Applicable policy for using the G2 Price Search Configurator application

Privacy Policy Summary

Personal Data is processed for the following purposes and using the following services:

1. Goal

Inform all GERTEC customers and employees regarding the application of the General Data Protection Law – LGPD.

2. Scope

It applies to all GERTEC customers and employees.

3. Process description

GERTEC needs to collect and process data from its customers in the scope of providing services for the production and sale of high-tech equipment and solutions for means of payment, commercial and banking automation, research solutions, research, time and attendance recording terminals.
In this sense, this Privacy Policy and Personal Data of GERTEC (hereinafter “Privacy Policy”), aims at helping our customers to understand what personal data we collect, how and why we use them, to whom we disclose and how we protect your privacy when using our services.

4. Why?

GERTEC is committed to protecting the security and privacy of its customers. In this context, it prepared this Privacy Policy, in order to affirm its commitment and respect for the rules of privacy and protection of personal data.

We want our customers to know the general rules of privacy and the terms of treatment of the data we collect, in strict compliance with the applicable legislation in this area, namely Law No. 13,709 of August 14, 2018 (“General Data Protection Law – LGPD” or simply “LGPD”).

GERTEC seeks to respect the best practices in matters of security and protection of personal data, promotion/awareness of good practices in this area, and improving systems in order to manage the protection of data made available to it by client companies, in strict compliance of legal obligations.

Completing the data collection forms and providing data directly or indirectly implies knowledge of the conditions of this Policy, and of any other specific terms, policies and conditions regarding the services provided.

5. What is Personal Data?

Personal data is understood to be any information related to identified or identifiable natural persons (data subject), of any nature and regardless of the respective support. A person who can be identified directly or indirectly is considered identifiable, namely by reference to an identification number or to more specific elements of their physical, physiological, psychic, economic, social or cultural identity.

Personal data may have a different nature in certain situations, being classified under the LGPD as “sensitive data”. These may address the holder’s racial or ethnic origin, political opinions, religious or philosophical beliefs, genetic information, geometric identifiers, sex life, sexual orientation or health information.

6. Other important settings

6.1. Consent of the data subject

Expression of free, specific, informed and explicit will, whereby the data subject accepts, by means of an unequivocal positive declaration or act, that the personal data concerning him/her be processed.

6.2. Controller

Natural or legal person, of public or private law, who are responsible for decisions regarding the processing of personal data.

6.3. Profiling

Any form of authorized processing of personal data to, in particular, include a natural person in a certain category, regarding their professional performance, economic situation, health, personal preferences, interests, behavior, location or travel.

6.4. Data Protection Officer (DPO)

Person or entity appointed to ensure, in an organization, the compliance of processing of personal data with the LGPD, ensuring efficient communication with data subjects and cooperation with control authorities, also bridging the different areas of activity within GERTEC. The DPO does not receive instructions regarding its office obligations, responding directly to the management bodies of the entity that appointed him/her;

6.5. Person in charge of handling

Natural or legal person, public authority, agency or other body that, individually or jointly with others, determines the purposes and means of processing personal data.

6.6. Third-party

Natural or legal person, service or body that is not the data subject, the Controller, the Operator and persons who, under the direct authority of the Controller or the Operator, are authorized to process personal data.

6.7. Data subject

Identified or identifiable natural person to whom the personal data relates.

6.8. Handling

Operation or set of operations carried out on personal data or on a set of personal data, by automated or non-automated means, such as collection, registration, organization, structuring, conservation, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of making available, comparing or interconnecting, limiting, erasing or destroying data;

6.9. Operator

Natural or legal person, governed by public or private law, who processes personal data on behalf of the controller.

6.10. Personal Data Violation

Breach of security that causes, accidentally or unlawfully, the destruction, loss, alteration, disclosure or unauthorized access to personal data transmitted, preserved or subject to any other type of handling;

6.11. Pseudonymization

Processing of personal data in such a way that they can no longer be attributed to a specific data subject without resorting to supplementary information, provided that such supplementary information is kept separately and subject to technical and organizational measures to ensure that personal data cannot be attributed to an identified or identifiable natural person.

6.12. Anonymization

Technique that results from the processing of personal data in order to remove sufficient elements so that it is no longer possible to irreversibly identify the data subject. More precisely, the data must be processed in such a way that it can no longer be used to identify a natural person using the sets of means likely to be reasonably used, either by the controller or by third parties.

