This policy , in line with the Data Protection Act (LGPD) was established by the top management and provides principles to guide the members of the company’s data privacy governance structure involving those responsible for the control of the organization, directors, officers , employees, etc., about good practices regarding the acceptable use and treatment of personal data in the context of the business processes of the company and in compliance with the protection of fundamental rights of freedom and privacy and the free development of personality of the natural person, having the protection of personal data, the following grounds
- Respect for privacy;
- Informative self-determination;
- Freedom of expression, information, communication and opinion;
- The inviolability of intimacy, honor and image;
- Economic and technological development and innovation;
- Free enterprise, free competition and consumer protection; and
- Human rights, the free development of personality, dignity and the exercise of citizenship by natural persons.
This policy applies to the processing of personal data collected by the company , directly or indirectly, of all individuals, including but not limited to current, future or potential job candidates, employees, customers, suppliers, contractors / subcontractors, partners business, shareholders or any third party, with “Personal Data” defined as any data that relates to an identified or identifiable individual or a person that can be identified by means reasonably likely to be used.
All the company’s data processing operations are in line with the assumptions provided for in the LGPD, the so-called legal bases for processing personal data. These hypotheses are:
- By providing consent by the holder;
- For the fulfillment of legal or regulatory obligation by the company;
- When necessary for the execution of a contract or preliminary procedures related to a contract to which the data subject is a party, at the request of the data subject;
- For the regular exercise of rights in judicial, administrative or arbitral proceedings, the latter under the terms of Law No. 9,307, of September 23, 1996 (Arbitration Law);
- For the protection of life or physical safety of the holder or third party ;
- When necessary to serve the legitimate interests of the company or of a third party , except in the event that the fundamental rights and freedoms of the owner prevail that require the protection of personal data;
- For credit protection, including the provisions of the relevant legislation.
2. Treatment of Personal Data
The treatment of personal data by this company will consider the treatment hypotheses described above, as well as observing good faith and the other principles established in the legal system:
- PURPOSE: effecting treatment for legitimate purposes, specific, explicit and informed to the holder, without the possibility of subsequent processing in a manner inconsistent with those purposes . Further processing will only be possible if it is compatible with these purposes . In the case of the organization, the purpose is related to the performance of its daily activities linked to its main activity, duly established by law, and with the fulfillment of a legal or regulatory obligation ;
- Adequacy: compatibility of the treatment with the purposes informed to the holder, according to the context of the treatment;
- Necessity: limitation of the treatment to the minimum necessary for the accomplishment of its purposes, with coverage of the relevant data, proportional and not excessive in relation to the purposes of the data processing;
- Free access: guarantee to holders of free and easy consultation about the form and duration of treatment, as well as about the integrity of their personal data;
- Data quality: guarantee, to the data subjects, of accuracy, clarity, relevance and updating of the data, according to the need and for the fulfillment of the purpose of its treatment;
- Transparency: guaranteeing holders clear, accurate and easily accessible information about the treatment and the respective treatment agents, observing commercial and industrial secrets;
- Security: use of technical and administrative measures to protect personal data from unauthorized access and accidental or unlawful situations of destruction, loss, alteration, communication or dissemination;
- Prevention: adoption of measures to prevent the occurrence of damages due to the processing of personal data;
- Non-discrimination: impossibility of carrying out the treatment for illicit or abusive discriminatory purposes;
- Responsibility and accountability: demonstration, by the agent, of the adoption of effective measures capable of proving the observance and compliance with the rules of protection of personal data and, even, of the effectiveness of these measures.
Collection is one of the possible processing operations to be carried out with the personal data of the holders . Considering that the data processing can be represented by a life cycle, this operation represents the initial stage responsible for obtaining the citizen’s personal data (data subject).
Bearing in mind that the collection is the initial operation of processing personal data, such operation by the institution should only be carried out by complying with the treatment hypotheses, security measures, principles, rights of the holder and other rules provided by the LGPD.
4. Holder Rights
The company will respond to requests from holders of personal data, which they will be able to obtain, upon request:
- The confirmation of the existence of personal data processing by the company ;
- The access to the personal data of the holder;
- The correction of incomplete, inaccurate or outdated data;
- The anonymization, blocking or elimination of unnecessary, excessive or treated data in non-compliance with the applicable legislation;
- The portability of the data to another service or product supplier, upon express request, in accordance with current legislation, observing commercial and industrial secrets . This portability does not include data that has already been anonymized;
- The elimination of personal data processed with the consent of the holder, except when they are necessary for the fulfillment of the company’s legal / regulatory obligation;
- The information of public and private entities with which the company made use of shared data;
- The information about the possibility of not providing consent and the consequences of such negative;
- The withdrawal of consent when all treatments performed previously will be normally considered;
- The revision of decisions taken solely on the basis of automated processing of personal data, which consequently may affect the interests of the data subjects, even regarding decisions destined to define their professional, consumer, credit profile, or aspects their personality;
- The opposition to the treatment performed based on one of the hypotheses of waiver of consent.
5. Policy update
The company may update this Policy from time to time as our business changes or legal requirements change. Significant changes to this policy will be posted on the company’s website when they become effective.
The different types of cookies we use
FINK use the following categories of cookies on our website:
Strictly necessary – These cookies are essential for certain features of our website to work. These cookies do not record identifiable personal information and we do not need your consent to place these cookies on your device. Without these cookies some services you have asked for cannot be provided.
Performance – These cookies are used to collect anonymous information about how you use our websites. This information is used to help us improve our websites and understand how effective our adverts are. In some case we use trusted third parties to collect this information for us which may include recording your use of our website but they only use the information for the purposes explained. By using our website, you agree that we can place these types of cookies on your device. You have the right to object from being recorded on our websites by clicking here.
Functionality – These cookies are used to provide services or remember settings to enhance your visit for example text size or other preferences. The information these cookies collect is anonymous and does not enable us to track your browsing activity on other websites. By using our website, you agree that we can place these types of cookies on your device.
Managing cookies – If you’d prefer to restrict, block or delete cookies from FINK, or any other website, you can use your browser to do this. Each browser is different, so check the ‘Help’ menu of your particular browser to learn how to change your cookie preferences. If you choose to disable all cookies we cannot guarantee the performance of our website and some features may not work as expected.
7. Information Security
The company adopts appropriate technical and organizational measures to protect the personal data holders´ against accidental or illegal alteration or loss, or from unauthorized use, disclosure or access . It is the company’s commitment to satisfy applicable data protection requirements that are based on privacy by design and privacy by standard principle.
The company conducts a privacy impact assessment to adopt adequate safeguards to ensure the protection of personal data. In this sense, it develops a Report on the Impact of Protection of Personal Data (RIPD), which is a fundamental document in order to demonstrate the personal data that are collected, processed, used, shared and what measures are adopted to mitigate the risks that may affect civil liberties and fundamental rights of data subjects.
8. Exercise of Holder Rights
Any doubts regarding any operation of personal data processing carried out by the company, as well as any complaints and communications and requests for clarification may be directed to: [email protected]