- COMPANY OVERVIEW
1.3. This document governs the way in which Deeploy.me will take care of the Personal Data collected and stored, when using the Platform made available.
1.4. “Deeploy.me” refers to the official electronic address accessible through the address Deeploy.me (“Site” or “Platform”), tools referred to collectively in this Policy as “Deeploy.me Services”. This Policy only applies to the use of the Official Website of Deeploy.me.
1.4.1. The Deeploy.me website may contain links to other websites. Therefore, it should be noted that Deeploy.me has no control over how our Users’ data is collected, stored or used by other websites.
1.4.2. It is recommended that you always check the terms and conditions of use and the privacy policies of any of these websites, other than the Deeploy.me website, before providing any data to any third party.
1.6. In addition, this Policy informs you how you can exercise your rights relating to these personal data processing activities.
1.8. Attention: in order to make your registration, so that you can take advantage of all our services, we need to collect and process some of your personal data, whose treatment is better described in this document. If you do not agree with the terms of this Policy, we recommend that you disable access without registering. If you have any questions or want to exercise any of your rights, see the specific topic below.
- GENERAL TERMS AND DEFINITIONS
Personal data It is information related to a natural person and that is capable of identifying the person or making its identification possible. Examples of personal data that may allow your identification are: Name, CPF, telephone, e-mail, license plate of your vehicle, etc. Sensitive personal data Personal Data on racial or ethnic origin, religious conviction, political opinion, membership of a union or organization of a religious, philosophical or political nature, data relating to health or sex life, genetic or biometric data, when linked to a natural person. Digital identification data These are those related to the IP address, the record of interactions with the Platform, installed applications and cookies. Data Protection Officer (DPO) It is the person indicated to act as a communication channel between the controller, the data subjects and the National Data Protection Authority (ANPD, in portuguese). Database It is the set of personal and sensitive data, established in one or several places, in electronic or physical support, exclusively owned by Deeploy.me. Data holder It is you, the natural person to whom the personal data being processed refers. Treatment It is any operation carried out with Personal Data, such as those referring to the collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation or control of the information, modification, communication, transfer, diffusion or extraction. Consent It is the free, informed and unequivocal expression by which the holder agrees to the processing of their Personal Data for a specific purpose; Free access It is the guarantee to the holders of facilitated and free consultation on the form and duration of data processing, as well as on the completeness of their personal data; IP It is the set of numbers that identifies the computer or mobile device used to access the Platform; and Cookies These are files sent by the Platform’s server to the user’s computer or mobile device, with the purpose of identifying and obtaining access data, such as browsed pages or clicked links, thus allowing the personalization of the use of the Platform’s electronic website.
- WHAT DATA IS COLLECTED AND HOW?
3.1. When you visit the Deeploy.me website or use the Deeploy.me Services, your IP address will be collected and standard web access information such as your browser type and the pages you have accessed on our website will be collected. This data is important for us to identify the device you are using and thus display content according to your screen size. IP address, specifically, is collected and stored to comply with legal obligations and to identify the language in which we will display our content.
3.2. If you wish to contract Deeploy.me’s services, the following types of information will be collected:
Data Types Data Goal Registration data Name, phone, email, professional profile information and other similar information It is the personal data requested to perform the customer registration on the Deeploy.me Platform, for the purpose of fulfilling the contract. Financial Information of Customer Users Account, bank branch, card number, card validity and card verification value – CVV Payment processing when Deeploy.me Services are requested Navigation data As access IP Compliance with legal obligation (MCI, art. 15), definition of the language in which website information will be displayed Communications between you and Deeploy.me information regarding communications between you and Deeploy.me, by email, telephone, social networks (WhatsApp, Telegram, among others)
*Other personal data may be collected, if necessary to better meet your demand or to guarantee your security, performing identity validation procedures, depending on what is requested.
Provide the required customer support.
3.3. The data may be stored on servers located in Brazil and/or worldwide.
- HOW IS THE DATA USED?
4.1 Your personal data may be used for the following purposes:
Data Used Purpose of Use Registration data Provide the requested customer services and support; perform internal organization procedures, preparation of productivity, sales and billing reports, preparation of customer satisfaction studies and creation of business intelligence indicators Financial Information of Customer Users Enable the purchase of the service; and meet existing legal requirements, to which Deeploy.me is subject, such as, but not restricted to, tax, fiscal, criminal requirements, among others. Navigation data Prevent potentially prohibited and/or illegal activities and enforce our User Agreement; redirect the user to the right website (Brazil or international); customize, evaluate and improve the services, as well as the content and layout of the Deeploy.me website; compare information for greater accuracy and verify it with third parties; and detect, prevent and/or remedy undo changes in our systems and records, or actions that may put the platform and its Users at risk, in order to avoid and prevent the occurrence of fraud. Communications between you and Deeploy.me Process transactions and send notices about your transactions; and send you targeted marketing materials, mailchimps, service update notices and promotional offers based on your preferences.
