PRIVACY POLICY SCIENCE TERM – LGPD

CAS Tecnologia SA, hereinafter “CAS” (“Controller”), recognizes the importance of protecting your personal information.

For this reason, the company created this “Term of Science and Privacy Policy” to demonstrate that it is committed to safeguarding your privacy and protecting your personal data in accordance with the General Data Protection Law (LGPD) – Law 13709/2018.

INTRODUCTION

The purpose of this document is to clarify which user data (“You, Data Owner”) is eventually collected, which may be from collaborators, employees, candidates, partners, customers, suppliers or any natural or legal person from our Website, (“Site”), Applications (“App”), of our Portals or Access Platforms (“Portal or Access Platform”) that, in some cases, require login with a temporary or non-provisional password.

In this sense, this “Term of Science and Privacy Policy” (“Term of Science”) clarifies how your information and personal data may be collected, why they will be used, any need or unnecessary sharing and storage, in order to offer our services (“Services”) in a way that observes the fundamental rights of freedom and privacy.

TERMS AND DEFINITIONS

• LGPD – General Data Protection Law 13709/2018: the law that provides for the processing of personal data, including in digital media, with the aim of protecting the fundamental rights of freedom and privacy.
• Controller: the natural or legal person, governed by public or private law, who is responsible for decisions regarding the processing of personal data, in the present case, CAS.
• DPO or Data Protection Officer: the person indicated to act as a communication channel between the controller, the data subjects and the National Data Protection Authority (ANPD);
• ANPD – National Data Protection Authority: the public administration body, competent to regulate, supervise the protection of personal data, under the terms of the LGPD and other legislation related to the issue.
• User: these are the individuals or legal entities that access/visit our digital channels, in the case of individuals, and may be identified in this Policy as Data Owner.
• Personal Data: any information provided by the Data Owner that identifies an individual or that identifies contact information for an individual. Personal Data does not include generic business contacts, such as email or business phone numbers that do not identify an individual.
• Anonymized data: data relating to the data owner that cannot be identified, considering the use of reasonable technical means available at the time of its treatment.
• Sensitive Personal Data: these are data whose treatment may require the intimate identification of the data subject, such as racial or ethnic origin, religious conviction, political opinion, data relating to health or sex life, genetic or biometric data.
• Cookies: these are small programs that are stored on the user’s computer through the browser, retaining information related to their preferences, not including any Personal Data.
• Database: place in electronic or physical support where the structured set of personal data is stored.

WHO MAY USE OUR SITE

Our website can be used by any interested person, and it can also be accessed by students for research purposes as a source of information relevant to their area of training, in which case, adequate citation of the source is essential.

DATA COLLECTION AND PERSONAL DATA PROCESSING

We only collect personal data when it is provided to us through our Portals or Applications, in which customers, partners, employees or candidates, by voluntarily filling out the forms, send their contacts, emails, for the purpose of requesting products or services, consultations or similar situations, or

As part of pre-contractual and/or contractual obligations and/or to improve the level of satisfaction and/or recruitment and selection and/or provision of information on products and/or services and/or compliance with audits, we may use your personal data to respond to such requests, queries or questions.

We may also automatically collect information such as characteristics of the access device, browser, IP (with date and time), IP origin, information about clicks, pages accessed, search terms entered in our portals, among others.

We will only use the data that are actually relevant and necessary for the achievement of the purposes and the intent of improving navigation and preferences.

The data provided is stored in our database to allow you to access the restricted areas of our websites, which you seek to access, being able to manage your activities in restricted areas of our website.

Personal Data may, once collected, be in any media or format, including digital format, computerized records or even paper files.

WHAT DATA DO WE COLLECT?

The data collected will be those informed by you according to each form or specific access to our portals.

PURPOSES OF USE

The collection of necessary personal data is essential for the provision of services and we also do it to meet any legal or regulatory or contractual obligations in force, whether through requests from customers, partners, suppliers, or also for compliance in the regular exercise of any contractual bond with the Holder, among others, the management, administration of resources and contractual services. Always respecting the purposes and consent when required by law.

