Protection Code;
- Carry out market analysis and research;
- To conduct selection processes;
- Admission or dismissal of employees;
- Ensuring the security of the SITE NAME facilities and protection of life;
- Disclose changes, innovations or promotions about SITE NAME products and services and its partners.
- Comply with obligations relating to the competent authorities.
5. What legal bases do we use to process Personal Data?
The LGPD requires the linking of the Processing of Personal Data to the legal bases admitted by it. Each Personal Data Processing operation of SITE NAME has an adequate legal basis in relation to the purpose of the processing. Below, we list the bases used for Data Processing by SITE NAME :
-
COMPLIANCE WITH LEGAL OR REGULATORY OBLIGATIONS: Compliance with obligations under the legal system for consumer, labor, tax purposes, among others related to the activities carried out by SITE NAME ;
-
CONSENT: Free, informed and unequivocal expression by which the Holder agrees to the Processing of his/her Personal Data for a specific purpose;
-
EXECUTION OR PREPARATION OF CONTRACTS: Purpose of executing and/or managing purchase and sale, employment and service provision contracts in general with clients, employees, partners and/or suppliers, as well as other types of contracts necessary for the exercise of the activities of SITE NAME ;
-
REGULAR EXERCISE OF RIGHTS: Guarantee of the regular exercise of rights in judicial, administrative or arbitration proceedings;
-
LEGITIMATE INTEREST: Legitimate interest of the company or third parties for legitimate purposes and which considers, based on specific situations, your expectations and respect for your fundamental rights and freedoms.
-
CREDIT PROTECTION: Purpose of granting or not granting credit to the Personal Data Holder, as well as defining their credit limits, through the analysis of their compliance information.
In any case, this Privacy Policy is aligned with the principles of the LGPD, strictly followed during all Personal Data Processing operations carried out by NOME DO SITE , which are:
-
Purpose: carrying out the Processing for legitimate, specific, explicit purposes informed to the Holder, without the possibility of subsequent Processing in a manner incompatible with these purposes;
-
Adequacy: compatibility of the Processing with the purposes informed to the Holder, in accordance with the context of the Processing;
-
Necessity: limitation of the Processing to the minimum necessary to achieve its purposes, covering pertinent, proportional and non-excessive data in relation to the purposes of the Data Processing;
-
Free access: guarantee, to the Holders, of easy and free consultation on the form and duration of the Processing, as well as on the integrity of their Personal Data;
-
Data quality: guarantee to Data Subjects of accuracy, clarity, relevance and updating of Data, according to the need and to fulfill the purpose of its Processing;
-
Transparency: guarantee, to the Holders, of clear, precise and easily accessible information about the performance of the Treatment and about the respective Treatment Agents, observing commercial and industrial secrets;
-
Security: use of technical and administrative measures capable of protecting Personal Data from unauthorized access and accidental or unlawful destruction, loss, alteration, communication or dissemination;
-
Prevention: adoption of measures to prevent the occurrence of damages due to the Processing of Personal Data;
-
Non-discrimination: impossibility of carrying out the Processing for discriminatory, unlawful or abusive purposes;
-
Accountability and accountability: demonstration, by SITE NAME , of the adoption of effective measures capable of proving observance and compliance with Personal Data protection standards and, including, the effectiveness of these measures, as established by this Privacy Policy.
We only use your Personal Data for the specific purposes set out in this Privacy Policy. This Policy will be reviewed and updated periodically, either due to new regulations on Data Processing or the updating of our Processing operations and internal procedures. The updated Privacy Policy will always be available on our Platforms for consultation.
6. Personal Data of children and adolescents**
THE NAME OF THE SITE does not sell products to children and adolescents, and the products must be purchased by adults over 18 years of age. In this sense, in order to make the purchase, minors must always be accompanied by their parents or guardians, and therefore their Personal Data will not be Processed. It is emphasized that NOME DO SITE is not responsible for the misuse of its Platforms, and it is the responsibility of parents and/or guardians to control the browsing experience of children and adolescents.
