Last modified: January 6, 2020.
- Important Information
- In the course of this policy, we have embraced the terms mentioned below with their respective meanings:
- National Data Protection Authority (ANPD) - It is the body that will inspect and guide the LGPD application, as well as it is responsible for the application of administrative penalties in case of breach of law.
- Legal Basis for Processing – The Personal Data processing is allowed by the LGPD in accordance with the legal basis set forth, such as the Holder’s consent, the fulfillment of legal and/or regulatory obligations by Seventh, the existence of a contract between Seventh and the Holder, analysis for credit protection, as well as legitimate interest from Seventh or the Holder.
- Biometrics - A measurable physical quality or a personal behavioral feature used to recognize or to check the identity of a person. Facial images, fingerprints, and iris patterns are role models for biometrics.
- Privacy Committee - It means the Seventh personnel committee composed of representative from the Legal Department, IT and Quality, responsible for the Seventh representation before the holders and the ANPD, as well as it will be responsible for general guidance regarding Seventh Personal Data processing.
- Consent - The Holder agrees with the processing of their Personal Data for a certain purpose through a free, informed, and unquestionable expression.
- Personal Data - It is any data related to the natural person identified or identifiable, such as: IP, geolocation, name, RG [Identification Card], CPF [Individual Taxpayer Registration Number], address, telephone, bank account, vehicle data, among other.
- Sensitive Personal Data - It the the Personal Data that presents racial or ethnic origin, religious conviction, trade union affiliation, data regarding health or sex life, genetic or biometrics data.
- Purpose - It is the reason or motivation for Personal Data processing to be accomplished.
- Legitimate Interest - Data processing accomplished by the Controller, on account of an interest of yours, of other companies or the society, so that the processing does not affect the Holder’s rights and individual freedom.
- General Data Protection Law (LGPD) - Law No. 13.704, from August 14, 2018.
- Unrestricted Access - Holder’s Right to have access to all information regarding the processing of their Personal Data.
- Opposition - It is the Holder’s right to not want their data is processed. This right can be exerted in certain specific situations.
- Security - It means the usage of technical and administrative measures suitable to protect Personal Data from unauthorized access and accidental or illegal situations of destruction, loss, change, communication, or dissemination.
- Processing - It is every operation accomplished with the Personal Data, such as: collection, production, reception, classification, usage, access, reproduction, transmission, distribution, handling, archiving, storing, elimination, evaluation, information control, communication, transfer, dissemination, or extraction.
- Holder - Natural person to whom the Personal Data refers to, who are subject of processing.
- Transparency - It is the guarantee of clear, accurate and easily accessible information to the Holders regarding the accomplishment of processing and respective processing agents, with industrial and trade secret being observed.
It only collects the personal data that is necessary for the product’s functionality.
Right assured to the user regarding access, remediation, and deletion of processed data.
The collected data is processed during a maximum term of 5 years, and in case of user’s account deletion, the collected data is processed during a maximum term of 1 year.
Third parties data collection
The tools for data collection are the ones indicated on this Policy
- We are committed to protect the privacy of users of our Services.
- This policy applies when we act as a data controller regarding personal data of users of our Services.
- Our websites, apps, and cloud services embed functionalities that allow you to set your preferences up with respect to your Personal Data and your privacy, the so-called privacy controls. By using your privacy controls, you can specify how you want Seventh to handle with your Personal Data.
- In this policy, “we” and “us” refer to Seventh.
- Your Personal Data and how we use Them
- We can process data regarding the usage of our websites, products, cloud services, and apps, and through the usage of them (“Services”). The Data Usage can include your IP address, geographical location, web browser sort and version, operating system, visit length to our websites (“Data Usage”), number of Services use, date of visit, among others. The source of Data Usage is Google Analytics. The Data Usage can be accomplished for the purpose of usage analysis of Services, products, and Seventh services. The legal basis for processing of such data is Seventh legitimate interest, as a mean to ensure the utmost Services execution and functionalities.
- We can process your Services registration data (“Registration Data”). The registrations can include name, e-mail address, address, CPF, telephone, image, photo, audio, among others. The Registration Data can be processed for purposes of Services operation, provision of products and services, security assurance of our Services, products, and services, backup maintenance of data basis and communication with our customers, including the release and access to all of the functionalities of our Services. The legal basis for processing of such data is consent.
- We can process data as of inquiries that are sent regarding the customer care (“Customer Relation Data”). The Customer Inquiry Data can include details about your questions and problems with products and/or services, and may be processed for offering of new products and/or services, marketing, response processes updating, and enhancement of customer care. The legal basis for processing such data is Seventh and its customers legitimate interest, and the compliance of legal duty.
- We can process your data obtained as of financial transactions accomplished through our Services, including for the acquisition of products and/or services (“Transaction Data”). The Transaction Data may include your address, CPF, financial and bank data, credit card number, among others, and it is processed for the provision of products and/or services, file maintenance, fulfillment of tax obligations. The legal basis for processing of such data is the fulfillment of legal obligation, specifically the tax legislation.
