Introduction
Digital transformation and innovation mean that human rights that are fundamental for each individual must be respected by controllers and operators using personal data around the world.
Individuals, companies, and governments are being inserted into a new global scenario from which there is no turning back. With this in mind, numerous adjustments, adaptations, and improvements are necessary to preserve the rights of data holders and mitigate the risk of potential violations.
Dânica therefore makes use of existing best practices for Compliance and Digital governance, adhering to the parameters contained in the Brazilian General Data Protection Law (LGPD), the Consumer Defense Code (CDC), and the Brazilian Civil Rights Framework for the Internet.
We seek to foster a culture of data protection throughout all of our commercial relationships and internal processes that is guided by the principles of transparency, purpose, and non-discrimination, among others. For these purposes, Dânica, with support from its Senior Management, has created a Privacy and Data Protection Committee containing practices for training, auditing, a communications channel for data holders, and recommendations for DPOs.
Additionally, there are a wide range of documents providing support and structure to the Compliance and Data Protection Program. Included among these documents is this Privacy Policy, Information Security Policy, Legitimate Interest Assessment (LIA), the Data Protection Impact Assessment (DPIA), and other policies establishing internal procedures for handling and eliminating personal data.
Through this program, Dânica reaffirms its commitment to authorities, clients, and third parties in general with regards to respecting fundamental rights to privacy, association, and freedom in the processing of all of its personal data.
Sincerely,
Senior Management
Dânica Soluções Termoisolantes Integradas S.A.
I. What is the purpose of this Privacy Policy?
1.1. The purpose of this Privacy Policy is to demonstrate the commitment made on the part of DÂNICA SOLUÇÕES TERMOISOLANTES INTEGRADAS S.A. (“DÂNICA”), legal entity governed under private law, registered under CNPJ/MF (Corporate Taxpayer Identification Number) nº 42.506.618/0001-78, as well as its branches, affiliates, and controlled companies, with regards to the privacy and protection of data held by third parties.
1.2. This Policy establishes rules for the handling, registration, storing, use, sharing, enrichment, and elimination of data collected within the scope of services offered by DÂNICA.
1.3. The conditions set forth herein ensure that the requirements of current Brazilian standards regarding privacy and data protection, in particular Federal Law nº 13.709/2018 (Brazilian General Data Protection Law - LGPD), are met.
1.4. DÂNICA may process data held by a variety of Data Holders throughout the process of contracting its services, carrying out of selection processes for job vacancies, and during the use of its website/portal. Data collected during these operations may be divided into three general categories: (i) personal data - used for the purposes of registration, (ii) financial data - used for analysis/credit approval, and (iii) data for digital identification – used to fulfill legal and regulatory requirements, as well as obligations in relation to safety and improving the Data Holder/User's experience.
1.5. DÂNICA's collection of data belonging to the Data Holder may be carried out through the following means: website/portal, telephone, e-mail, and WhatsApp, among other applications.
1.6. DÂNICA may process data and information obtained through means of access to its website/portal by the Data Holder. In this case, DÂNICA may collect information related to the characteristics of the device and browser used to access their website/portal, the Internet Protocol (IP address containing the data, time, and origin of access), information regarding user clicks, webpage access, or any search term entered, among other information.
1.7. The Data Holder hereby declares themselves to be more than 18 (eighteen) years of age and to have read this Policy before providing personal data, thereby expressing their agreement with the terms established herein. The services offered by DÂNICA on the market are not intended for children and adolescents; for this reason, we do not intentionally collect any personal data belonging to minors. If a child or adolescent comes to provide DÂNICA with personal data, their legal guardian must immediately contact us in order for their data to be removed from our systems/files. In circumstances in which DÂNICA comes to have knowledge of its having inadvertently collected data belonging to children or adolescents, it shall immediately proceed with the removal of such data in adherence to the procedures and methods set forth in this Policy.
