Privacy Policy
In the daily life of the Beontag
(“Beontag”), whether conducting
business, in the search for new
products, services and opportunities, or
organizing its internal structure,
personal data the processing is an
indispensable part of this reality.
Processing personal data is instrumental
to our activities, and Beontag
understands that it must act responsibly
and transparently, taking care of such
information and providing it with
technical and administrative security
measures.
This Policy provides guidelines and
rules related to the privacy and
protection of personal data of
customers, employees, and third parties
during the processing of personal data
by the Beontag, and in dealings with
third parties where personal data are
shared or the use thereof is shared.
This document from the Beontag is
intended to comply with the applicable
data protection standards, promoting
transparency and good faith before data
subjects by protecting their personal
data and civil rights and liberties,
including Act No. 13.709/2018 (“GDPL”),
and bringing the best practices to their
fingertips.
The Policy applies to the entire
Beontag, and particularly to the
business and operating areas, as well as
third parties with which the Beontag
shares personal data, both in Brazil and
abroad.
- General Personal Data Protection Law
(“GDPL”) – Act No. 13,709/2018;
- General Data Protection Regulation
(“GDPR”) – Regulation (EU) 2016/679;
- ANPD: National Data Protection
Authority
- Controller or controllers: natural
or legal persons under public or
private law, that are responsible
for decisions regarding the
processing of personal data.
- Anonymized Data: data related to the
data subject, that cannot be
identified, considering the use of
reasonable technical means available
at the time of processing.
- Personal data: information related
to an identified or identifiable
natural person. That is, information
that identifies a natural person,
either directly (name, surname, Tax
ID, fingerprint, e-mail address,
telephone number) or indirectly,
from associations and profiling
(postal address, marital status,
job, income, financial history,
credit rating).
- Sensitive personal data: personal
data about racial or ethnic origin,
religious conviction, political
opinion, affiliation to a union or
an organization of a religious,
philosophical or political nature,
data relating to health or sex life,
genetic or biometric data, when
linked to a natural person.
Otherwise, personal data that reveal
information related to the Data
Subject’s privacy, which may lead to
discrimination. Sensitive personal
data entails higher risks than
personal data and vulnerabilities to
the rights and freedoms of the Data
Subjects.
- Data Protection Officer (DPO): at
Beontag, the person acting as the
communication channel between the
controller, the data subjects and
ANPD.
Personal data processing flow
(“Flow”): any operation carried out
by an area at Beontag, which
involves the processing of personal
data for a specific purpose.
- Deletion: removal of data or a data
set stored in databases or physical
documents.
- Security incident: an event related
to the technical or administrative
security of personal data, and which
may pose risks or damage to the Data
Subjects. Examples of incidents
include data leakage, unauthorized
access, destruction or change of
personal data, among others.
- Minors: refers to children (up to
twelve years years of age) and
adolescents (between twelve and
eighteen years of age).
- Program: refers to Beontag`s
personal data protection compliance
program.
- Operator or operators: natural or
legal person(s), under public or
private law, that process(es)
personal data on behalf of the
controller.
- RIPD, or Impact Report: the impact
report on the protection of personal
data, provided for in the GDPL, and
mandatory for the cases listed in
the Form for Registration of New
Personal Data Processing.
- Third Parties: includes natural and
legal persons, as suppliers, service
providers, commercial
representatives, partners, brokers,
among other legal relationships,
that process personal data on behalf
of the Beontag.
- Legitimate Interest Proportionality
Test: a four-phase test to be
conducted in parallel with the
Impact Report, whenever the
treatment hypothesis is in the
legitimate interest of the Beontag.
The test is provided for in the Form
for Registration of New Personal
Data Processing.
- Data Subject or Data Subjects:
natural person(s) to whom the
personal data that are processed by
the Beontag refer, including, e.g.,
customers, employees, directors,
shareholders, and partners of third
parties.
- International transfer or
international data transfer:
transfer of personal data to another
country, at any time during
processing, including for mere
storage purposes. A transfer is not
to be confused with the
transmission, which is merely using
a medium (e.g. e-mail with a server
abroad), to a recipient in Brazil.
- Processing: all operations carried
out with personal data and sensitive
personal data, from collection to
disposal, including the mere access
and viewing of the data.
- Shared Use of Data: Communication,
dissemination, international
transfer, interconnection of
personal data, or shared processing
of bases of personal data by public
bodies and entities in compliance
with their legal powers, or between
these and private entities, on a
reciprocal basis, under specific
authorization, for one or more
processing modes allowed by these
public entities, or between private
entities.
- Users – all people who visit and
access Beontag websites or software
applications. We may also refer to
the User as “you.”
- Processing of Personal Data
The processing of personal data includes:
every operation performed with personal
data, such as those relating to the
collection, production, reception,
classification, use, access,
reproduction, transmission,
distribution, processing, archival,
storage, disposal, information
evaluation or control, modification,
communication, transfer, diffusion or
extraction.”
Under the broad legal definition, any
action listed above involving personal
data constitutes a processing activity.
Applying an effective conduct with
personal data, or resulting in a
different product, is not necessary.
