Acesso rápido
Toggle1. Goal
Inform all GERTEC customers and employees regarding the application of the General Data Protection Law – LGPD.
2. Scope
It applies to all GERTEC customers and employees.
3. Process description
GERTEC needs to collect and process data from its customers in the scope of providing services for the production and sale of high-tech equipment and solutions for means of payment, commercial and banking automation, research solutions, research, time and attendance recording terminals.
In this sense, this Privacy Policy and Personal Data of GERTEC (hereinafter “Privacy Policy”), aims at helping our customers to understand what personal data we collect, how and why we use them, to whom we disclose and how we protect your privacy when using our services.
4. Why?
GERTEC is committed to protecting the security and privacy of its customers. In this context, it prepared this Privacy Policy, in order to affirm its commitment and respect for the rules of privacy and protection of personal data.
We want our customers to know the general rules of privacy and the terms of treatment of the data we collect, in strict compliance with the applicable legislation in this area, namely Law No. 13,709 of August 14, 2018 (“General Data Protection Law – LGPD” or simply “LGPD”).
GERTEC seeks to respect the best practices in matters of security and protection of personal data, promotion/awareness of good practices in this area, and improving systems in order to manage the protection of data made available to it by Customer companies, in strict compliance of legal obligations.
The reception and processing of data by GERTEC implies knowledge of the conditions of this Policy, and of any other specific terms, policies and conditions regarding the services provided.
5. What is personal data
Personal data is understood to be any information related to identified or identifiable natural persons (data subject), of any nature and regardless of the respective support. A person who can be identified directly or indirectly is considered identifiable, namely by reference to an identification number or to more specific elements of their physical, physiological, psychic, economic, social or cultural identity.
Personal data may have a different nature in certain situations, being classified under the LGPD as “sensitive data”. These may address the holder’s racial or ethnic origin, political opinions, religious or philosophical beliefs, genetic information, geometric identifiers, sex life, sexual orientation or health information.
6. Other important settings
Personal data is understood to be any information related to identified or identifiable natural persons (data subject), of any nature and regardless of the respective support. A person who can be identified directly or indirectly is considered identifiable, namely by reference to an identification number or to more specific elements of their physical, physiological, psychic, economic, social or cultural identity.
Personal data may have a different nature in certain situations, being classified under the LGPD as “sensitive data”. These may address the holder’s racial or ethnic origin, political opinions, religious or philosophical beliefs, genetic information, geometric identifiers, sex life, sexual orientation or health information.
6.1. Consents of the data subject
Expression of free, specific, informed and explicit will, whereby the data subject accepts, by means of an unequivocal positive declaration or act, that the personal data concerning him/her be processed.
6.2. Controller
Natural or legal person, of public or private law, who are responsible for decisions regarding the processing of personal data.
6.3. Profiling
Any form of authorized processing of personal data to, in particular, include a natural person in a certain category, regarding their professional performance, economic situation, health, personal preferences, interests, behavior, location or travel.
6.4. Data protection officer (DPO)
Person or entity appointed to ensure, in an organization, the compliance of processing of personal data with the LGPD, ensuring efficient communication with data subjects and cooperation with control authorities, also bridging the different areas of activity within GERTEC. The DPO does not receive instructions regarding its office obligations, responding directly to the management bodies of the entity that appointed him/her;
6.5. Person in charge of handling
Natural or legal person, public authority, agency or other body that, individually or jointly with others, determines the purposes and means of processing personal data.
6.6. Third-party
Natural or legal person, service or body that is not the data subject, the Controller, the Operator and persons who, under the direct authority of the Controller or the Operator, are authorized to process personal data.
6.7. Data subject
Identified or identifiable natural person to whom the personal data relates.
6.8. Handling
Operation or set of operations carried out on personal data or on a set of personal data, by automated or non-automated means, such as collection, registration, organization, structuring, conservation, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or any other form of making available, comparing or interconnecting, limiting, erasing or destroying data;
6.9. Operator
Natural or legal person, governed by public or private law, who processes personal data on behalf of the controller.
6.10. Breach of personal data
Breach of security that causes, accidentally or unlawfully, the destruction, loss, alteration, disclosure or unauthorized access to personal data transmitted, preserved or subject to any other type of handling;
6.11. Pseudonymization
Processing of personal data in such a way that they can no longer be attributed to a specific data subject without resorting to supplementary information, provided that such supplementary information is kept separately and subject to technical and organizational measures to ensure that personal data cannot be attributed to an identified or identifiable natural person.
6.12. Anonymization
Technique that results from the processing of personal data in order to remove sufficient elements so that it is no longer possible to irreversibly identify the data subject. More precisely, the data must be processed in such a way that it can no longer be used to identify a natural person using the sets of means likely to be reasonably used, either by the controller or by third parties.
