Privacy Policy

Privacy Policy

1. INTRODUCTION

1.1. 1.1 This Privacy Policy (“Policy”) has the purpose of establishing the rules on the use, storage and Processing of Personal Data, which data was collected within the scope of Indovinya’s activities in digital media. The online platforms are available for access and use at Links www.indovinya.indoramaventures.com, among others websites that may be made available by Indovinya (“Sites”) in the future, in accordance with the laws in force, in particular the General Personal Data Protection Law.

1.2. 1.2 As a condition for using the exclusive features of the Sites, you (“User”) represents that you have fully and carefully read this document, being fully aware of its terms, and express your free agreement with the wording of this Policy.

2. DEFINITIONS

2.1. 2.1 To make the Policy easier to read, we define some terms as below:

  • Anonymization: the process in which data has not the possibility of being directly or indirectly associated to an individual, using reasonable technical means that are available at the time of Personal Data Processing;
  • Activities: activities carried out and services provided by Indovinya, including, but not limited to, the services available in the area of investor relations (disclosure of information, financial results and other relevant interactions), the disclosure of Indovinya events and marketing actions, the recruiting and selection of new employees for job opportunities, and promoting of Indovinya websites, products and services;
  • Cloud Computing: is the delivery of different services through a network (e.g. Internet) and from the interconnection of more than one tool and application like data storage, servers, databases, networking, and software, in order to reduce costs and increase the availability of sustained services;
  • Cookies : small text files sent by the Sites, stored on User’s respective devices, that store preferences and other information related to the User’s visit on the Sites, with the purpose of customizing their navigation according to their profile;
  • Data: any information entered, treated or transmitted for the performance of services related to the Activities and the use of the Sites;
  • Personal Data: Data related to any identified or identifiable natural person;
  • Profiling:any decisions that affect a user that, have been programmed to function automatically, without the need for human operation, based on automated Personal Data Processing;
  • Data Protection Officer or DPO:an agent responsible for and appointed by Indovinya to act as a communication channel between Indovinya, Users and Autoridade Nacional de Proteção de Dados (the National Data Protection Authority) (“ANPD”);
  • Session ID:identification of an User’s session when an access to the Sites is made;
  • IP:short for Internet Protocol; is an alphanumeric set that identifies a user’s devices on the Internet;
  • General Personal Data Protection Law: Law Nr. 13,709/18.
  • Link: terminology for Internet address;
  • Partners: companies that, through an agreement or contract with Indovinya, are authorized to offer rewards, discounts, products and services to User;
  • Processing: all operations performed with Personal Data, such as those concerning the collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, disposal, assessment, control, modification, communication, transfer, dissemination or extraction of information; and
  • INDOVINYA: located in the City of São Paulo, State of São Paulo, at Avenida Brigadeiro Luís Antônio, Nr. 1,343, 10th floor, registered with the National Corporate Taxpayers Register under CNPJ Nr. 33.256.439/0001-39.

3. THE COLLECTION OF PERSONAL DATA

3.2. Required Data: the Sites functionalities depend directly on some Data provided in the table above, especially the User’s Registration Data. If User chooses not to provide some of such Data, they may be unable to participate in the Activities.

3.3. Data Update and Veracity: User is solely responsible for the completeness, accuracy and veracity of the Data provided by then when registering in the Sites. It is the User’s responsibility to keep them up to date, and User may correct or update them through the Sites.

3.3.1. Likewise, Indovinya shall not be obliged to process any of the User Personal Data if there is reason to believe that such Personal Data Processing may cause any violation of any applicable law, or if it is verified that User is providing Data, making use of the Sites and/or participating in its Activities for any illegal, unethical, unlawful or contrary to morality purposes.

3.4Database: the database formed through the collection of Data is the property and responsibility of Indovinya, and its use, access and sharing, when necessary, shall be made within the limits and purposes of the business described in this Policy.

3.5. Child and Adolescent Data: our platforms are not intended for persons under 18 (eighteen) years of age, so we do not knowingly collect or perform any kind of Personal Data Processing in connection with such Data. If User does not have the minimum age required, they shall not register on the Sites or access them without the representation of their parents, guardians or trustees, under the terms of law. If we unintentionally identify Personal Data of minors in our database, we shall remove such Data.

3.6. Technologies Used: Indovinya uses Cookies technology, and User may block them by setting their Internet browser. In this case, some features that are offered by the Sites may be limited.

3.6.1. The technology used by Indovinya shall always comply with the current legislation and the terms of this Policy.

3.7. During the use of the Sites, Indovinya may employ Profiling, in order to enhance User experience, in accordance with the provisions of this Policy and with current legislation.

4. HOW DATA AND INFORMATION ARE SHARED

4.1. Events of Data Sharing. The Data collected and records of processing activities may be shared, always respecting the sending of the minimum information required to achieve the purposes described in this Policy:

(i) with Partners whose performance is necessary for execution of the Activities or for the benefit of User, provided that such Partners shall always be required to comply with the security and data protection guidelines, according to item 5.5 of this Policy;

(ii) with companies hired for the provision of operational services inherent to the Sites and the exercise of activities, provided that such organizations shall always be required to comply with the security and data protection guidelines, according to item 5.5 of this Policy; and

(iii) with proper judicial, administrative or governmental authorities, whenever there is legal determination, application, request or court order.