Mere viewing, based on the access to
personal data, characterizes processing.
The Beontag, concerned with the
compliance of each processing performed
under our responsibility, seeks to raise
awareness of our employees and third
parties and continuously adopt security
measures.
Examples of processing performed by
the Beontag:
- Collection, reception, use, and
storage of personal data to
register new customers and keep
the base of existing customers;
- Use and communication of
personal data in official
reports to regulatory bodies;
- Control of employee information
and transmission to public
bodies, in compliance with the
applicable laws;
- Archival of third-party personal
data during the law-mandated
period;
- Deletion of personal data of
terminated employees, after the
mandatory storage period has
elapsed.
The Beontag collects data and information
from Users on our websites or software
applications when provided by the User,
and pursuant to the legal basis for
processing under the GDPL, by filling
out registration forms.
To facilitate the use of the website or
software application, the Beontag may
also collect data from the User’s
navigation or device by tracking
(cookies), authorizations granted to
websites or software applications that
provide geographic location, Internet
protocol address, information on the
date and time of use of the website by
the User, information regarding pages
accessed, the number of clicks, and the
User’s attempts to use the Website.
We emphasize that any non-sharing of
data by the User may impact the
usability and experience of accessing
the website or software applications.
Any consent from the User for the purpose
of processing personal data is collected
on an individual, clear, and specific
basis. The User may, at any time, change
his/her consent to the processing of
his/her data, either by granting new
permissions or restricting consent to
the current permissions. Other
information and guidelines related to
User consent may be identified in the
Consent Management Policy.
The Beontag provides a communication
channel to Data Subjects, publicly
accessible on our website. It can be
accessed at https://www.contatoseguro.com.br/beontag
-
-
- Importance of
collecting your
information
Information collection is intended to
provide necessary services and improve
the products and services offered, to
facilitate the User experience, enable
support and service to Users, in
addition to complying with and
performing legal, contractual, and
regulatory obligations, provide
security, and allow the regular exercise
of rights by the User and the Beontag.
Cookies are Internet files that store
what the Internet user is visiting on
websites at any given time.
Cookies can be used to allow access to
and operation of websites or software
applications; authentication cookies,
recognize Users, enabling their access
to restricted areas of websites or
software applications, and provide
contents, offers and/or services of the
Beontag or partners.
The Cookies available on the Beontag
websites allow users to have a
personalized, faster browsing experience
and improved content customization.
The User can disable cookies in his/her
browser and in the settings of the
operating system of his device or
equipment used to access websites or
software applications.
However, we don’t recommend disabling
operating cookies, as they can block or
prevent the functionalities and even the
use of websites or software
applications, especially those related
to the user experience customization,
hindering browsing through Beontag
websites.
There are two categories of agents
involved in processing operations,
namely controllers and operators.
Controllers are responsible for the
decisions to be made when processing
personal data, while operators conduct
the processing activities as ordered by
the controller.
-
- Principles and legal basis
The Beontag only carries out processing
operations in line with the GDPL
requirements, mainly in relation to our
processing principles and hypotheses
(legal basis).
Personal data will only be processed
under the following circumstances:
AGREEMENTS
|
When
required for preliminary
procedures or for the
performance of an
agreement – at the
request of the Data
Subject – to which the
Data Subject is a party;
or
|
LEGAL OR
REGULATORY
OBLIGATIONS
|
If a legal
or regulatory obligation
exists, which results in
the need to process
personal data in order
to comply therewith; or
|
CREDIT
PROTECTION
|
For credit
protection, also
concerning the
provisions of the
applicable law; or
|
REGULAR
EXERCISE OF
RIGHTS
|
For the
regular exercise of
rights in judicial,
administrative, or
arbitration proceedings,
also during a limitation
period;
|
PUBLIC
POLICY
|
If related
to the execution of a
public policy by the
government, under a
scenario where the
Beontag is legally
bound; or
|
LEGITIMATE
INTEREST
|
To meet the
legitimate interests of
the controller or a
Third Party, provided
that it meets the
requirements of the
legitimate interest
proportionality test; or
|
CONSENT
|
When the
preceding hypotheses do
not apply, and the Data
Subject has provided
consent for the precise
purpose of the
processing in question.
|
The processing operations must comply
with the aspects indicated in the Data
Mapping, especially regarding the
purposes.
As a rule, the Beontag does not process
sensitive personal data, except under
the following circumstances:
LEGAL OR
REGULATORY
OBLIGATIONS
|
If a legal
or regulatory obligation
exists, which results in
the need to process
personal data in order
to comply therewith; or
|
REGULAR
EXERCISE OF
RIGHTS
|
For the
regular exercise of
rights related to an
agreement or for
judicial,
administrative, or
arbitration proceedings,
also during a limitation
period;
|
PUBLIC
POLICY
|
If related
to the execution of a
public policy by the
government, under a
scenario where the
Beontag is legally
bound; or
|
FRAUD
PREVENTION AND
DATA SUBJECT
SECURITY
|
To ensure
fraud prevention and for
the Data Subject’s
security, specifically
in the identification
and authentication
procedures for
registration in
electronic systems; or
|
CONSENT
|
When the
preceding hypotheses
don’t apply and the Data
Subject has provided
consent in a specific
and prominent manner for
a specific purpose
linked to the processing
of sensitive personal
data.
|
All processing operations should observe
the GDPL principles, especially with
regard to the following guidelines:
Under no circumstances may personal data
and sensitive personal data be treated
in a discriminatory manner among the
Data Subjects of a certain category.
