Aviso de Proteção de Dados Pessoais

Last updated: 2024-09-17.

Definitions

For the purposes of this document, the following terms shall have the meanings set forth below. In particular, any grammatical form (e.g., singular, plural, possessive) of each of the following terms shall have a form-specific meaning corresponding to the defined term. All terms defined below are case-sensitive. The assigned meaning applies if the case of the characters in the term (uppercase or lowercase) exactly matches that of the defined term. For example, the meaning assigned to term that has first character in upper case not necessarily applies (may or may not apply depending on context) to same term with all characters in lower case, unless explicitly defined otherwise. A specific term may be defined either in this section or elsewhere in the document (an "inline definition"). Any terms not defined herein shall have the meaning assigned by applicable law, or if not legally defined, their meaning shall be inferred from the context within this document.

The term "Notar" or "Aviso de Privacidade"refers to this Aviso de Proteção de Dados Pessoais including all updates, modifications, and amendments.

The term "Lei de proteção de dados pessoais" refers collectively to various applicable national legislature on personal data protection, including EU General Data Protection Regulation ("GDPR"), European Directive 2002/58/EC (commonly known as the "e-Privacy Directive"), and the corresponding national legislation implementing or compatible with these EU regulations

The term "We" or "we" refers to Of Course Ltd, the legal entity that provides the Notar. We are incorporated in United Kingdom in accordance with its laws. We have a registered office at Suite A, 82 James Carter Road, Mildenhall, Suffolk, United Kingdom, IP28 7DE, United Kingdom and can be contacted using Contatos.

The term "You" or "you" refer to you, the natural person whose personal data is subject to this Notar.

The term "Plataforma" refers to the website (hyperlink) operated by us, and any software used to deliver our products, services, and content.

Any of the terms "Serviço" or "Serviços" or "Produto" or "Produtos" refers to respectively any or all of both product(s) and service(s) provided by us, particularly through the Plataforma, including but not limited to online products, online services, and support.

The term "Contatos" refers to contacts section of the Plataforma (hyperlink) that is to be used to contact us for any subject matter.

Notar

This Notar provides information about our processing of your personal data. This information is provided in compliance with the Lei de proteção de dados pessoais.

Processing personal data

In the terms of the Lei de proteção de dados pessoais and this Notar, "personal data" means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. This definition implies that "personal data" is data that either directly identifies you as an individual or, if combined with other information, could reasonably be used to identify you.

Acting in any way on a data, including personal data, is referred to as "processing" data. In particular, "processing" means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

This Notar informs you what personal data relating to you we process and how we process that personal data.

Special categories of personal data

Unless explicitly stated otherwise by this Notar and either allowed or required by applicable law, we do not process personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and do not process genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.

Exceptions to the obligation to provide information

Under Lei de proteção de dados pessoais we are not obliged to provide information where the data subject (you) already possesses the information, where the recording or disclosure of the personal data is expressly laid down by law or where the provision of information to the data subject (you) proves to be impossible or would involve a disproportionate effort.

Via this Notar or at the time when personal data are obtained from you, we will inform you of whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and of the possible consequences of failure to provide such data. However, we will inform you only in case that the provision of personal data is neither a statutory requirement nor requirement of the contract that you are the party of, since in those cases we may reasonably assume you to already have that information.

Failure to provide personal data

Where the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, if you fail to provide such personal data, you or we may be unable to perform or enter into the contract. In that case, we may have to stop providing Serviços to you.

Protecting your rights

This Notar informs you about your rights under Lei de proteção de dados pessoais and how we protect your rights in compliance with Lei de proteção de dados pessoais.

Controller of personal data

In the terms of the Lei de proteção de dados pessoais and this Notar, we are the controller of personal data we process, which, alone or jointly with others, determines the purposes and means of the processing of personal data. You can contact us using Contatos.

Transfer of personal data to third parties

We may transfer your personal data to third parties only in compliance with applicable Lei de proteção de dados pessoais. Any such transfer is disclosed in this Notar.

