This site is maintained and operated by HoldBrasil

We collect and use some personal data that belongs to the users of our site.

By doing this, we are acting in the capacity of “Controller” of such data and are thus subject to the provisions in Federal Act 13709/2018 (the Data Protection Act of Brazil or “DPA”).

We care about protecting your personal data. Therefore, we have made this Privacy Policy available containing important information on:

  • Who should be using our site;
  • What data we collect and what we do with it;
  • Your rights in relation to your own personal data;
  • How to contact us.

1. What data we collect and why

Our site collects and uses some personal data from our users as described in this section.

Personal data expressly provided by users

We collect the following types of personal data that our users expressly provide by completing the contact form:

  • Name
  • Telephone number
  • Subject
  • Email address

This data is collected when:

Users complete, of their own volition, the contact form

Data provided by our users is collected for the following purposes:

Receiving a reply after completing the fields on the link: http://83d.a22.myftpupload.com/contact if applicable, subscribing to our mailing list to receive information and/or, if applicable, receiving invitations to events.

2. Sensitive Data

No sensitive data, as defined in Art. 11 et seq. of the Personal Data Protection Act, will be collected from our users. Therefore, we will not collect data regarding one’s racial or ethic background, religious beliefs, political views, membership to a union or to a religious, philosophical or political organization, genetic or biometric information, if associated with a natural person.

3. Cookies

Cookies are small text files that are downloaded automatically onto your device when you access or browse a site. Their purpose basically is to allow devices, activities and user preferences to be identified.

Cookies do not allow any file or piece of information to be extracted from a user’s hard drive. Furthermore, they do not allow access to personal information other than that provided by the user or by how a user engages with the site’s features.

a. Site Cookies

Site cookies are cookies sent to an administrator and user’s computer or device exclusively by the site.

Information collected through these cookies is used to improve and tailor user experience, including aggregate or non-aggregate analytics on user behavior. Some cookies can be used, for example, to save user preferences and choices and to offer customized content.

b. Managing Cookies

Users may decline the cookies on this site by turning this option off on their browsers. For more information about how to turn these settings off on some of the most popular browsers can be found at the links below:

However, disabling cookies may affect whether some of the site’s tools and features, thus compromising the correct and expected performance. Another potential consequence is that any preferences a user might have saved will be deleted, affecting the overall experience.

4. Collection of data not expressly disclaimed

Other types of data not expressly disclaimed in this Privacy Policy may be collected, provided that with the user’s consent or that such collection is allowed pursuant another regulation provided for by law.

In all cases, data collection and handling activities arising out thereof will be disclosed to the users of this site.

5. Sharing personal data with third parties

We do not share your personal data with third parties. However, personal data may be shared if we are required to do so to comply with a court order or a regulation or to comply with an order issued by a governmental authority.

6. How long will your personal data be stored

Personal data collected via the site will be stored and used for however long is required to achieve the purposes listed in this document provided that such storage will abide by the rights of its holders, the rights of the site’s Controllers and the legal or regulatory provisions applicable.

After the period for storage of personal data expires, such data will be removed from our databases or rendered anonymous, except in cases storage proves possible or required due to a legal or regulatory provision.

7. Legal bases of personal data handling

A legal basis for the handling of personal data is simply a provision provided for by law and which provides justification for such handling. Therefore, any operation involving the handling of personal data must have a corresponding legal basis.

We handle personal data from our users in the following cases:

If needed to meet the legitimate interests of the Controller or a third party.

Legitimate interest

For certain personal data handling operations, we base ourselves exclusively on our legitimate interest. To learn more about which specific cases we make use of this legal basis for, or to obtain more information about the tests we run to make sure we are allowed to use it, please contact our Head of Personal Data Protection via the channels listed in this Privacy Policy, in the section How to contact us.

8. User rights

Pursuant to the Personal Data Protection Act, the following are rights granted to users of the site:

  • Confirm that data is in fact handled;
  • Access to their own personal data;
  • Correct any data that is incomplete, inaccurate or outdated.
  • Render anonymous, block or eliminate any data that is unnecessary, excessive or handled in a manner that fails to comply with the provisions in the DPA.
  • Transfer data to another supplier of a service or product, by means of an express request, in accordance with the regulations set out by the National Authority, other than trade and industrial secrets.
  • Eliminate personal data that is being handled without the consent of its holder, except for the cases provided for by law;
  • Information held by government or private entities shared by the Controller;
  • Information about whether it is possible not to provide consent and about negative consequences;
  • Withdraw their consent.

Note that the DPA does not grant the right to eliminate data that is handled based on the legal bases that are distinct from consent, unless such data is unnecessary, excessive or handled in a manner that fails to comply with the provisions in the DPA.

How can holders of personal data exercise their rights

To ensure a user intent on exercising his or her rights is in fact the holder of the personal data being requested, we may ask for documents or other information that can help us identify this user correctly in order to protect our rights and the rights of third parties. However, we will only do that if absolutely needed, and all the related information will be disclosed to the applicant.

9. Safety measures for personal data handling

We take technical and organizational measures capable of protecting personal data against unauthorized access and against destruction, loss or tampering.

These measures that we use take into consideration the nature of the data, the context and the purpose of their being handled, the risks any violation that might occur would entail for the rights and liberties of a user, and the standards currently set in the industry by companies similar to ours.

Among the measures adopted by us, we stress the following:

– Information is stored using cryptographic hashing;
– Access to databases is restricted.

Despite doing everything in our reach to prevent security breaches, it is possible that an issue may occur resulting exclusively from action by a third party — such as cyberattacks or caused by a fault solely attributable to a user, for example, when this user transfers his or own data to third parties.

Therefore, while we are responsible for the personal data we handle, we assume no responsibility for exceptional situations such as those, over which we have control.

In all cases, should any type of security breach occur that may pose risk or result in material damage to any of our users, we will inform those users affected and the National Data Protection Authority in accordance with the General Data Protection Act.

10. Complaining to a control authority

Without prejudice to any other administrative or legal avenues, holders of personal data who feel they have been harmed in any way are able to file a complaint with the National Data Protection Authority.

11. Changes to this Policy

This Privacy Policy was last updated on: January 4th, 2021.

We reserve the right to change this policy at any time, especially to adjust it to adjust it to reflect any changes that may be made to our site, whether by making new features available or by removing or changing existing ones.

We will always notify our users of any changes we make.

12. How to contact us

If you have any questions about this Privacy Policy or about the type of personal data we handle, please contact our Head of Personal Data Protection via:

  • E-mail: lgpd@holdbrasil.com.br
  • Telephone: +55 (11) 2293-0166 | (11) 2626-0166 | (11) 3528-3140
  • Rua Robert Bosch, 544 – 10º Andar – Parque Industrial Tomas Edson, São Paulo – SP, 01141-010