PRIVACY POLICY AND PERSONAL DATA PROTECTION
The Privacy and Personal Data
Protection Policy (“Policy”) of SKEDWAY DO BRASIL LTDA, a legal entity governed
by private law, registered with CNPJ under No. 44.664.224/0001-73,
headquartered at Rua João Preda, 630, joint . 02, Parque Rural Fazenda Santa Cândida,
in the Municipality of Campinas, in the State of São Paulo, CEP 13087-552
(“SKEDWAY”) was prepared in accordance with Federal Law No. 13,709/2018
(General Law for the Protection of Personal Data – LGPD ) and Resolution of the
Board of Directors of the National Data Protection Authority No. 02/, of
January 27, 2022 (Resolution CD/ANPD No. 02/2022), binding all employees,
managers, partners and internal and external collaborators of SKEDWAY, on all
forms of processing of personal data resulting from its commercial activity.
This Policy contains information
about how SKEDWAY treats, in whole or in part, automatically or not, the
personal data of the aforementioned people.
The objective is to clarify the
interested parties about the types of data that are processed, the respective
purposes and the way in which the holder of the personal data can update,
manage or delete this information.
When using our services, working
with us or applying for a job, the holder of the personal data accepts and
agrees with all the terms and conditions set forth that are in force on the
date.
We warn that this Policy may be
modified at any time by SKEDWAY, due to changes in legislation or in our
processes, as a result of the use of new technological tools or partnerships,
or even whenever, at SKEDWAY's sole discretion, such changes if necessary.
1. PRINCIPLES AND RIGHTS OF HOLDERS
1.1. SKEDWAY undertakes to comply with the rules set forth in
the LGPD, in compliance with the following principles:
(i) the holder's personal data will be treated in a lawful,
loyal and transparent manner;
(ii) the holder's personal data will only be processed for
specific, explicit and legitimate purposes, and cannot be subsequently
processed in a way that is incompatible with those purposes;
(iii) the holder's personal data will be collected in an adequate,
relevant and limited manner to meet the purposes for which they will be
treated;
(iv) the holder's personal data will be accurate and updated
whenever necessary, so that inaccurate data is erased or rectified, when
possible;
(v) the personal data of the holder will be kept in a way that
allows the identification of the data subjects only for the period necessary
for the purposes for which they are processed;
(vi) The holder's personal data will be treated securely,
protected from unauthorized or unlawful processing and against accidental loss,
destruction or damage, adopting the appropriate technical or organizational
measures.
1.2. The holder of personal data has the following rights,
conferred by the LGPD:
(i) Right of confirmation and access: right of the holder to
obtain confirmation that the personal data concerning him are or are not being
processed and, if that is the case, the right to access his personal data;
(ii) Right of rectification: right of the holder to obtain the
rectification of inaccurate personal data concerning him;
(iii) Right to delete data: right of the holder to have their
personal data erased from SKEDWAY's systems or database, except for the cases
provided for in the LGPD that authorize its maintenance by SKEDWAY;
(iv) Right to limitation of data processing: right of the holder
to limit the processing of his personal data, being able to request this
limitation when he contests the accuracy of the data, when the treatment is
illegal, when SKEDWAY no longer needs the data for the proposed purposes and
when you have objected to the processing of data in case of unnecessary data
processing;
(v) Right of opposition: right of the holder to oppose, for
reasons related to his particular situation, the processing of personal data
concerning him, and may also oppose the use of his personal data to define a
marketing profile;
(vi) Right to data portability: right of the holder to receive
personal data concerning him and that he has provided to SKEDWAY, in a
structured, commonly used and machine-readable format, and the right to
transmit this data to third parties to be indicated by the holder, under his
responsibility.
1.3. The holder may exercise his rights by means of a written
communication sent by email with the subject “processing of personal data”,
specifying:
(i) full name;
(ii) CPF number;
(iii) e-mail address of the holder and, if applicable, of his
representative;
(iv) relationship you have or had with SKEDWAY (customer,
platform user, employee, candidate for job offers and/or third party
individuals);
(v) right you wish to exercise with SKEDWAY;
(vi) date of application and signature of the holder; It is
(vii) any document that can demonstrate or justify the exercise
of your right.