4.2. Your personal information will not be sold or rented to third parties for marketing purposes without your explicit consent. We may combine your information with information we collect from other companies and use it to improve and personalize our services, content and advertising. If you do not wish to receive marketing messages from us or participate in our ad personalization programs, simply indicate your preference by emailing us at email@example.com or simply by clicking on the unsubscribe link provided in all of our emails.
- WHAT ARE THE LEGAL BASES THAT AUTHORIZE DATA PROCESSING?
5.1. All operations with personal data that we carry out are supported by hypotheses (legal bases) provided for in the brazilian General Law of Data Protection – “LGPD”, in portuguese –, according to the purposes and particularities of the case.
5.2. Among the legal bases used by us to authorize the processing of data that we carry out, there are:
5.2.2. In Brazil
- Consent (art. 7, I, LGPD): in cases where there are no other legal hypotheses, we may request your free, unequivocal and informed consent, so that we can process your data. Furthermore, the consent given may be revoked at any time, free of charge and easily;
- Compliance with legal or regulatory obligation (art. 7, II, LGPD): in certain cases, we will need to comply with legal or regulatory obligation, such as the requirement to maintain records of access to our website or applications, in compliance with article 15 of Law nº 12,965/2014 (“Marco Civil da Internet”, in portuguese), or in compliance with applicable fiscal and tax rules, without prejudice to other rules that generate data processing obligations;
- Regular exercise of rights (art. 7, VI, LGPD): the processing of your personal data may also be supported by this legal basis when there is a need to ensure the regular exercise of our rights in contracts and any administrative, judicial actions or arbitrators;
- Legitimate interest (art. 7, IX, LGPD): when we have a legitimate interest in the processing of your personal data, with the exception of the case in which your fundamental rights and freedoms prevail, such processing will take place on the basis of legitimate interest, observing all requirements legal provisions in the LGPD, such as the preparation of tests and reports that attest to the treatment based on this hypothesis;
- Credit protection (art. 7, X, LGPD): the processing of personal data may also be supported by the need for credit protection, when applicable. An example of this treatment is the case where it is necessary to verify your condition to pay for the products or services offered by us;
- Guarantee of fraud prevention and data subject security (art. 11, II, “g” LGPD): we will process your personal data when necessary to ensure fraud prevention and security, in identification and authentication processes of registrations in systems electronics.
5.2.3. In the European Union:
- Consent to the processing of your personal data for one or more specific purposes (art. 6, 1, GDPR);
- Execution of a contract to which the data subject is a party, or for pre-contractual steps at the request of the data subject (art. 6, 2, GDPR);
- Compliance with a legal obligation to which the controller is subject (art. 6, 3, GDPR);
- Exercise of functions in the public interest or the exercise of public authority vested in the controller (art. 6, 5, GDPR);
- Legitimate interests pursued by the controller or by third parties, unless the interests or fundamental rights and freedoms of the subject that require the protection of personal data prevail, in particular if the subject is a child (art. 6, 6, GDPR).
- WHERE AND HOW DO WE STORE YOUR PERSONAL DATA?
6.1. The personal data used are stored in the cloud, on servers (data centers) of large companies intended for this purpose – which can be located both in Brazil and/or worldwide –, with which Deeploy.me remains in contract and that maintain all security criteria for this information. Deeploy.me also maintain with these partners assessments about privacy and protection of personal data so they are processed in accordance with applicable laws and providing the necessary guarantees for information security, in order to minimize possible risks.
6.2. The partners with whom we share your data for storage and processing purposes are:
partners Service description Google Drive
File storage and synchronization service Amazon’s AWS (US)
Cloud computing services platform
6.3. Personal data are kept in these cloud storage environments for the period in which they are necessary for the purposes for which they were collected or until the moment they cannot be based on any legal hypothesis of treatment, or when the Owner requests the deletion of such data, if the treatment is based on consent. In addition, the data will continue to be stored – even without the consent of the subject – when the retention of such data is supported or required by law or when it is necessary to satisfy a legitimate interest (for example: for auditing, security, fraud control purposes or preservation of rights).
- WHO HAS ACCESS TO THE DATA?
7.1. Deeploy.me may share your personal data under different legal circumstances, with service providers under contract that collaborate in parts of Deeploy.me’s business operations (fraud prevention, collection activities, marketing and technology services), as well as to improve the products or services offered or in case Deeploy.me has external partners that provide WEB hosting or maintenance services to itself.