Sources of personal data

We process your personal data either collected interacting with you directly or obtained from third party sources who also get your personal data in one of these two ways per specific data concerned. Where personal data have not been collected from you directly, we will provide you with information from which source the personal data originates, and if applicable, whether it came from publicly accessible sources.

Some of the sources may provide your personal data to us as (e.g. part of) a service and/or obtain specific your personal data for us based on the contract between us and such source. Some of the sources may collect personal data from interacting with you directly based on the contract between you and that source. For information about processing your personal data by sources we use in your case refer to corresponding such source. All sources of your personal data we process comply with all applicable privacy laws, rules, and regulations and have their own privacy policies/notices available. This Notar provides information only about our processing of your personal data obtained from those sources and from you.

Third parties that obtain your personal data on our behalf (e.g. based on the agency contract with u, etc.) are not considered sources. This Notar provides information about processing you personal data by such third parties as if it is processed by us directly.

The messaging service provider and its role

To communicate with you we use a messaging service providers, which could include email services (e.g., Gmail), social networking platforms (e.g., Instagram), or messaging services (e.g., Telegram), among others. The specific services we use in your case may vary, with services added or removed as necessary.

The messaging service provider acts as both the recipient and source of personal data. We obtain personal data from the messaging service provider and transfer processed personal data to the messaging service provider.

For personal data transferred via the messaging service provider, its source or recipient may be attributed either to another user of the service, like you, or to the provider acting as an intermediary. In many cases, under the service contract with the provider, personal data you send or receive in messages is considered as delivered to or originating from another user of the service rather than directly to or from the provider. However, to ensure transparency, we also identify the messaging service provider as a source or recipient for any personal data transferred through them, so you are fully aware of the intermediary role played by the provider in the transfer of your personal data. Additionally, the provider collects, processes, and remains the sole source and recipient of certain essential personal data related to your use of the service.

For information about how your personal data is processed by the specific messaging service provider used in your case, please refer to that provider's privacy policy or notice. All messaging service providers we utilize comply with Lei de proteção de dados pessoais, and have their own privacy policies/notices available.

The payment service provider and its role

Name of specific provider of payments processing service used in your case depends on the method of specific payment and can be found in the corresponding payment document.

The payment service provider acts as both the recipient and source of personal data. We obtain personal data from the payment service provider and transfer processed personal data to the payment service provider.

For personal data transferred via the payment service provider, its source or recipient may be attributed either to you, as a payer or payee, or to the payment service provider acting as an intermediary. Typically, under the service contract with the provider, your payment data may be considered as originating directly from you rather than from the provider. However, to ensure transparency, we also identify the payment service provider as a source or recipient for any personal data transferred through them, so you are fully aware of the intermediary role played by the provider. Additionally, the provider collects, processes, and remains the sole source and recipient of certain essential personal data related to your use of the service.

For information about how your personal data is processed by the specific payment service provider used in your case, please refer to that provider's privacy policy or notice. All payment service providers we utilize comply with Lei de proteção de dados pessoais, and have their own privacy policies/notices available.

Legal bases for processing personal data

Legal bases for our processing personal data include:

Basis: your consent

Your specific personal data mentioned (linking to or including this section) for specific mentioned purposes is lawfully processed on the basis of your consent given for the processing.

Basis: contract

Processing specific personal data mentioned (linking to or including this section) is necessary for the performance of a contract to which you is party or in order to take steps at your request prior to entering into a contract

Basis: our legal obligation

Processing specific personal data mentioned (linking to or including this section) is necessary for compliance with a legal obligation to which we are subject.

Basis: protection of vital interests

Processing specific personal data mentioned (linking to or including this section) is necessary in order to protect the vital interests, either yours or of another natural person.