1.4. Pursuant to art. 11, paragraph 1, of CD/ANPD Resolution No.
02/2022, the communication channel to be used by the holder will be through the
email data@skedway.com, or, if you prefer, through physical correspondence, to
be forwarded to the following address:
Rua João Preda, 630, conj. 02,
Parque Rural Fazenda Santa Cândida, Campinas-SP, CEP 13087-552
1.5. All requests will be received, analyzed and, if necessary,
forwarded and answered within a period of up to 15 (fifteen) days, counting
from the confirmation of the authenticity of the person who made the request
and the corresponding holder of the personal data over which it is intended to
exercise rights.
2. ORIGIN OF PERSONAL DATA PROCESSED BY SKEDWAY
2.1. The personal data processed by SKEDWAY are originally:
(i) informed by the holder himself, when entering into any
commercial relationship with SKEDWAY, registering and using the Platform and/or
when contacting SKEDWAY to obtain information about the services provided and
commercial proposals;
(ii) collected by SKEDWAY through the integration of its
Platform with Office 365 or G-Suite from the accounts used by the data subject
to perform activities related to the SKEDWAY customer; and/or
(iii) collected automatically by SKEDWAY when the holder accesses
the SKEDWAY website or Platform.
3. PERSONAL DATA PROCESSED BY SKEDWAY
3.1. The processing of personal data by SKEDWAY will take place
in accordance with the LGPD, and the data processed includes:
(i) name;
(ii) e-mail;
(iii) commercial phone;
(iv) cell phone;
(v) identification photo and biometric data;
(vi) department in which it operates at the Client;
(vii) identification document; It is
(viii) Bank data.
3.2. In addition to the personal data detailed above, during the
use of the Platform or the SKEDWAY website, the following personal data will
also be processed:
(i) User's IP address;
(ii) geolocation of the User, when the access takes place
through a mobile device;
(iii) accesses containing the User's access times to the
Platform;
(iv) pages and screens accessed by the User on the Platform;
(v) dates and times of each User action on the Platform;
(vi) appointments made by the User with his IP address;
(vii) publications made by the User and log of these
publications;
(viii) settings customized by the User on the Platform;
(ix) reservation information made through the Platform; It is
(x) information on participation in meetings scheduled through
the Platform.
3.3. SKEDWAY is not responsible for the veracity or lack of
information provided and provided directly by the holder, as well as for its
outdated status, and it is the responsibility of the holder of the personal
data to provide them accurately and keep them updated..
4. TREATMENT PURPOSES AND HYPOTHESES
4.1. The personal data processed by SKEDWAY will be used to meet
the following purposes:
(i) issue the respective tax documents, record the payment
information in the accounting, as well as carry out the corresponding bank
transactions;
(ii) collaborate and/or comply with a court order or request by
an administrative authority;
(iii) properly identify the holder of the personal data and the
User, when using the Platform;
(iv) adequately respond to requests and queries made by the
holders of the respective personal data;
(v) allow the full functioning of the Platform operated by
SKEDWAY, under the terms, conditions and parameters established with the Client
(such as: organizing the available calendar and making available the scheduling
of rooms, workstations, closet and parking spaces);
(vi) protect SKEDWAY and allow compliance with the rights and
obligations related to the use of the Platform, in accordance with the
provisions of the governing legislation;
(vii) collect and use data, even if anonymously, from Google
Analytics for parameterization and creation of metrics;
(viii) use the data to maintain the Platform and the services
offered by SKEDWAY.
4.2. The processing of personal data by SKEDWAY, taking into
account its use for the purposes described above, will be carried out in
compliance with the following hypotheses provided for in the LGPD:
(i) Compliance with a legal obligation (art. 7, II, of the
LGPD): name, e-mail, business telephone, identification document and bank
details, to achieve the purposes set forth in Item 4.1 (i), (iv) and (vi) ;
(ii) Execution of contracts and preliminary procedures (art. 7,
V, of the LGPD): department in which the client operates, geolocation of the
User, appointments made by the User with his IP address, publications made by
the User and log of these publications, settings customized by the User on the
Platform, information on reservations made through the Platform and information
on participation in meetings scheduled through the Platform, to achieve the
purposes set forth in Item 4.1 (v) and (viii);
(iii) Fraud prevention guarantee (art. 11, II, 'g', of the LGPD):
identification photo, biometric data and cell phone, to achieve the purposes
set forth in Item 4.1 (iii)
(iv) Consent (art. 7, I, of the LGPD): performance, functionality
and behavior/analytical cookies, for use under the terms of Item 9; It is
(v)
Legitimate interest of the controller (art. 7, XI, of the LGPD): User's IP
address, access containing the User's access times to the Platform, pages and
screens accessed by the User on the Platform and dates and times of each User
action on the Platform Platform, to achieve the purposes set forth in Item 4.1
(vii).