6.13. National Data Protection Authority

Public administration body responsible for overseeing, implementing and monitoring compliance with the Law;

7. Who is responsible for the processing of your personal data?

This Privacy Policy aims at informing customers about the terms of processing of personal data by GERTEC, determining the purposes and means of processing their data in the context of providing services for the production and sale of high-tech equipment and solutions for means of payment, commercial and banking automation, research solutions, consultation terminals and time attendance registration data, so it must be considered a Controller, under the terms of the LGPD.

Thus, when serviced by a third party independently, by mandate and order of GERTEC, this third party will be considered an Operator, under the terms of the LGPD. Thus, if there is any question regarding the privacy of the customer’s data, we ask that you also indicate who this third party is, when applicable, for the purpose of determining any infringement, intent, negligence, recklessness or malpractice.

Under the terms of this Policy, GERTEC’s contracting companies are aware of the responsibility for the handling of personal data of customers, which they receive from GERTEC for the publicity and advertising management services provide

8. What personal data do we collect through the app and through what means?

GERTEC collects personal information provided by the user, information capable of identifying them. This information collected may vary according to your use of GERTEC, as well as the type of information you choose to provide us.

The types of personal data that GERTEC collects, by itself or through third parties include geographic position, precise location permission (uninterrupted), precise location permission (uninterrupted); approximate location permission (temporary), Bluetooth sharing permission.

Full details about each type of Personal Data collected are provided in the dedicated sections of this privacy policy or by specific explanatory text displayed prior to data collection.

Personal data may be freely provided by the user, or, in the case of Usage Data, collected automatically when using the application. Unless otherwise specified, all Data requested by this application is mandatory and failure to provide such data may make it impossible for this application to provide its services. In cases where this application specifically states that some data is not mandatory, users are free to stop communicating that data without any consequences for the availability or functioning of the service.

Users who have questions about which personal data are mandatory are invited to contact the owner. Any use of cookies – or of other tools or tracking by the application, will be for the purpose of providing the services requested by the user, in addition to the other purposes described in this document and in the Cookie Policy, if available.

Users are responsible for any third-party personal data that is obtained, published or shared through this service (this application) and confirm that they have the third party’s authorization to provide the data to the owner.

The Application collects personal information from you when you also access our websites or contact us through other sources, such as when you: (i) visit/browse our websites; (ii)fill in forms on our website; (iii) participate and/or fill out forms at an event; (iv) places or attempts to place an order; (v) register an account/as a customer; (vi) send us an email; (vii) participate in surveys; (viii) communicates or interacts with a customer service representative.

All this information collected by GERTEC is cumulative, so that GERTEC and its operators can provide a better service.

9. Category of data worked, means and forms of collection.

The customer will always be duly informed of the obligation to make this data available to continue the registration process with GERTEC.

When the customer creates a registration with GERTEC, the following data is collected: full name, address, CPF/CNPJ, e-mail, telephone, login and password. And when you make a purchase, we collect bank details, credit card details.

This data may be shared with employees and service providers for the purpose of managing the sales of GERTEC’s products.

The buyers’ data are passed on to PagSeguro or Caixa Aqui.

10. What are the purposes of collecting your personal data?

GERTEC is a technology company, and its objective is to provide services that include planning and development, manufacturing, sales, technical support and maintenance of commercial automation products for its customers. For this to happen, it is often necessary to cross-reference the data we collect, so that marketing actions target what the customer expects to receive from GERTEC.

GERTEC has sales channels through e-commerce, points of resale, distributor, Caixa Aqui Web, and to better serve them (customers), we need to collect data during purchase, technical support or maintenance, so that the work is performed efficiently.

In this sense, we use personal data to communicate and manage our customer relationship. So, we may contact you by letter, email, social media or SMS, for administrative or operational reasons, for example, in order to send you news that may be of interest to you. We will also use your personal data to respond to your requests, suggestions or contacts, to improve our services and your experience as a GERTEC customer.

We also use cookie technology and similar technologies during browsing to analyze user preferences.

We may use the categories of personal information mentioned above for one or more of the following business purposes:

11. On what basis do we process your personal data?

GERTEC will process your personal data only when it is duly authorized. The LGPD requires, for the processing of personal data to be lawful, that there is a suitable legal basis for each specific treatment.