6.13. National Data Protection Authority
Public administration body responsible for overseeing, implementing and monitoring compliance with the Law;
7. Who is responsible for processing your personal data?
This Privacy Policy aims at informing customers about the terms of processing of personal data by GERTEC, determining the purposes and means of processing their data in the context of providing services for the production and sale of high-tech equipment and solutions for means of payment, commercial and banking automation, research solutions, consultation terminals and time attendance registration data, so it must be considered a Controller, under the terms of the LGPD.
In addition to the production and sale of equipment, GERTEC also performs maintenance of products manufactured and sold to its customers.
Thus, when serviced by a third party independently, by mandate and order of GERTEC, this third party will be considered an Operator, under the terms of the LGPD. Thus, if there is any question regarding the privacy of the customer’s data, we ask that you also indicate who this third party is, when applicable, for the purpose of determining any infringement, intent, negligence, recklessness or malpractice.
There is also a relationship of co-responsibility for the processing of customers’ personal data for the purposes of administrative and financial management of the services that are provided and for compliance with all contractual provisions established between GERTEC and its employees and related parties.
Under the terms of this Policy, GERTEC’s contracting companies are aware of the responsibility for the handling of personal data of customers, which they receive from GERTEC for the publicity and advertising management services provided.
8. What personal data do we collect and through what means?
GERTEC collects information received by customers, information capable of identifying them. This information collected may vary according to your use of GERTEC, as well as the type of information you choose to provide us.
GERTEC has sales channels through e-commerce, points of resale, distributor, Caixa Aqui Web.
For the smooth running of the service provided by the management of the client company or individual client, provide some information, such as CPF/CNPJ, email, telephone, address, bank details, among others. GERTEC may use a specific system, through which other information is also provided.
All this information also collected by GERTEC is cumulative, so that GERTEC and its operators can provide a better service.
9. Category of data worked, means and forms of collection
Customers will always be duly informed of the obligation to make this data available for the provision of production, sales, technical support and maintenance services for high-tech equipment and solutions for means of payment, commercial and banking automation.
When the client hires GERTEC’s services, the following data are collected: name, company and partners data, address, telephone, email, contracts. Customer data in complaints (SAC, Reclame Aqui and Procon). Individual customer data for product delivery (name, CPF, address, contact). Customer data in the digital service report. Note: this data must be provided (the customer being duly informed about the mandatory availability of this data for the management of the company’s business).
This data can be shared with employees, service providers and partners so that they can carry out some type of processing of this data. We can provide customer data to partner shipping companies, aiming at the delivery of products purchased in our company.
10. What are the purposes for collecting your personal data?
GERTEC is a technology company, and its objective is to provide services that include planning and development, manufacturing, sales, technical support and maintenance of commercial automation products for its customers.
GERTEC has sales channels through e-commerce, points of resale, distributor, Caixa Aqui Web, and to better serve them (customers), we need to collect data during purchase, technical support or maintenance, so that the work is performed efficiently.
Customers’ personal data is processed to provide a better service for the company’s business management. For this to happen, it is often necessary to cross-reference the data we collect, so that marketing actions target what the customer expects to receive from GERTEC.
In this sense, we may contact you by letter, email, social media or SMS, for administrative or operational reasons, for example, in order to send you news that may be of interest to you. Also, we will use your personal data to respond to suggestions or contacts, to improve our services and your experience as a GERTEC customer.
We also use cookie technology and similar technologies during browsing to analyze user preferences, but the data is anonymized.
11. On what basis do we process your personal data?
GERTEC will process your personal data only when it is duly authorized. The LGPD requires, for the processing of personal data to be lawful, that there is a suitable legal basis for each specific treatment.
Regarding the processing of your data carried out by GERTEC to improve our services and fulfill our administrative and quality objectives, the appropriate legal basis will be the pursuit of the Controller’s legitimate interests, as well as Contractual Compliance, when applicable, in addition to the customer’s consent. This implies that data subjects can oppose the processing of their data for the aforementioned purposes, under the LGPD, if they present valid reasons related to their particular situation. In such an event, the Controller may present legitimate reasons that justify the continuation of such processing, in which case it reserves the right to continue processing its data for these purposes, as well as in cases where such processing is necessary for the purposes of declaration, exercise or defense of a right in legal proceedings.
The data processing carried out by GERTEC in the context of compliance with legal obligations, the legal basis for carrying out such processing – mostly data communications to external entities – will be the need for processing for the purpose of complying with legal obligations of the Controller.
12. Which Gertec professionals have access to your data?
Within the scope of the processing of your personal data, GERTEC observes, at all times, the principles of data protection from conception (privacy by design). Such a commitment implies, among other things, that your personal data will be limited access to people who need to know them in the exercise of their functions, to the strictest extent necessary for the pursuit of the processing purposes that we have already listed above.
13. What is the retention period of your personal data?
The personal data of GERTEC’s customers are treated in strict compliance with the applicable legislation, being stored in specific databases. Such data are kept in a format that allows the identification of data subjects only for the period necessary for the purposes for which they are processed.