4.3. SKEDWAY clarifies that the personal data indicated in item
3.1. (v) (identification photo and biometric data) are not collected and
treated in a standardized way, by default, so this treatment will only occur
upon request of the Customer, so that SKEDWAY will act in accordance with the
provisions of item 5.2 below.
4.3.1. In the situations of processing the personal data indicated
above, SKEDWAY may use technologies developed by third parties, in order to
make the use of this data feasible, only and solely to improve the
identification process of the holder when accessing and using the Platform .
4.3.2. The storage of personal data, indicated in item 4.3 above,
in SKEDWAY's database, will only serve for the purpose of, when capturing the
holder's image, when accessing the Platform, SKEDWAY, comparing with the images
previously handled, can identify him and certify that he is the owner, ensuring
that there is no fraud in the use of the owner profile on the Platform.
4.3.3. SKEDWAY clarifies that it will have access to the camera of
the device used to access the Platform only during the capture of the holder's
photo, so that, once the respective image is captured, SKEDWAY will no longer
have access to the device's camera.
4.3.4. SKEDWAY reinforces that, like other personal data, those
provided for in item 4.3 above, its treatment will always occur in an ethical
and respectful manner, never aiming, promoting or inducing any form of
discrimination or that is harmful to the holder.
5. PERSONAL DATA PROCESSING AGENTS
5.1. SKEDWAY, as an agent for processing personal data, may act
as Operator or Controller depending on the type of treatment that will be
carried out by SKEDWAY with personal data, as detailed below.
5.2. In situations where SKEDWAY provides software licensing
services (SaaS) to its customers, making its platform available for managing
third-party corporate spaces under the conditions and locations established by
its Customers, SKEDWAY will act as an Operator, with its Customers acting as
Controllers of their personal data.
5.3. In SKEDWAY's relationships with its customers,
collaborators and employees, which result in the processing of personal data,
SKEDWAY will act as Controller of this data, given its own decision-making
power regarding the completeness of the processing of this personal data.
6. STORAGE AND CONSERVATION PERIOD OF PERSONAL DATA
6.1. Personal data is stored in a secure and controlled
environment and may be stored on SKEDWAY's own servers or on third-party
servers contracted for this purpose (sub-operators), whether allocated in
Brazil or abroad, in accordance with the criteria of the applicable
legislation, and may also be stored using cloud computing technology and/or
others that may arise in the future, always aiming at its improvement and
improvement.
6.2. Personal data processed by SKEDWAY will be kept for a period
no longer than necessary to fulfill and if it reaches the purposes for which
they were initially processed, as detailed in this Policy.
6.2.1. The holders' personal data may only be retained after the
end of their processing, for (i) compliance with a legal or regulatory
obligation by SKEDWAY; and/or (ii) regular exercise of rights in judicial or
administrative proceedings, and, in both cases, said period will not exceed a
period of 5 (five) years.
6.3. In situations where SKEDWAY acts as an Operator, the
conservation of personal data will be subject to the lawful guidelines of its
Customers (Controllers), which will be observed by SKEDWAY, provided that they
are compatible with the rights and guarantees provided for in the LGPD.
7. SKEDWAY AND THIRD PARTIES IN THE TRANSMISSION OF PERSONAL
DATA
7.1. In compliance with the principles of the LGPD and the
guidelines of the National Data Protection Authority - ANPD, SKEDWAY clarifies
that it applies the principle of least privilege (need to know), having its own
internal policy that delimits access to personal data processed by SKEDWAY ,
considering the access pertinence of each area in relation to these same data.
