Provider IT privacy notice

Update: June 26^th, 2021, 2:11 PM

Your privacy is absolutely important to us!

We understand that your rights, provided for in Law No. 13.709/2018 (Brazilian General Data Protection Law – LGPD), need to be protected and clarified in the most transparent way possible. This means that protecting your personal data and privacy is part of our commitment!

When you browse our domains, you will eventually need to provide information of a personal nature. This is extremely important so that services can be improved and your online experience can be optimized and customized to your personal content interests.

This document describes the practices that our organization adopts with regard to the collection, storage, use, and sharing of personal data, specifically on our website and in social networks, aiming at making you aware and informing you, in a clear, transparent manner and in plain language, about the way in which we conduct such operations, always in strict compliance with the rules set forth in the LGPD.

It is also important to clarify that the Privacy Notice may be changed to adapt to your new interests and expectations, as well as to possible changes in future laws and regulations. Therefore, we recommend that you consult this document regularly so that you will always be aware of its terms.

Thus, in order to ensure faithful compliance with the principles of the LGPD, as well as other applicable legislation, we provide in this document, in a clear, transparent and accessible way, all useful and essential information regarding the processing of your personal data on our website.

WHAT SHOULD I KNOW TO UNDERSTAND THIS WARNING?

Personal data: is any information that identifies a natural person, or at least makes him/her identifiable. For example: name, ID, Tax registration number e-mail, gender, date of birth, home address, e-mail address, location data (GPS), IP address,cookies, among others.

Sensitive personal data: any information that, by its very essence, is likely to generate some type of discrimination or create some social vulnerability for its owner. For example: racial or ethnic origin, religious conviction, political opinion, membership of a trade union or organization of a religious, philosophical or political nature, data concerning health or sex life, genetic or biometric data when linked to a natural person.

Data owner: is the owner of the personal data, i.e. the person to whom the data relates. In this case, it is the users of this site who provide us with their information and have their data processed byProvider IT. The owners, in turn, have a series of rights, which will be described in detail below.

Processing of personal data:means any operation or means of handling the personal data of users. For example: collection, production, receipt, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, deletion, evaluation or control of information, modification, communication, transfer, dissemination, or extraction. All these operations are considered “processing”.

Controller: is the person responsible for making decisions about the processing of personal data. In this case,Provider IT is a controlling entity, since it is responsible for making decisions about personal data processing operations.

Operator:these are the companies with whom we share user data and who perform the processing on behalf of Provider IT, and who are also complying with the General Data Protection Law, as we require them to comply with the personal data protection and privacy laws in order to perform their activities in a regular manner.

Data Protection Officer (“DPO”): is the person responsible for assisting and guiding Provider IT and the data owners with respect to issues involving personal data protection and privacy. It is thus the communication channel between the controller, the data owners, and the National Authority for Personal Data Protection (ANPD). Contact information about this professional is described below this Notice, as well as in the specific contact channels in this section.

National Authority for Personal Data Protection (ANPD): public administration agency responsible for ensuring, implementing, and enforcing compliance with the LGPD throughout Brazil. Some of its attributions are: to supervise and apply sanctions, to hear petitions from data owners against controllers, to issue regulations and procedures on personal data protection and privacy, to conduct audits and educational actions on the subject of personal data. Our organization is attentive to all the regulations issued by this body, respecting all its guidelines regarding the procedures and practices deemed appropriate in their conception. You can access the ANPD website through the link https://www.gov.br/anpd/pt-br

WHY DO WE COLLECT YOUR PERSONAL DATA?

Your personal data is collected and used on our site to learn more about your online behavior and thereby deliver a browsing experience tailored to your interests and preferences. By the way, this data is also extremely useful so that the site’s services can work as you expect them to, i.e. with full functionality and to fulfill your requests quickly and efficiently.

In addition, because we are a technology integration company with experience in the banking, insurance, finance, education, and other industries, we may collect personal data to facilitate these services. This data is not kept on our site. Below you can be sure that security measures are in place to protect against breaches.

Finally, we make use of personal data to perform job referral services and to fill job vacancies, which are also not stored.

WHAT KIND OF PERSONAL DATA IS COLLECTED BY PROVIDER IT?

