Privacy Policy
EFFECTIVE DATE DECEMBER 2023
VaultOne’s PRIVACY POLICY AND DATA HANDLING (“POLICY”)
Update: December 04 , 2023.
The purpose of this Policy is to demonstrate the commitment of the
VaultOne Software Ltd., registered with the CNPJ under No. 05.198.381/0001-89 and headquartered at Av. Anita Garibaldi, 850 PR 80540-400 Sala 709, Cabral, Curitiba/PR, hereinafter simply “We” or “VaultOne“, without the need for the use of quotation marks, |
with your privacy and the protection of your Data, in a clear manner and in accordance with the laws in force.
This Policy describes the main rules on the Processing of your Personal Data, when (i) You make use of our features, in particular our platform, access to which is available respectively, at https://vaultone.com/ , https://*.vault.oneand/ or Product installed on your machine or server collectively referred to as “Our Environments”; or (ii) You interacts with us outside of our digital environments, and for all purposes of this Policy, our physical and digital environments are collectively referred to as “Our Environments”.
In order to access and use the functionalities offered in Our Environments, You declare that You have read this Policy completely and attentively, being fully aware of the terms stipulated herein, including the collection of the Data mentioned herein, as well as its use for the purposes specified below.
We are always seeking to offer you services and functionalities as efficiently as possible, constantly updating ourselves for this. For this reason, this Policy may be adjusted at any time, and it is up to You to check it whenever possible.
SPECIAL NOTE FOR CHILDREN AND ADOLESCENTS UNDER THE AGE OF 18
Please do not register or access Our Environments if you are under the age of 18.
SPECIAL NOTE FOR LEGAL REPRESENTATIVES
Although we prohibit the registration of children and adolescents under the age of 18, parents or guardians must supervise the online activities of their children or guardians who are minors.
The activities of adolescents over 16 years of age and under 18 years of age must be assisted by their parents or legal representatives.
2.1. How We Collect Data. Data, including Personal Data, may be collected in the following ways:
(i) | When You submit them or when You interact with Our Environments and services; |
(ii) | Through the Clients, due to the definition in a specific contract and safeguarding the principles of the legislation and their rights. |
(iii) | Through collection on websites of public agencies, such as Official Gazettes, Federal Revenue, Judicial Distributors, Boards of Trade, among others, always following the precepts and determinations established in the applicable legislation. |
2.2. Data is processed by Us in accordance with applicable law and may include:
What do we collect? | What do we collect it for? |
Registration data | |
· Full name · Telephone | (i) Identify and authenticate You. (i) Fulfill the obligations arising from the use of our services in accordance with contractually established obligations. (ii) Use to support compliance processes, within the limits allowed by law and according to contractual definition. (iii) Expand our relationship by informing you about news, features, content, news and other events that we consider relevant to You. (iv) To enable us to provide you with services and features that are more personalised and tailored to your needs, including in alignment with our legitimate and business interests. (v) Allow contact through the Contact Us channel. (vi) Enable your application for open positions through Work with Us. (vii) Allow You to contact us for the establishment of partnerships. (viii) Protect You by preventing access fraud and associated risks, as well as complying with legal and regulatory obligations. |
Digital Identification Data | |
· IP Address and Source Logical Port · Device (OS version) · Timestamps for each action performed · Which screens were accessed · Session ID · Cookies | (i) Identify and authenticate You. (ii) Comply with legal record-keeping obligations established by the Brazilian Civil Rights Framework for the Internet – Law 12.965/2014. (iii) Protect You by preventing access fraud and associated risks, as well as complying with legal and regulatory obligations. |
2.3. Updating and Veracity of Data. Some of our services rely on the Data provided above, so You are solely responsible for the accuracy, truthfulness, or lack thereof of with respect to the Data You provide. If You choose not to provide some of this Data, we may be unable to provide all or part of our services to You.
2.3.1. Similarly, We are not obligated to process or process any of your Data if there is reason to believe that such processing or processing may impute to Us any infringement of any applicable law, or if you are using Our Environments for any illegal, unlawful or non-moral purposes.