Basis: public interest or authority

Processing specific personal data mentioned (linking to or including this section) is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us

Basis: legitimate interests

Processing specific personal data mentioned (linking to or including this section) is necessary for the purposes of the legitimate interests pursued by us or by a third party, provided that such interests are not overridden by the interests or fundamental rights and freedoms of the data subject (you) which require protection of personal data

Purposes of processing personal data

Purposes of processing your specific personal data depend on the legal basis of processing that data and include:

Purpose: business operation and management

The specific personal data mentioned (linking to or including this section) is processed for the purpose of operation, management (execution, reporting, monitoring, control), maintenance and development of our business, including:

market research, research of consumer behaviour, product interest and conversion rates;
marketing of products and services, SEM and SEO;
support of customers, establishing contact with prospects;
providing you with suggestions and advice on products, services and how to use the Plataforma and Serviços most effectively;
establishing and maintaining contact with suppliers and contractors;
selling products to you;
providing you with the Serviços;
providing you with job opportunities;
improving our products and services;
record-keeping for the administration of our business/organisation;
exercising our legal rights (including our intellectual property rights);

and other operational purposes.

Purpose: operation and management of information systems

Your rights to personal data

The Lei de proteção de dados pessoais grants you rights to access, rectify or erase the related to you personal data that we process. However, under Lei de proteção de dados pessoais those rights are not absolute and their exercise may not be supported in certain cases.

No authentication support for exercise of rights

Under Lei de proteção de dados pessoais we must and do use all reasonable measures to verify the identity of a data subject who requests exercise of the rights to access, rectify, or erase, in particular in the context of online services and online identifiers. However, we should not and do not retain personal data for the sole purpose of being able to react to potential requests.

The purposes for which we process specific personal data mentioned (linking to or including this section) do not or do no longer require the identification of a data subject (you) by us. Accordingly, that specific personal data processed by us do not permit us to identify a natural person (you) that data relates to: we collect neither your personally identifiable information nor credentials that are to verify your identity using authentication mechanism. Consequently, in this case we are not in a position to verifiably identify you and, thus, cannot support the exercise of your rights to access, rectify or erase personal data related to you.

Your rights

You have the right to obtain from us the confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and the following information:

the purposes of the processing;
the categories of personal data concerned;
the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations;
where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period;
the existence of the right to request from us rectification or erasure of personal data or restriction of processing of personal data concerning you or to object to such processing;
the existence of the right to lodge a complaint with a supervisory authority;
where the personal data are not collected from you, any available information as to their source;
the existence of automated decision-making, including profiling, and meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.

Before the information is delivered, you should specify the information or processing activities to which the request relates.

We will provide a copy of the personal data undergoing processing. To cover cost of delivery and for any further copies requested by you, we will charge a reasonable fee based on administrative costs. If you make the request by electronic means, and unless otherwise requested by you, the information will be provided in a commonly used electronic form.

This right to obtain a copy shall not adversely affect the rights and freedoms of others.

Your right to object

You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you which is processed based on the legitimate interests pursued by us or by a third party, or the performance of a task carried out in the public interest including profiling based on those provisions. We will no longer process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.

Where personal data are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.

Tracking of interaction with Plataforma

We process personal data resulting from tracking your interaction with the Plataforma and its online Serviços.

We process all data resulting from tracking the Plataforma and its online Serviços as anonymized data, i.e. in reasonably anonymous form that is not personal data under Lei de proteção de dados pessoais. However, selected subset of that data may qualify as pseudonymous personal data.

This data includes the following Plataforma and online Serviços usage information items:

time and data of the visit;
URL of the pages of the Plataforma that you have visited;
referrer URL, if available;
your Internet Protocol (IP) address;
geolocation information, if available;
technical information about the hardware and the software you use to access and use the Plataforma and Serviços;
your browser type and version and your device's operating system;
language and locale preferences of the visitor;
whether you have received visitor support chat messages from us and whether you have replied to those messages (see section of this Notar on visitor support chat);
various HTML and JavaScript attributes of the page;
selected browser cookies (set and read, see section of this Notar on browser cookies);

and occasional other data items.

