Personal Data Protection Policy for Marketing and Technical Support

TERACOM TELEMÁTICA S.A, registered with the CNPJ/MF under No. 02.820.966/0001-09, hereinafter referred to as DATACOM and the CLIENT, hereinafter referred to as such, and which may also be referred to as PARTIES when cited jointly, agree on this Privacy Protection Policy Personal data.

This document is intended to establish the rules regarding the protection of personal data within the scope of the process of providing commercial, marketing and sales proposals and technical support carried out by DATACOM, under the terms of Law n. 13,709 of 2018 (General Personal Data Protection Law), hereinafter referred to as LGPD or Law.

The purpose for processing personal data is the fulfillment of the activities indicated above, which occurs with the processing of data strictly necessary for carrying out such activities.

 

TREATMENT AGENTS

DATACOM acts as controller of personal data in the context of providing proposals, selling products and providing services.

The CLIENT's employees who interact with said business processes will be considered holders of personal data.

In order to carry out commercialization and sales activities, in what involves the carriers, they will act as personal data processing operators. In such situations, the carriers will receive the data necessary for the fulfillment of the contract for the purchase and sale of products and the consequent delivery, which eventually includes identification data of the natural person (name and telephone number) who will receive the products purchased by buyer legal entity.

 

DATA COLLECTED AND TREATMENT HYPOTHESES

DATACOM processes a series of personal data necessary for the commercialization and sale of products and provision of services, in accordance with the provisions of the clauses below.

Considering the different business processes that handle personal data and that have a connection with the CLIENT, the list of processed data and their respective hypotheses are listed below separated by processes, as well as the data collected for the proposal.





 

HOW DATA IS PROTECTED

DATACOM uses systems that have adequate security controls for the storage of personal data collected, with technical and administrative security measures, such as access control (in order to avoid unauthorized access), two-factor authentication, use of cryptography, as well as performing backups and producing access logs of operations on the systems used.

The business processes that handle personal data are formally mapped, indicating the legal treatment requirements, flows and other information in order to allow for any audits and compliance analysis, in compliance with the principle of responsibility and accountability.

Data is processed only by DATACOM employees who have a proven need for access, which is verified through access control techniques and based on the definitions established in the documentation of each of the business processes. In addition, employees sign Confidentiality Agreements, which undertake to maintain the secrecy of the personal data they handle.

 

DATACOM OBLIGATIONS

1.1 All processing of personal data carried out by DATACOM will meet one or more pre-defined purposes, always indicating the need that justifies it, with the indication of a legal basis that authorizes the said treatment.

1.2 DATACOM will limit the processing of personal data to the minimum necessary to carry out its purposes, collecting only data relevant to achieving the purposes of each business process.

1.3 For cases involving the consent of the data subject, DATACOM undertakes to collect it by means of a means that demonstrates the express manifestation of its will, making explicit the determined purpose and need, guaranteeing the means, in an easy and free way, of exercise of their rights.

1.4 DATACOM adopts adequate technical and administrative/organizational security measures to protect personal data against violations. DATACOM has access control mechanisms, aiming to comply with the internal policies that regulate the access rights of its employees involved in the activities of processing personal data.

     1.4.1 DATACOM is entitled to modify or update the security measures, imposing that the changes remain in line with the Law, with the best practices and with the other clauses of this policy.

1.5 As the stored information is used for different purposes, DATACOM undertakes to eliminate it as soon as its purpose is achieved or the defined storage period is met.

 

REPORTING SAFETY INCIDENTS

DATACOM will notify the CLIENT, in a timely manner and after technical investigation, of the occurrence of security incidents that have affected the personal data involved in this instrument, in situations that may entail risk or relevant damage, in accordance with the provisions of the LGPD.

 

RIGHTS OF THE HOLDERS, EXCLUSION OF DATA AND CONTACT OF THE PERSON IN CHARGE

1.6 The holder whose data is processed has the following rights:

     1.6.1 Confirmation of processed data;

     1.6.2 Access to processed data;

     1.6.3 Correction of incomplete, inaccurate or outdated data;

     1.6.4 Anonymization, blocking or deletion of data that is unnecessary, excessive or processed in violation of the law;

     1.6.5 Elimination of data processed without consent, except in situations where the data needs to be stored due to legal or regulatory obligation;

     1.6.6 Data portability, in accordance with the rules of the Central Bank and the National Data Protection Authority;

     1.6.7 Information from companies where data was shared;

     1.6.8 Review of decisions taken solely in the face of automated decisions, with the information and criteria used for said decisions, respecting, however, secrecy;

     1.6.9 Commercial and industrial, which involves the algorithms used to create a risk and credit profile;

     1.6.10 Petition regarding your data against the controller before the ANPD.

1.7 The PARTIES must guarantee the exercise of all the rights indicated above through facilitated contact with their data protection officer.

1.8 In the treatment that is carried out under the assumption of consent, it is sufficient for the holder to expressly express his will in a channel to be indicated by the PARTIES for the deletion of his personal data to occur.

1.9 For other cases where there is a request for data deletion, the authorizing hypotheses that justified the processing of personal data must be observed.

1.10 All the rights indicated above can be exercised directly by contacting your Data Protection Officer, Ana Paula Wist, through the e-mail lgpd@datacom.com.br, which will be done after confirmation of the identity of the requesting holder.

 

CHANGES TO THIS POLICY

This policy may be modified, when there are changes in the business processes addressed or any other identified need.

 

REVISIONS

This Policy is in revision 01.