US: Privacy policy for personal data of Tecnorise

1. PURPOSE

This Privacy Policy for Personal Data ("Policy" or "Privacy Policy") aims to establish norms and guidelines for the processing of personal data collected by Tecnorise, a legal entity registered under Brazil’s Company Number 29.179.880/0001-97, located at Avenida Santos Dumont, No. 2456, room 1301, Aldeota, ZIP code 60.150-161, Fortaleza,Ceará, Brazil, hereinafter simply referred to as "TECNORISE," in accordance with applicable regulations.

We are a Brazilian company, holder of the rights to design, develop, market and be directly responsible for the largest and most complete solution for remote/virtual, face-to-face, and autonomous condominium entrance gatehouse call centers.

By consenting to this Privacy Policy, the data subject agrees to the terms described herein and to the processing of personal data for the purposes described in this document.

2. SCOPE

This Policy applies to activities that involve the processing of personal data and covers all TECNORISE’s websites, portals, applications, and forms.

3. TERMS AND DEFINITIONS

For the understanding of this Policy, the definitions and terminologies should be considered as detailed below:

Processing Agents
The data controller and data processor.

Anonymization
The use of reasonable and available technical means at the time of processing, through which data loses the possibility of direct or indirect association with an individual.

Data Protection Authority
The public administration body responsible for ensuring, implementing, and enforcing compliance with any data protection law.

Database
Structured set of data, established in one or more locations, in electronic or physical support.

Blocking
Temporary suspension of any processing operation, by keeping the personal data or database.

Collaborators
People hired to integrate TECNORISE’s staff.

Consent
Free, informed, and unequivocal manifestation by which the data subject agrees to the processing of their personal data for a specific purpose.

Data Controller (or “Controller”)
The natural or legal entity that determines the purposes, conditions, and means of processing personal data. This means that the data controller is responsible for making decisions about how personal data is collected, used, stored, and shared.

Cookies
Files that contain small portions of data that are shared between a technological device and a web server with the aim of making navigation more user-friendly and improving the user experience.

Anonymized Data
Data relating to the data subject that cannot be identified, considering the use of anonymization at the time of processing. Personal Data Information related to an identified or identifiable natural person.

Sensitive Personal Data
Personal data concerning racial or ethnic origin, religious belief, political opinion, union membership or organization of a religious, philosophical or political nature, data relating to health or sexual life, genetic or biometric data, when linked to a natural person.

Elimination
Deletion of data or set of data stored in a database, regardless of the procedure employed.

Data Protection Officer (“DPO”)
Natural person or legal entity designated by the controller and processor to act as a communication channel between the controller, the data subjects, and the National Authority for data protection matters.

Purpose
Reason for processing the personal data of the data subject.

Processor
A natural or legal person, public or private, who carries out the processing of personal data on behalf of the controller.

Opt-In
The expression of the data subject's prior and explicit consent to receive specific communication or authorization for the processing of personal data.

Opt-Out
The opposite of opt-in, that is, the revocation of previously given consent.

Personal Data Protection Impact Report (RIPD)
A report kept by the data controller that contains the description of the personal data processing processes that may pose risks to civil liberties and fundamental rights, as well as measures, safeguards and risk mitigation mechanisms.

Website
Virtual address of a natural or legal person, consisting of a set of electronic pages.

Data Subject / User
A natural person to whom the personal data being processed refers. International Data Transfer The transfer of personal data to a foreign country or international organization of which the country is a member.

Processing
Any operation performed with personal data, such as collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation or control of information, modification, communication, transfer, dissemination or extraction.

Shared Use of Data
Communication, dissemination, international transfer, interconnection of personal data, or shared processing of personal databases by public agencies and entities in the performance of their legal competences, or between private entities, reciprocally, with specific authorization, for one or more processing modalities allowed by these public entities, or between private entities.

4. ABOUT THE PURPOSE OF PROCESSING PERSONAL DATA

The personal data processed by TECNORISE aims to fulfill various purposes, depending on the relationship between the data subject and TECNORISE. Thus, we present below, non-exhaustively, the main hypotheses in which we will process the personal information of the data subject:

  • For compliance with a legal obligation: when resulting from leal and/or regulatory requirements imposed on TECNORISE.
  • In the need for contractual performance: compliance with specific contracts by TECNORISE with various companies (suppliers and/or service providers), as well as provision of applications.
  • For the regular exercise of rights in a judicial, administrative or arbitral process;
  • For the protection of the life or physical integrity of the data subject or a third party;
  • For fraud prevention and data subject's security in identification and authentication processes for registration in electronic systems;
  • Through authorization/consent granted by the data subject.