1.8. Table containing the general rules for categories of data collected by Dânica and the purpose and legal basis for handling such data.
|
CATEGORIES OF DATA |
PERSONAL DATA COLLECTED |
PURPOSE OF DATA COLLECTION/LEGAL BASIS |
|
PERSONAL REGISTRATION DATA (CLIENTS AND PROSPECTIVE CLIENTS) |
Full name, E-mail, Telephone, RG (national identification card), CPF (Individual Taxpayer ID Number), date of birth, marital status, full address |
Identify Data Owner (Art. 7, V and IX of LGPD); |
|
PERSONAL REGISTRATION DATA (CANDIDATES IN SELECTION PROCESSES FOR JOB OPENINGS) |
Full name, E-mail, Telephone, residential address, educational background, courses/training, professional experience, position for which candidate has applied. |
Identify Data Holder(Art. 7, V and IX of LGPD); |
|
PERSONAL FINANCIAL DATA |
Income statements, credit card information, Income tax statements, Equity certificates |
Identify the Data Owner (Art. 7, V and IX of LGPD); |
|
DIGITAL IDENTIFICATION DATA |
IP Address, Registration of interactions, Connected devices, Webpages accessed, Cookies. |
Identify User/Data Owner (Art. 7, IX of LGPD); |
1.9. Personal data belong to Data Holders shall not be commercialized by DÂNICA and will only be accessed by authorized professionals in accordance with our internal procedures.
1.10. Acceptance of the conditions contained in this Policy on the part of the Data Holder is provided through means of access, navigation, and provision of personal data on our website/portal, in addition to other circumstances provided for under this agreement.
1.11. In circumstances in which the Data Holder does not agree with the terms of this policy, they must immediately discontinue access to our website/portal and shall be able to obtain more information about the processing of their personal data through our DPO (Data Protection Officer) using the following communication channel: privacidade@danica.com.br.
II. How do we process your Personal Data?
2.1. Personal data includes all information relating to an “identified or identifiable” person. Therefore, any information that may result in a specific natural person being identified is considered personal data. This data is attributed to a “Data Holder” who is protected by infraconstitutional legislation, Brazilian Constitutional Law, and by specialized international standards, as well as international standards regarding Human Rights.
2.2. The Data Holder may access our website/portal without providing their personal data. However, our website uses cookies in order to improve the user's browsing experience, which may imply the collection of personal data.
2.3. Access of some areas of our website/portal, such as selection processes for job openings, registration for the provision of services, among other information, may entail the handling of your personal data, as shown in the list below, which is not exhaustive:
(i) response to requests, consultations, and questions from clients, business partners, and third parties in general regarding our services;
(ii) allowing access to certain areas of our website and managing access;
(iii) improving the experience of users visiting our website and guaranteeing information security;
(iv) offering of satisfaction surveys;
(v) carrying out of selection processes for job opening in circumstances in which the data holder submits an application for a job opening or sends their resume;
(vi) analysis of statistical data regarding the use of our website/platform.
2.4. The handling of personal data by DÂNICA has a legal basis in the fulfillment of legal/regulatory requirements, the entering into of contracts/pre-contractual agreements, attending to the data controller’s legitimate interests, and, in some circumstances, consent from the user/data holder.
2.5. DÂNICA may also collect personal data for the purposes of marketing and the sending of customized proposals, with a legal basis in art. 7, IX and the main provisions of art. 6 of LGPD. The use of personal data for marketing purposes shall adhere to requirements for transparency, appropriateness, and security in commercial relationships, providing the client with motives for their receiving such communication and the manner in which the client may opt to no longer receive our marketing materials (opt-out). The frequency, content, and sending of marketing materials shall be assessed through our privacy impact reports and may be viewed by the data holder by e-mailing privacidade@danica.com.br
2.6. Personal data collected from data holder shall be stored in servers located at our branch in Joinville/SC, as well as in an environment for the use of resources or cloud servers (cloud computing) that may be hosted in other countries.