2.4. Database. The database formed through the collection of Data is our property and responsibility, and its use, access and sharing, when necessary, will be done within the limits and purposes of the business described in this Policy.
2.5. Limitation of Action. We emphasize that We do not interfere or participate directly in any process related to the eventual analysis and approval of business or hierarchization of access authorizations to users of our systems, and such hierarchy of access privileges is carried out directly by the person responsible for the company contracting our services/products.
2.5.1. It will always be up to the Client (company contracting our services/products) to decide on the hierarchy and authorizations of access privileges or other specific activities, and the decision will be established solely by the Client through its own governance and risk and business criteria and policies.
2.6. Technologies employed. We use the following technology(s):
(i) Cookies, used to improve the functionality of Our Digital Environments. At any time, you can block the use of cookiesthrough the settings of your internet browser, in which case some functionalities may be limited.
2.6.1. All technologies used will always comply with current legislation and the terms of this Policy.
2.7. Use of Cookies. The use of Cookies is something common in any digital platform, so cookies are collected to improve your experience, both in terms of performance and in terms of usability, since the content made available will be directed to your needs.
2.7.1. We use our own and third-party cookies, which can be classified according to their temporality:
Session Cookies | Persistent Cookies |
Temporary cookies that remain archived until youleave the website or close your browser. | Cookies that are stored on your device until you delete them (the length of time the cookie will remain on your device depends on the “lifetime” of the cookies and your internet browser settings) |
2.7.2. Cookies allow the website to remember information when you access them, the preferred language, the location and recurrence of sessions and other variables that we consider relevant to make this experience much more efficient.
2.7.3. Cookies may also be used to compile anonymous and aggregated statistics that allow us to understand how Youuse Our Digital Environments, as well as to improve their structures and content. We cannot identify you personally through this data.
2.8. Controlling and Deleting Cookies. You can change the settings to block the use of Cookies or alert you when a Cookie is being sent to your device. Refer to your browser’s instructions. If You use different devices to access Our Digital Environments (e.g., computer, smartphone, tablet, etc.), You must ensure that each browser on each device is adjusted to meet Your preferences regarding Cookies.
2.8.1. Disabling the Cookies used may impact your experience in Our digital Environments, for example, You may not be able to visit certain areas of a page of ours or you may not receive personalized information when you visit a page.
2.8.2. In order for you to be able to manage your preferences regarding Cookies in a simple and intuitive way from your browser, you can use one of the links below:
(i) For more information about “Private Browsing” and cookie management in the Firefox browser, click here.
(ii) For more information about “Incognito Browsing” and managing Cookies in the Chrome browser, click here.
(iii) For more information about “Private Browsing” and managing Cookies from the Internet Explorerbrowser, click here.
(iv) For more information about “Private Browsing” and managing Cookies from Safari, click here.
(v) For more information about “Private Browsing” and cookie management in the Opera browser, click here.
2.9. We may use automated decisions and pre-established rules to guide the policy of providing services to our Clients.
3. HOW WE SHARE DATA AND INFORMATION
3.1. Hypotheses for Data Sharing. Data collected and activities recorded may be shared:
(i) With our Clients, for the purposes described in the topic 2.2 of this Policy, subject to the specific purposes and limitations established by Us in the contracts signed with these customers, through clauses that aim to protect your Personal Data;
(ii) With partner companies and service providers necessary for the execution of our services and functionalities, such organizations are always required to comply with the security and data protection guidelines, as per item 4.7 of this Policy.
(iii) With competent judicial, administrative or governmental authorities, whenever there is a legal determination, request, requisition or court order; and
(iv) Automatically, in case of corporate transactions, such as mergers, acquisitions and incorporation.
