es pt en

Privacy and Data Protection Policy

CADASTRA MARKETING DIGITAL LTDA, a private company, registered in CNPJ No. 08.257.844/0002-24, located at Av. Eng Luís Carlos Berrini, 1511, 17th floor, State of São Paulo, São Paulo, Brazil, CEP 04.571-011 (“Cadastra”), handles some of your Personal Data to provide you with products and services. We are a hybrid and global company, focused on digital transformation, which brings together strategic consulting services, performance agency, digital operations, technology, communication and digital education. Over 20 years transforming brands in more than 10 countries, with multidisciplinary, dynamic and always up-to-date know-how, bringing the highest performance in the short, medium and long term to companies.

This Privacy Policy aims to inform all Clients, Partners and the market in general how we treat Personal Data collected and/or received in our operation. This Privacy Policy also aims to clarify to our customers what are the main rights guaranteed by Law 13.709/2018 (the “General Law of Data Protection” or “LGPD”) and how Cadastra – always guided by ethics, transparency and compliance – is prepared to meet this regulation and ensure the Privacy of all players around it. If you have any questions, please contact us through the channels indicated at the end of this Policy (item 10).

1. IMPORTANT DEFINITIONS

The following definitions are important for you to understand what the position and role of each party involved in our business is, what the main concepts defined in the LGPD are, and how Cadastra is structured to protect the Privacy of all its Customers and Partners:

  • “Controller”: the company (or the subject) that is responsible for deciding on the Data Subject’s Data processing;
  • “Operator”: the company (or the subject) that performs the processing of any Personal Data on behalf of the Controller;
  • “Personal Data”: information relating to any identified or identifiable natural person; read, any information passed by a Customer to the Supplier, for example, that identifies or can identify a natural person;
  • “Sensitive Personal Data”: data about the Data Subject’s racial or ethnic origin, religious, political, genetic, biometric, indicative of sexual preference or health status;
  • “Processing”: any operation involving a Personal Data that is carried out directly to the company;
  • “Holder”: natural person to whom the Data to be processed in the operation refers;
  • “Anonymization”: use of technical means available in the processing of Data, in which a Data loses the possibility of association, directly or indirectly, with an individual..;
  • “Shared Use of Data”: communication, dissemination, international transfer, interconnection of Personal Data or shared treatment of Personal Data banks by public bodies and entities in the fulfillment of their legal powers, or between these and private entities, reciprocally, with specific authorization, for one or more treatment modalities allowed by these public entities, or between private entities;
  • Partner: Supplier and/or Third Parties linked to the operation that are related to the services provided by Cadastra in favor of the Holder of Personal Data for purposes of processing Personal Data;

2. WHAT PERSONAL DATA MAY WE COLLECT, PROCESS AND HOW DO WE DO IT?

Cadastra collects and processes strictly the Data necessary to perform its corporate purpose, such as, but not limited to, Data relating to qualification (name, CPF/CNPJ, profession, gender, address) and/or those voluntarily provided by Users through the Sites/Applications/Tools. Any and all processing of Customers and Partners’ Personal Data carried out by Cadastra strictly observes the following principles:

  • Purpose: the treatment must have a purpose that is clear, specific and previously informed to its Holder;
  • Adequacy: processing must be compatible with the context informed to the Holder and respect the purpose;
    Necessity: processing must be limited to the minimum necessary to carry out the operation;
  • Free Access: obligation to make available for immediate and free consultation to the Data Subject about the processing of his Data;
  • Data Quality: the Holder must be proven to store clear, relevant and up-to-date Data;
    Transparency: obligation to guarantee the Cardholder clear, correct and easily accessible information at any time;
  • Security: obligation to use technical measures to avoid leakage, unauthorized access, loss and/or unauthorized alteration of Data;
  • Prevention: prior adoption of measures to prevent and contain possible violations of LGPD obligations;
  • Non-Discrimination: impossibility of data processing for discriminatory, illegal, abusive purposes;
  • Accountability and Responsibility: obligation of the agent to prove the adoption of effective measures to ensure compliance with the law and all its principles;

Upon prior and express consent by the Data Subject, we may also – with a view to making Customer and Partner service more efficient – collect Personal Data from the following sources:

  • Sales management platforms in physical stores and via the Internet
  • Application Programming Interface (API): service that facilitates communication between two parties
  • Cookies: registration of the activities of the Holder in our Sites/Applications/Tools with the objective of optimizing searches, always with the Client’s consent. For more information see our Cookies Policy (https://cadastra.com/pt/politica-de-cookies-e-uso-do-site).