2.7. In case of a legitimate interest, and in adherence to the provisions of article 6 and 7 of the LGPD, DÂNICA may transmit your personal data to other affiliated companies and members of the business group of which DÂNICA is a part. If necessary, the transferring of personal data to external service providers may occur; in such circumstances, the shared personal data shall be processed in accordance with this Privacy Policy.
2.8. Personal data belonging to Data Holder may also be shared in the following manner:
(i) with competent, judicial, administrative, or government authorities in circumstances involving a determination, request, requisition, or court order; (ii) automatically in cases involving a corporate transformation, such as mergers, acquisitions, and incorporations involving legal entities both from within and outside DÂNICA’s economic/business group; (iii) in the interests of national security or other issues of great importance to the public, whenever such sharing of data is found to be necessary, reasonable, and appropriate; (iv) in circumstances in which the sharing of personal data is necessary to protecting DÂNICA’s rights and interests, in order to investigate potential fraud, protect operations and Data Holders based on the principles of good faith and other requirements set forth in the LGPD.
2.9. DÂNICA shall not be held responsible for the accuracy, veracity, or omissions made with regards to any data provided by Data Holders. Similarly, Dânica shall not be held responsible for security with regards to transferring of personal data carried out by Data Holders through the Internet.
2.10. All systems, mechanisms, and technologies used by DÂNICA in the handling of personal data belonging to Data Holders shall adhere to existing legislation and the terms of this Privacy Policy.
2.11. In applicable circumstances in which consent has been provided by Data Holders for the processing of their data, it shall be collected on an individual basis, in a manner that is clear, specific, and legitimate. If the Data Holder does not agree to providing personal data that is necessary and reasonable for such handling, DÂNICA shall be unable to provide its services.
2.12. Data belonging to third parties may be transferred internationally whenever they are stored in cloud servers hosted overseas, which are contracted by DÂNICA together with specialized companies in order to increase the level of security and integrity with regards to data through means of redundancy in our backup.
III. How long is Personal Data stored?
3.1. If the data holder is an active client, we shall store any personal data collected for the period in which our contractual and/or commercial relationship endures. Upon our contractual and/or commercial relationship being concluded, data belonging to the Data Holder shall be stored for a period of up to 10 (ten) years counted from the termination of the contractual/commercial relationship.
3.2. In circumstances in which the data holder is a prospective client, without any established contractual and/or commercial relationship with Dânica, personal data shall be held for a period of up to 3 (three) years counted from the last consultation/request carried out by the prospective client.
3.3. If the data holder is a candidate for one of our job openings, their personal data shall be stored for up to 2 (two) years counted from the conclusion of the selection process in question. This provision shall remain valid even in circumstances in which the candidate was not hired for the position. Personal data belonging to candidates that come to be hired through Dânica's selection processes shall be subject to the provisions for providing and handling data contained in the clauses of our Work/Employment Contract. These provisions shall also be applicable to any selective processes for the hiring of consultants, service providers, and third parties that do not constitute an employment relationship with DÂNICA.
3.4. Digital registration data used at our website/portal involving processes for maintenance, security, and improvement shall be held for a maximum period of 6 (six) months after it is collected.
3.5. Personal data shall be deleted once the time periods established above have passed in circumstances in which the Data Holder expressly requests that it be deleted and such deletion does not harm the fulfillment of legal and contractual obligations and involves the safeguarding of DÂNICA's interests. Circumstances may arise in which, even if deletion is expressly requested by the Data Holder, data must be stored in DÂNICA’s systems/archives for a longer period of time.
3.6. For the purposes of auditing, safety, controls against fraud, and the preservation of rights, DÂNICA shall be able to retain a data registration log for data belonging to Data Holders that use their website/portal for a period of time that is greater than that established under the law or regulatory standards, or in order to preserve its legitimate interests and other rights.
3.7. Once the appropriate period of time and legal necessity has passed, DÂNICA shall delete data belonging to data holders using methods for safe disposal (partially and/or completely) or in an anonymous manner.