The processing of personal data will be carried out within the limits and purposes of its services, and personal data may be made available for consultation, shared and transferred to suppliers and authorities, provided that it complies with the provisions of this Privacy Policy and applicable regulations.

No document, information, and/or personal data will be disclosed and/or shared in any case, except if expressly authorized by the user, for the purpose of fulfilling the contracted services or by court order or legal determination.

It may be necessary to share the user's personal data to another TECNORISE entity, a partner, or an external service provider. TECNORISE requires its service providers to treat such data only in accordance with this Privacy Policy and applicable regulations.

Internally, user’s personal data is accessed only by duly authorized employees, respecting the principles of purpose, adequacy, necessity, and other principles inherent in the processing of personal data, always for the purposes of TECNORISE, in addition to the commitment to confidentiality and preservation of privacy in accordance with this Privacy Policy.

5. TYPES OF PERSONAL DATA SUBJECTS

The data subjects whose personal data is processed by TECNORISE are categorized as follows:

  • User;
  • Client;
  • Employee;
  • Dependent;
  • Legal representative;
  • Visitor;
  • Partner.
6. DATA COLLECTED

For TECNORISE to achieve its social purpose, it is essential to collect some information about its users. Therefore, personal data may be collected directly from the data subject, their legal representatives (upon specific consent authorizing the processing of children's personal data), TECNORISE's contracting companies, third parties, or through automatic collection. Below are the ways personal data is collected:

Personal data provided directly by the data subject
All personal data entered or submitted when accessing one of TECNORISE's channels (portals or applications) will be collected.

Personal data provided by companies
Only for the purpose of complying with a legal obligation or when necessary for the execution of contracts and/or preliminary procedures in which the data subject is involved.

Personal data provided by third parties
TECNORISE may receive personal data through third parties who have a contractual relationship with the data subject. It is also possible that TECNORISE collects data from public databases made available by authorities (such as the Federal Revenue Service, for example) or by third parties, or even data made public by the data subject on websites or social networks, always respecting the legal privacy framework.

Personal data collected automatically
TECNORISE may also collect a series of information automatically, using some market technologies (such as cookies), for the purpose of improving the user's browsing experience on TECNORISE's portals and applications, according to their habits and preferences.

For all personal data collection, the following essential rules will always be followed:

  • Only essential information will be collected;
  • If necessary, TECNORISE will request authorization or notify the data subject about the collection of new personal data, accompanied by the appropriate justification;
  • The personal data collected will only be used to fulfill the purposes informed to the data subject.

The processing of personal data of children and teenagers will only be carried out with specific and highlighted consent from one of the parents or legal guardians.

The data processed by TECNORISE will be stored for as long as necessary to fulfill the purposes for which they were collected or, alternatively, to comply with legal and regulatory requirements. Upon expiration of the retention period or upon request by the data subject, in applicable cases, TECNORISE will securely delete them.

Regarding the facial biometric data collected due to the relationship between the data subject and TECNORISE, considering that the legal basis for processing such data is based on fraud prevention and the security of the user, the biometric will be kept for the duration of the relationship between the user and TECNORISE..

Regarding the categories of personal data collected, in addition to data from employees, suppliers, customers, and service providers, the following categories are collected through our applications due to the need to perform our service provision:

  • Contact information: This refers to any data that allows direct contact with the user or for identification. Data such as: name, surname, date of birth, and phone numbers;
  • User image: TECNORISE's smartphone application requests permission to capture images through the device's camera for inclusion or updating of user profile photos, other residents in the same unit, collaborators, visitors, or for use of GEAR's native facial recognition service (TECNORISE's application). The data is sent to the TECNORISE API at app.gear-tecnorise.com and follows the guidelines in this policy regarding storage, sharing, and handling;
  • Contact list: TECNORISE's smartphone application requests access to the user's device contact list when creating an invitation and selecting the option to search contacts in their list. This feature is used to create a guest list for a specific event. With this feature, the user can send the invitation directly to their guests through a link shared by any app defined by the user. The data is sent to the TECNORISE API at app.gear- tecnorise.com and chavevirtual.com and follows the guidelines in this policy regarding storage, sharing, and handling;
  • Call log: TECNORISE's smartphone application requests access to the user's call log for recording and reading the history of calls received, originating from the IP intercom, through the autonomous call function;
  • Biometric data: The registration of facial biometrics data can be used for identification and authentication of the user and/or visitor. If this function is enabled, it can be used for transaction confirmation. The user is solely responsible for the proper use of this tool and should not allow use or registration by third parties;
  • Location: TECNORISE's smartphone application requests access to the user's location through GPS technologies. Such locations are not shared if these services are not active or in use;
  • Camera/Photo Library: TECNORISE's smartphone application requests access to the user's photo library or camera for actions such as setting or changing a photo in their profile, inserting an image, video, or PDF file on the message board, or inserting an image, video, or PDF file in the occurrences. The data is sent to the TECNORISE API at app.gear-tecnorise.com and follows the guidelines in this policy regarding storage, sharing, and handling;
  • Device storage or SD Card: TECNORISE's smartphone application requests access to the device's storage so that it is possible to insert an image, video, or PDF file on the message board or insert an image, video, or PDF file in the occurrences, set or change the user's profile photo. The data is sent to the TECNORISE API at app.gear-tecnorise.com and follows the guidelines in this policy regarding storage, sharing, and handling;
  • Notifications: TECNORISE's smartphone application also requests permission to issue notifications for events, alerts, and/or marketing campaigns. The notification area can be consulted.
7. DATA SHARING WITH THIRD PARTIES

The personal data processed by TECNORISE may be accessed by third parties, as defined below.

For our purposes
TECNORISE may share data with third parties for its own purposes. TECNORISE will share personal data strictly necessary to provide or otherwise fulfill its social purpose.

For strategic reasons
TECNORISE may share some categories of data listed in item 6 with partners and other entities that provide TECNORISE with certain services or assist with internal functions, such as data analysis, maintenance of internal system security, or ensuring compliance with legal provisions. For example, TECNORISE may share information with auditing firms, law firms for legal assistance, accounting firms, or other professionals. Other entities that may receive personal data for such purposes include information security service providers, data analysis companies, quality assurance evaluators, among others.

For legal and regulatory reasons
TECNORISE may share some categories of personal data reported in item 6 with partners, service providers and other entities when necessary to comply with legal or regulatory obligations, including compliance with any applicable law, judicial or administrative process. TECNORISE may also share information to protect and defend the rights of the Company, personal data owners, or any other person, to protect against fraudulent or malicious activities, to enforce the Terms and Conditions of Use of TECNORISE applications, or to cooperate with law enforcement agencies.

8. ABOUT THE RIGHTS AND REQUIREMENTS OF PERSONAL DATA OWNERS

In compliance with applicable regulations, TECNORISE ensures the following rights to personal data owners:

  • Confirmation of the existence of treatment;
  • Access to their data;
  • Correction of incomplete, inaccurate or outdated data;
  • Anonymization, blocking or elimination of unnecessary, excessive or processed data in violation of applicable regulations;
  • Portability of data to another service or product provider, upon express request, in accordance with ANPD regulations;
  • Elimination of personal data processed with the consent of the owner, with exceptions provided for in applicable regulations;
  • Information about public and private entities with which TECNORISE has shared data;
  • Information about the possibility of not providing consent and about the consequences of refusal;
  • Revocation of consent, in accordance with applicable regulations;
  • Review of automated decisions.

The rights of users provided for in applicable regulations and in this Policy may be exercised upon express request by the owner or legal representative and may be made through the relationship channel available on the privacy portal or in the privacy notice.

The user is aware, through this document, that any request for exclusion of essential information for the management of their registration with TECNORISE and/or its applications, when applicable, will result in the termination of their contractual/business relationship.

TECNORISE will make every reasonable effort to meet the requests made by the owner as soon as possible. However, justifiable factors may delay or prevent its prompt service, and in case of delay, the owner will be informed of the reasons.

It is the responsibility of the owner to provide correct and up-to- date information. TECNORISE is not responsible for the accuracy, truthfulness or lack thereof in the information provided and may, at its discretion, suspend and/or cancel the user's registration at any time, if any inaccuracy is identified.