NOTE: Any Data provided on Third Party websites and applications may be subject to Privacy practices that may differ from those of Cadastra. If Personal Information is submitted to any such websites, the information will be governed by the Privacy Policies of those sites.

3. WHY DO WE COLLECT PERSONAL DATA?

We take appropriate steps to ensure that all processing of your Personal information by us or our service providers is lawful. The lawful basis for processing your Personal Information will depend on the purposes for which we process your information.

  • Consent: through the prior provision of consent by the Personal Data Holder, where applicable;
  • Customer Efficiency: through the Data collected and stored with the consent of the Data Subject, we can optimize search times when browsing, eliminate inefficient offers to the Customer and reduce transaction costs to focus on what really matters;
  • Legitimate Interest: use of Personal Data by Cadastra – always for legitimate purposes and previously informed – for the promotion of essential activities and/or regular exercise of a right;
  • Protection of Acquired Rights: we use Personal Data to exercise any contractual or legal right that must be safeguarded before Clients, Partners and the market in general, including to protect the right to Privacy of Cadastra and the Holders whose Data has been entrusted to it.

4. WITH WHOM DO WE SHARE PERSONAL DATA?

We guarantee that only persons authorized by Cadastra and bound by the same criteria of security, confidentiality and purpose may access your Personal Data when strictly necessary for the purposes of managing our business relationship or fulfilling our legal obligations.

In addition, sharing – upon consent or for legitimate interest purposes – may occur in the following cases:

  • Sharing within the Economic Group: sharing of Personal Data by Cadastra – upon consent or for the regular exercise of a right – with the companies of the DBG Group, which may act as Operators in the treatment of this information specifically in order to ensure commercial management and greater efficiency in marketing campaigns;
  • Partners: Third parties that provide services to Cadastra, such as suppliers of information technology services, communication or marketing services, as well as statistical services, limited to the sharing of Personal Data strictly necessary for the execution of the contracted activities and always with the Holder’s prior consent.
  • Media campaign management tools: for the purpose of sending advertisements tailored to your selected preferences based on your browsing and/or your requests on the Sites;
  • Behavioral analysis tools: with the purpose of improving the user experience regarding the use of the Site by storing cookies – always previously accepted by the User – or by analyzing Personal Data voluntarily provided by the Holder with prior knowledge and agreement to this end.

Upon prior knowledge and agreement, the sharing of Users’ Personal Data with Partners will be carried out in connection with one or more of the purposes described in item 2 of this Policy, respecting the limits and purposes strictly necessary for the performance of our activity.

Cadastra may also be required to communicate your Personal Data, upon receiving a binding order or subpoena, to any authority with jurisdiction over our business to comply with legal or regulatory obligations and/or comply with the subpoena received. In this case, the sharing will be within the strict limits set by the order issued and, whenever possible, will be preceded by notification to the Data Subject to take all appropriate measures in order to, if he or she wishes, seek appropriate measures to try to revoke the sharing order.

Finally, in view of the principles informed above, at any time the Holder may request Cadastra to access all of his/her Data.

5. HOW DO WE STORE PERSONAL DATA?

Cadastra seeks to make it easy for the Card Holder to keep his/her Personal Information accurate, complete and updated. Should the Card Holder find it necessary to update his/her Personal Data, he/she may request Cadastra to do so through the channels mentioned at the end of this Policy (item 10).

These rights granted to the Card Holder apply exclusively in relation to his/her own Personal Data. Cadastra does not share with the User any Third Party Data, including Personal Data of other Users that has been collected in our operation.