Regarding the processing of your data carried out by GERTEC to improve our services and improve our administrative and quality goals, the appropriate legal basis will be the pursuit of the Controller’s legitimate interests, as well as Contractual Compliance, when applicable, in addition to the customer consent. This implies that data subjects can object to the processing of their data for the aforementioned purposes, under the LGPD, if they present valid reasons related to their particular situation. In such an event, the Controller may present legitimate reasons that justify the continuation of such processing, in which case it reserves the right to continue processing your data for these purposes, as in cases where such processing is necessary for the purpose of declaration, exercise or defense of a right in legal proceedings.

Regarding the processing of data carried out by GERTEC in the context of compliance with legal obligations, the legal basis for carrying out such treatments – mostly data communications to external entities – will be the need for processing for the purpose of compliance with Controller’s legal obligations, including contractual compliance or legitimate interest.

GERTEC shares your data (name, address, telephone) with shipping companies for the purpose of delivering products purchased via the online store.

GERTEC may process Personal Data related to the User if one of the following applies:

In any case, GERTEC will gladly collaborate to clarify the legal basis that applies to the processing, and in particular if the provision of data is a mandatory requirement by law or contractual obligation, or a necessary requirement to conclude a contract.

12. Which GERTEC professionals have access to your data?

Within the scope of the processing of your personal data, GERTEC observes, at all times, the principles of data protection from conception (privacy by design). Such commitment implies, among other things, that your personal data will be of limited access to people who need to know them in the exercise of their functions, to the strictest extent necessary for the pursuit of the processing purposes that we have already listed above.

13. What is the retention period of your personal data?

The personal data of GERTEC’s customers are treated in strict compliance with the applicable legislation, being stored in specific databases. Such data are kept in a format that allows the identification of data subjects only for the period necessary for the purposes for which they are processed.

The period of time during which the data is stored and kept varies according to the purpose for which the information is used. There are, however, legal requirements that oblige us to keep the data for a certain period. We take as a reference for determining the appropriate retention period the various deliberations of the data protection control authorities, namely the National Data Protection Authority – ANPD.

14. What are the rights of data subjects?

Pursuant to the applicable legislation, the data subject may request, at any time, access to personal data concerning them, as well as their rectification, portability of their data, directly through the email: or through face-to-face contact with GERTEC.

Without prejudice to any other administrative or judicial remedy, the data subject has the right to submit a complaint to the ANPD or to another competent control authority under the law, if he considers that his data are not being subject to legitimate handling by GERTEC, under the terms of the applicable legislation and this Policy.

The Holder of Personal Data has the following rights before GERTEC:

Without prejudice to any other administrative or judicial remedy, the data subject has the right to submit a complaint to the ANDP or to another competent control authority under the law, if he considers that his data are not being subject to legitimate handling by GERTEC, under the terms of the applicable legislation and this Policy.

15. What are the security measures adopted by GERTEC?

GERTEC is committed to ensuring the confidentiality, protection and security of its customers’ personal data, through the implementation of appropriate technical and organizational measures to protect their data against any form of improper or illegitimate treatment and against any accidental loss or destruction of such data. For this purpose, we have systems and teams to guarantee the security of the personal data processed, creating and updating procedures that prevent unauthorized access, accidental loss and/or destruction of personal data, committing to respect the legislation on data protection. customers’ personal data and to process this data only for the purposes for which it was collected, as well as to ensure that this data is treated with adequate levels of security and confidentiality.

GERTEC may, in some cases, transmit your personal data to third parties. GERTEC has defined clear and contractual rules for the processing of personal data with its operators and requires them to adopt the appropriate technical and organizational measures to protect their personal data. However, in some cases, we may be required by law to disclose your personal data to third parties (such as supervisory authorities) over whom we have limited control regarding the protection of personal data.

The information base stored by GERTEC can be made available to strategic business partners aiming at the benefit and generation of mutual results, such as the supply or improvement of our products, services and advertising.

GERTEC is not responsible for the use and handling given by GERTEC’s business and economic partners to customer data collected and shared, being the responsibility of the company or partner that uses them to give due handling and use.