7.2. In certain circumstances, SKEDWAY may share or transfer
personal data, to the strictest extent necessary or appropriate, to government
agencies, business partners and others with the aim of complying with
applicable legislation, court order or subpoena, or to:
(i) investigate, prevent or take action relating to suspected
or actual illegal activities, or to cooperate with public bodies, or to protect
national security;
(ii) performance of its contracts;
(iii) investigate and defend against any third party claims or
allegations;
(iv) protect the rights and personal safety of the holder of
personal data, its employees, internal collaborators, customers or the general
public;
(v) exercise or protect the rights, property and safety of
SKEDWAY, its partners and investors; It is
(vi) in case of sale, purchase, merger, reorganization,
investment contribution, liquidation or dissolution of SKEDWAY.
7.3. All situations of sharing and
transmission of personal data to third parties, if not provided for in this
Policy, will be previously informed to the respective holder of the personal
data, who, in the cases provided for in the LGPD, may oppose such sharing and
transmission.
8. SECURITY IN THE PROCESSING OF PERSONAL DATA
8.1. Pursuant to art. 46 of the LGPD, SKEDWAY adopts the
appropriate security, technical and administrative measures to protect the
personal data processed. To this end, periodic training is developed for all
those involved in treatment activities, updating and constant review of
internal processes that result in the processing of personal data, corporate
policy for the protection of personal data, among other activities carried out
within the administrative-managerial scope of SKEDWAY , without prejudice to
the adoption of technical measures within the scope of Information Technology,
with the use of computer resources endowed with functionalities aimed at
guaranteeing information security.
8.2. SKEDWAY disclaims responsibility for the sole fault of third
parties, such as in the case of a hacker or cracker attack, or the sole fault
of the holder of the personal data.
8.3. SKEDWAY undertakes to communicate to the holder of personal
data, within an appropriate period, in the event of any type of violation of
the security of their personal data that may cause a high risk to their
individual rights and freedoms, using the means of communication available for
contact, which can be phone number or email address.
8.4. If third-party companies process any of the personal data
controlled by SKEDWAY, they must observe and respect the conditions stipulated
in this Policy.
9. NAVIGATION DATA (cookies) AND THEIR MANAGEMENT
9.1. As detailed and clarified in its Cookies Policy, SKEDWAY
clarifies that its website only uses first-party cookies, with no third-party
cookies being used on its website.
9.2. In view of the role that cookies play on the SKEDWAY
website, any processing of personal data arising from their use, are licensed
for use based on the following hypotheses provided for in the LGPD:
(i) execution of contract and preliminary procedures (art. 7, V,
of the LGPD): necessary cookies; It is
(ii) owner's consent (art. 7, I, of the LGPD): performance,
functionality and behavior/analytical cookies.
9.3. When accessing the SKEDWAY website, it is possible to choose
and consent to which cookies may be used during your navigation, with the
exception of necessary cookies.
10. COMPLAINT TO A CONTROL AUTHORITY
10.1. Without prejudice to any other administrative or judicial
means of appeal, all holders of personal data have the right to file a
complaint with a control authority. The complaint may be made to the National
Data Protection Authority (ANPD).
11. CHANGES
11.1. This Policy may receive periodic revisions. However,
SKEDWAY reserves the right to modify, at any time, these provisions, especially
to adapt them to the evolution of the systems or its computer program, either
by making new functionalities available, or by deleting or modifying those that
already exist.
11.2. The holder of the personal data will always be notified by
SKEDWAY in case of alteration of this Policy and, if he disagrees with any of
the modifications, he must submit his reservation to the communication channel
made available by SKEDWAY for this purpose, as indicated in item 1.4 of this
Policy.
12. APPLICABLE LAW AND JURISDICTION
12.1. This Policy and all relationships
resulting from it are subject to the laws of the Federative Republic of Brazil,
with the jurisdiction of the District of Campinas, in the State of São Paulo,
being elected to resolve any controversy arising from this Policy.
12.2. Without prejudice to the provisions
of the previous article, in the event of the occurrence of information security
incidents, related to individual leaks or unauthorized access to personal data,
these disputes will initially be the subject of direct conciliation between
SKEDWAY and the respective holder of the personal data, before considering the
possibility of applying any sanction to SKEDWAY, pursuant to art. 52, §7, of
the LGPD.