Privacy Policy

Privacy Policy

1. INTRODUCTION

SOCIAL S.A.,registered under CNPJ nº 28.511.223/0001-32, located at Rua Tobias Barreto, 44 - Mooca, São Paulo/SP - CEP: 03176-000, herein referred to SOCIAL, out of respect for the holders of personal data , committing to ensure the protection and proper treatment of personal data, pursuant to the General Law for the Protection of Personal Data (LGPD), Law No. 13,709, of August 14, 2018, and other relevant laws.

This privacy policy contains information on how we treat, in whole or in part, whether automated or not, the personal data of users who use our services. In addition, this policy is intended to inform the rights.

2. GLOSSARY

For a better understanding of our privacy and data protection policy, below we highlight the main terms and concepts used in this document:

Controlador: pessoa natural ou jurídica, de direito público ou privado, a quem competem as decisões referentes ao tratamento de dados pessoais;

Dados pessoais: são informações relativas a uma pessoa singular identificada ou identificável; é considerada identificável uma pessoa singular que possa ser identificada, direta ou indiretamente, em especial por referência a um identificador, como por exemplo um nome, um número de identificação, dados de localização, identificadores por via eletrônica ou a um ou mais elementos específicos da identidade física, fisiológica, genética, mental, económica, cultural ou social dessa pessoa singular;

Sensitive personal data: personal data about racial or ethnic origin, religious conviction, political opinion, union affiliation or organization of a religious, philosophical or political nature, data referring to health or sexual life, genetic or biometric data, when linked to a natural person;

Operator: Natural or legal person, public or private, who processes personal data on behalf of the Controller;

Software: Set of logical components of a computer or data processing system; program, routine or set of instructions that control the operation of a computer; software;

Treatment: all operations carried out with personal data, such as those referring to the collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation or control of information, modification, communication , transfer, diffusion or extraction;

Holder: natural person to whom the Personal Data that are subject to processing refer; It is

D0ata Protection Officer (DPO) or Person in Charge: person responsible for coordinating compliance with the Data Protection Policy and applicable local legal/regulatory requirements, also, will act as the channel with the Data Subjects and the National Data Protection Authority.

3. FAIR USE OF PERSONAL DATA

A SOCIAL não coleta e realiza o tratamento de dados pessoais sem que exista uma necessidade, finalidade específica, embasamento legal e compatível com o propósito de gestão de controle de acesso e segurança.

The personal data processed will only be processed by those people who have the privilege level and need for access, thus ensuring that their data will not be viewed by SOCIAL employees or service providers outside the purpose for which the collected data is intended.

The Operators contracted to process your personal data on behalf of SOCIAL will only have access to the data necessary for the purpose of such processing, and must always follow the lawful guidelines transmitted by the Controller, in this case, SOCIAL.

A SOCIAL quando na qualidade de Controladora de dados pessoais para cumprir a finalidade de prestação de serviços, respeitará as diretrizes legais e parâmetros de boas práticas de mercado para melhor atender aos clientes.

4. WHO CONTROLS YOUR DATA?

The controller is the one that determines the purposes and means of processing personal data and the Operator is the one that carries out the processing of personal data on behalf of the Controller.

When carrying out the processing of personal data, SOCIAL will be considered the Controller of personal data, that is, it has the autonomy to define the essential rules regarding the treatment.

When SOCIAL processes personal data related to internal operations, it will also be considered a controller, under the terms of the LGPD and the processing of personal data will observe all the guidelines established in this policy and other rules or internal procedures adopted by SOCIAL, as well as observe legal guidelines related to the treatment you perform.

A SOCIAL presta serviços diretamente relacionados a gerenciamento e operação de comércio eletrônico, justamente lastreado em contratos de parceria comercial / prestação de serviços em quais as decisões e regras para a operação são necessariamente orientadas por seus clientes (Marcas), de forma a direcionar os serviços da SOCIAL, em que pese sua especialidade e por vezes o apoio indicando as melhores práticas, estratégias e soluções a serem implementadas nos e-commerces.

A SOCIAL exerce o papel de Operadora, onde as Marcas, clientes da SOCIAL, são Controladoras, vez que as decisões sobre os tratamentos de dados pessoais partem destes ao iniciar pela contratação dos serviços de soluções de e-commerce e determinação de quais os processos serão executados, com relação à Logística, SAC, Pagamentos, Gerenciamento de Lojas, Tecnologia e Marketing, bem como as formas em que os dados pessoais serão operados nestes processos.

5. INTERNAL OPERATIONS, WHAT PERSONAL DATA COLLECTED, LEGAL BASIS AND PURPOSE?

We present the personal data processing operations carried out by SOCIAL.