It may be necessary – by law, legal process, litigation and/or requests from public and governmental authorities inside or outside your country of residence – for GERTEC to disclose your personal information. We may also disclose your information if we determine that, for national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate.

We may also disclose your information if we determine that disclosure is reasonably necessary to enforce our terms and conditions or protect our operations or users. Also, in the event of a reorganization, merger or sale, we may transfer any and all of the personal information we collect to relevant third parties.

16. Under what circumstances is there communication of data to other entities?

GERTEC uses other entities to provide certain services. Eventually, this provision of services may imply access, by these entities, to personal data of their customers. This will be the case for entities that provide services for GERTEC’s IT systems.

Thus, any entity that characterizes itself as an Operator of GERTEC will process the personal data of our customers, in our name and on our behalf, in the strict obligation to follow our instructions. GERTEC ensures that such entities that are characterized as Operators offer sufficient guarantees for the execution of appropriate technical and organizational measures so that the handling meets the requirements of the applicable law and ensures the security and protection of data subjects’ rights, under the terms of the subcontracting agreement entered into with the aforementioned Operators.

GERTEC may also transmit its customers’ personal data to third parties, when it deems such data communications to be necessary or appropriate:

In this sense, GERTEC may transmit your personal data to any Contracting Public Entity, to the Courts, Solicitors, to the criminal police bodies or to the Public Prosecutor’s Office when notified for this purpose or when this is necessary for the fulfillment of legal obligations, as legally provided.

In any of the aforementioned situations, GERTEC undertakes to take all reasonable measures to ensure the effective protection of the personal data it processes.

17. Device permissions for accessing personal data

Depending on the User’s specific device, this Application may request certain permissions that allow access to the User’s device data as described below.

PBy default, these permissions must be granted by the user before the respective information can be accessed. Once permission has been given, it can be revoked by the user at any time. To be able to revoke these permissions, users must check the device settings or contact the Owner for support through the contact details provided in this document. The exact procedure for controlling application permissions may depend on the User’s devices and software.
Please note that revoking such permissions may affect the proper functioning of this application.

If the user grants any of the permissions listed below, this respective Personal Data may be processed (i.e., accessed, modified or removed) by this application.

Bluetooth sharing permission

Used to access Bluetooth-related functions such as scanning to find devices, connecting to devices, and enabling data transfer between devices.

Approximate location permission (continuing)

Used to access the approximate location of the user’s device. This application may collect, use and share user location data in order to provide location-based services.

Approximate location permission (temporary)

Used to access the approximate location of the user’s device. This application may collect, use and share user location data in order to provide location-based services.
The user’s geographic location is determined in a non-disruptive manner. This means that it is impossible for this application to obtain the approximate position of the user uninterruptedly.

Precise location permission (continuing)

Used to access the precise location of the user’s device. This application may collect, use and share user location data in order to provide location-based services.

Precise location permission (temporary)

Used to access the precise location of the user’s device. This application may collect, use and share user location data in order to provide location-based services.

A localização geográfica do Usuário é determinada de maneira que não é ininterrupta. Isto significa que é impossível para Este Aplicativo obter a posição exata do Usuário de forma ininterrupta.

How “Do Not Track Me” requests are handled

This app does not support “Do not track me” requests. To determine whether any of the third-party services you use “Do Not Track Me” requests, please read the privacy policies.

Detailed information about the processing of Personal Data: Personal data is collected for the following purposes and using the following services.

18. Contact us

You may contact GERTEC’s Data Protection Officer (“DPO”) for more information on the processing of your personal data, as well as any questions related to the exercise of the rights attributed to you by the applicable legislation and, in particular, the aforementioned in this Privacy Policy, through the following contacts.


19. Right to non-discrimination for the exercise of your privacy rights

We will not discriminate against you for exercising any of the rights described above. This includes, but is not limited to: (i) deny you goods or services; (ii) charge you different prices or fees for goods or services, including through the use of discounts or other benefits or the imposition of penalties; (iii) provide a different level or quality of goods or services, or (iv) suggest that you will receive a different price or rate for goods or services or a different level or quality of goods and services.

20. How do I find out about changes to the Privacy Policy

GERTEC reserves the right, at any time, to make changes or updates to this Privacy Policy, these changes being duly updated on our Platforms. We suggest that you check them regularly to be aware of any changes.