PRIVACY POLICY
Peróxidos do Brasil Ltda (“Peróxidos”) is committed to ensuring the Privacy and Protection of Personal Data collected to carry out its business activities, as well as comply with the General Personal Data Protection Law - Law 13.709/18 (LGPD in Portuguese) and applicable regulations on the Processing of Personal Data, including Sensitive Personal Data.
Peróxidos reserves the right to change this Privacy and Personal Data Protection Policy
(“Policy”) at any time without prior notice.
1. DEFINITION
The terms and expressions used in this Policy have the meanings defined below:
National Data Protection Authority or ANPD (in Portuguese): public administration body responsible for ensuring, implementing and supervising compliance with the LGPD throughout the national territory;
Peróxidos Employees: all Peróxidos employees, including, exclusively for the purposes of this Policy (without direct relationship with the constitution of an employment relationship), partners, administrators, advisors, directors, employees, managers, interns, apprentices, service providers, and any other person who has a direct relationship with Peróxidos;
Consent: a free, informed and unequivocal manifestation by which the holder agrees to having their personal data processed for a specific purpose;
Data Controller: individual or legal entity, either governed by public or private law, who is responsible for decisions concerning the processing of personal data; and
Anonymized Data: data related to the holder that does not allow identification by the use of reasonable and available technical means at the time of its processing;
Personal Data: information related to the individual that allows in any way to be identified;
Sensitive Personal Data: Personal Data on racial or ethnic origin, religious conviction, political opinion, trade union membership or organization of a religious, philosophical, or political nature, data on health or sexual life, genetic or biometric data;
Data Responsible: person appointed by the Data Controller and the Data Operator to act as a communication channel with the Data Subjects and with the National Data Protection Authority (ANPD in Portuguese);
LGPD (in Portuguese): General Personal Data Protection Law (Law 13.709/18);
Data Operator: the individual or legal entity, whether public or private, who processes Personal Data on behalf of the Controller;
Peróxidos: Peróxidos do Brasil Ltda. - CNPJ 51.784.262/0001-25 and 51.784.262/0006-30 and affiliated companies;
Data Subjects: the individual to whom refer the Personal Data that is the object of Processing; and
Data Processing or Processing: any operation carried out with Personal Data, including Sensitive Personal Data, such as those referring to: collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, deletion, evaluation or control of information, modification, communication, transfer, dissemination or extraction of Personal Data.
2. OBJECTIVE
2.1 The purpose of this Policy is to define the main rules and principles for the Processing of Personal Data, including Sensitive Personal Data, collected from Peróxidos Employees, third parties including, but not limited to, job applicants, suppliers, service providers, customers, and/or their representatives and employees, as well as any other related parties in the execution of Peróxidos activities, ensuring an adequate level of security, by protective actions in alignment with the LGPD and other regulations that establish rules on the subject.
2.2 This Policy must be observed by all Peróxidos Employees, suppliers, service providers, customers, or any individual or legal entity that may play the role of Data Subject and/or Personal Data Operator, where Peróxidos has the role of Data Controller.
3. POINT OF COLLECTION OF PERSONAL DATA
3.1 The collection of Personal Data by Peróxidos can take place in several ways, directly or indirectly, for example, but not exclusively, via:
(a) registration of suppliers and service providers and/or their representatives and employees with Peróxidos; and
(b) registration for access to Peróxidos facilities, including for participation in events and internal programs promoted by Peróxidos.
(c) data sent by the customer to the email address available on the Peróxidos website;
(d) provision of registration data by the customer to Peróxidos' partners for, but not limited to, delivery or customer services;
(e) receipt of electronic or printed curriculum, delivered or sent by the Data Subject to Peróxidos;
(f) the receipt of Employees' Personal Data and, if applicable, their relatives' and dependants', at the time of hiring;
4. PURPOSE OF PROCESSING PERSONAL DATA
4.1 The whole Peróxidos Data Processing is carried out using data strictly necessary to achieve specific purposes, such as, but not limited to:
(a) Helpdesk activities, user control and services associated with each user, for which Personal Data are processed, such as name, workplace, department, cost center, email, network, and cellular and network login.
(b) Vehicle access control, for which Personal Data is processed, such as name, vehicle license plate, vehicle characteristics, and data referring to the occupation.
(c) Compliance with contractual obligations with customers, for which Personal Data is processed, such as name, email, telephone, address, signature, passport, data referring to the occupation, data on education, marital status, place of birth, RG ID and CPF.