- We can process your Personal Data for advertisement dispatch, propaganda, and direct marketing, related to the interests of the customer in accordance with their preferences. The legal basis for processing of such data is the consent, as well as the controller legitimate interest.
- In some cases, the Seventh’ product may process data collected from third parties in the environment (“Third Party Data”). The data can include facial images, recordings, and audio, which can be classified as personal data, protected by law. The responsibility for third parties data protection, collected from Seventh products, are User’s sole responsibility, who is accountable for the application of all necessary means of effective data protection, especially, the network and products setting so that the minimum security patterns are assured. Seventh is not responsible for the illegal usage of collected data through their products, since the management of these data is inaccessible.
- Data Transfer for Third Parties
- We can release your personal data to any member of our group of companies (which means our subsidiaries, our controllers, and all of its controllers), to the extent of what is reasonably necessary for the informed goals and in accordance with the applicable legislation, as well as observed for the legal basis of processing informed on this policy.
- We can release your personal data to our insurance companies and/or professional consultants, to the extent of what is reasonably necessary for the purposes of obtaining or maintaining insurance coverage, managing of risks, obtaining professional advise, or the entrance, exercise or defense in administrative, arbitral and/or legal proceedings. Furthermore, we can release your data to our suppliers to the extent of what is reasonably necessary to offer you our products and/or services, and to ensure the security on the usage of our Services and on the usage of your personal data, such as suppliers, marketing services, and customer care, and providers of networks and cloud services.
- Our financial transactions related to our Services and to the acquisition of our products and/or services are processed by our providers of payment services, since we share the transaction data with our providers of payment services only to the necessary extension for the purposes of processing your payment, refund amounts, and deal with claims and queries related to these issues.
- Aside from the specific release of personal data established on this fourth clause, we can release your personal data whenever such release is necessary for the fulfillment of a legal and/or regulatory obligation to which Seventh is subject, as well as to protect their vital interests or the vital interests of other data holder.
- Seventh and other companies of its group has offices and premises in other countries, as well as they have providers of services in other countries (website hosting, cloud services, payment gateways, technical support, development, modeling, customization, among others). Therefore, we can convey your data to outside Brazil in view of the purposes indicated above. Seventh embraces all appropriate measures and enters into the necessary contracts with their suppliers and foreign officers to ensure that the processing of personal data outside Brazil is accomplished in accordance with LGPD and compliant with Seventh policies.
- You realize that the personal data you offer to Seventh through the Services or through our products and/or services may be available for operators worldwide.
- Insofar as this global access involves a personal Data transfer to other countries, these transfers are subject to Seventh international data transfer policy and appropriate mechanisms that provide an appropriate level of protection in compliance with LGPD.
- You realize that the personal data you offer to Seventh through the Services or through our products and/or services may be available for operators worldwide.
- Personal Data Storage and Deletion
- The personal data we process for any purpose must not be kept for more time than it is necessary for such purposes.
- We will retain your personal data as described below:
- Potential personal data such as CPF, e-mail, address, and telephone, collected through the website will be kept for a minimum term of five (5) years after the data collection, and for a maximum term of ten (10) years;
- In some cases, it is not possible to specify in advance the periods during which your personal data will be retained. In these cases, we will determine the withholding period based on the following criteria, without prejudice to others: (i) existence of a specific law or regulation which demands a fixed timeframe for data withholding; (ii) Seventh internal policies; (iii) existence of legal, administrative or arbitral proceedings; and (iv) requests for information accomplished by governmental authorities.
- Seventh can change this policy at any time, since such updates are published on our Services and may be checked at any time.
- Your Rights
- Your main rights about the data protection legislation are:
(c) access right;
- rectification right;
- processing opposition right;
- data portability right;
- pleading right before the competent authorities;
- consent withdrawal right.
- You have the right to confirm whether we process or do not process your personal data, and where we do it; you also have the right to access such personal data, together with certain additional information. These additional information include details of processing purposes, of the personal data categories at hand, and the personal data recipients. If the rights and liberties of third parties are not affected, we will provide you a copy of your personal data.
- You have the right of rectifying and updating your personal data upon request to the contact firstname.lastname@example.org.
- In some circumstances, you have the right to delete your personal data without undue delay. These circumstances include: (i) the personal data are no longer necessary regarding the purposes to which they were collected or processed; (ii) you withdraw the consent for processing based on consent; (iii) you objects to the processing; (iv) the processing is for marketing purposes; and (v) the personal data were illegally processed. However, there are exclusions to your right to object to the processing, such as when this is necessary to exert the right to freedom of speech and information, for the fulfillment of legal and/or regulatory obligations, for the performance of rights in processing, or even for Seventh legitimate interest.
