HIGEX develops and applies technical and organizational measures to protect personal data against unauthorized or unlawful processing, as well as accidental loss, alterations, disclosure, access, destruction, accidental damage, among other situations related to confidentiality, availability and integrity of personal data under its control.
In situations where HIGEX or our employees act as operators, we act in compliance with applicable legislation, good data privacy practices and in accordance with the instructions provided by the related controller.
To this end, we promote training and awareness campaigns to disseminate good data privacy practices to all our employees, in order to promote compliance with applicable legal obligations.
2. YOUR PERSONAL DATA AND HOW WE USE THEM
In general, personal data processed by the company’s employees are collected directly from the holders themselves, who have a contractual relationship or have shown interest in developing a relationship with us. With the exception of information required by law and applicable internal policies, to ensure compliance with legal obligations and the execution of the services provided, the data subject’s decision to provide us with his/her personal data is voluntary.
However, it is important to emphasize that the non-provision of the data of the holder may make actions in the treatment of these data unfeasible, given the nature of the related activities.
In other situations, personal data may be sought from other sources, such as publicly available data or data provided by public authorities, suppliers, contracted parties, other business partners and related sources, always taking into account the legal basis required for processing this data and its respective applicable legislation.
Data collection can take place directly and indirectly. Directly, when performing registration to receive information, commercial contacts, filling out forms, sending employment resumes, participating in recruitment and selection processes, drafting and signing contracts, among other actions related to the execution of our activities. Indirectly, when collected through existing technology on our website and applications, to provide a more positive user experience.
2.2 WHAT DATA DO WE COLLECT?
Regarding the personal data processed within the scope of our activities, we highlight:
2.2.1 Registration data: Registrations may include name, email address, address, Individual Taxpayer Registry Number (CPF), telephone, image, photo, audio, among other data related to the purpose of the registration in question and any legal or contractual obligations linked (Employee File, Supplier Registration, Portfolio of Customers, Participants in Selection Processes, Registration of Visitors, among others).
Contact details: Information obtained through inquiries, requests and interactions carried out through our contact forms and means of communication, commercial and relationship activities, among others.
2.2.2 Financial transaction data: Referring to transactions carried out through our Services, including for the purchase of products and/or services. Transaction data can include your address, Individual Taxpayer Registry Number (CPF), financial and banking data and credit card number, among others.
2.2.3 Computing Data are data relating to the use of our websites, products, cloud services and applications and through the use of these: The use of this data may include your IP address, cookies, geographic location, browser type and version, operating system, time of visit to our websites, number of uses of the Services, date of visit, among others.
The collection of sensitive data takes place for clear purposes and with a legal basis for such, such as compliance with legal obligations, of which we highlight the Employee File, and legitimate interest for the operationalization of our activities, of which we highlight biometric point registration and periodic examinations.
Other purposes may be applied, while a specific term is applied for your knowledge and/or acceptance of the treatment in question.
It is important that you become aware of how we treat your personal data, in other words for what purpose your data is collected and on what legal basis, i.e., on what basis your personal data are processed.
We highlight the following purposes and legal bases of processing:
|TIPOS DE DADOS||FINALIDADE||BASE LEGAL|
|Registration Data||Register companies interested in our products/services.||Contract Execution|
|Contact Details||Contact and assist the customer with the information and queries he requests.||Contract Execution|
|Financial Transaction Data||Allow customer payment and tax proof.||Contractual Execution|
|Computer Data||Customizing the customer experience on the website.||Legitimate Interest|
|Resume||Recruitment and selection process.||Consent|
Personal data are processed for the purposes and in accordance with the bases mentioned above, not limited to these as a specific term is applied for knowledge and/or acceptance of the processing in question by the data subject in the case of processing sensitive data.
Personal data under the control of HIGEX will not be used for purposes that are not compatible with those informed to the data subject, except for the exceptions provided for by law. If other personal data are collected and processed, this document will be updated and disclosed in accordance with any legal requirements.
3. DATA TRANSFER TO THIRD PARTIES
We may disclose your personal data with members of our partner companies, this means that we may share personal data with HIGEX subsidiaries, controllers and operators, in order to carry out data processing. HIGEX partners, with whom we share personal data, are not necessarily physically present in Brazil and may be located in other countries.
In the data transfer process, we consider the need to transfer personal data to carry out the processing of personal data, as well as the purposes and applicable legal bases.
We may disclose your personal data to our insurance companies and/or professional advisers, to the extent reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing risks, obtaining professional advice or entering, exercising or defending administrative, arbitration and/or legal actions.
In addition, we may disclose your data to our suppliers and service providers to the extent reasonably necessary to provide you with our products and/or services and ensure the security in their use and in the use of your personal data, such as suppliers, software companies, marketing and customer service, network providers and cloud services.
Such third parties may be located in other countries or have their servers in different regions.