Purpose: business operation and management

Refer to: Purpose: business operation and management

Purpose: security monitoring and attack detection

Personal data resulting from website tracking is processed for the purpose of security monitoring and attack patterns detection.

Purpose: operation and management of information systems

Refer to: Purpose: operation and management of information systems

No authentication support for exercise of rights

Refer to: No authentication support for exercise of rights

Visitor support chat

We process personal data of visitor support chat, i.e. the exchange of chat messages between you and us on the Plataforma, on social media platforms and elsewhere.

We process all data of visitor support chat as anonymized data, i.e. in reasonably anonymous form. However, under Lei de proteção de dados pessoais all or selected subset of that data may qualify as (non-pseudonymous) personal data.

Purpose: business operation and management

Refer to: Purpose: business operation and management

No authentication support for exercise of rights

Refer to: No authentication support for exercise of rights

Browser cookies

We use cookies of your browsers (and other HTTP client software) to process your personal data. For our use of cookies to process various data (not only personal data) refer to our separate Aviso de Cookies.

Purpose: business operation and management

Refer to: Purpose: business operation and management

Purpose: security monitoring and attack detection

Personal data stored with browser cookies is processed for the purpose of security monitoring and attack patterns detection.

Purpose: operation and management of information systems

Refer to: Purpose: operation and management of information systems

You rights to access and erase browser cookies

Because cookies that we use to process your personal data are stored by your browser, you can use your browser to access and delete that personal data using interface of the browser. We themselves do not provide you the opportunity to exercise you right to access, rectify or erase you personal data we process using cookies, because we do not have permanent access to your browser and also do not collect your authentication data that would allow to identify you and distinguish from other visitors of the Plataforma.

No authentication support for exercise of rights

Refer to: No authentication support for exercise of rights

Data of payment service provider

We process data of payment service provider, such as date, sum, your name, payment means, account number, other attributes of transaction, except for debit/credit card details sufficient for payment.

For you protection, we ourself never take your debit/credit card details sufficient for payment. Consequently, our employees and contractors never have access to them. Instead, only our payment service provider does. At the point of payment, you are transferred to a secure page on the website or other user interface of payment service provider. That page may be branded to look like a page on the Plataforma, but it is not controlled by us. Consequently, debit/credit card details sufficient for payment you enter on that page or user interface go only to our payment service provider, not us.

Data received from payment service provider

The specific personal data mentioned (linking to or including this section) is received from the payment service providers used in your case.

In addition (or in particular), we may obtain the following processed personal data from the payment service provider:

Your name, ID code/number and other personally identifiable information as specified in payment documents, except for debit/credit card details sufficient for payment
Documents and attributes of a payment transaction, except for debit/credit card details sufficient for payment.

In addition, unless stated otherwise in this Notar for a specific provider, we may process any other personal data that the payment service provider shares with us. Please refer to the specific provider we use in your case for details about the personal data they may provide to us.

Data sent to payment service provider

The specific personal data mentioned (linking to or including this section) is sent to the payment service providers used in your case.

In addition (or in particular), we may send the following processed personal data to the payment service provider:

Your name, ID code/number and other personally identifiable information as specified in payment documents, except for debit/credit card details sufficient for payment
Documents and attributes of a payment transaction, except for debit/credit card details sufficient for payment.

Basis: contract

Refer to: Basis: contract

Purpose: business operation and management

Refer to: Purpose: business operation and management

Purpose: identity verification for security

Data of payment service provider is processed for verifying your identity (authentication) for security purposes when you use the Serviços.

Purpose: operation and management of information systems

Refer to: Purpose: operation and management of information systems

Your rights

Refer to: Your rights

You rights in case of payment service provider intermediary

Under Lei de proteção de dados pessoais we are not obliged to provide information where the data subject (you) already possesses the information or where the provision of information to the data subject (you) proves to be impossible or would involve a disproportionate effort.

