Privacy Policy

Last update: 14th of July 2022

 

The purpose of this Privacy Policy document is to demonstrate the commitment of SASI COMUNICAÇÃO ÁGIL LTDA., trade name SASI, a legal entity governed by private law, registered with the CNPJ  35.379.670/0001-45, headquartered at Rua Alves Guimarães, 462, Conj. 21, Pinheiros, São Paulo, SP, CEP: 69055-736, e-mail: [email protected]; telephone: (92) 3648.6777, owner of SASI platforms, applications and websites, hereinafter referred to as "SASI", with the privacy and protection of personal data collected from its USERS, establishing the rules on the treatment of data within the scope of the services and SASI functionalities, in accordance with the laws in force, with transparency and clarity for the USER and the general market.

 

As a condition for accessing and using the exclusive features of SASI, the USER declares that he/she has read this Privacy Policy completely and carefully, being fully aware, thus granting his/her free and express agreement with the terms stipulated herein, authorizing the obtainment of the data mentioned herein, as well as its use for the purposes specified below. If not in agreement with these directives, the USER must discontinue its access.

 

At SASI, we want to provide the best experience possible to ensure you get the most out of our service. To do that, we need to get to know you better, which will allow us to provide an exceptional service, personalized to your preferences. Your privacy and the security of your personal data are and always will be of the utmost importance to us. Therefore, we would like to transparently demonstrate how and why we collect, store, share and use your personal data – as well as define the controls and options you can use to share your personal data. This is our aim, and the attached Privacy Policy (the “Policy”) will provide all necessary clarifications and details.

 

The purpose of this policy is:

 

i. Ensure that the platform user understands the reasons why SASI collects their personal data and how they are shared and stored;

 

ii. Explain the way in which we use your personal data, in order to provide you a valuable experience using SASI Services;

 

iii. Explain your rights and choices regarding the personal data that is collected and processed as well as how we preserve your privacy.

 

iv. Explain that the services and content made available on the SASI Platform are the sole and unrestricted responsibility of the customer, who is, in fact, the developer of the application. SASI is not responsible for the profiles, channels, fields, contents and the like generated and stored on the Platform.

 

1. GLOSSARY

1.1. For the purposes of this document, the following definitions and descriptions should be considered for your better understanding:

COOKIES: small computer files or data packets sent by an Internet website to the user's browser when the USER visits the website.

IP: Abbreviation for Internet Protocol. It is an alphanumeric set that identifies USERS' devices on the Internet.

USUÁRIO: Any person who accesses and/or uses the features and/or services of SASI.

 

2. COLLECTION AND USE OF DATA AND ACTIVITIES RECORD 

 

2.1. The data collected automatically or voluntarily submitted by the USER, meets the principle of necessity and may include:

2.2. This is the personal data provided by you or collected by SASI to allow you to use and subscribe to SASI's services. Depending on the type of plan on the SASI platform, this personal data may include the user's name, email, telephone, date of birth, gender, geographic location, residence and country, which will be allocated in the tables below.

2.3. As will be seen, some data will be needed to create the account on the platform and to make it even more personalized.

 

DISTRIBUTOR

Category Data Purpose
MANDATORY REGISTRATIONS Email, First Name, Last Name, Password Identification and authetication of the user on the platform. Platform's communication receipt. Access to SASI's development.
OPTIONAL REGISTRATIONS Zip Code, Address, City, State, Mobile
ELECTRONIC RECORDS IP, Cookies Access registration to comply with legal obligation. Analytics on SASI’s website.
PAYMENT Credit card details (optional) Monthly, annual or semi-annual plans payments.
STATISTICS (ANONYMIZED) Platform usage data (not considered personal information) Platform usage analytics

END USER

Categoria Dados Finalidade
MANDATORY REGISTRATIONS First name, Last name, address, email User identification and authentication on the platform
OPTIONAL REGISTRATIONS CPF, gender, occupation, e-mail, full address, zip code, mobile number, landline number
DATA REQUESTED BY THE DISTRIBUTOR   Service execution on the platform
ELECTRONIC RECORDS IP, Cookies Access registration to comply with legal obligation
STATISTICS(ANONYMIZED) Platform usage data (not considered personal information) Platform usage analytics

2.2. All personal data may be used as evidence in cases of illicit acts as well as opposed to this Privacy Policy or any other legal document made available by SASI, also to comply with a court order or administrative request.

2.2.1. It is up to the USER to setup their mobile device if they wish to block the collecting of cookies and other data. In this case, some functionalities may be limited.