4. HOW WE PROTECT YOUR DATA AND HOW YOU CAN PROTECT IT TOO
4.1. Actions we take. We use our best efforts to maintain the protection and security of information by adopting technical, physical and administrative security measures:
(i) Technical measures, such as, for example, transmission of Personal Data through a secure website, storage of Data in electronic media that maintain high security standards, use of a system whose access is controlled;
(ii) Physical measures, such as restricted access to authorized persons held on premises, use of market security tools; and
(iii) Administrative measures, including the adoption of security policies and standards, training and awareness work for employees, signing of confidentiality agreements.
4.2. Password sharing. You are also responsible for the confidentiality of your Personal Data and should always be aware that sharing passwords and access data violates this Policy and may compromise the security of your Data and Our Environments.
4.3. Use by Customer Representatives. If you are using the logged-in areas of Our Environments as a representative or representative of one of our Clients, you must be aware that during your access, in addition to the rules and guidelines set forth in this Policy, those established by the Client within the scope of internal processes, if any, are safeguarded during your access.
4.3.1. The Client, by itself, its representatives and agents, shall be liable for unlawful acts or acts in non-compliance with the provisions of this Policy and that may infringe rights or cause any damage to the holders of Personal Data, to Us or to third parties, and the Client shall be liable for the damages caused under the terms of the applicable legislation, without prejudice to the provisions of the contract entered into between the Client and Us.
4.4. Precautions You Should Take. It is very important that You protect Your Data from unauthorized access to your computer, account or password, and make sure that You always click “log out” when you end your browsing on a shared computer. It is also very important for you to know that we will never send you electronic messages requesting confirmation of data or with attachments that can be executed (extensions: .exe, .com, among others) or links to eventual downloads.
4.5. Access to Personal Data, proportionality and relevance. Internally, the Personal Data collected is accessed only by duly authorized professionals, respecting the principles of proportionality, necessity and relevance to our business objectives, in addition to the commitment to confidentiality and preservation of your privacy under the terms of this Policy.
4.6. External links. When You use Our Environments, You may be led, via link, to other portals or platforms, which may collect your information and have their own Data Processing Policy.
4.6.1. It will be up to you to read the Privacy and Data Processing Policies of such portals or platforms outside our environment, and it is your responsibility to accept or reject it. We are not responsible for the Privacy and Data Processing Policies of third parties or for the content of any websites or services linked to environments other than our own.
4.7. Processing by third parties under our directive. If third-party companies process any Personal Data we collect on our behalf, they will comply with the conditions stipulated herein and the information security standards.
4.8. E-mail communication. To optimize and improve our communication, when we send an email to You we may receive a notification when they are opened, provided that this possibility is available. It is important for you to be aware that emails are only sent by the domains: @vaulone.com.
5. HOW WE STORE YOUR PERSONAL DATA AND ACTIVITY LOG
5.1. The Personal Data collected and the activity logs are stored in a secure and controlled environment for a minimum period of time that follows the table below:
STORAGE PERIOD | LEGAL BASIS |
For the duration of the relationship and there is no request for erasure or revocation of consent | Article 9, item II, of the General Law on Personal Data Protection |
3 years after the end of the relationship | Article 206, paragraph 3, item V of the Civil Code |
6 months for Digital Identification Data | Art. 15, Brazilian Civil Rights Framework for the Internet |
5.2. Longer storage times. For auditing, security, fraud control and rights preservation purposes, we may keep the registration history of your Data for a longer period in the event that the law or regulatory standard so establishes.
5.3. The Data collected will be stored on our servers located in Brazil and the United States, as well as in a cloud computing environment or servers, which may require the transfer and/or processing of this Data outside of Brazil.
6. WHAT ARE YOUR RIGHTS AND HOW TO EXERCISE THEM
6.1. Your Basic Rights. You may request confirmation of the existence of processing of Personal Data, in addition to the display or rectification of your Personal Data, through our Service Channel, under the terms of item 7.4 of this Policy.
6.2. Limitation, Opposition and Deletion of Data. Through the Service Channels, You may also request:
(v) Limiting the use of your Personal Data;
(vi) To express your opposition and/or revoke consent, where applicable, regarding the use of your Personal Data; or
(vii) Request the deletion of your Personal Data that has been collected by Us.