7.2. Deeploy.me undertakes to state in their contracts that these service providers only use your information in connection with the services they perform for Deeploy.me, and not for their own benefit. Furthermore, Deeploy.me is committed to demanding the same level of concern and demand from suppliers regarding data protection.
7.3. Police, judicial or regulatory authorities may have access to your personal data, if necessary to comply with legal, contractual or administrative obligations, especially when:
- to Deeploy.me is compelled to do so by subpoena, court order or similar legal procedure; and
- to Deeploy.me is cooperating with an ongoing police investigation.
7.4. In cases where Deeploy.me and any partner jointly promote their Services, Deeploy.me may disclose to the partner certain personal information, such as: full name, address and username of persons who signed up for the Services as a result of the promotion jointly, for the sole purpose of allowing Deeploy.me and the partner to evaluate the results of the promotion.
- In this case, personal information cannot be used by the partner for any other purpose.
- HOW LONG WILL WE KEEP YOUR DATA?
8.1 Deeploy.me will keep Personal Data for the entire period that you remain registered on the website and, thereafter, only within the established legal term.
8.2 Personal Data collected will be deleted from Deeploy.me databases when requested by the holder of the Personal Data, or when they are no longer necessary or relevant to offer the Services provided, unless there is any other reason for their maintenance, such as any legal obligation to retain data, or the need to preserve them to protect rights.
- HOW DO WE PROTECT YOUR DATA?
9.1 Deeploy.me adopts technical and administrative measures capable of protecting personal data from unauthorized access and from accidental or unlawful situations of destruction, loss, alteration, communication or dissemination. Despite the security measures adopted, we cannot guarantee total security against the performance of hackers or third parties with methods of obtaining information improperly. Unauthorized use of accounts, hardware or software failure and other factors may compromise the security of your Personal Data at any time.
9.2 Deeploy.me also relies on the collaboration of users to monitor and increasingly implement security in our processing activities. Thus, in addition to implementing good security practices, the user can contact our communication channel, by the email firstname.lastname@example.org, if you identify or become aware of any suspicious activity that may compromise the security of your personal data.
- INTERNATIONAL TRANSFER
10.1 Deeploy.me contracts cloud storage services with some companies, specifically with Google Drive, whose data centers are located worldwide. Some of these international locations do not have data protection laws similar to the GDPR, in which case we will take reasonable measures within our power to ensure the protection of Personal Data in accordance with applicable privacy and data protection laws (such as contractual clauses, terms amendments on data protection, compliance with international standards, display of seals, certificates and/or codes of conduct adopted).
10.2. Deeploy.me adopts the applicable contractual and security measures at our disposal to ensure that the transfer of data to these countries does not violate the rights of data subjects, provided for in data protection standards, especially the LGPD.
10.3. Considering also that, in may 2018, the General Data Protection Regulation (Regulation EU 2016/679 – “GDPR”) came into force, and that it has points of contact with the activities carried out by Deeploy.me in the European Union, it was decided that the company’s platform would also cover this regulation.
- EMAIL MARKETING POLICY
11.1. The sending of email marketing is within the standards established by the relevant legislation and coding, including the terms of the Self-Regulatory Code for the Practice of Email Marketing (CAPEM), which provides for the use of this marketing tool based on ethics and liability, without prejudice to the concomitant application of the applicable legislation in force.
11.2. Deeploy.me is against sending emails without prior authorization (Anti-SPAM Policy). The aforementioned company does not use data/registration confirmation with executable attachments (exe, com, scr, bat) and download/archive links. If you do not wish to receive marketing messages from us, indicate your preference by sending us an email to email@example.com or by simply clicking on the unsubscribe link provided in all of our emails.
12.1. Cookies are files created by visited websites that record browsing information, allowing the User to stay connected, while remembering their software preferences and providing targeted content.
12.2. When you access the Deeploy.me website, small data files called “cookies” may be placed on your computer, this includes the companies that Deeploy.me hires to track how the website is used. Deeploy.me stores all user profile data in “local storage”, with the exception of passwords. Furthermore, cookies, the data packages that contain this information, can only be read on the user’s side, as they are stored locally on the user’s machine accessing the website.
12.3. A “session cookie” will be sent to your computer when you log into your account or use the Deeploy.me Services. This type of cookie helps to recognize you if you visit multiple pages on the website during the same session, so you don’t have to ask for your password on every page. After you log out or close your browser, this cookie may persist for up to 30 days, being renewed each time the web application is accessed.
12.4. You may encounter third-party cookies when using the Deeploy.me Services on certain websites that are not under the control of Deeploy.me (for example, if you view a web page created by a third party or use an application developed by a third party, a cookie may be placed by that page or application).
12.6 The Software Access Cookie is disabled from the moment the user leaves the Deeploy.me website and all its subdomains.
