This Policy is intended to demonstrate the commitment of DESKTOP S.A. (“Desktop” or “We”), with principal place of business at Rua Teodor Condiev, 970, 13th floor, Jardim Marchissolo, in the city of Sumaré – SP CEP: 13.171-105, Corporate Taxpayers’ Roll (“CNPJ”): 08.170.849/0001-15, to your privacy and the protection of your Data, in a clear and transparent manner, in accordance with laws in force.
This Policy outlines the primary rules on the Processing of your Data, particularly Personal Data, when You use the functionalities available to your investors audience by means of our digital platform, available at the link www.ri.desktop.com.br (“Website”).
To access and use the functionalities offered at our Website, You must state that You have read this Policy thoroughly and carefully, fully acknowledging the terms provided for herein, thus giving your free and express consent to such terms, including the collection of Data referred to hereunder, as well as their processing for the purposes specified below.
We are always seeking to provide You with services and features as efficiently as possible, keeping ourselves constantly up to date to that end. Therefore, this Policy may be amended at any time. You are responsible for verifying it whenever possible by means of this email address.
2. ABOUT DATA WE COLLECT
2.1. How We collect Data. Data, including Personal Data, may be collected when You submit it or when You interact with our Website and services, which includes:
|What do We collect?||What do We collect for?|
|Full name||(i) To identify and authenticate You;
(ii) To comply with the obligations arising from the duty of information with our investors, including to comply with legal and regulatory provisions;
(iii) To carry out your registration in our mailing, should You request it, informing You with regard to novelties, functionalities, contents, news and other events We deem relevant to You;
(iv) To enable your contact with us, managing your queries and requests;
(v) To protect You with regard to preventing fraud and related risks, in addition to complying with legal and regulatory obligations;
|Company You belong to|
Digital identification data
|IP Address and Source Logic Port||(vi) To identify and authenticate You; and
(vii) To comply with legal record keeping obligations provided for by the Brazilian Civil Rights Framework for the Internet (“Marco Civil da Internet”) – Law 12,965/2014
|Device (operating system version)|
|Time and date records of every action You take|
|Screens You accessed|
2.2. Required data. The use of certain functionalities at our Website directly depends on certain Data referred to in the table above. If You choose not to provide some of this Data, You may become unable to benefit from some of our Website
2.3. Data update & veracity. You are solely responsible for the accuracy, veracity or lack thereof in relation to the Data You provide or for its outdatedness. Please be aware that it is your responsibility to ensure accuracy or keep the data up to date.
2.3.1. Likewise, We are not required to process any of your Data if there are reasons to believe that such processing may ascribe to us any violation of any applicable law, or if You are using our Website for any illegal, unlawful or contrary to morality purposes.
2.4. Database. The database created by means of the collection of Data is our property and is under our responsibility, and its use, access and sharing, when necessary, will be made within the limits and business purposes outlined in this Policy.
2.5. Technologies used. We use the following technology(ies):
2.5.1. All technologies used will comply, at all times, with the applicable law and the provisions of this Policy.
2.6. We do not use any type of solely automated decision that impacts You.
3. HOW WE SHARE DATA AND INFORMATION
3.1.Cases of Data sharing. The Data collected and the recorded activities can be shared, always respecting the forwarding of the minimum information necessary to achieve the purposes:
(i) With Desktop’s economic group companies;
(ii) With the competent judicial, administrative or governmental authorities, whenever there is a legal order, requirement, requisition or court ruling;
(iii) Automatically, in the event of corporate changes, such as merger, acquisition and incorporation;
(iv) With partner companies and service providers necessary for the provision of our services and functionalities, whenever such organizations are required to comply with the data security and protection guidelines, as per item 5 of this Policy.
3.2. Data Anonymization. For the purposes of market intelligence survey, Data disclosure to the press and to carry out advertisings, the Data provided by You may be shared anonymously, i.e., so as not to enable your identification.
4. HOW WE PROTECT YOUR DATA AND HOW YOU CAN PROTECT IT TOO
4.1. Measures We take. We endeavor our best efforts to maintain your privacy and the security of information by adopting technical, physical and administrative security measures:
(i) technical measures, such as transmission of Personal Data by means of a secure Internet page, data storage in electronic media maintaining high security standards, use of a system which access is controlled;
(ii) physical measures, such as access restricted to authorized persons maintained in facilities which include use of market security tools; and
(iii) administrative measures, including the adoption of Security Policies and Standards, training/awareness of employees, non-disclosure agreements.
4.2. Care You must take. It is very important that You protect your Data from unauthorized access to your device. It is also very important that You know that We will never send electronic messages with attachments that can be run (extensions: .exe, .com, among others). Our contacts are intended to bring information about your queries and requests, as well as other information that You may have requested at our Website.
4.2.1. In some cases, We may send links for downloads in our e-mails. In such cases, We recommend You to confirm the sender’s address and e-mail, as per item 6 below, prior to carrying out the downloads.
4.3. Access to Personal Data, proportionality and relevance. Internally, the Personal Data collected is accessed only by duly authorized professionals, observing the principles of proportionality, necessity and relevance for our business purposes, in addition to the commitment to confidentiality and preservation of your privacy provided for in this Policy.
4.4. External links. When You use our Website, You may be led, via a link, to other portals or platforms, which may collect your information and have their own Data Processing Policy.