It is important to clarify that in addition to the hypotheses presented below, SOCIAL can also process personal data in order to comply with judicial, police and other competent public authorities requests, including the ANPD.

5.1. PERSONAL DATA COLLECTED BY THE WEBSITE

The data collected by SOCIAL through its website is provided by you, through the form on the “contact” page so that we can contact you to respond to your message.

A SOCIAL poderá ainda coletar dados relacionados à prestação do serviço aos clientes, os quais estão especificados abaixo e, e depender do serviço prestado, dados complementares poderão ser solicitados, sempre de acordo com a finalidade específica a que se destinam e de forma transparente com o titular.

Cookies (Browsing Trackers)

A SOCIAL usa os Cookies para melhorar o uso e a funcionalidade de suas das páginas e serviços, bem como para entender melhor como os visitantes os usam, assim como as ferramentas e serviços ali oferecidos. Os Cookies ajudam a adaptar as páginas e serviços da SOCIAL às necessidades pessoais dos usuários, melhorar sua experiência e facilitar cada vez mais o seu uso.

List of cookies used

Session cookies: these are temporary cookies, so no record is left on the user's hard drive. The information obtained by these cookies serves to analyze traffic patterns on the website and identify problems, which allows improving the content of the website and its navigation;

Analytical cookies: are those that allow statistical analysis of how users use the website, allowing to highlight products or services that may be of interest to users and monitor the performance of the website, knowing which pages are most popular, or to determine the reason that some pages are receiving error messages. These cookies are used only for the purpose of creating and analyzing statistics, without ever collecting personal information;

Functionality cookies: Functional cookies allow remembering the user's preferences regarding navigation on the Websites, thus not needing to reconfigure and customize them each time they visit; It is

Advertising cookies: are those that allow you to more efficiently manage the offer of advertising spaces that exist on the website, being able to analyze your browsing habits and show you advertising related to your browsing profile. These record user preferences, so you don't need to customize the site each time you visit.

We emphasize that by following the best practices in favor of maintaining your privacy, SOCIAL adheres to the Privacy by Design model, keeping the basic settings of your data collection adjusted for the minimum collection of cookies and data in order to facilitate navigation and use of the site, and the holder may change its settings at any time.

Other similar technologies

SOCIAL or its partners' pages or services may also use other tracking technologies, including IP addresses, log files and web beacons, which also help adapt the sites to your personal needs.

Information is also collected on the origin of access (whether it was from a search engine, social network, direct address, etc.), as well as the pages of the website that the user visits, for better identification of SOCIAL matters that are of the your interest.

In case of completing any form presented by the site, other data may be collected, such as name, company name, telephones, e-mail, among others. All data provided will be stored in our database.

Depending on the type of Holder (employees, suppliers, partners, customers) and how this Holder interacts with SOCIAL, different categories of information are collected, as follows:

Personal contact information: any information provided with the intent to contact you, such as personal name, email and telephone number;

Information for the preparation of contracts: Any information that is necessary for the internal registration of clients and the elaboration of the contract for the provision of services that will be carried out by SOCIAL, such as name, document number, personal address, business address, email and contact telephone number of the representatives;

Personal information for billing: Personal data required for billing, such as issuing invoices and payment slips. These are name data, CPF number; address, email and contact telephone number.

5.2. PERSONAL DATA COLLECTED FOR SOCIAL ACTIVITIES

Personal Data for service provision activities with customers: When acquiring the provision of our services, we collect your personal data to: issue invoices, perform billing, carry out budgets, fulfill the provision of the service for which we were hired and to maintain effective and efficient communication;

Personal Data of future Customers: By showing interest in contracting our services, we may collect your personal data to prepare budgets and send proposals;

Personal data from service providers: When providing SOCIAL with the provision of a certain service, we may collect your personal data to: make contact, payment transactions, invoicing, issuing invoices, business and to maintain efficient communication;

Personal Data for recruitment and selection of candidates: If you are interested in a job vacancy and participate in a SOCIAL selection process, we will process your personal data for the recruitment and candidate selection processes. For those not selected, your data will remain in our talent banks for future selection processes.

Employee Personal Data: If you work with us, to comply with our legal obligations, pay, control days off and vacations, carry out the company's internal activities involved in the performance of the employment contract and in order to make the established bond viable.

5.3. PERSONAL DATA COLLECTED BY SOCIAL AS OPERATOR

For a better understanding of the purpose of processing the personal data collected by SOCIAL as an Operator during the performance of services for its customers (Brands), we highlight below hypotheses of interaction with SOCIAL and the way in which we process your personal data in Our performance as a service provider:

Personal Data for activities to provide services related to Marketing: Brand customers access the e-Commerce managed by SOCIAL to find out about the products offered, and can register to keep in touch and receive promotions and news available in the virtual store, thus demonstrating their interest to maintain this relationship. Data that can be collected: First and last name; and Email Address.