- You have the right to object to the processing of your personal data for reasons related to your specific situation, but only to extent that the legal processing basis is necessary for the performance of an action carried out in view of public interest or on the exercise of any official authority invested to Seventh, or also in view of legitimate interests pursued by us or by third parties. If you raise such objection, we will no longer process your personal data unless we can prove legitimate and compelling reasons for the processing that may replace your interests, rights, and liberties, or the processing is for the establishment, exert or defense of administrative, legal, or arbitral defense.
- You have the right to object to the processing of your personal data for purposes of direct marketing. If you raise such objection, we will no longer process your personal data for this purpose.
- If you consider that the processing of your personal information violates the data protection legislation, you have the right to file a grievance to the competent authority, and to request that Seventh immediately disrupt the processing at hand.
- Insofar as the legal basis for processing of your personal data is the consent, you have the right to revoke this consent at any time. The withdrawal will not affect the lawfulness of the processing before such withdrawal.
- The auditing must be conducted no more than once during a 12-month period, over the office hours, subject to policies and regulations at Seventh place, and may not interfere on Seventh activities. If you want to use a third party to conduct the auditing, such third party must be mutually approved by you and by Seventh, subject to the execution of a confidentiality agreement approved by Seventh. After the auditing conclusion, you will provide Seventh a copy of the auditing report, which is considered a classified information under the terms of your contract with Seventh.
- You can exert any of your rights regarding your personal information through written notification for Seventh address, conveyed to the Privacy Committee or via e-mail to email@example.com.
- Cookies, Identifiers, Trackers and Third Parties Information
- A cookie is a file that has an identifier (a sequence of letters and number) which is sent through a web server to a web browser, and the browser stores it. The identifier is, thereupon, sent back to the server every time the browser requests a page of such server.
- The cookies may be “persistent” cookies or “session” cookies. A persistent cookie will be stored by a web browser and will remain disabled until the determined due date, unless it is excluded by the user before the due date. A session cookie, on the other hand, will expire by the end of the user’s session, when the web browser is closed.
- Usually cookies do not have any information that personally identify the user, but the personal information we store about you may be linked to the stored and obtained information from cookies.
- We publish ads based on Google AdSense interests in our Services. They are personalized by Google to reflect your interests. In order to reflect your interests, Google will track your behavior in our Services and in other websites using cookies.
- Most of the browser allows you to refuse to accept cookies and that you may to exclude them. The means to do so vary from browser to browser and their versions.
- The blockage of all cookies will have an adverse impact on the functionality of a great number of websites. If you want to block cookies, you will not be able to use all resources in our Services.
- We also use mobile device identifiers that are stored on your mobile device and track certain data and activities that occur on your device or through it. The mobile devices identifiers allow personal data collection (such as media access controls), in addition to not personally identifiable information (such as usage and traffic data).
- In addition to the identifiers, we also use Web Beacons that help us to better manage the content of our Websites by informing which content is effective. Web Beacons are incorporated or associated to certain e-mails or other communications you receive from us or from our partners. Web Beacons help us to track your answers and interests, and to provide content and services that are relevant to you. For instance, they can inform us when you carry out actions based on the e-mails we sent you. Web Beacons also allow us to enhance our behavioral advertisement (described below).
- We can use third party services, such as open research tools and social media, to obtain information about you (such as your name or company), and broaden your personal data, obtaining publicly available information about you, such as your job title, employment history and contact information.
- On line Behavioral Advertisement
- Some of our propaganda (“Behavioral Advertisement”) involve the usage of Tracking Tools to collect information about the on line activities of a user in the long run, and in not affiliated websites and apps, in addition to providing ads to the user based on the interests of such user (as inferred by the user’s on line activity) or the use of our Services. Behavioral advertisement may appear on our Services. We work with third parties to provide behavioral advertisement, such as advertisement networks, data exchange, traffic mediation service provider, marketing analysis service providers, and other third parties service providers. Such advertisement service providers execute services such as ease up the ads segmentation, and measure and analyze the efficacy of the advertisement on the Services. Such segmentation services help us to show behavioral advertisement tailored to your profile, and hinder the exhibition of repeated ads, in addition to allow Us to search the ads usefulness.
- You have the option to deactivate the behavioral advertisement. Contact us at firstname.lastname@example.org.
- Seventh evaluates and promptly answers the incidents occurrence that may compromise your Personal Data.
- In case Seventh is aware of any incident involving Personal Data of Services users, Seventh will notify you and the competent authorities.
- Our Data
- The Services belong to Seventh and are operated by them.
- SEVENTH is enrolled with CNPJ/MF [Corporate Taxpayer Registration Number of the Ministry of Finance] under number 04.374.350/0001-79, with headquarters in the City of Florianópolis, State of Santa Catarina, at the address Rodovia SC 401, 8600, Sala 07 Bloco 02, CEP [Zip Code] 88050-001.
- You can get in touch with us through the e-mail email@example.com.
- Privacy Committee
Head office: Rodovia SC 401, 8600, Sala 07 Bloco 02, CEP (Zip code) 88.050-001, Florianópolis, Santa Catarina, Brazil - Phone number (48) 3239 0200
Privacy Committee - e-mail: firstname.lastname@example.org