(d) Compliance with contractual obligations with suppliers and/or service providers, for which Personal Data is processed, such as name, email, telephone, vehicle characteristics and data referring to the occupation.
(e) Compliance with legal, regulatory and contractual obligations with service providers, for which Personal Data is processed, such as name, vehicle characteristics, marital status, data related to occupation and education, email, registration, telephone, bank details, affiliation, date of birth, place of birth, signature, remuneration, vacation-related document, RG ID, CPF, Professional registration booklet number, Social Integration Program, driver's license. And the following Sensitive Personal Data: sex, health data, biometric data, union membership and industry medical certificate.
(f) Compliance with legal, regulatory (including labor and social security) and contractual obligations with Peróxidos Employees, for which Personal Data is processed, such as name, email, address, date of birth, signature, enrollment, marital status, place of birth, passport, telephone, vehicle characteristics, data related to occupation and education, voter's license, bank details, network login, date of admission, resumè, Brazilian Classification of Occupations, Professional registration booklet number,
Social Integration Program, slip number, protocol number, RG ID, CPF, Driver's license. And the following Sensitive Personal Data: physical characteristics, sex, racial or ethnic origin and industry medical certificate.
(g) Compliance with legal and regulatory obligations by Peróxidos, for which Personal Data is processed, such as name, registration number with the class body, email, date of birth, RG ID, CPF, vehicle characteristics, and data referring to the occupation.
(h) Compliance with legal, regulatory and contractual obligations regarding drivers, for which Personal Data is processed, such as signature, data referring to the occupation, name.
(i) Integration of Peróxidos Employees, for which Personal Data is processed, such as name, nationality, date of admission, name of the manager, position, date of birth, RG ID, and CPF. And the following Sensitive Personal Data: sex and image.
(j) Clearance of third parties at the entrance, for which Personal Data is processed, such as name, data referring to the occupation and CPF.
(k) Monitoring of security cameras, for which the following Sensitive Personal Data is treated: image.
(l) Conducting events and internal marketing events, for which the following Sensitive Personal Data is processed: image and voice.
(m) Reimbursement of expenses, for which Personal Data is processed, such as name, email, bank details, user ID, telephone, and CPF.
4.2 The Personal Data, including Sensitive Personal Data, indicated above is processed by Peróxidos and by companies contracted by it, and will be stored on Peróxidos' servers for the period necessary to fulfill the purposes.
4.3 Peróxidos is a company with branches and distributors in Argentina, Bolivia, Chile, Colombia, Costa Rica, Ecuador, Panama, Paraguay, Peru, Dominican Republic, and Uruguay and uses global tools and assets, so it carries out the international transfer of Personal Data, including Sensitive Personal Data, in compliance with the LGPD dispositions.
5. LEGAL HYPOTHESES FOR DATA PROCESSING
5.1 The legal hypotheses for the Processing of Personal Data by Peróxidos, according to art. 7 of the LGPD, are:
(a) Unambiguous consent provided by the Data Subject, when applicable, by a specific Consent Form;
(b) Compliance with legal or regulatory obligation;
(c) Execution of a contract or preliminary procedures relating to a contract to which the owner is a part of, upon request of the data owner;
(d) Regular exercise of Peróxidos' rights in judicial, administrative or arbitration proceedings; and
(e) Legitimate interests of Peróxidos or third parties.
5.2. The legal hypotheses for the Processing of Personal Data by Peróxidos, according to art. 11 of the LGPD, are:
(a) Specific and separated consent of the Data Subject, or its legal representative, when applicable, for specific purposes, collected via the Consent Form;
(b) Compliance with legal or regulatory obligation;
(c) Regular exercise of Peróxidos' rights, including in contract and in judicial, administrative, and arbitration proceedings; and
(d) Protection of life or physical safety of the Data Subject or third parties.
6. STORAGE AND DISPOSAL OF PERSONAL DATA
6.1 Any Personal Data, including Sensitive Personal Data, provided by the Data Subject will be collected and stored in accordance with strict security standards. To this end, Peróxidos adopts several precautions, in compliance with the guidelines on safety standards established in the applicable legislation.
6.2 In addition to technical efforts, Peróxidos also adopts organizational measures aiming to the protection of Personal Data.
6.3 Access to the Personal Data collected is restricted to Peróxidos Employees and persons authorized by Peróxidos and will be hosted on servers and systems located in Brazil and other countries that provide a degree of
protection of Personal Data adequate to that provided for in the LGPD.