Personal Data for service provision activities related to Satisfaction Survey: we may send satisfaction surveys aimed at improving the provision of our services, as we always aim to develop the best service based on your expectations and experiences. Data that can be collected: First and last name; and Email Address.

Personal Data for service provision activities related to Purchasing and Order Management: information is collected when you make a purchase, including order processing, payment and delivery to the location you have informed us. Data that can be collected: First and last name; RG; CPF; Email address; Request number; Complete address; Telephone; Bank data; and Credit Card Data.

Personal Data for service provision activities related to Customer Service (SAC): you may need to talk to us about the most varied subjects, wishing, for example: to obtain information and follow up on order status, exchange or return of products, change of adress; submitting suggestions or complaints, etc. Data that can be collected: First and last name; Email address; Request number; Address; Telephone; and Voice Recording.

Personal Data for activities to provide services related to Online Navigation: we collect information when you browse our electronic platforms, through cookies that you previously agreed to when accessing the website. Data that may be collected: Description or personal preferences; GPS location; Consumption habits; Order details.

WHAT IS THE PURPOSE OF THE COLLECTION OF USERS' PERSONAL DATA

The personal data of the users collected will be used to identify matters of interest to SOCIAL, as well as for communication with the user, providing information related to the services, or for the internal management of the office's activities.

Some of the uses reported above incorporate the concept of Data Processing, which are operations that may be carried out by SOCIAL on personal data or on a set of personal data.

A SOCIAL poderá realizar o tratamento dos Dados Pessoais coletados para:

  • Execution of contractual activities with clients;
  • Execution of relationship and customer service activities;
  • Sale of services;
  • Marketing Processes;
  • Business Intelligence analysis;
  • Recruitment processes;
  • Compliance with legal and regulatory obligations;
  • Respond to requests from customers, former customers, leads/prospects;
  • Improve the services offered;
  • Comply with the determinations of the competent authorities;
  • Notification about the situation (status) and any changes in services;
  • Perform internal operations for troubleshooting, data analysis, data integration and consolidation;
  • Manage risks and detect, prevent and/or remedy fraud or other potentially illegal or prohibited activities, as well as violations of applicable policies, contracts or terms of use;
  • Comply with legal or regulatory obligations, or as required in legal proceedings, by any law enforcement or government agency.

THE STORAGE OF DATA AND INFORMATION WILL BE:

  • for the time required by law and/or compliance with a legal or regulatory obligation;
  • until the end of the processing of Personal Data, as above; It is
  • respecting the guidelines of the Information Security Policy;

Data are kept only as long as necessary to fulfill the purpose for which they were collected, and when SOCIAL is the operator, data maintenance will be in accordance with the guidelines presented by the Controller.

THE TERMINATION OF PERSONAL DATA PROCESSING WILL OCCUR:

  • When the purpose for which the personal data was collected is achieved or the Personal Data collected is no longer necessary;
  • When the Holder requests the deletion of his data respecting current legislation;
  • When there is a legal determination in this regard.

THE ELIMINATION OF DATA AND INFORMATION, WHEN NECESSARY, WILL BE:

  • carried out respecting other existing legislation;
  • carried out in such a way as to eliminate all existing evidence and copies;
  • performed with established physical or electronic disposal procedures;
  • will generate auditable evidence to prove its achievement.

RETENTION OF PERSONAL DATA:

The registration information provided by the holder will be kept for the period necessary to fulfill the established purposes or until the holder requests their deletion, when applicable.

Even upon your deletion request, SOCIAL may retain some of your data in the following situations: compliance with legal or regulatory obligations; study by a research body, transfer to a third party and use by SOCIAL, with anonymization of personal data, whenever possible, or as long as the purpose for which it was collected remains.

A SOCIAL poderá atualizar esta Política de Privacidade periodicamente, seja para melhor adaptação às condutas da SOCIAL, seja para atendimento às leis e regulamentos.

7. SHARING PERSONAL DATA

A SOCIAL em hipótese alguma venderá, alugará ou compartilhará seus dados pessoais, com exceção de compartilhamento para o cumprimento de contratos, obrigações legais, ordens judiciais e cooperação com a autoridade nacional de proteção de dados com seus colaboradores, prestadores de serviços e parceiros.

In any of the sharing hypotheses, SOCIAL will make sure that there is a legal basis for sharing the information.