Finally, the owner should be aware that their request may be legally rejected, either for formal reasons (such as their inability to prove their identity) or legal reasons (such as the request for deletion of data whose maintenance is a free exercise of TECNORISE's rights), and in the event of impossibility of fulfilling these requests, reasonable justifications will be presented to the owner.

9. ABOUT SECURITY

Any personal data held by TECNORISE will be stored in accordance with the strictest security standards adopted by the market, which includes the adoption of measures such as:

  • Protection against unauthorized access;
  • Restricted access by personnel to the location where personal information is stored;
  • Adoption of procedures with employees, service providers, and suppliers who process personal data in the sense of committing to maintain the absolute confidentiality of the information, adopting best practices for handling this data, as determined in corporate policies and procedures.

In addition to technical efforts, TECNORISE also adopts institutional measures aimed at protecting personal data, so it maintains a privacy and governance program applied to its activities and governance structure, constantly updated.

In any case, in the remote hypothesis of the incidence of such events, TECNORISE guarantees full effort to remedy the consequences of the event, always ensuring the due transparency to the data subject.

10. ABOUT LINKS TO OTHER SITES

TECNORISE may provide links to other sites considered relevant, corporate agreements, or due to regulatory, judicial, or administrative imposition. It should be noted that TECNORISE is not responsible for the privacy policy practiced by these sites. Third parties have their own policy for the collection, use, sharing, and any kind of treatment of data related to their services, and it is up to these third parties to maintain the data properly. TECNORISE recommends reading the policies of these third parties.

11. ABOUT MARKETING EMAILS

By registering to receive TECNORISE's marketing electronic mailing, the user agrees that TECNORISE performs a personalized compilation of news and offers, as well as evaluates usage patterns of the platforms, for sending personalized communication that meets the user's needs and interests.

If the user wishes to stop receiving this type of communication, they may cancel the registration at any time. To do so, the user can click on the opt-out link present in the emails received to be directed to the cancellation process or can use one of the communication means mentioned in this Privacy Policy.

12. APPLICABLE LAW AND GENERAL PROVISIONS

This document was elaborated based on the applicable regulations on information security, privacy, and data protection, including (where applicable) the Constitution of the Federative Republic of Brazil, the Consumer Protection Code, the Civil Code, the Marco Civil da Internet (Federal Law No. 12,965/2014), its regulatory decree (Decree No. 8,771/2016), the Brazil’s Data Protection Law (Federal Law No. 13,709/2018), and other sectoral or general norms on the subject.

Furthermore, the processing and collecting of personal data by TECNORISE is in harmony with the directly applicable data protection laws of Florida, notably the Florida Information Protection Act (“FIPA”).

This policy is linked to the Terms of Use, available on the privacy portal or on the privacy notice, and will be interpreted according to Brazilian legal framework, with the Central Forum of the Court of Fortaleza/CE being elected to settle any dispute, question, or subsequent doubt, with express waiver of any other, no matter how privileged it may be.

This document has been prepared in Portuguese and English, but in case of any discrepancy between the versions, the Portuguese version shall prevail.

If any provision of this Privacy Policy is deemed illegal or illegitimate by a public authority, the other conditions will remain in full force and effect.

The user acknowledges that all communication made by email (to the addresses provided by him), SMS, instant messaging applications, or any other digital and virtual form are also valid as documentary evidence, being effective and sufficient for the disclosure of any matter that refers to the services provided by TECNORISE, as well as the conditions of their provision, except as expressly provided otherwise in this Privacy Policy.

13. CONTACT US

If the data subject wishes to clarify any additional doubts, we kindly ask that they contact us through the relationship channels available on the privacy portal or on the privacy notice or, if preferred, directly with the data protection officer, Jobson Xavier da Rocha Junior, through the email dpo@tecnorise.com.br

14. UPDATES TO THIS POLICY

TECNORISE's Privacy Policy, made available through the channels mentioned in the privacy portal or in the privacy notice, is the most updated version of the document. TECNORISE may, however, at any time and at its sole discretion, update the Policy in order to improve security, enhance our services, or to comply with legal, regulatory or administrative obligations.

TECNORISE encourages the data subject to periodically review this Privacy Policy to stay informed about how their data is being treated.

If the user does not accept or agree with this Privacy Policy, including any changes, they should not access or use TECNORISE's platforms, services and products.

Read more: Terms and conditions of use.