Since we do not independently store personal data we process obtained from payment service provider intermediary who collects that data from direct interaction with you, you can access, rectify or erase that personal data directly with payment service provider using your contract (user agreement) and account with payment service provider. Consequently, we themselves do not support the exercise of these rights in case of personal data obtained by us from payment service provider as it would involve unnecessary duplication and disproportionate effort on our side.

Job application and employment data

We process your personal data related to your job application and your employment with us.

If you send us your personal data as a part of job application, we may keep the data for up to three years in case we decide to contact you later.

If we employ you, we collect information about you and your work throughout the period of your employment. This information will be used only for employment purposes. After your employment has ended, we will keep collected your personal data on file for time period required by applicable law or six years, whichever is longer, before erasing that personal data.

Basis: contract

Refer to: Basis: contract

Your rights

Refer to: Your rights

Data of messaging service provider

We process your personal messaging data using messaging service providers.

Data sent/received to/from messaging service provider

The specific personal data mentioned (linking to or including this section) is sent/received to/from the messaging service providers used in your case.

In addition (or in particular), we may send/obtain the following processed personal data to/from the messaging service provider:

The name and other attributes associated with your account on the messaging service.
The content of any communications or chats between you and us.

In addition, unless stated otherwise in this Notar for a specific provider, we may process any other personal data that the messaging service provider shares with us. Please refer to the specific provider we use in your case for details about the personal data they may provide to us.

Basis: contract

Refer to: Basis: contract

Purpose: business operation and management

Refer to: Purpose: business operation and management

Purpose: identity verification for security

Data of messaging service provider is processed for verifying your identity (authentication) for security purposes when you use the Serviços.

Purpose: operation and management of information systems

Refer to: Purpose: operation and management of information systems

Your rights

Refer to: Your rights

You rights in case of messaging service provider intermediary

Since we do not independently store personal data we process obtained from messaging service provider intermediary who collects that data from direct interaction with you, you can access, rectify or erase that personal data directly with messaging service provider using your contract (user agreement) and account with messaging service provider. Consequently, we themselves do not support the exercise of these rights in case of personal data obtained by us from messaging service provider as it would involve unnecessary duplication and disproportionate effort on our side.

Processing of referrals

We process personal data that we receive from our business partners who have referred you to us as a prospective customer. This data includes whether you were referred by a specific partner, as well as the date and other details of the referral. It may also include additional personal data about you that was provided by the referral partner.

This personal data is used to enhance the offers of the Serviços tailored to you and to calculate the referral reward due to the corresponding partner.

You have the right to contact us to access, rectify, or request the erasure of this personal data, as well as to inquire about its source. We will fulfill these requests provided we can reliably verify your identity as the individual who was referred.

However, please note that we cannot support the erasure of a minimal subset of this personal data, specifically the information necessary to accurately calculate the referral reward under our contract with the referral partner. This data, which primarily includes the date of referral, will be retained to ensure proper documentation and confirmation of the reward amount due.

Other operational business data

We process other personal data needed for business operation.

Data collected from you

The specific personal data mentioned (linking to or including this section) includes data we collect from you directly.

We collect personal data directly from you:

when you use the Plataforma;
when you contact us via visitor support chat on the Plataforma;
when you contact us via our messaging service providers (including via email);
when you use the Serviços;
when you buy from us;

and in the course of other minor activities.

This data includes the following items:

personal identifiers, such as your first and last names, title, date of birth;
contact information, such as messaging service account name, email address, phone number, postal addresses for contact, billing, delivery, etc.;
your account information on various communication and other services;
messages of communication between you and us, including messages sent through visitor support chat on the Plataforma, messaging service providers, email messages, audio and video messages and conversations;
copies (images) of your identity documents, such as passport, driver's licence, etc.;
image of face for identification;
copies (images) of residence documents that confirms your address;
copies (images) of your qualification documents;
copies (images) of employment documents;
purchase transaction information/documentation that includes the details of the Serviços you have bought from us and sums due for those Serviços (no payment data, no debit/credit card details sufficient for payment);
other transaction information/documentation that includes the details, sums, etc. (no payment data, no debit/credit card details sufficient for payment);

and occasional other data items.