The period of time during which the data is stored and kept varies according to the purpose for which the information is used. There are, however, legal records that oblige us to keep the data for a certain period of time. We take as a reference for determining the appropriate retention period the various deliberations of the data protection control authorities, namely the National Data Protection Authority – ANPD.
14. What are the rights of data subjects?
Pursuant to the applicable legislation, the data subject may request, at any time, access to personal data concerning them, as well as their rectification, portability of their data, directly through the email: privacidade@gertec.com.br or through face-to-face contact with GERTEC.
Without prejudice to any other administrative or judicial remedy, the data subject has the right to submit a complaint to the ANPD or to another competent control authority under the law, if he considers that his data are not being subject to legitimate handling by GERTEC, under the terms of the applicable legislation and this Policy.
The Holder of Personal Data has the following rights before GERTEC:
- Confirmation of treatment assistance;
- Access to data;
- Correction of incomplete, inaccurate or outdated data;
- Anonymization, blocking or elimination of unnecessary, excessive or treated data in violation of the provisions of this Law;
- Data portability to another service or product provider, upon express request and observing commercial and industrial secrets, in accordance with the regulation of the controlling body;
- Deletion of personal data processed with the consent of the holder.
- Information on the public and private entities with which the controller made shared use of data;
- Information about the possibility of not providing consent and about the consequences of denial;
- Revocation of Consent.
15. What are the security measures adopted by Gertec?
GERTEC is committed to ensuring the confidentiality, protection and security of its customers’ personal data, through the implementation of appropriate technical and organizational measures to protect their processed personal data, creating and updating procedures that prevent unauthorized access, accidental losses and/or or destruction of personal data, undertaking to respect the legislation on the protection of customers’ personal data and to treat such data only for the purposes for which they were collected, as well as to ensure that these data is handled with suitable levels of security and confidentiality.
GERTEC may, in some cases, transmit your personal data to third parties.
GERTEC has defined clear contractual rules in the processing of personal data with its operators and requires them to adopt the appropriate technical and organizational measures to protect their personal data to third parties (such as control authorities) over which we have limited control in regard to the protection of personal data.
The information database formed by GERTEC can be made available to strategic business partners aiming at the benefit and generation of mutual results, such as the supply and improvement of our products, services and advertising.
GERTEC is not responsible for the use and handling given by GERTEC’s business and economic partners to customer data collected and shared, being the responsibility of the company or partner that uses them to give due handling and use.
It may be necessary – by law, legal process, litigation and/or requests from public and governmental authorities inside or outside your country of residence – for GERTEC to disclose your personal information. We may also disclose your information if we determine that, for national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate.
We may also disclose your information if we determine that disclosure is reasonably necessary to enforce our terms and conditions or protect our operations or customers. Also, in the event of a reorganization, merger or sale, we may transfer any and all of the personal information we collect to relevant third parties.
16. Under what circumstances is there communication of data to other entities?
GERTEC uses other entities to provide certain services. Eventually, this provision of services may imply access, by these entities, to personal data of their customers. This will be the case for entities that provide support services for GERTEC’s IT systems.
Thus, any entity that characterizes itself as an Operator of GERTEC will process the personal data of our customers, in our name and on our behalf, in the strict obligation to follow our instructions. GERTEC ensures that such entities that are characterized as Operators offer sufficient guarantees for the execution of appropriate technical and organizational measures so that the handling meets the requirements of the applicable law and ensures the security and protection of data subjects’ rights, under the terms of the subcontracting agreement entered into with the aforementioned Operators.
GERTEC may also transmit its customers’ personal data to third parties, when it deems such data communications to be necessary or appropriate:
- in light of applicable law;
- in compliance with legal obligations/court orders, and;
- to respond to solutions from public or governmental authorities.
In this sense, GERTEC may transmit your personal data to any Contracting Public Entity, to the Courts, Solicitors, to the criminal police bodies or to the Public Prosecutor’s Office when notified for this purpose or when this is necessary for the fulfillment of legal obligations, as legally provided.
In any of the aforementioned situations, GERTEC undertakes to take all reasonable measures to ensure the effective protection of the personal data it processes.
17. Contact us
You may contact GERTEC’s Data Protection Officer (“DPO”) for more information on the processing of your personal data, as well as any questions related to the exercise of the rights attributed to you by the applicable legislation and, in particular, the aforementioned in this Privacy Policy, through the following contacts.
Email: privacidade@gertec.com.br
18. Right to non-discrimination for the exercise of your Privacy Rights
We will not discriminate against you for exercising any of the rights described above. This includes, but is not limited to: (i) deny you goods or services; (ii) charge you different prices or fees for goods or services, including through the use of discounts or other benefits or the imposition of penalties; (iii) provide a different level or quality of goods or services, or (iv) suggest that you will receive a different price or rate for goods or services or a different level or quality of goods and services.
19. How do I find out about privacy policy changes?
GERTEC reserves the right, at any time, to make changes or updates to this Privacy Policy, these changes being duly updated on our Platforms. We suggest that you check them regularly to be aware of any changes.