Privacy Policy

ASC BRAZIL wants to maintain a very transparent relationship with you, for this to happen, it is important for you to know that:


  1. Every day you receive hundreds of advertisements and messages, which makes it challenging for private and public companies to gain your attention for the product or service, promotions, experiences, advantages, which they intend to present to you;
  2. To ensure efficiency in this communication, we invest heavily in technology, storing as much information (data) as possible about each of us, as well as in intelligence to explore this information base and ensure success in this process.


Browsing the internet, using social networks, cell phone applications, among other daily activities generate data that allows you to know:

Why do I need to read this?

Your identity

Your habits of commuting

Your habits of consumption

Your religious preference

Now it's easy for you to understand that the malicious use of this data can create many problems, as occurs with the well-known bank slip scams, fraud in application accounts, improper opening of bank and consumer accounts.


It is precisely so that you know the potential risks that you will be exposed to when sharing your data, that companies are obliged to make the Privacy Notice available.

We take seriously the commitment to protecting and respecting your right to privacy and data protection, recognized as fundamental rights by the Federal Constitution of 1988, and are, therefore, non-negotiable values ​​and considered essential in our actions.


ASC BRAZIL always processes your personal data with the aim of offering the best service, product and/or experience for you, ensuring that its use occurs in strict compliance with the law and good information security practices.


To make this possible, we have a continuous and permanent data privacy and governance program, managed by a Data Protection Committee and supported by the Data Protection Officer (DPO), who is the link between us, you and the National Data Protection Authority (ANPD).

1. The commitment we make to you

Seusdados Consultoria em Gestão de Dados LTDA.
CNPJ: 33.899.116/0001-63
Telephone: +55 11 4040 5552
E-mail: dpo@ascbrazil.com.br

Our personal data protection program is managed by our DPO (data protection officer), who will be prepared for any clarification and can be contacted on the channels below:

We have a channel for you to exercise your rights

Ask your questions to our manager

In case of disagreement with the terms of this notice, or the processing of your data, we make our privacy channel available through the link dpo@ascbrazil.com.br where you can exercise your rights.

This privacy notice applies to any citizen who has contact with our:

2. You must know that

app

site

e-commerce

physical establishment

Furthermore, any type of link that may be established between you and ASC BRAZIL may involve the use of your data, which may be known in this privacy notice.

Exceptions : This notice does not apply to activities carried out on third-party websites, social media that you access or are redirected from our website, such as advertisements or search engines.

3. What is personal data processing?

Any action carried out with information that identifies you, regardless of the medium used (digital or physical, from the mere act of accessing or receiving it to its deletion is a processing of personal data. Some common examples:

coleta

acesso

armazenamento

eliminação

4. To process your personal data, we comply

Any processing of your personal data follows the rules of the General Data Protection Law (LGPD) and to this end we guarantee:


  1. Collect only the personal data necessary for purposes that you will always know before collection
  2. Free and easy access to our privacy channel, so you can ask questions and exercise your rights
  3. Keep the personal data collected updated and stored in a safe and secure location, with appropriate security measures.

Common personal data processed:

  1. E-mail


Treatment purposes:

  1. Registration to send Newsletter;
  2. Entry to the client's logged area;


Legal treatment hypotheses:

  1. Legitimate interest, art. 7, IX, of theLGPD
  2. Execution of contract, art. 7º, V, of the LGPD

5. Find out here which of your data we will process

Identification, location and contact data

Common personal data processed:

  1. Bank and account;
  2. Name and CPF of the person responsible;
  3. Company name and CNPJ.


Treatment purposes:

  1. Payment to suppliers


Hipóteses legais de tratamento:

  1. Executions of contract art. 7, V, of theLGPD

Financial data

Common personal data processed:

  1. Name and CPF of the person responsible;
  2. Company name and CNPJ;
  3. Email, segment, position and cell phone.


Treatment purposes:

  1. Data from the lead who wants to know more about our business; Using this information, we contact the lead.


Legal treatment hypotheses:

  1. Legitimate Interest art. 7, IX of the LGPD.

Device data

6. Storage of personal data

Your personal data will preferably be stored within the national territory. You can check the exceptions in the chapter on international data transfers. The graph below explains how the life cycle of personal data works here:

1. Collection of your data:

beginning of the relationship with us

2. Use of your data

for the informed processing purpose(s)

3. After use, your data will be stored for the periods established by applicable laws in each case.

4. At the end of the legal deadlines, we will delete your personal data securely and permanently

The retention of your personal data will comply with the hypotheses permitted by the LGPD, but you will always be able to obtain accurate information if this happens through our contact channel.