3.1 – Cookies:When you access a website, some information may be collected or stored in your browser in the format of small text files called “Cookies”. Cookies are commonly used to identify the visitor and thereby customize the page according to his or her profile and content interest. Because it is information about you – and therefore personal data – we are aware that we must respect your privacy, according to the terms defined in Law No. 13.709/2018 – General Data Protection Law (LGPD). By clicking here, you can manage the use of these Cookies, rejecting or accepting them, in a specific way, according to your interests and according to your express consent.

On our website we use Google Analytics (Performance Cookies) and Functionality/Session Cookies as well as the “Addthis” plugin.

Performance cookies:These cookies tell us about visits and traffic sources. Through them, we measure and understand the most visited pages and how our visitors move around the site. All information is obtained on an aggregated and anonymous basis and cannot be used to identify you personally. The data obtained is used to improve our site and make navigation easier (_ga, _gid, _gat, AMP_TOKEN, _gac_<property-id>).

Let’s see:

Source: https://developers.google.com/analytics/devguides/collection/ga4/cookie-usage?hl=pt-br

Functionality/session cookies: It is through the use of these cookies that we memorize the choices you have made on our page while browsing and thereby offer better and more personalized features (wordpress_logged_in_[hash], wordpress_test_cookie).

Addthis:Plugin for sharing content on social networks (s_fid, s_sq, s_cc, ssc, ouid, uid, s_nr, na_id, loc, na_tc). At this point, the following data is collected:user identifier (no personal data is identified) in the browser; IP address; geographical position; device information such as: browser, operating system, screen resolution, language; day and time you visited the site; page of origin of the visit and whether you used search engines. There are no essential cookies for visitors, only for site managers for authentication purposes.

Other cookies used:

_GRECAPTCHA: This cookie is used to distinguish between humans and bots. This is beneficial for the site in order to make valid reports about the usage of the site. (Storage time: 179 days ).
 rc::a This cookie is used to distinguish between humans and bots. This is beneficial to the site in order to make valid reports about the usage of their site.(Storage time: persistent).
 rc::b This cookie is used to distinguish between humans and bots. (Storage time: session).
 rc::c This cookie is used to distinguish between humans and bots. (Storage time: session).
JSESSIONID Preserves the users’ states on page requests. (Storage time: session).
_grecaptcha This cookie is used to distinguish between humans and bots. This is beneficial for the site in order to make valid reports about the usage of the site. (Storage time: persistent ).
CookieConsent Stores the consent state of the user’s cookie for the current domain
elementor Used in context with the site’s WordPress theme. The cookie allows the site owner to implement or change the content of the site in real time. (Storage time: persistent).
ASP.NET_SessionId Preserves the visitor’s session state on page requests (Storage time: session).
CONSENT Used to detect whether the visitor has accepted the marketing category in the cookie banner. This cookie is required for GDPR compliance of the website. (Storage time: 6096 days)
.pll_language This cookie is used to determine the visitor’s preferred language and sets the language accordingly on the website if possible. (Storage time: 1 year).
_at.hist.# Used by the AddThis social sharing platform to store the user’s usage history of the AddThis sharing widget. (Storage time: persistent).
_ga Records a unique ID that is used to generate statistical data about how the visitor uses the site. (Storage time: 2 years).
_gat Used by Google Analytics to track the request rate. (Storage time: 1 day).
_gid Records a unique ID that is used to generate statistical data about how the visitor uses the site. (Storage time: 1 day)
.loc Geolocation, which is used to help providers determine how users that share information with each other are located geographically (state level). (Storage time: 1 year).
uvc Tracks how many times the social sharing service, AddThis, finds the same user. (Storage time: 1 year)
.xtc Records user’s sharing of content through social networks. (Storage time: 1 year).
IDE Used by Google DoubleClick to record and report on site user actions after viewing or clicking on one of the advertiser’s ads in order to measure the effectiveness of an ad and deliver targeted ads to the user. (Storage time: 1 year).
test_cookie Used to check whether the user’s browser supports cookies. (Storage time: 1 day).
fr Used by Facebook to deliver a range of advertising products, such as real-time bids from third-party advertisers. (Storage time: 3 months).
tr Used by Facebook to deliver a range of advertising products, such as real-time bids from third party advertisers. (Storage time: session).
bcookie Used by social networking service LinkedIn to track usage of integrated services. (Storage time: 2 years).
bscookie Used by social networking service LinkedIn to track usage of integrated services. (storage time: 2 years).
lang Set by LinkedIn when a web page contains an embedded “Follow us” panel. (Storage time: session).
lidc Used by LinkedIn social networking service to track usage of integrated services. (Storage time: 1 day).
__atuvc Updates the counter for a site’s social sharing features. (Storage time: 1 year).
__atuvs Ensures that the updated counter is displayed to the user if a page is shared with the AddThis social sharing service. (Storage time: 1 day).
_at.cww Used by the AddThis social sharing platform. (Storage time: persistent).
_fbp Used by Facebook to deliver a number of advertising products, such as real-time bids from third party advertisers. (Storage time: 3 months).
at-lojson-cache-# Used by the AddThis social sharing platform. (Storage time: persistent).
at-rand Used by the AddThis social sharing platform. (Storage time: persistent).
VISITOR_INFO1_LIVE Tries to estimate the bandwidth of users on pages with integrated YouTube videos. (Storage time: 179 days).
YSC Records a unique ID for keeping statistics on which YouTube videos the user has watched. (Storage time: session).
yt.innertube::nextId Records a unique ID for keeping statistics on which YouTube videos the user has watched. (Storage time: persistent).
yt.innertube::requests Records a unique ID for keeping statistics of which YouTube videos the user has watched. (Storage time: persistent).
yt-remote-cast-installed Stores the user’s video player preferences using the embedded YouTube video. (Storage time: session).
yt-remote-connected-devices Stores the user’s video player preferences using the embedded YouTube video. (Storage time: persistent).
yt-remote-device-id Stores user video player preferences using the embedded YouTube video. (Storage time: persistent).
yt-remote-fast-check-period Stores user video player preferences using the embedded YouTube video. (Storage time: session).
yt-remote-session-app Stores the user video player preferences using the embedded YouTube video. (Storage time: session).
yt-remote-session-name Stores the user video player preferences using the embedded YouTube video. (Storage time: session).

