This is the updated version of our privacy and cookie policies.
In case of doubts, requests or complaints about the processing of your personal data, we are at your disposal through our service channels (link, chat, e-mail and/or telephone, etc.).
For the purposes of personal data protection laws, DIGITRA.COM located at ALAMEDA RIO NEGRO, 503, ADDRESS 2: 6TH FLOOR, Alphaville Centro I, Barueri - SP, ZIP Code: 06454-000, acts as the “controller” of the information collected from the users.
DEFINITIONS AND ABBREVIATIONS
ANPD: National Data Protection Authority;
BACEN: Central Bank of Brazil;
Backup: a backup copy of the personal data (information);
Cookies: file stored in the browsers for easy identification.
GDPR: Regulation (EU) 2016/679, the General Data Protection Regulation.
IP (Internet Protocol): is the protocol that identifies, locates, and establishes connections among computers connected to the Internet.
LGPD: Law No. 13,709/2018, the General Data Protection Law.
Platform: web domain [www.digitra.com] and its subdomains, applications for smartphones and tablets and/or by application programming interface (API) made available in third party environments.
Users: natural persons or legal entities, clients and visitors of our Platform.
PROCESSING OF PERSONAL DATA
LGPD AND GDPR
This policy is governed by the rules of the LGDP and GDPR concurrently. Since both standards contain equivalent provisions, we will consider the proper applications of one standard or the other to each provision herein, in the best way that it is proper.
Personal data may be collected to serve potential clients through our Platform. The data that may be collected from these potential clients are: full name, personal documents (Individual Taxpayers’ Register (CPF), ID Card (RG), etc.), contact data (e-mail, address, telephone numbers), parents’ names, marital status, professional data, financial data and proprietary information, as well as preferences and patterns of access and navigation.
Processing is carried out on the basis of the LGDP, more specifically by providing consent by the data subject (art. 7, I) and in cases where processing is necessary for the execution of an agreement or preliminary procedures related to an agreement to which the data subject is a party, at the request of the data subject (art. 7, V).
The personal data of prospective clients will be kept for an indefinite period of time, and the holder may exercise the right to request the anonymization, blocking or deletion of unnecessary data.
ANALYSIS OF USER DATA FOR THE DATA SUBJECT OR THIRD PARTIES
The processing of the Users’ data may be carried out with the purpose of enabling the granting or sharing of Users’ personal data by DIGITRA.COM, eventual partners, for specific purposes of the services provided.
The data received from partners or public databases may include: full name, personal documents (CPF, RG, etc.), contact data (e-mail, address, telephone, communication application identifiers and social media), parents’ names, marital status, spouse data, professional data, financial data, proprietary information and copies of documents.
The purposes of the processing are the execution of an agreement or of preliminary procedures related to an agreement to which the data subject is a party, at the request of the data subject, or for the protection of DIGITRA.COM or partners.
The personal data will be kept during the preliminary procedures and the execution of the agreement and indefinitely for the purpose of providing credit protection under the law.
REGISTRATION OF USERS ON THE PLATFORM
The data and documents may include: full name, personal documents, contact data (e-mail, address, telephone, communication application identifiers and social media), parents’ names, marital status, spouse data, professional data, financial data and equity information.
Personal data will be kept during the execution of the agreement and for as long as necessary to comply with legal or regulatory obligations and for the regular exercise of rights in judicial, administrative or arbitration proceedings, as the case may be.
SENSITIVE PERSONAL DATA.
If biometric data are collected, such as recording of digital, voice or image identification, this shall occur based on the legal hypotheses for the processing of sensitive personal data, in order to comply with a legal or regulatory obligation by the controller (art. 11, II, a, of the LGPD) and/or to guarantee the prevention of fraud and the security of the data subject, in the identification and authentication processes of registration in electronic systems (art. 11, II, g of the LGPD).
BROWSING DATA COLLECTION.