Additionally, the information collected may be used for advertising, marketing, institutional purposes, as well as for sending information about events, surveys, brands, products, promotions and partnerships of the Company.

WILL THE DATA BE SHARED?

Under no circumstances the data and information provided will be shared with third parties. The data can be shared internally between the departments of CAS itself for management purposes, within the purposes mentioned above.
Furthermore, we may share your data when necessary for the fulfillment of orders and/or legal obligations and/or general contractual obligations.

SECURITY OF PERSONAL INFORMATION

CAS has always treated information security, with the rigor of style. Since the year 2000 in the market for solutions in technology, engineering and sciences, CAS has, since then, an internal information security policy with strict observance and rules in order to keep access safe.

Therefore, all Personal Data that may be provided to access our Portals and Applications, may be stored in the CAS database or in a database contracted by CAS in accordance with the general data protection law (LGPD).

Your data, when necessary, is only accessed by duly authorized professionals, respecting the principles of proportionality, necessity and relevance for our objectives, in addition to the commitment to confidentiality and preservation of privacy in the terms of our policies.

Our systems are protected against unauthorized access and only authorizes the access of previously established people to the place where the collected information is stored, users who have access are committed to absolute secrecy.

CAS uses several security procedures and mechanisms to protect the confidentiality, security and integrity of your data, preventing the occurrence of damages due to the processing of this data.

However, CAS cannot fully guarantee that personal data will not be accessed by unauthorized persons. If this remotely occurs, CAS will take all appropriate legal measures against possible intruders.

As already mentioned, CAS has internal policies with appropriate measures to protect your personal data and access passwords, which are personal, non-transferable and exclusively the responsibility of the Owner.

CAS applies different technological and process security measures to protect personal data collected, used or transferred against loss, misuse, alteration or destruction.

However, you should be aware that, as the Internet is an open and unprotected environment, CAS cannot be held responsible for the security of transfers of personal data via the Internet.

DATA RETENTION

CAS retains the data provided as long as your registration is active or until deletion is requested.

CAS may keep Personal Data stored even after the deadline described above or after a request for deletion if the data is necessary for legal or judicial purposes, in order to comply with legal obligations, dispute resolution or security reasons of both parties, how to avoid fraud, abuse and breach of contracts and agreements.

THIRD PARTY LINKS

Our websites may contain some links, plug-ins and third-party applications. By clicking on these links, you will allow third parties to collect or share data about you.

It is important to note that these third-party sites have their own privacy policies, under which we have no control, responsibility or liability for them.

In addition, we recommend that, when accessing these sites, you read the privacy policy of the respective.

ACCESS AND CONTROL OF YOUR PERSONAL DATA (DATA OWNER)

CAS wants to ensure that you are fully aware of all your data protection rights. The LGPD, in article 18, lists the rights of personal data owners, which we detail below:

• Right of Information and Access: You have the right to request information from us about the existence of data processing or to have access to the data provided to CAS.
• Right of correction: You can request/perform any correction of your data that is incomplete, incorrect or outdated.
• Right of deletion: You can request the deletion of data when unnecessary or excessive or treated in non-compliance with the LGPD.
• Right to revoke consent: You may request to withdraw consent if you have provided it. There is the possibility that you may also request the deletion or information about possible sharing of data when provided with consent. Except here other hypotheses that grant legal permission for data processing purposes, according to article 7 of the LGPD.

In case the Owner does not provide consent, when necessary, he will be duly informed about the negative consequences of the refusal.

CAS will make every effort to meet your requests in the shortest possible time, however the Owner must be aware that your request may be rejected for formal reasons that you must detail to the applicant.

The user may request the deletion of his data and accesses through specific functions or by e-mail addressed to the DPO of CAS.

POLICY REVIEWS

CAS keeps its privacy policy under regular review. Therefore, this Privacy Policy can be updated at any time.

Therefore, we recommend that you periodically visit this page so that you are aware of any updates.

This term has been written and complies with the LGPD.

CONTACT

If you have any questions about CAS’s, privacy policy, the legal bases for collection, processing and storage, the data we hold about you, if you would like to exercise one of your data protection rights or file a complaint, please contact us by e-mail lgpd@castecnologia.com.br.