In most cases we get this personal data via intermediary source, such as corresponding service provider. The intermediary may also act as both the recipient and source of personal data, in which case we both obtain personal data from and transfer processed data back to the intermediary.

For personal data transferred via such intermediary, data's source or recipient may be attributed either to you or intermediary. In many cases, under the contract with the intermediary, personal data is considered as delivered to or originating from you rather than directly to or from the intermediary. However, to ensure transparency, we also identify the intermediary as a source or recipient for any personal data transferred through intermediary, so you are fully aware of the intermediary role played in the transfer of your personal data. Additionally, intermediary may collect, processes, and remain the sole source and recipient of certain essential personal data related to your use of the intermediary service.

For information about how your personal data is processed by the specific such intermediary, please refer to that intermediary's privacy policy or notice. All intermediaries we use comply with applicable privacy laws, regulations, and have their own privacy policies/notices available.

Data sent/received to/from payment service provider

The specific personal data mentioned (linking to or including this section) is sent/received to/from the payment service providers used in your case.

In addition (or in particular), we may send/obtain the following processed personal data to/from the payment service provider:

Your name, ID code/number and other personally identifiable information as specified in payment documents, except for debit/credit card details sufficient for payment
Documents and attributes of a payment transaction, except for debit/credit card details sufficient for payment.

Purpose: business operation and management

Refer to: Purpose: business operation and management

Purpose: identity verification for security

Other operational data is processed for verifying your identity (authentication) for security purposes when you use the Serviços.

Purpose: operation and management of information systems

Refer to: Purpose: operation and management of information systems

Your rights

Refer to: Your rights

Third-party collectors of personal data

In addition to third-party sources and recipients of your personal data identified elsewhere in this Notar, the Plataforma may include content and software loaded from third-party servers, referred to as "third-party includes". Example of such includes is advertising that we may show on the Plataforma. We do not control operation of such third-party includes and they may collect and process your personal data on behalf of their respective third-party controllers. Such includes, or this section of the Notar, refer you to those third parties to allow you to get information about personal data processing, if any, by those third parties.

In addition, this section of the Notar is to list third parties that may similarly collect and process your personal data in relation to our operation as business/orgaisation, not only operation of website.

Automated individual decision-making, including profiling

We do not subject you to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you, unless such decision is necessary for entering into, or performance of, a contract between the you and us, or you have explicitly consented to such decision.

Transfers of personal data to third countries

As we are incorporated in United Kingdom, we may need to transfer your personal data to us and service providers located outside of the European Economic Area (EEA). This transfer is necessary to allow you enter into the contract with us and allow us to perform contract with you providing the Plataforma and Serviços, and fulfill our contractual obligations to you, as well as for other purposes mentioned in this Notice. Your personal data may be transferred to country outside of EEA only for specific, clearly defined purposes, such as to provide the Plataforma and Serviços, process payments, or communicate with you. Such transfers are carried out only when necessary and in compliance with Lei de proteção de dados pessoais.

Also note that these transfers of personal data may involve risks, as the destination country might not offer the same level of personal data protection as the EU/EEA, in which case there is no adequacy decision by European Commission for such country, and due to the absence of appropriate safeguards for specific personal data transferred. In particular, there is no adequacy decision by European Commission for Ukraine, and in our case appropriate safeguards (such as SCCs, see below) are not available for all categories of personal data.

These risks could include limited or no enforceable rights concerning your data, less robust legal protections against government access or surveillance, and fewer avenues for legal recourse in case of misuse.