Under the current legislation, for the purpose of providing tax, consumer and regulatory services and obligations, the DIGITRA.COM, as an application provider, must store the following indirect personal data: access number and other identifiers (email, address IP), history of access to available digital platforms, with date and time, IP address, logical access port and session duration, access logs and contracting of services.
Information about the identification of devices, IP addresses and others for the purposes of cookies is also collected on our websites and/or applications, which may be used for commercial, statistical, security and communication improvement and User experience purposes. The User can check other details in our Term of Use and specific Cookies Policy, available on the Platform.
CONSENT AND LEGITIMATE INTEREST.
Any processing of personal data that is not provided for in this Policy shall only be carried out with the prior, free and unequivocal consent of its data subject for the specific purpose and/or service, or further, by the legitimate interest of the controller, provided that it is preceded by a privacy impact analysis, where any risks to the data subject’s individual rights and freedoms shall be assessed and mitigated.
SECURITY AND PROTECTION OF PERSONAL DATA.
Personal data is protected by the DIGITRA.COM taking into account the best information security practices and in compliance with the LGPD, GDPR and other laws and regulations in force and applicable to our products and services.
For data protection, the following apply:
physical measures for security and access control;
technical measures, such as: protection against malicious software, encryption and backup routines, and
organizational and procedural measures, including: contractual repertoire with security, privacy and compliance clauses, requiring partners and suppliers the same guarantees provided for in this policy; hiring reference logical storage companies; restriction to data considering the principles of necessity and purpose, etc.
SHARING OF PERSONAL DATA.
Personal data may be shared with public and private entities in Brazil or abroad to comply with legal or regulatory obligations.
Such data may also be shared with partners in national territory, for processing purposes, exclusively based on the purposes determined by the DIGITRA.COM and based on the legal bases for contracting or contract enforcement and fraud prevention and security of the data subject, in the identification and authentication processes of registration in electronic systems (art. 11, II, g, of the LGPD).
The sharing may, moreover, take place based on the consent of the data subject or on the legitimate interest of the DIGITRA.COM, previously evaluated by an impact report on the individual rights and freedoms of the data subject.
Personal data may be stored in cloud computing providers outside the country, duly evaluated and contracted by DIGITRA.COM to carry out the processing based on the purposes determined in this Policy.
RIGHTS OF THE DATA SUBJECT
According to the LGPD, every natural person must have guaranteed their fundamental rights of freedom, intimacy and privacy. Thus, Users can request, as of the entry into force of the legislation and through our service channels:
Confirmation of the existence of processing;
Access to their data or a copy of certain personal information that we keep about them;
Correction of incomplete, inaccurate or outdated data;
Anonymization, blocking or exclusion of unnecessary, excessive data or data processed in non-compliance with the provisions of the law;
Exclusion of personal data that may be processed exclusively based on the data subject’s consent, except in cases provided for by law;
Data portability to other service or product providers, if applicable;
Revocation of the consent previously provided;
Information about the (public or private) entities with whom their data has been shared; and
Information on the possibility of not providing consent and the consequences of denial.
In order to ensure that the User actually exercises their rights, the DIGITRA.COM may request documents or other information that may assist in their correct identification, in order to safeguard their rights and that of third parties. This shall be done if necessary, and the applicant shall receive all related information.
It should be noted that the data subject is allowed to petition with the ANPD, the consumer protection agencies and/or the Central Bank, as the case may be.
Any doubts, requests or complaints about the processing of personal data can be made through our service channels:
Address: Alameda Rio Negro, 503 - 6º andar - Cjto 609 - Alphaville Industrial - Barueri - SP - CEP: 06454-000
E-mail: [email protected]
CHANGES TO THIS POLICY.
We reserve the right to modify these rules at any time, especially to adapt them to any changes made to our services and/or our digital platforms, either by making new features available, or by suppressing or modifying the existing ones.
Whenever there is a change, our Users will be notified about the change.