7. Who can we share your data with

During your experience with us, we may need to share data with third parties, as long as necessary and/or to fulfill the purposes stated in this notice. If sharing is necessary, we will only do so with third parties that comply with the LGPD and guarantee the security of the information.

1. Sharing with authorities

When there is an order from the authority or to comply with current law, we will be obliged to share the requested information.

In all cases, sharing of information will be limited only to what is necessary to comply with applicable legislation.

2. Sharing with service providers and business partners

From time to time, we may share your personal data with partners and suppliers, who may or may not act on our behalf, in providing certain services that are directly or indirectly related to your experience with us.

Find out what security measures we use to ensure your data is safe against access and misuse, fraud, and other illicit activities:

8. Security measures

Remember : you are the manager of your privacy and only you decide what information you share with us. Please know that we only request personal data through our official channels, DO NOT SHARE IT outside of them.

If risks or damages relevant to your rights are identified, you will be notified as soon as possible and the incident will be reported to the National Data Protection Authority (ANPD) within the legal deadlines. In this case, we have a strategic action plan developed and trained to mitigate risks and losses.

If you identify or become aware of activity that compromises the security of your personal data, immediately use our privacy channel so that we can act quickly and efficiently.

9. International data transfer

If, in order to carry out the informed activities and purposes, it is necessary to send your data outside Brazil, we will only do so in compliance with the LGPD, and as long as the recipient is based in countries with an adequate level of protection for personal data.

13. Glossary

Some terms of general knowledge may have another connotation for the purposes of the General Data Protection Law (LGPD), we would like to explain some technical terms in advance:

  • ANPD – acronym that identifies the National Data Protection Authority, provided for in the LGPD as the entity that will have the following responsibilities: generating regulation on data protection, monitoring and applying penalties to those who fail to comply with legal and regulatory data protection standards.
  • LEGAL BASIS – these are the legal hypotheses that authorize the processing of your personal data: it may be your consent, the need to fulfill a contract we have with you or compliance with a legal obligation, for example.
  • DATA CONTROLLER – the person who carries out steps in the data processing process, with decision-making power over the personal information for which he or she is responsible.
  • DATA OPERATOR – is a personal data processing agent who acts under the instructions and orders of the data controller.
  • PERSONAL DATA – is any information related to a natural person that identifies or makes that person identifiable. For example: ID, CPF, address. But information such as consumption habits, behavioral profile, and similar information is also considered when related to a natural person, allowing them to be identified.
  • SENSITIVE PERSONAL DATA – is personal data that has the potential for harm, exposure and discrimination against the person concerned, such as: racial or ethnic origin, life and sexual orientation, health data, genetic data, among others., being specifically protected by the LGPD.
  • ANONYMIZED DATA – data relating to a holder who cannot be identified, considering the use of reasonable technical means available at the time of its processing.
  • DPO – abbreviation of the English term that means Data Protection Officer, whose translation represents the figure of the Data Protection Officer.
  • DPO AS A SERVICE – English term that means the execution of DPO duties and activities by a company or individual external to the organization.
  • DATA PROTECTION OFFICER – According to the LGPD, this is “a person appointed by the controller and operator to act as a communication channel between the controller, data subjects and the National Data Protection Authority (ANPD)”.
  • PRINCIPLES – Norms, rules or precepts of action and moral conduct.
  • HOLDER – is the natural person to whom personal data refers, identifying or making him or her identifiable.
  • DATA PROCESSING – is any operation carried out with personal data – from collection to disposal, including mere storage.