In some cases, we may rely on third-party service providers (such as messaging and payment service providers) located in EEA as sources and/or recipients of your personal data. Where applicable, we may use Standard Contractual Clauses (SCCs) to ensure that any transfer of your personal data between us and these providers complies with Lei de proteção de dados pessoais. SCCs are legally binding contractual terms designed to safeguard your personal data even in countries that may not offer the same level of protection as the EEA. If we use SCCs, information on how to obtain a copy or access the relevant safeguards will be be included in this Notice here. Currently we use no SCCs in our contracts.

In the absence of an adequacy decision, or of appropriate safeguards, including SCCs, a transfer or a set of transfers of personal data to a third country take place only on one of the following conditions (legal bases):

Transfers based on your consent
You now have been informed of the possible risks of such transfers for you due to the absence of an adequacy decision and appropriate safeguards. We propose and request your explicit consent for transfer of your personal data outside of the European Economic Area (EEA). You will be given the opportunity to explicitly provide this specific consent on the Plataforma. You have the right to withdraw this consent at any time by contacting us, but please note that this will remove your legal ability to continue using the Plataforma and Serviços, unless such use is allowed by another legal basis (including bases listed next or otherwise mentioned in this Notice).
Transfers necessary for the performance of a contract
The transfer is necessary for the performance of a contract between you and us (for example, for the purchase of Serviços) or the implementation of pre-contractual measures taken at your request.

The transfer is necessary for the conclusion or performance of a contract concluded in your interest between us and another natural or legal person (for example, service provider).

You have the right to request more information on the specific safeguards in place for data transfers, and to object to certain transfers, subject to legal limitations.

Personal data of children

Where the child is below the age of 16 years, we offer the Plataforma and Serviços to the holder of parental responsibility over the child. We do not offer the Plataforma and Serviços directly to, do not permit using the Plataforma to and neither collect nor otherwise process personal data of a child where the child is less than 16 years old.

We do not offer you Serviços, do not permit you using the Plataforma, and neither collect nor otherwise process your personal data, if you are less than 16 years old. If you are less than 16 years old, you must stop using the Plataforma and Serviços immediately and never submit any of your personal data to us.

EU member states may provide by law for a lower age for those purposes provided that such lower age is not below 13 years.

Right to lodge a complaint

If you are dissatisfied with our privacy policy or have any complaints about how we handle your personal data, we encourage you to inform us directly so that we can address your concerns.

When we receive a complaint, we record the information you provide based on your consent and use it solely to resolve your complaint. If we determine that your complaint is unfounded or vexatious, we reserve the right not to correspond further on the matter.

In the event that a dispute cannot be resolved between us, we invite you to engage with us in good faith through mediation or arbitration before pursuing other avenues.

Please be aware that if you are dissatisfied with how we process your personal data, you have the right to lodge a complaint with the relevant personal data protection authority. We would, however, appreciate the opportunity to resolve the matter with you directly before you contact the authorities.

Retention period

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, in compliance with applicable legal requirements, and to protect our legitimate interests, including:

Processing purposes: For the duration needed to achieve the specific purposes for which the data was collected or for which you have provided your consent.
Legal compliance: As required by applicable laws and regulations, including for the period mandated by tax authorities or other regulatory bodies.
Claims or defense: For as long as necessary to support or defend against legal claims, including the retention of data that may be relevant to potential disputes.
Discretionary retention: Where no specific retention period applies, we may retain certain personal data for a maximum of six years, after which it will be securely deleted, unless further retention is required for compliance with legal obligations or legitimate interests.

At the end of the retention period, your personal data will be securely deleted, anonymized, or otherwise rendered unusable in compliance with data protection principles.

Compliance with the law

Our privacy policy complies with the law in the United States, specifically with the EU General Data Protection Regulation ("GDPR"), European Directive 2002/58/EC (commonly known as the "e-Privacy Directive"), and the corresponding national legislation implementing or compatible with these EU regulations.

Version

Last updated: 2024-09-17. Version string: 5v1.0.0_B59BgAA-j88gP_fvHDXAaD-3y74AACA9-_h_x8.