.AspNet.ApplicationCookie Used for compleo.com.br (Storage time: session).
paginaTrabalheConosco Used to serve providerit.compleo.com.br (Storage time: 1 year).

You can manage your use of cookies, including revoking consent previously given, by going to ourhome page and, at the bottom (footer), clicking on “Open cookie box”.

3.2 – EASY PIX: in the “EASY PIX” tab (https://provider-it.com.br/pix-facil), we collect the following personal data in the contact form:name, e-mail and telephone. This data is sent to Provider IT’s e-mail and is not stored in our site, being destined only to the indicated purposes, not being used for other purposes.

3.3 – INDICATE AND WIN: in our form for job indication, we collect the following data:name, e-mail, phone number, name of the friend indicated, e-mail of the friend indicated, phone number of the friend indicated, social network link, PDF document with the friend indicated’s resume. This data is sent to Provider IT’s e-mail and is not stored in our site, being destined only for the purpose of professional vacancy indication, not being used for other purposes.

3.4 – PRESS OFFICE: At https://provider-it.com.br/imprensa/tiponoticia/provider-it-na-midia/, we collect the following data: name, e-mail, company, and telephone. The data is intended for Provider’s institutional e-mails, only collected for the purpose of directing contact with the press office EPR Comunicação Corporativa (Patrícia Barbosa), not being used for other purposes.

3.5 – OPEN BANKING: At https://provider-it.com.br/open-banking/, we collect the following data: name, e-mail and telephone number, for the sole purpose of directing the user to a specialist. The data will not be stored on our site, but only for the purposes indicated and will not be used for other purposes.

WITH WHOM IS MY PERSONAL DATA SHARED AND FOR WHAT REASON?

Your personal data is safe on our site! We only share them with Provider IT’s institutional email addresses (internal staff) for the purpose intended, and duly clarified in the collection fields, and none of them are stored or persist on our site. In this way, we ensure that there is no leakage or undue sharing/use of this information. The data is retained and stored only as long as necessary to fulfill the respective purposes. We do not store data indefinitely, and all data that does not serve us is deleted permanently from our databases.

 IS THE PERSONAL DATA I PROVIDE PROTECTED AND KEPT SECURE?

Yes! To ensure the security of your personal data against unauthorized access and accidental or unlawful destruction, loss, alteration, communication or disclosure, we use a security certificate for the (SSL) domain, Google reCaptcha for forms and a security plugin with firewall and threat blocking. In addition, your information remains private when it is sent to this site. It is a secure connection, as can be seen by the padlock symbol next to the URL in your browser bar.