7. With whom do we share your Personal Data?
Your Personal Data is protected by SITE NAME and will only be shared when necessary to:
a. Comply with a judicial or administrative request from a competent authority;
b. Adequate provision of services on the SITE NAME network;
c. Facilitate businesses and/or services offered by SITE NAME that depend on the transfer of data to partners;
d. Intermediation of payments and financial transactions with partner companies;
e. Storage of information with external providers;
f. Marketing and Remarketing within the SITE NAME network;
g. Disclosure.
THE NAME OF THE SITE does not sell any information that can identify you. We only transfer your Personal Data to service providers, companies in the same group or competent authorities. Regarding the Processing of Data and information controlled by third parties, SITE NAME is responsible for:
a. Amend all current contracts with partners and/or service providers, in order to ensure commercial relationships are only operated with partners that maintain adequate Personal Data Processing parameters;
b. Commit to the continued education and training of its employees regarding data governance and the ethical, responsible and legitimate use of Personal Data processed by SITE NAME .
8. How long is your Personal Data retained?
THE NAME OF THE SITE will only retain your Personal Data for as long as necessary to fulfill the purpose for which it was collected, including to comply with applicable laws and regulations and court orders.
9. Parameters of international data transfer
The global nature of the Internet may require the transfer of your Personal Data to other countries. Should this occur, all Data Processing operations will be carried out based on the LGPD and other relevant national and international legislation, subject to the responsibilities of the Parties (Controller and Operator) guaranteed in legal agreements, in order to guarantee the security of your Personal Data, in accordance with international data transfer protection mechanisms and safeguards and in accordance with the terms of this Policy.
10. What are your rights and how to exercise them as a Personal Data Holder?
The Data Subject will be guaranteed the following rights in relation to the Personal Data processed, in accordance with the LGPD:
a. Right of confirmation and access;
b. Right of correction;
c. Right to Anonymization, Blocking or Deletion;
d. Right to portability;
e. Right to information;
f. Right to erasure (Personal Data processed with Consent);
g. Right to petition;
h. Revocation of Consent;
i. Review of automated decisions based on interest, or on the person's profile.
a. Right of confirmation and access: The Holder of Personal Data has the right to confirm with SITE NAME about the Processing or not of your Personal Data, as well as to confirm whether your Sensitive Personal Data is processed in any way by NOME DO SITE . In the case of the Processing of Personal Data, its Holder has the right to access it, thus having full knowledge of which of his/her Personal Data is processed.
b. Right to correction: The Holder of Personal Data has the right to request the rectification of his/her incomplete, inaccurate or outdated Personal Data, with SITE NAME having the right to the obligation to rectify them.
c. Right to Anonymization, Blocking or Deletion: the Holder has the right to request from SITE NAME the Anonymization, Blocking or Elimination of your Personal Data that is unnecessary, excessive or processed in non-compliance with the LGPD.
d. Right to portability: the Holder of Personal Data may request the portability of his/her Personal Data, by means of an express request, in accordance with ANPD regulations and in compliance with commercial and industrial secrets;
e. Right to information: The Holder of Personal Data has the right to be informed about the forwarding and sharing of his/her Personal Data to other entities, whether public or private.
f. Retention of Personal Data and right to erasure (Personal Data processed with Consent): Personal Data is retained only for the time necessary to fulfill the purpose of its Processing. The right to Erasure is the right of the Data Subject to have their Personal Data processed with their consent removed from the SITE NAME Database. This right is not absolute and may be denied in whole or in part. The LGPD authorizes the retention of Personal Data in the following cases: a) compliance with a legal or regulatory obligation by the Controller; b) study by a research body, ensuring, whenever possible, the Anonymization of Personal Data; c) transfer to third parties, provided that the requirements for Processing of Personal Data are met; or d) exclusive use by the Controller, prohibiting access by third parties, and provided that the Personal Data is Anonymized.