4.4.1. You are responsible for reading the Privacy Policies of such portals or platforms outside the environment of our Website, and it is your responsibility to accept or reject them. We are not responsible for third parties’ Privacy and Data Processing Policies, nor for the content of any websites, content of services connected to environments other than ours.
4.5. Processing by third parties under our directive. If outsourced companies carry out the processing, on our behalf, of any Personal Data We collect, they will mandatorily comply with the conditions provided for hereunder and the information security rules.
4.6. Communication by e-mail. It is important for You to be careful, since the e-mails are only sent by domains: @desktop.net.br or @desktop.com.br.
5. HOW WE STORE YOUR PERSONAL DATA AND THE ACTIVITY LOG
5.1. The Personal Data collected and activity logs are stored in a secure and controlled environment for a minimum period, as per the table below:
|STORAGE PERIOD||LEGAL GROUNDS|
|For as long as the relationship lasts and there is no request for deletion or revocation of consent, when applicable||Art. 9, item II of the Brazilian General Personal Data Protection Act|
|3 years following the relationship’s end||Art. 206, § 3, item V of the Civil Code|
|6 months for Digital Identification Data||Art. 15 of the Brazilian Civil Rights Framework for the Internet|
5.2. Longer storage periods. For the purposes of auditing, security, and preservation of rights, We may keep the registration history of your Data for a longer period, in the cases the law or any regulation so provides or for the preservation of rights.
5.3. The Data collected will be stored on our servers located in Brazil, as well as in a cloud-based environment of use of resources or servers (cloud computing). Anyway, no transfers and/or processing of such Data outside Brazil will be carried out.
6. WHAT ARE YOUR RIGHTS AND HOW TO EXERCISE THEM
6.1. Your basic rights. You may request confirmation on the existence of Personal Data processing, in addition to the display or rectification of your Personal Data, through the Service Channels, pursuant to item “7.4”.
6.2. Limitation, opposition and deletion of Data. Through the Service Channels, You may also request:
(i) Limitation to the use of your Personal Data;
(ii) To express your opposition and/or revoke the consent, when applicable, with regard to the use of your Personal Data; or
(iii) To request the deletion of your Personal Data that has been collected by Us.
6.2.1. If You request the deletion of your Personal Data, the Data may need to be kept for a period longer than the request for deletion, pursuant to article 16 of the Brazilian General Personal Data Protection Act, (i) to comply with a legal or regulatory obligation, (ii) for a study by a research body, and (iii) for the transfer to a third-party (observing the data processing requirements provided for in the same Act). In all cases, upon anonymization of the Personal Data, if feasible.
6.2.2. Once the storage period elapses and the legal requirement ceases, the Personal Data will be deleted using secure disposal methods, or used exclusively anonymously for statistical purposes.
7. INFORMATION ON THIS POLICY
7.1. Change of content and update. You acknowledge our right to change the content of this Policy at any time, according to the purpose or need, such as for the adequacy to and legal compliance with a provision of law or regulation having equivalent legal force, and You are responsible for verifying it whenever You access our Website or use our functionalities.
7.1.1. In the event of updates to this document requiring the collection of a new consent, You will be notified by means of the contact channels You
7.2. If any point of this Policy is deemed unenforceable by the Brazilian National Data Protection Authority or by any other administrative or judicial authority, the other conditions shall remain in full force and effect.
7.3. Electronic communication. You acknowledge that any communications carried out by e-mail (to the addresses provided in your registration), text messages, instant messaging applications or any other digital form, are also valid, effective and sufficient for the disclosure of any matter relating to the functionalities We provide at our Website, your Data, as well as any other subject discussed, except for what this Policy so provides.
7.4. Service Channels. In case of any doubts regarding the provisions under this Data Privacy and Processing Policy, You may contact us through the service channels indicated below:
7.4.1. You may also directly contact our Data Protection Officer, available at the address Rua Teodor Condiev, 970, 13th floor, Jardim Marchissolo, in the city of Sumaré – SP.
7.5. Applicable law. This Policy should be construed in accordance with the Brazilian laws, in the Portuguese language.
8.1. For the purposes of this Policy, the following definitions and descriptions should be considered for the better understanding hereof:
(i) Anonymization: Use of reasonable technical means available at the time of Processing, whereby a Data loses the possibility of association, directly or indirectly, with an individual.
(ii) Cloud Computing: Cloud computing, is the service virtualization technology built from the interconnection of more than one server by means of a common information network (e.g., the Internet), with the objective of reducing costs and increasing the availability of supported services.
(iii) Cookies: Small files sent by our Website, saved on your devices, which store preferences and other few information, with the purpose of customizing your browsing according to your profile.
(iv) Data: Any information entered, processed or transmitted by means of our Website.
(v) Personal Data: Data related to an identified or identifiable natural person.
(vi) Automated decisions: Decisions affecting a user that have been programmed to work automatically, not requiring human operation, based on automated processing of Personal Data.
(vii) Data Protection Officer (DPO): Person appointed by Us to act as the communication channel among Us, the Personal Data subjects and the Brazilian National Data Protection Authority (ANPD).
(viii) Session ID: Identification of users’ session when access to our Website is carried out.
(ix) IP: Abbreviation of Internet Protocol. It is an alphanumeric set that identifies users’ devices on the Internet.
(x) Processing: Any operation performed with Personal Data, such as those relating to the collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, deletion, assessment or control of information, modification, communication, transfer, dissemination or extraction.