In addition, access to your personal data is restricted to employees or third parties who have a need to know this information to provide you with certain services and/or benefits.All our employees are constantly instructed and trained to ensure the security of the information processed, in particular the confidentiality, availability and integrity, according to strict access rules based on the need to know. We therefore take all administrative and even disciplinary measures to ensure that all our employees comply with security instructions regarding their personal data, and that all information is only passed on to third parties that guarantee a similar level of protection for this data.

HOW LONG IS MY DATA STORED?

We use your personal data only for as long as necessary to fulfill the purposes for which it was collected, as described in this policy, or to comply with applicable legal requirements.

You can obtain further details about the retention of your personal data through the communication channels detailed in this section, especially through our Exercise of Rights Platform.

When we finish processing your personal data, they are deleted from our database, within the scope and technical limits of our activities, with retention authorized in the situations foreseen in the legislation in force.

WHAT ARE MY RIGHTS AS A DATA OWNER?

The General Data Protection Law (LGPD) brings a series of rights for data owners. We, as controllers, aiming to ensure transparency with regard to our obligations, and in order to safeguard your freedom, intimacy, and privacy, clarify the rights provided by law. Let’s see:

1. a) confirmation of the existence of processing:as the owner, you have the right to contact us to be informed about the existence of processing about your personal data, at which time we will answer all your questions in this regard, in plain language and in a facilitated manner.
2. b) access to data:you have the right to access your data and be aware of how it is being used and, in this way, we will communicate the types of data that are being used and processed, as well as the respective purposes.
3. c) correction of incomplete, inaccurate or outdated data:the personal data that we are processing that may be incorrect in some way, may be corrected and rectified, when so requested.
4. d) anonymization, blocking or elimination of unnecessary, excessive data or data processed in violation of the provisions of the LGPD:the personal data that we are using and that, eventually, no longer prove to be useful, will be eliminated and discarded.
5. e) portability of data to another service or product provider, upon express request, in accordance with the regulations of the national authority, respecting trade and industrial secrets: it is your right, as the owner, to transfer your personal data to other service providers, should you so request, and according to the parameters dictated by the National Data Protection Authority in its regulations.
6. f) deletion of personal data processed with the consent of the data owner:even if you, the data owner, expressly agree to the processing of your personal data, they may be deleted from our systems if you wish. However, your data may be retained in cases where we need to comply with a legal obligation, as well as when there is a transfer to third parties, for study purposes (in which case your data will be anonymized) and in situations in which we need to use the data exclusively, prohibiting access by third parties, in which case the data will also be anonymized.
7. g) information on public and private entities with which the controller has shared data use:if we are going to share your data with other companies, or even with public agencies, it is your right to be aware of who these entities are.
8. h) information about the possibility of not giving consent and the consequences of refusal:as the owner, you have the right to not allow us to process your data, including being informed of the limitations and restrictions that this prohibition will entail. We cite, as an example, your not consenting to the use of cookies, which may impair some browsing functionality.
9. i) revocation of consent:the consent that you, the owner, have provided to us may be revoked, if you so request, and we will do so free of charge and in an easy manner. However, if we have already performed processing based on a previous consent, this processing will be considered valid, if there has been no request for its deletion.
10. j) right to petition in relation to your data against the controller before the national authority:you may go to the National Data Protection Authority (ANPD) if you do not agree with our processing.

HOW CAN I EXERCISE MY RIGHTS AND/OR REPORT A PERSONAL DATA BREACH, AS WELL AS FOLLOW UP ON MY REQUESTS?

If you wish to exercise any (or some) of the rights described above, or even report any violation of your personal data, you can access our Exercise of Rights Platform just by clicking HERE, and we will quickly respond to your request within 15 (fifteen) days. The procedure is totally free and the platform can be accessed at any time, having been developed to serve you in an easy and intuitive manner, providing you with a pleasant and positive experience with regard to the control of your personal information.

In addition to exercising your rights, our platform also allows you to contact us directly, through our Data Protection Officer, to submit questions, or even report any situation of your personal data violation.

Also, if you would like to access our Personal Data Protection and Privacy area, please click here.

Certain that we must respect your privacy and protect your personal data by applying best practices, we remain available for any questions about our Privacy Notice.

Data Protection Officer (DPO): Daniel Azevedo de Oliveira Maia 

Contact: [email protected]