g. Right to petition: Under the terms of art. 18, §1º of the LGPD, the Holder has the right to file a complaint with the ANPD, whenever there is a demand that has not been resolved by the SITE NAME Manager. or if you feel that any of your rights have been violated due to the improper processing of your Personal Data.
h. Revocation of Consent: Whenever technically possible, the SITE NAME Platforms will contain banners, pop-ups and redirect links to a "Consent Management Form", through which the Holder may, in the most granular way possible, customize the consents granted to SITE NAME , including exercising their right to revoke any Consent previously given.
i. Review of automated decisions based on interest, or on the person's profile: the Data Subject has the right to request SITE NAME the review of decisions taken solely on the basis of automated processing of Personal Data that affect your interests, including decisions intended to define your personal, professional, consumer and credit profile or aspects of your personality.
You can exercise your rights through the email address: YOUR STORE CONTACT EMAIL
11. Security measures complied with
In order to guarantee the security of Personal Data processed by SITE NAME , the Processing Agents are responsible for the confidentiality of Personal Data provided by their Holders, adopting security measures for Data Processing since the conception of our Platforms.
SITE NAME has certifications and uses technologies. All payment transactions, whether by credit card or not, are carried out using SSL (Secure Socket Layer) technology, which guarantees the security of our customers' Personal Data traffic, such as delivery address, credit card details and order history, protected by strong encryption. SSL protects against improper disclosure, transmission and tampering of Personal Data.
We are certified by Site Blindado, a data security company focused on the protection and security of e-commerce platforms.
Furthermore, all information and Personal Data provided at the time of customer registration are stored with state-of-the-art encryption.
Our web and internal systems have preventive and reactive devices against invasions and cyberattacks, such as IPS (Intrusion Prevention System), Network and Application Firewalls and Anti-DDOS systems (prevention of denial of service attacks), ensuring the permanence of our services with greater protection for you.
If there is any security attack on the SITE NAME database that could cause damage or compromise the full privacy of the Personal Data being processed, we will inform the National Data Protection Authority and its Holders within a reasonable period of time.
In the event of incidents in which Data Subjects were affected, SITE NAME will inform via email which Personal Data was compromised, as well as which Data Subjects were directly affected, the risks generated by the attack, the security measures taken prior to the attack and what new measures will be adopted to reverse the effects generated.
12. What are the laws applicable to Data Processing operations?
The current Privacy Policy was designed and defined in accordance with Brazilian law, the Internet Civil Rights Framework, and Labor Laws, with an approach that goes beyond the General Personal Data Protection Law (“LGPD”). Any demand arising from the Processing of Data by SITE NAME will be processed under Brazilian law, and the jurisdiction of the Holder’s domicile will be competent to resolve any doubts arising from this Privacy Policy.
If the Holder is not domiciled in Brazil, disputes related to this Privacy Policy must be brought exclusively in the Court of the City of São Paulo.
13. Final Provisions
The Holder of Personal Data declares to be fully aware of his/her rights and the most appropriate way to exercise them, declaring to be informed that:
(i) cases of violation or suspected violation of this Privacy Policy may be reported to SITE NAME through the following contacts: YOUR STORE'S EMAIL or LINK TO YOUR STORE'S CONTACT PAGE
(ii) questions, suggestions or comments about this Privacy Policy can be sent to: YOUR STORE'S E-MAIL or LINK TO YOUR STORE'S CONTACT PAGE under the terms of art. 18, §1, of the LGPD, is aware of your right to propose permission to the ANPD body.
SITE NAME emphasizes that this Privacy Policy, the "Terms and Conditions of Use" and the "Cookies Policy" of SITE NAME include an integrated and inseparable set of rules. If there are potential conflicts between the internal rules and guidelines of SITE NAME , employees must guide their conduct considering the most restrictive rule/guideline.
14. Updating this Policy
This Policy will be reviewed and updated periodically, whether due to new regulations on Data Processing or the updating of our Processing operations and internal procedures. The updated Privacy Policy will always be available on our platforms for consultation.
Recommended for You
We Accept