6.4 After fulfilling the purposes for which it was collected, the Personal Data, including Sensitive Personal Data, must be discarded within the scope and technical limits of the activities, authorized to be retained for the following purposes:
(a) Compliance with legal or regulatory obligation by Peróxidos;
(b) Transfer to a third party, provided that the Data Processing requirements set forth in the LGPD are respected; and
(c) Exclusive use of Peróxidos, with its access prohibited by a third party and provided that the data is anonymized.
7. GEOGRAPHICAL SCOPE
7.1 This Policy applies to cases in which Data Processing occurs or whose Personal Data are subject to collection within the Brazilian territory.
8. RIGHTS OF THE DATA SUBJECTS
8.1 The Data Subject, whenever possible, receives information about the Processing of their Personal Data, including Sensitive Personal Data at the time of its collection, including: name of the Controller, purpose, data collected, recipients of the data and information about their rights.
8.2 The Subject may exercise rights in relation to the Processing of its Personal Data, such as: access to information; objection to processing, automated decision-making and profiling; restriction of processing; data portability; rectification and deletion of data; and revocation of the Consent, as applicable in each case, by the email address indicated at the end of this Policy.
8.3 Peróxidos has implemented procedures to ensure responses to Data Subjects within the legally established deadlines and reserves, under the terms of the LGPD, the right to evaluate the requests of the Subjects and meet them when technically feasible and effectively required by law. Notwithstanding, the evaluation response will be informed to the Subject.
8.4 The Data Subject is aware that the exercise of some of his rights may prevent the continuation of the relationship with Peróxidos.
9. OBLIGATIONS OF DATA SUBJECTS
9.1 The Data Subject is responsible for the truthfulness, accuracy, and confirmation of the Personal Data, including Sensitive Personal Data, informed by him, either on the Peróxidos website or by other means.
9.2 The Data Subject is prohibited from: sharing with other persons or third parties, including co-workers, family and friends, logins, passwords or any type of credential. The Data Subject must use strong and unique passwords for
Peróxidos assets and tools. Peróxidos is not responsible for any violations of the Data Subject's Privacy and Protection of Personal Data by action or omission of the Data Subject oneself.
9.3 The Data Subject is responsible for adopting on their devices used to access the assets and tools of Peróxidos, all necessary security measures in such way that Peróxidos is not responsible for any violations of the Privacy and Protection of Personal Data of the Data Subject if arising from this lack of diligence.
10. OBLIGATIONS OF PERÓXIDOS’ DATA OPERATORS
10.1 Peróxidos seeks to relate to Data Operators committed to Privacy and Personal Data Protection.
10.2 Peróxidos Data Operators must comply with this Policy, as well as with the relevant legislation. In case of non-compliance with one or the other, Peróxidos reserves the right to immediately cancel the contractual relation, without charge to Peróxidos, as well as to enforce the due legal and contractual sanctions related.
10.3 Peróxidos reserves the right to verify that Data Operators follow the processes, operating instructions and procedures defined by Peróxidos itself, by means of ordinary or extraordinary audits.
11. COOPERATION WITH ANPD (National Authority for Data Protection)
11.1 Peróxidos, while acting as Data Controller, will cooperate with ANPD on matters related to the Protection and Privacy of Personal Data under its Treatment,within the limits of LGPD, and without waiving any right of defense and appealings so guaranteed.
11.2 The Data Supervisor acts as the primary coordinator between Peróxidos and ANPD, having as support the Peróxidos Employees and/or Service Providers and/or Suppliers, potentially involved in the Processing or procedure in question.
12. GENERAL PROVISIONS
12.1 In the event of evidence of impairment or compromise of Personal Data processed by Peróxidos, any Peróxidos Employee or Third Party who becomes aware must immediately notify the Data Controller.
12.2 It is the responsibility of all Peróxidos Employees to observe and apply this Policy. Failure to comply with these privacy rules and principles may result in disciplinary action in accordance with applicable human resources procedures and local laws.
13. COMMUNICATION CHANNEL
13.1 Peróxidos makes available to the Data Subject, Data Operators, and any other person (individual or legal) free of charge, a communication channel, and exclusive service for issues related to Privacy and Personal Data Protection.
13.2 All queries related to Privacy and Protection of Personal Data should be directed to the Data Officer, Bruna Ozório, by e-mail: dpo@peroxidos.com.
Document:
Author: Legal
Approver: Chief of Finance Management
Version: 02/22/2022
REV.: REASON: 02/22/2022 PRIVACY AND PERSONAL DATA PROTECTION POLICY