2.3. SASI is not responsible for the accuracy, veracity or lack thereof in the information provided by the USER or if it is out of date, also, the USER is responsible for providing them accurately and updating them whenever necessary.

2.4. The database that is formed through the collection of data at SASI is SASI’s property and responsibility, and its use, access and sharing, when necessary, will be done within the limits and purposes of SASI's business and described in this Privacy Policy and Terms of Use.

2.4.1. The USER is co-responsible for the confidentiality of their personal data. Sharing passwords and access data violates this Privacy Policy and SASI's Terms of Use.

2.4.2. The processing of children's data must only be carried out with the specific and highlighted consent given by at least one of the parents or the child's legal guardian, which must be sent to the SASI data manager by contacting: [email protected];

2.5. Internally, USERS' data will only be accessed by professionals duly authorized by SASI, respecting the principles of proportionality, necessity and relevance to SASI's objectives, in addition to the commitment to confidentiality and preservation of privacy under the terms of this Privacy Policy.

3. STORAGE, INTERNATIONAL TRANSFER, RETENTION AND DELETION OF DATA

3.1. The data collected is stored in the cloud (cloud computing) of Amazon Web Services with servers located in Brazil and also on SASI's own servers.

3.1.1. The international download will only be carried out for those agents and purposes described in this Privacy Policy, which will apply the best international practices for the protection of personal data and guarantee the degree of protection of personal data adequate to the provisions of Law nº 13.709/2018 (General Law of Personal Data Protection - LGPD), as required by art. 33, item I of the law.

3.2. All data collected is stored in a secure environment. However, considering that no security system is infallible, SASI disclaims any responsibility for damages caused and/or losses arising from failures, viruses or invasions of SASI's database, except in cases where it incurs fraud or fault.

3.3. For purposes of auditing, security, fraud control, preservation of rights and compliance with legal obligations, SASI may keep the history of USER access records for a minimum period of 6 (six) months.

3.3.1. If there is a request for deletion of data by the USER, this deletion can only occur if there is no longer any purpose for use or legal, regulatory or judicial obligation that justifies its retention.

3.3.2. The data must be retained for the duration of its purpose of use or legal, regulatory or judicial obligation that justifies its retention. Throughout the purpose of use and the mandatory retention period, data may be removed using secure disposal methods, or used in an anonymized form for statistical purposes.

4. SHARING

4.1. The collected data and registered activities may be shared with:

i) With competent judicial, administrative, arbitration or governmental authorities, whenever there is a legal request from the authorities or a court order;

ii) Automatically in case of corporate changes, such as merger, acquisition, spin-off or incorporation, and

iii) Automatically, with the service providers contracted by SASI to make SASI’s website and platform viable with all its features and available services.

iv) Clinical data will not be shared, except in the case of item 'i'.

4.2. All third parties hired to comply with item “iii” described above, are committed to treating data with confidentiality and only for the contracted intend, ensuring legal compliance in terms of privacy and data protection and using, at all times, the best information security practices.

5. LEGAL BASE

5.1. When the USER interacts with or makes use of SASI’s service, we employ many technologies to process the personal data we collect, for several reasons.

Reasons why SASI processes your data Legal Basis for Processing Data Purposes Category of Personal Data used by SASI for processing purposes
Make the most of SASI’s development platform

● Execution of

a contract;

● Legitimate interest;

● Consent

● User data

● Usage data

● Payment data

Understand, diagnose, troubleshoot and correct SASI's platform

● Execution of a contract;

● Legitimate interest

● User data;

● Usage data

Evaluate and Develop features, technologies and improvements for SASI's platform

● Legitimate interest;

● Consent

● User data;

● Usage data

Promotion, advertising and marketing Purposes

● Legitimate interest;

● Consent

● User data;

● Usage data

Exercise legal obligations and requests in compliance with the law.

● Legitimate interest;

● Consent

● User data;

● Usage data;

● Payment and purchase data

Carry out,  exercise or defend legal claims ● Legitimate interest

● User data;

● Usage data;

● Payment and purchase data

Process platform payment ● Legitimate interest

● User data;

● Payment data;

Detect fraud, including fraudulent payments and fraudulent and illegal use of the SASI platform

● Legítimo Interesse;

● Cumprimento de obrigação legal;

● Execução de um contrato

 

5.2. The USER may change his/her grants of consent, grant new permissions or withdraw his/her consent for the current permissions through SASI’s service channels available on the site and platform, being warned about the consequences that the withdrawal of consent may cause.

6. DISPLAY, RECTIFICATION, PORTABILITY, LIMITATION, OPPOSITION AND EXPUNCTION OF DATA

6.1. The USER may access and rectify his/her personal data through the environment logged into the SASI platform or through the service channels made available by SASI.