Financial transactions related to our services and the purchase of our products and/or services are handled by our financial service providers, and we share transaction data with our payment service providers only to the extent necessary for the purposes of processing payments, refund amounts and handle complaints and inquiries related to these matters.
In addition to the specific disclosures of personal data set forth in this item, we may disclose your personal data whenever such disclosure is necessary to fulfill a legal and/or regulatory obligation to which the company is subject, as well as to protect your vital interests or vital interests from another data subject.
Prior to sharing, we will take necessary precautions to ensure that the related personal data will be adequately protected as required by applicable law.
HIGEX has offices and facilities in different locations, in addition to having suppliers in other countries (website hosting, cloud services, payment gateways, technical support, development, modeling, customization, among others). Therefore, we may transmit your data outside Brazil for the purposes indicated above.
In addition, we take the appropriate measures and enter into the necessary contracts with your suppliers and offices to ensure that the processing of personal data outside Brazil is carried out in accordance with the General Data Protection Law (GDPL) and in compliance with internal policies.
4. PERSONAL DATA STORAGE AND DELETION
We store personal data only for as long as necessary, according to specific procedures for record retention and management: During the relationship with the Data Subject, during the period necessary to comply with our legal and contractual obligations and regular exercise of rights, as long as the consent of the Data Subject lasts.
We will retain your personal data in accordance with the appropriate legal bases provided by law. Given the nature of the business model, in some cases it will not be possible to specify in advance the storage period for your personal data, given the relationship between the parties. In such cases, we will determine how long your personal data will be stored based on the following criteria:
a) Existence of specific law or regulation requiring a fixed period for data retention;
b) Existence of judicial, administrative or arbitration proceedings;
c) Information requests made by government authorities; and
d) Internal policies.
5. HOW CAN I EXERCISE MY RIGHTS
The data subjects may exercise the following rights regarding their personal data:
a) Right of access;
b) Right of correction;
c) Right to object to data processing;
d) Right to data portability;
e) Right to claim before the competent authorities; and
f) Right to withdraw consent.
The data subjects may exercise their rights by sending a written notification to the Data Protection Officer (DPO). Identity and contact information is provided on our website available at www.higex.com.
The data subject will be able to confirm the existence of the processing of his personal data, in addition the data subject has the right to access his personal data. A copy of their personal data will be provided to the data subjects if the rights and freedoms of third parties are not affected in this process.
The data subjects may request the deletion of their personal data, without undue delay, in the following situations:
a) When their personal data are no longer necessary for the fulfillment of the data processing purpose.
b) When the data subject withdraws his consent to the processing of data that is legally based on consent, such as sensitive data, underage’ data and data transfer, under the terms and definitions provided for by the GDPL;
c) When your personal data are used for marketing purposes; and
d) When personal data are processed illegally.
It is important to emphasize that there are exceptions regarding the exercise of the data subject’s right in case he or she opposes the processing of their data.
Exceptions occur when the processing of personal data is necessary to comply with legal and/or regulatory obligations, to exercise the right in judicial, administrative or arbitration proceedings and, finally, in the exercise of the legitimate interest of HIGEX, providing justification as to the legal bases and purposes under the GDPL.
The data subject may file a complaint with the National Data Protection Authority (ANPD), requesting that HIGEX immediately interrupt the processing in question, if he considers that the processing of his personal information violates data protection law (GDPL).
6. CHILDREN AND ADOLESCENT DATA
We do not collect data from children and adolescents, that is, individuals under the age of 18 years.
7. COOKIES, IDENTIFIERS, TRACKING AND THIRD-PARTY INFORMATION
Blocking all cookies will have a negative impact on the usability of many websites. If you block cookies, the resources available on our portals and electronic applications may have their operation compromised.
a) Authentication: identifies when the user uses our portals and electronic applications;
b) Status: helps to determine if the user is logged into our portals and electronic applications;
c) Customization: stores information about your preferences, in order to customize services for the user;
d) Security: security element, used to protect users’ accounts, including preventing the fraudulent use of login credentials, to protect our portals, electronic applications and services in general;
e) Advertising: helps determine and display ads that will be relevant to the user experience;
f) Analysis: helps analyze the use and performance of our website and services; and
Most browsers allow you to refuse to accept cookies and to delete cookies, the methods for doing this vary from browser to browser and their versions. Blocking all cookies will negatively impact the use of many websites and may compromise the proper functioning of the website.
In addition to identifiers, cookies, we also use Web Beacons to manage the content of our Sites.
Web Beacons are associated with the sending of emails and other communications that the user receives from HIGEX and our offices.
Web Beacons help us track user responses and interests in order to provide relevant content and services.
We may use third party services, such as open search tools and social networks, to obtain information about the user in order to enrich your personal data by obtaining publicly available information about you, such as your position, employment history and contact information.
|01||28/05/2021||Document issue||Jéssica Maria Machado||Executive Board|