CLEARTECH S.A. (“Cleartech”)
Headquarters: Alameda Rio Negro, No. 585, Alphaville Neighborhood, Barueri/SP, ZIP Code 06454-000
CNPJ: 03.572.137/0001-09
This Policy aims to demonstrate our commitment to safeguarding your privacy and protecting your Personal Data by establishing the rules on Data Processing, explaining your rights, and how to exercise them.
Please read this Policy carefully, and if you still have any questions, feel free to contact us through the provided Contact Channels.
For a better understanding of this Policy, the following definitions should be considered:
– Algorithm: A set of rules that provide a sequence of operations capable of solving a specific problem or performing a task.
– Personal Data: Data related to a natural person that can identify or make them identifiable. For example: name, email, ID number, personal preferences, IP address, geolocation.
– Sensitive Personal Data: Any Data about racial or ethnic origin, religious belief, political opinion, membership in a trade union or religious, philosophical, or political organization, data concerning health or sexual life, genetic or biometric data when linked to a natural person.
– Data Protection Officer (DPO): The person designated by Cleartech to act as a communication channel between us, the Personal Data Subjects, and the National Data Protection Authority (ANPD).
– Applicable Legislation: All legislation regarding privacy and protection of Personal Data, especially Law No. 13.709/2018 (General Data Protection Law – LGPD).
– Our Environments: Refers to the website https://www.cleartech.com.br/ and its subdomains (“Site”), as well as physical environments.
– Policy: This Privacy and Personal Data Processing Policy.
– Personal Data Subject: You, the natural person to whom the Personal Data refers, whether as a Site user and/or Cleartech client.
– Processing: Any operation performed with Personal Data, such as collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation or control of information, modification, communication, transfer, dissemination, or extraction.
SPECIAL NOTE FOR SENIORS
If you are over 60 years old, be aware that we recognize the risk of processing your personal data and are committed to taking all appropriate measures to protect it. Furthermore, we commit to treating your data in a:
– Clear;
– Simple;
– Accessible; and
– Understandable manner.
How we process Data. Data may be processed when you interact with Our Environments.
What do we process?
Full Name;
E-mail;
Telephone;
Images from Surveillance Cameras;
Profession;
Educational Background;
What do we process for?
Identification: to identify you.
Provision of Services: to fulfill the obligations arising from our services, to promote your contact with us and to manage your questions, complaints, compliments, suggestions and requests.
Personalization of services: to promote satisfaction and preference surveys, collecting this information to improve our services every day, to better understand your preferences and evaluate the quality and your impressions of our products, as well as for statistical and advertising purposes.
Communication and Relationship: to expand our relationship, inform you about news, features, content, news and other events that we consider relevant to you.
Access to Our Environments: to enable you to access and use the resources and features of Our Environments, including entry to our physical units and office receptions.
Registration in the Talent Bank: we may process your Personal Data, including that contained in your resume submitted by You, for the exclusive purposes of recruitment and selection by the company.
Guarantee of Rights: to ensure compliance with your rights regarding your Personal Data, complying with the obligation of article 18 of the LGPD.
Reporting Channel
Responding to the report: if You choose to identify Yourself, for the purpose of investigating the report made on our channel.
Legal Obligation: to comply with the legal obligations to which we are subject related to the report made.
Digital Identification Data
Identification: To identify and authenticate you;
Legal Obligations: to comply with a legal or regulatory obligation, including for the purposes established by Law No. 12,965/2014 (“Marco Civil da Internet”).
Updating and veracity of Data: You are solely responsible for the accuracy, veracity or updating of the Data you provide to us. We are not obliged to process your Data if there are reasons to believe that such Processing may impute us to be in violation of any applicable law, or if you are using our environments for any illegal or illicit purposes.
Database: The database formed through the collection of Data is our property and is under our responsibility, and its use, access and sharing, when necessary, will be done within the limits and purposes described in this Policy.
We do not use any type of solely automated decision that affects your interests.
Data Sharing Scenarios. Processed Data and recorded activities (logs) may be shared:
– i. With competent judicial, administrative, or governmental authorities whenever there is a legal determination, request, requisition, or order to that effect;
– ii. With companies that make up the Economic Group to which Cleartech belongs, including its subsidiaries, always in compliance with the guidelines of this Policy;
– iii. With service providers or partner companies, to facilitate, provide, or perform activities related to Our Environments;
– iv. Automatically, in the case of corporate movements, such as mergers, acquisitions, or incorporation of Cleartech.