6.2. Through SASI’s service channel, the USER may also request: (i) the portability of his/her data, when the USER is a client of the product developed on the SASI platform, (ii) the limitation of use of his/her personal data; (iii) manifest his/her opposition to the use of his/her personal data or (iv) request the expunction of his/her personal data collected by SASI, as long as that the eventual contractual relationship between the USER and SASI has ended,  there is no purpose of use that legitimates the processing and the minimum legal period related to data retention, according to topic 3.3 of this Privacy Policy, has elapsed.

7. SECURITY

7.1. SASI treats personal data in accordance with the best information security practices and, in particular, stores them in the Amazon Web Services cloud, the same cloud that many high-end companies use, which applies the most advanced security techniques of the information available on the market, as well as automated server backup every 24 hours and digital certificate, through shared responsibility models between AWS and the customer, the latter being certified and re-certified in meeting all security requirements determined by ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018, PCI DSS Level 1 and SOC 1, 2 and 3, the code of international best practices for protecting personal data in the cloud (information and certificate available at:

https://aws.amazon.com/pt/compliance/brazil-data-privacy/,

https://aws.amazon.com/pt/compliance/gdpr-center/,

https://aws.amazon.com/en/compliance/shared-responsibility-model/, accessed on 7/14/2022)

7.2. SASI also applies technical and administrative measures to protect personal data from unauthorized access and accidental or unlawful destruction, double-checking, loss, alteration, communication or disclosure, taking into account the structure, scale and volume of its operations, as well as the sensitivity of the data processed and the probability and severity of damages to the data subjects.

8. RIGHTS OF THE DATA SUBJECT

SASI is based on the respect and proper application of the privacy principle of the product since its conception. Therefore, SASI ensures the exercise of rights holder of the data provided in the General Law of Data Protection (LGPD) through its website and App, where we provide privacy controls for users. Below, is a simplified list of rights applicable to our business provided in the LGPD.

8.1. Right to access information: The information required by data protection laws is contained in this privacy policy. Further information can be requested via e-mail: [email protected]. as described in clause 9.3.

8.2.  Right to confirmation of personal data treatment: To know if SASI treats your data, you can obtain confirmation by request to the e-mail: [email protected].

8.4.  Right to Access Data: This right can be exercised through the application soon. For now, you can contact us via e-mail: [email protected] to request confirmation of the processing of your personal data.

8.5. A Right to correct incomplete, inaccurate or outdated data: Although it is the User's responsibility to enter their data to use the SASI product, even so, if you can no longer access the platform it is possible to conduc the rectification of the data through the e-mail: [email protected].

8.6. Right of removal: the right to request the removal of your personal data.

8.7. Right to data portability: the right to request a copy of your personal data in electronic format and the right to transfer such personal data to be used by third parties.

8.8. Right of objection: the right to object at any time to the processing of your personal data for reasons relating to your particular situation; the right to object to the handling of your personal data for direct marketing purposes.

9. GENERAL PROVISIONS

9.1. SASI does not use any type of automated decision that impacts the USER.

9.2. SASI reserves the right to change the content of this Privacy Policy at any time, according to the purpose or need, such as for legal adequacy and compliance with a provision of law or rule that has equivalent legal force, and the USER is responsible for verifying it whenever you access SASI.

9.2.1. If updates to this document occur and necessarily require new consent, SASI will notify the USER by the means provided by the USER.

9.3. In case of any doubt regarding the provisions contained in this Privacy Policy or need to contact the Data Protection Officer (SASI’s DPO), the USER may contact the e-mail [email protected], and will be answered between Monday and Friday, during business hours, except holidays.

9.4. If third-party companies process any data collected by SASI, they must respect the conditions stipulated herein and the best security of information practices.

9.5. If any provision of this Privacy Policy is considered illegal or illegitimate by local authorities where the USER resides, the other conditions will remain in full force and effect.

9.6. The USER recognizes that all communication made by e-mail, SMS, instantaneous communication applications or any other electronic form are also valid as documentary evidence, being effective and sufficient for the disclosure of any subject that refers to the services provided by SASI, as well as the conditions of its provision or any other subject addressed therein, except for the expressly diverse provisions contained in this Privacy Policy.

10. APPLICABLE LAW AND JURISDICTION

10.1. This document will be governed and interpreted according to the Brazilian legislation, in the Portuguese language, and the jurisdiction of the domicile of the USER will be chosen to settle any litigation or controversy involving this document, unless there is a specific exception of personal, territorial or functional competence by the applicable legislation.

Thank you for your attention, and welcome to SASI