The sharing of data and information may occur to:

  • Service providers, to act in the operation and execution of the contracted services, who will be aware of and will have the responsibilities and commitment regarding the privacy of Personal Data agreed in specific contractual clauses.
  • Banking units, exclusively for carrying out contractual or labor transactions;
  • Regulatory bodies, judicial or administrative authorities, where we may share personal information to provide the competent authorities with all the information requested regarding the Holder for investigation of suspected violations of the law, or to combat any other suspicion of non-compliance with our policies and contracts.

A SOCIAL também não realiza o compartilhamento de seus dados para fins de marketing e análises de business inteligence.

8. YOUR RIGHTS REGARDING YOUR PERSONAL DATA

As the holder of personal data, the user has the following rights:

I - Confirmation of the existence of treatment;

II - Access to data;

III - correction of incomplete, inaccurate or outdated data;

IV - Anonymization, blocking or deletion of unnecessary, excessive or non-compliant data;

V - Data portability, upon express request;

VI - Elimination of personal data when treated with the consent of the holder, except in the cases provided for in art. 16 of the LGPD;

VII - Information of public and private entities with which the controller carried out shared use of data;

VIII - Information on the possibility of not providing consent and on the consequences of the refusal; It is

IX - Revocation of consent,

In order to respond to your request, we may ask you for some additional information to confirm your identity and prevent unauthorized access to your personal data.

We emphasize that none of these rights are absolute and may not be met, depending on legal provision and/or other justified denial.

We only remind you that in the legal bases guided by consent, its withdrawal does not affect the legality of the treatment based on consent before its revocation.

Any request must be sent to us, in writing, with clarification of what information you wish to receive. We will respond to your request as soon as possible. If we are unable to comply with your request regarding access to your information, we will provide reasons for this.

In order to respond to your request, we may ask you for some additional information to confirm your identity and prevent unauthorized access to your personal data.

To request information about the processing of your data, obtain a list of which personal data is in our database, request corrections/amendments or request deletion of your personal information from our databases, please contact us

through the service channel: https://www.consulteseusdados.com/socialdigitalcommerce

A SOCIAL possui um Encarregado pelo Tratamento de Dados Pessoais, sendo a identidade e a informação de contato:

Name: Predolim Rocco Moreno Law Firm

Email contact: charge.socialdigitalcommerce@prmadvocacia.com.br

 

The requests described above will be submitted to an evaluation regarding the holder's legitimacy, as well as the possibility of compliance. SOCIAL will make every effort to respond to such requests in the shortest possible time, committing itself to respond to your requests even if it cannot carry out its requests for legal impediments and other responsibilities you have to fulfill, such as maintaining your personal data for regulatory and law enforcement purposes.

When SOCIAL is the operator of the data, the requests described above and directed to the Controller are the latter's sole responsibility, resulting from its exclusive analyzes of legality and legitimacy for processing Your personal data, as well as the possibility of meeting the request presented.

9. ABOUT INTERNATIONAL DATA TRANSFER

The personal data that SOCIAL collects may be stored in a location outside of Brazil. In this situation, the transfer will be carried out securely, with all safeguards being taken in the operation to guarantee the security of your personal data, as well as they will only be transferred if there is provision by Brazilian legislation that allows the transfer of your personal data to foreign countries.

10. SECURITY MEASURES IN THE PROCESSING OF PERSONAL DATA

The data provided by the holder are stored and processed on protected servers.

A SOCIAL dispõe de processos de segurança físicos, lógicos, técnicos e administrativos compatíveis com a sensibilidade das informações coletadas.

In addition, it prides itself on meeting security and transparency requirements, good practice and governance standards, and the general principles established in Law No. 13,709/2018 (General Law for the Protection of Personal Data (“LGPD”).

Although SOCIAL uses security measures to protect your Personal Data against unauthorized disclosure, misuse or alteration, there are no guarantees that the information will not be able to be accessed, disclosed, altered or destroyed by violation of any of the physical, technical or administrative, and in this situation SOCIAL will promote the necessary measures to mitigate the damage.

11. CHANGES TO THE PRIVACY POLICY

A SOCIAL se compromete em atualizar a presente declaração sempre que alterar formas e objetivos na coleta e tratamento de Dados Pessoais.

A SOCIAL se reserva o direito de fazer alterações nas práticas, bem como na Política de Privacidade a qualquer tempo, desta forma, sugere que esta Política de Privacidade seja periodicamente acessada.

12. CONTACT

If the user wants to ask questions about SOCIAL's privacy practices or to make a request, please contact us by email: charge.socialdigitalcommerce@prmadvocacia.com.br.

THIS POLICY WAS APPROVED ON MAY 27, 2023.