5. HOW THE DATA IS PROTECTED AND HOW USER CAN ALSO PROTECT THEM

5.1. Password Sharing: User is also responsible for the confidentiality of their Data, and shall always be aware that sharing passwords and access Data violates this Policy and may compromise the security of their Data, Sites and Activities.

5.2. Cares to be taken by User: it is very important that User protects their Data from unauthorized access to their computer, account or password, and to make sure to always click on “exit” when finishing their navigation in a shared computer. If User suspects that their password may have been exposed/compromised, they shall change it in a timely manner, avoiding the exposure of the information protected by such password. It is also important that User be aware that Indovinya shall never send electronic messages with executable attachments (extensions: .exe, .com, among others).

5.3. Access to Personal Data, Proportionality and Relevance: at Indovinya, the Personal Data collected shall only be accessed by duly authorized professionals, respecting the principles of proportionality, necessity and relevance to the purposes of the Activities, in addition to the commitment to confidentiality, protection of Personal Data and preservation of User privacy under this Policy.

5.4. External Links: when User uses the Sites, they may be directed, via Link, to other portals or platforms, which may collect User information and have their own privacy and Personal Data Processing policies.

5.4.1. User shall read the Privacy and Personal Data policies adopted by such portals or external platforms, and shall be responsible for accepting or rejecting them. Indovinya is not responsible for the policies of third parties and/or the content of any websites or content of the services linked to environments other than those of the Sites.

5.4.2. User may also be redirected to websites of companies directly or indirectly controlled by Indovinya. As this Policy addresses only the Sites, User shall be aware of the rules of use and privacy of such websites.

5.5. Partner Services: Indovinya may enter into agreements with Partners that shall offer services and/or products directly to User, which terms and conditions may be accessed through Indovinya newsletters sent through our official communication channels. The Data provided directly by User to such Partners shall be the sole responsibility of such Partners, being thus subject to their own practices for collecting and using Data.

5.6. Processor: if third party companies process Personal Data on behalf of Indovinya, they shall comply with the terms provided for in this Policy and in the information security standards adopted by Indovinya.

6. HOW PERSONAL DATA AND ACTIVITY LOG ARE STORED

6.1. The Personal Data collected and the Activities register are stored in a safe and controlled environment, for as long as they are required for Personal Data Processing, provided that Indovinya shall have the right to retain the registry history of the User Data for the purposes of auditing, security, fraud control and preservation of rights in the events established by law or regulatory rule or for the preservation of rights.

6.2. Indovinya may hire cloud data storage services from servers located outside Brazil. If such event, Indovinya shall hire Cloud Computing services that have all the technical, organizational and administrative structure that ensures the security and integrity of Personal Data, as well as with comply with the principles and obligations related to the Personal Data Processing.

7. WHAT ARE THE USER RIGHTS AND HOW TO EXERCISE THEM

7.1. Subject’s Rights: User may request the Data Protection Officer, through e-mail: portaldeprivacidade@oxiteno.com:

(i) confirmation of the existence of Personal Data Processing;

(ii) restriction on the use of their Data;

(iii) the display and/or correction of their Data;

(iv) express their opposition and/or revoke consent to the use of their Personal Data; or

(v) request the deletion or Anonymization of their Personal Data that has been collected within the Sites.

If User opposes the Personal Data Processing linked to fundamental purposes, in order to impact the regular operation of the Activities and Sites, User shall be aware that they shall not have access to the Activities and functionalities offered by the Sites.

7.3. At the end of the maintenance period and legal need, Personal Data shall be deleted using safe disposal methods, or used in an anonymized manner for statistical purposes.

8. INFORMATION ON THE POLICY

8.1. Change of Content and Update: this Policy is subject to ongoing enhancements and improvements, and Indovinya reserves the right to modify it at any time, at its sole discretion, or for adequacy and legal compliance with a provision of law or rule that has equivalent legal force, and User is responsible for verifying it whenever they makes use of the Sites and participates in its Activities.

8.2. If there are updates to this document requiring a new collection of consent, User shall be notified through the contact channels informed by them.

8.3. Unenforceability: If any provision under this Policy is deemed unenforceable by a final and unappealable decision by ANPD or the Judiciary Branch, the other conditions shall remain in full force and effect.

8.4. Electronic Communication: User acknowledges that all communications made by email (to the addresses informed in their registration), SMS, instant communication applications or any other digital form are valid, effective and sufficient for the disclosure of any matter that refers to the Policy, the User Data, as well as any other subject related thereto.

8.5. Service Channels: In case of any doubt regarding the provisions of this Policy, User may contact the service channel informed below, from Monday to Friday, from 9:00 to 18:00, excluding holidays:
Contact Us: http://www.indovinya.indoramaventures.com/contato

User may also contact the DPO directly through the e-mail portaldeprivacidade@oxiteno.com, or the address located at Avenida Brigadeiro Luís Antonio, nr. 1,343, São Paulo – São Paulo, Brazil.

8.6. Applicable Law and Jurisdiction: this Policy shall be constructed in accordance with Brazilian law, and the jurisdiction where Indovinya has its domicile shall be elected to resolve any dispute involving this document, unless a specific proviso is make to personal, territorial or functional jurisdiction under applicable law.