If you have any questions about with whom we share your Data, please contact us through the Contact Channels provided at the end of this Policy.
Security and Governance Practices. To safeguard your privacy and protect your Data, we have a governance program that contains best practice rules, internal policies, and procedures, which establish conditions of organization, training, educational actions, and mechanisms for supervision and risk mitigation related to the Processing of Personal Data.
Data Access, Proportionality, and Relevance. Internally, processed Data is accessed only by duly authorized professionals, respecting the principles of proportionality, necessity, and relevance to our business objectives, in addition to the commitment to confidentiality and preservation of your privacy as per this Policy. In the event of individual leaks or unauthorized access to your Personal Data, we may promote, provided these represent significant harm or risk to you and you agree, direct reconciliation under the terms of Art. 52, § 7º, of the General Data Protection Law.
External Links. When you use Our Environments, you may be directed via link to other sites, portals, or platforms that may collect your Data and have their own privacy policy. It is your responsibility to read those policies and accept or reject them. We are not responsible for the privacy policies of third parties nor for the content of any sites or services linked to environments other than ours.
Third-Party Processing Under Our Direction. We strive to carefully evaluate our partners and service providers and establish contractual obligations of confidentiality, information security, and Data protection with them, aiming to protect you.
Storage Location. Processed Data and logs are stored in a secure and controlled environment, possibly on our servers located in Brazil, as well as in a cloud computing environment, which may require the transfer and/or processing of your Data outside of Brazil. These transfers involve only companies that demonstrate compliance with applicable laws, maintaining a level of compliance similar to or stricter than that provided in Brazilian law.
Storage Period. We store Data only for as long as necessary to fulfill the purposes for which they were processed or to comply with any legal, regulatory obligations, or for the preservation of rights.
Data Disposal. Once the maintenance period and legal need have ended, the Data will be deleted using secure disposal methods or anonymized for statistical purposes.
Your Basic Rights. The Data is yours, and applicable legislation brings a series of rights related to them, which can be exercised by you through a request to our Data Protection Officer via the Contact Channel provided at the end of this Policy.
– i. Confirmation and Access: You can request confirmation of the existence of Processing and access to your Data, including by requesting copies of records we have about you.
– ii. Correction: You can request the correction of your Data that is incomplete, inaccurate, or outdated.
– iii. Anonymization, Blocking, or Deletion: You can request the anonymization of your Data so that it can no longer be related to you, the blocking of your Data, temporarily suspending the possibility of Processing for certain purposes, or the deletion of your Data.
– iv. Portability: You can request that we provide your Data in a structured and interoperable format for transfer to a third party, respecting our intellectual property or trade secrets.
– v. Information about Sharing: You can request information about third parties with whom we share your Data, limiting this disclosure to information that does not violate our intellectual property or trade secrets.
– vi. Consent Withdrawal: You can choose to withdraw consent for a specific purpose to which you had consented. This withdrawal will not affect the legality of any Processing carried out previously. If you withdraw your consent for fundamental purposes for the regular functioning of our environments and services, these may become unavailable to you.
– vii. Objection: You can object to the Processing of your Data if you disagree with any purpose.
– viii. Review: In case of decisions based exclusively on automated Processing, you can request the review of the decision, indicating your interests that may have been affected.
Request. For your safety, whenever you submit a request to exercise your rights, we may ask for additional information to verify your identity, seeking to prevent fraud.
Non-compliance with Requests. We may fail to comply with some requests for the exercise of rights if compliance would violate our intellectual property or trade secrets, as well as when there is a legal or regulatory obligation to retain Data. Additionally, we may fail to comply with your request if we need to retain the Data to enable our defense or that of third parties in any disputes.
Response to Requests. We are committed to responding to all requests within a reasonable time and always in accordance with applicable legislation.
Alteration and Update. You acknowledge our right to change the content of this Policy at any time, according to purpose or need. If relevant updates occur in the Policy, you will be notified through the contact details you provide or by disclosure on our official profiles.
Inapplicability. If any point of this Policy is deemed inapplicable by a Data Authority or judicially, the other conditions will remain in full force and effect.
Contact Channels. In case of any questions regarding the provisions of this Policy, including the exercise of your rights, you can contact our Data Protection Officer, who is available at the following addresses:
– Data Protection Officer: Peck Advogados
– Contact Email: dpo@cleartech.com.br
– Request Form: Contact our DPO – Cleartech
Applicable Law. This Policy will be interpreted in accordance with Brazilian legislation, in the Portuguese language.
Update: May 23, 2024