3.8. Table containing the general rules for data collection, periods of time for which data is retained, and the respective legal basis:
|
PERSONAL DATA |
DATA RETENTION PERIOD |
LEGAL BASIS |
|
Registration data for active clients |
The period of time for which the contractual/commercial relationship ensures or up to 10 (ten) years after the contractual/commercial relationship is terminated. |
Art. 15, I of LGPD. |
|
Registration Data belonging to prospective clients |
3 (three) years counted from the most recent consultation/request made by the client. |
Art. 15, I of LGPD. |
|
Personal registration data for candidates in selection processes for job vacancies |
2 (two) years counted from the conclusion of the selection process |
Art. 15, I of LGPD. |
|
Digital identification data |
6 (six) months counted from the date on which data is collected. |
Art. 15, Brazilian Civil Rights Framework for the Internet and Art. 15, I of LGPD. |
IV. What are the Rights and Obligations of Data Holders under this Policy?
4.1. Data Holders shall be able to request the following information/actions:
(i) viewing of their personal data in DÂNICA’s systems/archives; (ii) correction of their personal data stored in DÂNICA’s systems/archives; (iii) limitation and/or restrictions to the use of personal data by DÂNICA; (iv) removal of their personal data stored on DÂNICA’s systems/archives in accordance with legal limitations, as well as those related to methods for disposal/anonymization used in systems.
4.2. The Data Holder shall be able to request the information/actions provided for in the preceding item through means of the following communication channels:
(i) the DPO’s e-mail: privacidade@danica.com.br
(ii) the DPO’s telephone: +55 (47) 3461-5458
(iii) post office box under the care of the DPO: Rua Noruega, nº 99, bairro Boa Vista, Joinville, Santa Catarina. Brazil Postal Code: 89206-600.
4.3. The user/data holder is exclusively responsible for:
(i) only entering and providing information that is true and accurate at DÂNICA’s website/portal, as well as through other means of communication used to contact DÂNICA;
(ii) ensuring that their logins and passwords used on DÂNICA's website/portal are kept secret;
(iii) fulfilling all requirements set forth in this Policy.
4.4. The user/data holder shall be held responsible for any:
(i) acts or omissions carried out using DÂNICA’s website/platform; (ii) content uploaded, sent, and/or transmitted using DÂNICA’s website/platform; (iii) direct and/or indirect damage caused to third parties, including other users, as a result of a failure to adhere to the requirements of any items contained in this Policy.
4.5. DÂNICA shall not be held responsible for:
(i) failures, technical impossibilities and/or unavailability on its website/portal; (ii) installing of any vírus, trojans, malware, worm, bot, backdoor, spyware, rootkit or any other malicious program on a user or third parties’ machine/device as a result of the user’s Internet browsing.
4.6. In circumstances involving a failure to fulfill the requirements of any of this Policy’s provisions by the user/data holder, DÂNICA shall be able to, at its sole discretion and without providing any previous notification, suspend, limit, or terminate the user/data holders’ access to its website/portal, notwithstanding any further applicable measures.
4.7. DÂNICA is committed to implementing and updating technical measures, as well as those aimed at security, in order to protect data against unauthorized access, attacks, losses, destruction, or alteration of our website/portal. The measures which DÂNICA has adopted include the use of firewall and access controls. In cases involving confirmed or suspected stealing, leaking, or compromising of data entered into our website/platform, the data holder must immediately enter in contact with DÂNICA through means of the communication channels presented in this Policy.
4.8. The user/data holder hereby declares that they are aware that any and all content, data, or information transmitted through DÂNICA's website/portal by a user or third party does not represent, under any circumstances, the opinion, vision, and principles of DÂNICA or any companies that are part of its business group.
V. How is Personal Data collected using cookies on our website/portal?
5.1. Cookies are text files containing data that is sent through DÂNICA’s website/portal to a user’s computer via the Internet. The main purpose of cookies is to improve the user's browsing experience, remembering their preferences, recurrences, and facilitating access to Internet webpages.