12. Changes to the privacy notice

This privacy notice may be updated due to changes in data processing or even regulatory issues. But rest assured, any changes will be published in the same place and communicated to you if necessary.

Date of publication of this notice:
Updated on: 12/09/2024

10. Use of data in AI and ML Model Training

ASC BRAZIL guarantees that no personal or sensitive data collected is used to train non-personalized Artificial Intelligence (AI) and/or Machine Learning (ML) models under any circumstances. All data is treated with the utmost confidentiality and security.

11. Compliance with LGPD and ISO 27001


We comply with the General Data Protection Law (LGPD) and follow the best information security practices according to ISO 27001, remembering that ASC BRAZIL is already in the process of implementing and certifying ISO 27001. This includes:


  • Implementing appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure or destruction;
  • Conducting regular audits to ensure continued compliance with security and privacy standards.

Still have questions regarding our Privacy Notice? We brought some topics that can help you.

How to exercise your rights as a Data Subject?
A : You can exercise your rights through our channel aimed at Data Subjects, through the link (…). Requests will be responded to within 15 days.

If additional information is needed so that we can respond to your request, we may contact you, so we can respond to your demand more assertively.

14. FAQ

How will you be informed if this Privacy Notice changes?

A: Our Privacy Notice may undergo updates, so we encourage you to periodically visit the website to obtain updated and transparent information about these changes.


We emphasize that, if substantial and relevant changes are necessary, we will publish this update and contact you so that you are aware of the new terms.


Who are the Treatment Agents?

A: According to the LGPD, the processing of personal data can be carried out by two processing agents, the controller and the operator.

The controller is defined by Law as the natural or legal person, governed by public or private law, who is responsible for decisions regarding the processing of personal data.

The operator is the natural or legal person, governed by public or private law, who processes personal data on behalf of the controller, such as legal entities other than that represented by the controller, which carry out data processing activities on their behalf.


Is it necessary to collect consent for the processing of personal data?

A: Consent is just one of the legal bases that authorizes the processing of personal data. Depending on the type of relationship established between us, data processing may be supported by other legal bases, such as execution of a contract, legitimate interest, regular exercise of rights, etc.


How do we treat Child and Adolescent data?

A: The processing of personal data of children and adolescents is carried out in accordance with the parameters of art.14 of the LGPD, always in their best interests.

Furthermore, the processing of Personal Data and Personal Data of children and adolescents is carried out with the specific and prominent consent given by at least one of the parents or legal guardian.


Anonymized and pseudo-anonymized data, are they the same thing?

A: Anonymization is the possibility of converting personal data into anonymized data. It is characterized by the use of reasonable technical means available at the time of processing, through which data loses the possibility of association, directly or indirectly, with an individual. In other words, for data to be considered anonymized, it must not be possible, by available technical and reasonable means, to re-identify the data subject.

Second art. 12 of the LGPD, such anonymized data will not be considered personal data for the purposes of this Law, except when the anonymization process to which they were subjected is reversed, using exclusive means, or when, with reasonable efforts, it can be reversed.

In the pseudo-anonymization process, personal data is falsely anonymized, making it possible, at any time and using known and available methods, for the company to undo the anonymization and re-identify the holder, in a reversal process, as occurs in encryption and decryption. .


How to unsubscribe your email from our database? (opt-out)

A: At the end of our messages, using the unsubscribe button, the Owner can choose to no longer receive our emails.


In which situation will we not delete your data?

A: In some situations authorized by the LGPD, we may keep your data in our database, these are:

  • compliance with legal or regulatory obligations by the controller;
  • study by a research body, ensuring, whenever possible, the anonymization of personal data;
  • transfer to a third party, provided that the data processing requirements set out in this Law are respected;
  • exclusive use of the controller, access by third parties is prohibited, and provided that the data is anonymized.


How do we act in cases of Security Incidents?

A: In the event of a security incident involving your personal data that poses significant risks or damages to you, we undertake to inform you as soon as possible of the measures available to reduce or prevent your data from being misused by third parties or criminals. .

Group Company