- HOW TO EXERCISE YOUR RIGHTS?
13.1 In Brazil
The General Law for the Protection of Personal Data (Law nº 13.709/2018) guarantees you certain rights and guarantees in relation to your personal data. Deeploy.me, complying with its obligation of clarity and transparency, in addition to detailing in this policy how it uses and protects your personal data, makes available, in the email firstname.lastname@example.org, a free and facilitated channel so that you can exercise your rights to:
Confirmation and Access You can ask the Company to confirm that your Personal Data is being processed so that, if so, you can access it, including by requesting copies of the records we hold about you. Correction You can request the correction of your Personal Data if it is incomplete, inaccurate or out of date. Anonymization, blocking or deletion You can request:
i) the anonymization of your Personal Data so that it can no longer be related to you and therefore ceases to be Personal Data;
ii) blocking your Personal Data, temporarily suspending the possibility of us processing it for certain purposes; or
iii) the deletion of your Personal Data, in which case we must delete all of your Personal Data without the possibility of reversal.
Information about sharing You have the right to know which are the public and private entities with which the Company shares your Personal Data. If you have questions or want more details, you have the right to ask us for this information. Depending on the case, we may limit the information provided to you if its disclosure could violate our intellectual property or business secret. In addition, the CONTROLLER may share its data with other entities, in which case, it is necessary to contact them to obtain this information. Information about the possibility of not consenting You have the right to receive clear and complete information about the possibility and consequences of not providing consent, when requested by the Data Controller. Your consent, when necessary, must be free and informed. Therefore, whenever your consent is requested, you are free to deny it – in these cases, it is possible that some services cannot be provided. Revocation of Consent If you have consented to the processing of your Personal Data for any purpose, you can always choose to withdraw your consent. However, this will not affect the legality of any Treatment carried out prior to revocation. If you withdraw your consent, we may be unable to provide you with certain services. Opposition The law authorizes the processing of Personal Data even without your consent or a contract. In these situations, we will only process your Personal Data if we have legitimate reasons to do so, for example when necessary to ensure the security of our application. If you do not agree with any purpose of processing your Personal Data, you may object, requesting its interruption.
For your security, whenever you submit a request to exercise your rights, Deeploy.me may request some additional information and/or documents so that you can prove your identity, seeking to prevent fraud.
In some cases, the Company may have legitimate reasons for failing to comply with a request to exercise rights. These situations include, for example, cases where a disclosure of specific information could violate the intellectual property rights or business secrets of the Company or third parties.
13.2. in the European Union
The General Data Protection Regulation of the European Union (General Data Protection Regulation – GDPR) applies to the collection of data from individuals who are in the European Union, granting several rights related to the treatment of their personal information. These rights are listed below and can be exercised by the email email@example.com:
right of access Request information about the processing of your personal data. Right of rectification Request the rectification of any personal information about you. Right of exclusion Request that we delete any personal information about you from our database and that of our partners. Unless there is some legal basis that justifies or requires the treatment (such as legitimate interest or compliance with a regulatory obligation). right of restriction Request restriction of processing of personal information we hold about you. Right of portability You may request to receive your personal information in a structured and readable format. You also have the right to require us to transfer this personal information to another organization. right of opposition You can object to our processing of the personal information we hold about you. Right to withdraw consent You can revoke consent to the use of your personal data.
13.3. If you request the deletion of all data included in the Platform through email or the website, this will imply the impossibility of accessing any of the features of the Deeploy.me Platform, as well as its subsequent recovery, except for those whose storage is mandatory by law or regulation, or there is a legal situation that allows the processing of data. It is important to note that the General Law for the Protection of Personal Data provides that the deletion of personal data will be met in cases where there is unnecessary or excess treatment or treated in violation of the law. In addition, art. 16 establishes some situations in which data may be kept, so that, in these situations, the data subject’s request may be refused.
13.4. You can also contact our data officer at firstname.lastname@example.org. In cases where we act as Operators of Personal Data, we will not be able to respond to requests made directly by the Data Subject, as such requests must be made directly to the Data Controller. Therefore, in those cases in which it is not possible to comply with the Card Holder’s requests, we will explain the reasons that justify such non-compliance, always observing the provisions of the General Law for the Protection of Personal Data.
- CHILDREN’S DATA
13.1. The Deeploy.me Platform is not intended for children (under twelve years old). Therefore, children are not expected to register on our Platform, nor do we knowingly collect information from this audience. If parents or legal representatives believe that their children have sent us personal data, they can contact us by emailing us at email@example.com.
- CONTACT AND QUESTIONS
NAME OF THE DATA OFFICER
E-MAIL: E-MAIL OF THE DATA OFFICER
Address: ADDRESS OF THE DATA OFFICER.