In the daily life of the Beontag (“Beontag”), whether conducting business, in the search for new products, services and opportunities, or organizing its internal structure, personal data the processing is an indispensable part of this reality. Processing personal data is instrumental to our activities, and Beontag understands that it must act responsibly and transparently, taking care of such information and providing it with technical and administrative security measures.
This Policy provides guidelines and rules related to the privacy and protection of personal data of customers, employees, and third parties during the processing of personal data by the Beontag, and in dealings with third parties where personal data are shared or the use thereof is shared.
This document from the Beontag is intended to comply with the applicable data protection standards, promoting transparency and good faith before data subjects by protecting their personal data and civil rights and liberties, including Act No. 13.709/2018 (“GDPL”), and bringing the best practices to their fingertips.
The Policy applies to the entire Beontag holding, and particularly to the business and operating areas, as well as third parties with which the Beontag shares personal data, both in Brazil and abroad.
The processing of personal data includes: “every operation performed with personal data, such as those relating to the collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archival, storage, disposal, information evaluation or control, modification, communication, transfer, diffusion or extraction.”
Under the broad legal definition, any action listed above involving personal data constitutes a processing activity. Applying an effective conduct with personal data, or resulting in a different product, is not necessary. Mere viewing, based on the access to personal data, characterizes processing.
The Beontag, concerned with the compliance of each processing performed under our responsibility, seeks to raise awareness of our employees and third parties and continuously adopt security measures.
Examples of processing performed by the Beontag:
|
The Beontag collects data and information from Users on our websites or software applications when provided by the User, and pursuant to the legal basis for processing under the GDPL, by filling out registration forms.
To facilitate the use of the website or software application, the Beontag may also collect data from the User’s navigation or device by tracking (cookies), authorizations granted to websites or software applications that provide geographic location, Internet protocol address, information on the date and time of use of the website by the User, information regarding pages accessed, the number of clicks, and the User’s attempts to use the Website.
We emphasize that any non-sharing of data by the User may impact the usability and experience of accessing the website or software applications.
Any consent from the User for the purpose of processing personal data is collected on an individual, clear, and specific basis. The User may, at any time, change his/her consent to the processing of his/her data, either by granting new permissions or restricting consent to the current permissions. Other information and guidelines related to User consent may be identified in the Consent Management Policy.
The Beontag provides a communication channel to Data Subjects, publicly accessible on our website. It can be accessed at https://www.contatoseguro.com.br/beontag
Information collection is intended to provide necessary services and improve the products and services offered, to facilitate the User experience, enable support and service to Users, in addition to complying with and performing legal, contractual, and regulatory obligations, provide security, and allow the regular exercise of rights by the User and the Beontag.
Cookies are Internet files that store what the Internet user is visiting on websites at any given time.
Cookies can be used to allow access to and operation of websites or software applications; authentication cookies, recognize Users, enabling their access to restricted areas of websites or software applications, and provide contents, offers and/or services of the Beontag holding or partners.
The Cookies available on the Beontag websites allow users to have a personalized, faster browsing experience and improved content customization.
The User can disable cookies in his/her browser and in the settings of the operating system of his device or equipment used to access websites or software applications.
However, we don’t recommend disabling operating cookies, as they can block or prevent the functionalities and even the use of websites or software applications, especially those related to the user experience customization, hindering browsing through Beontag websites.
There are two categories of agents involved in processing operations, namely controllers and operators. Controllers are responsible for the decisions to be made when processing personal data, while operators conduct the processing activities as ordered by the controller.
The Beontag only carries out processing operations in line with the GDPL requirements, mainly in relation to our processing principles and hypotheses (legal basis).
Personal data will only be processed under the following circumstances:
AGREEMENTS |
When required for preliminary procedures or for the performance of an agreement – at the request of the Data Subject – to which the Data Subject is a party; or |
LEGAL OR REGULATORY OBLIGATIONS |
If a legal or regulatory obligation exists, which results in the need to process personal data in order to comply therewith; or |
CREDIT PROTECTION |
For credit protection, also concerning the provisions of the applicable law; or |
REGULAR EXERCISE OF RIGHTS |
For the regular exercise of rights in judicial, administrative, or arbitration proceedings, also during a limitation period; |
PUBLIC POLICY |
If related to the execution of a public policy by the government, under a scenario where the Beontag is legally bound; or |
LEGITIMATE INTEREST |
To meet the legitimate interests of the controller or a Third Party, provided that it meets the requirements of the legitimate interest proportionality test; or |
CONSENT |
When the preceding hypotheses do not apply, and the Data Subject has provided consent for the precise purpose of the processing in question. |
The processing operations must comply with the aspects indicated in the Data Mapping, especially regarding the purposes.