5.2. DÂNICA’s website/portal uses cookies to optimize the user’s navigation experience. Our cookies may be “temporary” or “persistent” and are capable of identifying your computer and IP (Internet Protocol) address. Cookies themselves are not able to identify a natural person; however, the combination of data collected by cookies and registration information, for example, may result in a data holder being identified through our website/portal.
5.3. DÂNICA's website/portal uses cookies. For this reason, by accessing our site, the Data Holder agrees to addition of cookies to their device/machine. The cookies used by DÂNICA's website/portal are valid for a maximum period of 6 (six) months.
5.4. The Data Holder may configure their browser to block the cookies used by DÂNICA or to be notified of receiving a cookie in order to accept or deny it access. To configure your computer to reject cookies, consult your browser’s “Options” or “Preferences” menu and follow the instructions.
5.5. It is recommended that cookies be activated since many webpages cannot be viewed correctly if cookies are blocked. As a result, in cases in which cookies are turned off, some of the functions on our website/portal may be lost or part of their execution may not be possible.
5.6. DÂNICA reserves the right to use information obtained through cookies to analyze the use of their website/portal by visitors in the best interests of users.
5.7. As of the date on which this Policy was most recently updated, DÂNICA uses the following cookies on its website/portal. (i) cookies for registered visitors, (ii) cookies for sharing social media plug-in content, (iii) cookies for unregistered visitors, and (iv) analytics cookies.
VI. Where can Data Holders find more information?
6.1. In order to exercise their right to view, correct, and delete data, as well as to clarify and resolve any concerns with regards to this Policy, the Data Holder may enter in contact with DÂNICA through means of one of the following communications channels: (i) the DPO’s e-mail: privacidade@danica.com.br
(ii) the DPO’s telephone: +55 (47) 3461-5458
(iii) post office box under the care of the DPO: Rua Noruega, nº 99, bairro Boa Vista, Joinville, Santa Catarina, Brazil. Postal Code: 89206-600.
6.2. DÂNICA reserves the right to change the content of this Privacy Policy at any time, depending on the purpose, necessity, and appropriateness, and shall provide notification of the new version on its website/portal in accordance with the principles of LGPD.
6.3. Data Holders shall be responsible for verifying updates upon accessing our website/portal, making an application for selection processes, and requesting services.
6.4. In circumstances in which the updates carried out require consent from users, DÂNICA shall highlight the respective notification of changes on its website/portal’s home page.
6.5. The Data Holder hereby recognizes that all communication carried out by e-mail, telephone and/or applications at the addresses provided upon their registration are equally valid for sharing and resolving concerns related to the services and activities performed by DÂNICA in accordance with the terms established in this Privacy Policy.
6.6. DÂNICA hereby declares that it shall not use any type of automated decision that may impact the rights of users visiting their website/portal.
6.7. The Data Holder/user hereby declares that they are aware that the following items are the exclusive property of DÂNICA:
(i) any and all software, applications, or functionalities used on DÂNICA’s website/portal; (ii) the complete visual layout of DÂNICA’s website/portal, inluding graphic designs used on any of its pages; (iii) its trade name, trademark, domain name, slogan, advertising, or any other distinct signal inserted into the website/portal; (iv) any and all content created and produced by DÂNICA, even if done so on behalf of third parties, and carried out in any manner.
6.8. Services providers and third-party companies that handle data on DÂNICA's behalf must respect all of the conditions set forth in this Policy, as well as any legislation that is pertinent to its content.
6.9. In circumstances in which part of this Policy comes to be considered illegal and/or invalid by competent authorities, its remaining provisions shall continue in full force and effect.
6.10. This Policy for the Privacy of Personal Data shall be governed and interpreted under the terms of Brazilian legislation, regardless of any existing conflict of laws and the District Court which is seated in the domicile of the Data Holder/User is elected to settle any disputes or controversies involving its provisions, except for cases involving any specific personal, territorial, or functional jurisdiction provided for under applicable legislation.
6.11. DÂNICA has a Compliance in Privacy and Data Protection Program in place and Dr. Ana Catarina de Alencar has been elected as Data Protection Officer.
Last updated: the 27th of November 2020.