6.2.1. If You withdraw Your consent for purposes that are fundamental to the regular functioning of Our Environments and services, such environments and services may become unavailable to You.
6.2.2. If You request the deletion of your Personal Data, it may happen that the Data needs to be kept regardless of the request for deletion, under the terms of article 16, I, of the General Personal Data Protection Law, to comply with a legal or regulatory obligation.
6.2.3. At the end of the maintenance period and the legal necessity, the Personal Data will be deleted, using secure disposal methods, or used exclusively in anonymized form for statistical purposes.
7. INFORMATION ABOUT THIS POLICY
7.1. Changes to content and updates. You are aware that We may change the content of this Policy at any time, in the event of an update of the purposes or needs of the processing, in particular to adapt and comply with the provision of law or regulation that has equivalent legal force. In this sense, whenever You access Our Environments or use our services, You should check the content of the Privacy Policy in force at the time.
7.2. Irrelevance. If any point of this Policy is considered inapplicable by the National Data Protection Authority or by an administrative or judicial authority, the other conditions will remain in full force and effect.
7.3. Electronic Communication. You acknowledge as valid, effective and sufficient all communication issued by Us and sent by e-mail (to the addresses provided by You), SMS, instant communication applications or any other digital form, whether for the disclosure of any matter that refers to the services we provide, your data, as well as any other matter that we deem relevant to the provision of our services and functionalities.
7.4. Service Channels. If you have any questions regarding the provisions contained in this Privacy and Data Processing Policy, You may contact us through the following service channels, whose opening hours are from 8:30 a.m. to 12:00 p.m., from 1:00 p.m. to 6:00 p.m., from Monday to Friday and on weekends and holidays through the following messaging channels:
(i) E-mail: [email protected];
(ii) Phone: +55 (11) 4580-0211
7.5. Applicable law and venue. This Policy will be interpreted in accordance with Brazilian law, in the Portuguese language, and the jurisdiction of the district of Curitiba/PR will be elected to settle any controversy involving this document, except for specific exceptions of personal, territorial or functional competence by the applicable legislation.
8.1. For the purposes of this Policy, the following definitions and descriptions should be considered for your better understanding:
(i) Anonymization: Use of reasonable technical means available at the time of the Processing, through which data loses the possibility of association, directly or indirectly, with an individual.
(ii) Customers: Legal or Natural Entities that have a contractual relationship with VaultOne and use Our Environments for the purposes set forth in the applicable agreement.
(iii) Cookies: Small files sent by Our Environments, saved on your devices, which store preferences and little other information, with the purpose of customizing your browsing according to your profile.
(iv) Cloud Computing: Cloud computing is a service virtualization technology built from the interconnection of more than one server through a common information network (e.g. the Internet), with the aim of reducing costs and increasing the availability of sustained services.
(v) Data: Any information entered, processed, or transmitted through Our Environments.
(vi) Personal Data: Data relating to an identified or identifiable natural person.
(vii) Sensitive Personal Data: personal data on racial or ethnic origin, religious belief, political opinion, membership of a trade union or organization of a religious, philosophical or political nature, data relating to health or sex life, genetic or biometric data, when linked to a natural person.
(viii) Purely automated decisions: These are decisions that affect a user and that have been programmed to work automatically, without the need for a human operation, based on automated processing of personal data.
(ix) Data Protection Officer (DPO): Person appointed by Us to act as a communication channel between the controller, the data subjects and the National Data Protection Authority (ANPD).
(x) Session ID: Identification of the users’ session when accessing Our Environments.
(xi) IP: Abbreviation for Internet Protocol. It is an alphanumeric set that identifies the USERS’ devices on the Internet;
(xii) Processing: Any operation carried out with Personal Data, such as those related to the collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, elimination, evaluation or control of information, modification, communication, transfer, dissemination or extraction.