We guarantee the Data Subject the following rights:

  • Existence and Access: the Data Subject has the right to obtain confirmation of the existence of the processing activity of their Personal Data. In the event of processing, the Data Subject has the right of access, i.e. to obtain a simplified or complete statement on the categories of Personal Data processed, the origin of the Data and the purposes of the processing. In the event that his/her Personal Data is processed on the basis of his/her consent or of a contract entered into between the Data Subject and Cadastra, the Data Subject shall also have the right to obtain a full copy of the Personal Data that is processed on the basis of his/her consent or of the contract;
  • Correction: the Data Subject has the right to request the correction of incomplete, inaccurate or outdated Data about him/her;
  • Anonymization, blocking and/or deletion: in certain cases, when Personal Data is unnecessary, excessive or is processed in non-compliance with the LGPD, the Data Subject has the right to request the anonymization, blocking or deletion of such Data;
  • Portability: in certain cases, as defined and to the extent required by the ANPD, and always respecting Cadastra’s commercial and industrial secrets, the Holder is entitled to the portability of his/her Personal Data to another company.
  • Shared Use of Data: the Holder is entitled to obtain information about the public and private entities with which Cadastra has shared use of his/her Personal Data;
  • Revocation of consent: every time Cadastra requests consent to process Personal Data, the Card Holder is entitled to refuse consent. Cadastra always informs him about this right and about the consequences in case he prefers not to give consent to a processing activity. In addition, every time the Data Subject consents to the processing of his or her Personal Data for a specific purpose, he or she may revoke his or her consent at any time, and all processing activities carried out up to the date of revocation shall be valid.
  • Opposition: Right to object to certain types of processing, including processing for direct marketing (which we do only with your consent).
  • Deletion of Personal Data allows you to request the deletion or removal of your Personal Information if there is no compelling reason for us to continue using it. Please note that this is not a general right of erasure, except in the case of mandatory storage as provided by law.

For further information and/or requests, the Card Holder must contact us through the channels indicated at the end of this Policy (item 10). The deadline for analysis and response is up to 30 days.

6. WHAT RIGHTS DO WE GRANT THE HOLDER?

Cadastra processes Personal Data only for the purposes described in this Policy.

Personal Data is kept to the extent necessary for the purposes of processing, and shall be deleted

  • as soon as the reason for its use ends, or
  • according to the term determined by the Law.

7. COMMUNICATIONS AND MODIFICATION OF THIS POLICY

The security and confidentiality of your Personal information are extremely important to us. We have technical, administrative and physical security measures in place to:

  • protect your Personal information from unauthorized access and improper use
  • protect our IT systems from leaking Personal Information
  • ensure that we can restore your information in situations where the Data is corrupted or lost in a disaster recovery situation
  • where appropriate, use encryption or other security measures
  • review our security procedures periodically to consider appropriate new technologies and updated methods.

While no measure is 100% effective, we are committed to ensuring that your Personal information remains secure.

8. DATA ON MINORS OF AGE

Cadastra’s products and services are not intended for minors.

9. INTERNATIONAL TRANSFER OF PERSONAL DATA

We may transfer your Personal Information to DBG Group companies, IT providers and other suppliers in other countries. For companies outside the Brazilian Economic Area with whom we may share your Personal Information, we ensure that we do so using specific, legally approved safeguards.

10. PERSON IN CHARGE OF PERSONAL DATA PROCESSING

The DBG Group, to which Cadastra belongs, has a Personal Data Handling Officer who is responsible for guiding the conduct of our activities in compliance with

with the law, as well as to receive complaints and communications from Data Subjects and Authorities, and to provide them with clarifications.

In case of doubt, complaint or any indication of violation of the terms of this Privacy Policy, or to exercise rights as a Data Subject, please contact us at:

e-mail to privacy@dbg.com.br
mail to Av. Eng Luís Carlos Berrini, nº 1511, 17º andar, Estado de São Paulo, cidade de São Paulo, CEP 04.571-011 to the attention of the Personal Data Officer (DPO).

11. PRIVACY POLICY UPDATES

The DGB Group may at any time update this Privacy Policy to reflect improvements. Please check this page regularly for updates.