- Purpose, Suitability, and Need
In all operations, Beontag will process
the minimum necessary amount of personal
data compatible with legitimate,
specific, explicit purposes, reported to
the Data Subject, in addition to
complying with the applicable legal
basis.
- Open Access, Data Quality, and
Transparency
Beontag will ensure to the Data Subjects
easy, free-of-charge query on the
processing form and duration, as well as
accurate, informative details regarding
the processing itself and the agents
involved, as long as it does not violate
the trade or industrial secret of the
institution or a Third Party.
We also ensure the quality of the
personal data used, enabling the Data
Subjects to update these to improve
their accuracy and to bring these in
line with the processing.
- Security, Prevention, and
Accountability
The Beontag adopts security standards
commensurate to our operations,
especially when they involve the
processing of personal data, in order to
prevent security incidents.
The Beontag ensures compliance with the
rights of the Data Subjects when
processing personal data, pursuant to
the provisions mentioned below:
- Right of Access/Explanation: the
subjects of personal data processed
by the Beontag may have access and
request information such as the
confirmation that their data is
being processed by the company, as
well as information on said
processing. The replies to such
requests will be given in an
abridged or full manner, as provided
for in law, within fifteen (15) days
as of the Data Subject’s request,
except for industrial secrets;
- Right to Rectification: The subject
of personal data may request
rectification of the registration of
his/her personal data, such as
inaccurate, incorrect or outdated
data;
- Right to Erasure: The Data Subject
may request the erasure, blocking or
anonymization of his/her personal
data processed by the Beontag when
the data is excessively or illegally
processed. The Data Subject will
also be entitled to request the
erasure of his/her personal data
when the legal basis for processing
is based on consent, except in cases
of storage provided for in law;
- Right to Opposition: the data
subject may object to the processing
of his/her personal data if s/he has
not consented to such processing;
- Right to Portability: the data
subject may request the portability
of his/her personal data to another
service or product provider, upon
express request, pursuant to ANPD
regulations and the regulatory
agencies.
To meet the Data Subjects’ requests, the
Beontag has tools and mechanisms in
place intended to make the response or
compliance with these rights expedite
and effective, and to provide the proper
filing of the actions taken regarding
such request.
To this end, we make available a
communication channel for Data Subjects,
publicly accessible on our website. It
can be accessed at https://www.contatoseguro.com.br/beontag.
The Beontag adopts a restrictive conduct
regarding the international transfer of
personal data, performing it only when
strictly necessary to carry out its
activities or when there is a security
standard in place compatible with our
guidelines.
In these cases, the Beontag observes the
local laws of the target country of
transfer, for due compliance. The
Beontag also ensures the prior knowledge
of the Data Subjects on the possibility
of international transfer of their
personal data, based on contractual
clauses or specific consent, on a case
by case basis.
The Beontag also complies with the GDPL
requirements for the possibility of
international transfer:
- Personal data is transferred to
countries with an adequate degree of
protection, in line with ANPD
guidelines;
- Personal data is transferred when
the Beontag is able to take
responsibility. In this case, in
addition to observing the rights and
duties provided for in the GDPL, the
Beontag will use specific
contractual clauses or standards;
global corporate standards; and the
Personal Data Protection Compliance
Program.
- Processing of Personal Data of
Minors
The Beontag does not, as a rule, process
the personal data of minors. However,
there are times when processing such
data is necessary. In these cases, the
data will be processed in the best
interest of the minor.
In these cases, the specific and explicit
consent of the parents of the subject of
the personal data is mandatory, except
when the legal basis of the processing
includes the regular exercise (defense)
in judicial, administrative, or
arbitration proceedings, only when
referring to the processing of
adolescents’ data.
The personal data of children and
adolescents, as well as their sensitive
data, should be subject to stronger
protection compared to other personal
data. In this way, sensitive personal
data should be prominently classified.
Taking into consideration the principle
of Privacy by Design, all products and
services designed by the Beontag are
reviewed from the outset for guaranteed
privacy and protection of personal data
of the Data Subjects.
The review begins with the area
responsible for the innovation
completing the Form for Registration of
New Personal Data Processing, and is
discussed by the Data Protection
Committee, which ensures compliance with
the principle in question.
This document should be read and
construed in conjunction with the other
Policies and Procedures used by the
Beontag, as well as related laws and
regulations.
Any questions regarding this Policy
should be e-mailed to the Data Subject
Communication Channel (comitelgpd@beontag.com)
or to the Data Protection Officer (lgpd@beontag.com).
São Paulo, Tuesday, May 25, 2021.
Incumbent Details/DPO:
Suzane Oliveira Silva
Email: lgpd@beontag.com
Site: https://www.contatoseguro.com.br/beontag