As a rule, the Beontag does not process sensitive personal data, except under the following circumstances:
LEGAL OR REGULATORY OBLIGATIONS |
If a legal or regulatory obligation exists, which results in the need to process personal data in order to comply therewith; or |
REGULAR EXERCISE OF RIGHTS |
For the regular exercise of rights related to an agreement or for judicial, administrative, or arbitration proceedings, also during a limitation period; |
PUBLIC POLICY |
If related to the execution of a public policy by the government, under a scenario where the Beontag is legally bound; or |
FRAUD PREVENTION AND DATA SUBJECT SECURITY |
To ensure fraud prevention and for the Data Subject’s security, specifically in the identification and authentication procedures for registration in electronic systems; or |
CONSENT |
When the preceding hypotheses don’t apply and the Data Subject has provided consent in a specific and prominent manner for a specific purpose linked to the processing of sensitive personal data. |
All processing operations should observe the GDPL principles, especially with regard to the following guidelines:
Under no circumstances may personal data and sensitive personal data be treated in a discriminatory manner among the Data Subjects of a certain category.
In all operations, Beontag will process the minimum necessary amount of personal data compatible with legitimate, specific, explicit purposes, reported to the Data Subject, in addition to complying with the applicable legal basis.
Beontag will ensure to the Data Subjects easy, free-of-charge query on the processing form and duration, as well as accurate, informative details regarding the processing itself and the agents involved, as long as it does not violate the trade or industrial secret of the institution or a Third Party.
We also ensure the quality of the personal data used, enabling the Data Subjects to update these to improve their accuracy and to bring these in line with the processing.
The Beontag adopts security standards commensurate to our operations, especially when they involve the processing of personal data, in order to prevent security incidents.
The Beontag ensures compliance with the rights of the Data Subjects when processing personal data, pursuant to the provisions mentioned below:
To meet the Data Subjects requests, the Beontag has tools and mechanisms in place intended to make the response or compliance with these rights expedite and effective, and to provide the proper filing of the actions taken regarding such request.
To this end, we make available a communication channel for Data Subjects, publicly accessible on our website. It can be accessed at https://www.contatoseguro.com.br/beontag .
The Beontag adopts a restrictive conduct regarding the international transfer of personal data, performing it only when strictly necessary to carry out its activities or when there is a security standard in place compatible with our guidelines.
In these cases, the Beontag observes the local laws of the target country of transfer, for due compliance. The Beontag holding also ensures the prior knowledge of the Data Subjects on the possibility of international transfer of their personal data, based on contractual clauses or specific consent, on a case by case basis.
The Beontag also complies with the GDPL requirements for the possibility of international transfer:
The Beontag does not, as a rule, process the personal data of minors. However, there are times when processing such data is necessary. In these cases, the data will be processed in the best interest of the minor.
In these cases, the specific and explicit consent of the parents of the subject of the personal data is mandatory, except when the legal basis of the processing includes the regular exercise (defense) in judicial, administrative, or arbitration proceedings, only when referring to the processing of adolescents’ data.
The personal data of children and adolescents, as well as their sensitive data, should be subject to stronger protection compared to other personal data. In this way, sensitive personal data should be prominently classified.
Taking into consideration the principle of Privacy by Design, all products and services designed by the Beontag are reviewed from the outset for guaranteed privacy and protection of personal data of the Data Subjects.
The review begins with the area responsible for the innovation completing the Form for Registration of New Personal Data Processing, and is discussed by the Data Protection Committee, which ensures compliance with the principle in question.
This document should be read and construed in conjunction with the other Policies and Procedures used by the Beontag, as well as related laws and regulations.
Any questions regarding this Policy should be e-mailed to the Data Subject Communication Channel ( [email protected]) or to the Data Protection Officer ( [email protected]).
Incumbent Details DPO:
Suzane Oliveira Silva
Email: [email protected]
Site: https://www.contatoseguro.com.br/beontag
Phone: 08005127702