VERSION CONTROL
Version 4 | Updated on 07/13/2022
This regulation will be reviewed annually or whenever there is any change that affects it.
1. DOCUMENT OBJECTIVE
To present to internal and external stakeholders, the market, customers, suppliers, partners, government authorities, consumer protection entities, judicial bodies, shareholders and the general public, the principles, guidelines, rules and organizational commitment defined by Zuri, for the protection of data and personal information, in order to comply with applicable laws and regulations to preserve the privacy of the personal data holder.
2. SCOPE
- Personal data and information that are under the responsibility of Zuri;
- Personal data under Zuri’s responsibility are:
- Collected by Zuri, collected by providers of products or services contracted by Zuri or collected by partners and shared with Zuri;
- Processed by Zuri or processed by providers of products or services contracted by Zuri;
- Collected by client organizations and processed by Zuri, when executing professional services for product adaptation or information technology consulting.
-
Controls required for compliance with the General Law on Personal Data Protection (Law 13.709/2018), as well as all national legislation that considers the protection of personal data, such as, but not limited to: Federal Constitution, Consumer Defense Code, Civil Code, Brazilian Internet Civil Rights Framework and sectoral regulations.
3. DEFINITIONS
- Cookies – Pieces of code that give a website a kind of short-term memory, allowing it to remember small bits of information about the user’s browsing, such as login information and browsing preferences, to offer a more personalized experience;
- Personal data – Information related to an identified or identifiable natural person. Personal data is also considered to be that used to form the behavioral profile of a specific natural person;
- General Personal Data Protection Law (LGPD) – Normative diploma (Law No. 13.709, of August 14, 2018) that provides for the processing of personal data in digital or physical means carried out by a natural person or by a legal entity, public or private, with the aim of defending the holders of personal data and at the same time allowing the use of data for various purposes, balancing interests and harmonizing the protection of the human person with technological and economic development;
- Data subject – Natural person to whom the personal data that are the subject of processing refer;
- Data processing – Any operation carried out with personal data, such as those relating to collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation, information control, modification, communication, transfer, dissemination or extraction.
4. COMMITMENT
Zuri declares and assumes the commitment to:
- Ensure privacy, security and legal protection, when it comes to the processing of personal data of natural persons, whether: customers, clients of our clients, future clients, employees, partners or any other type of personal data holder, considering the existing professional relationship;
- Adopt guidelines that ensure compliance with legislation, regulations and good practices for the preservation of the privacy of the personal data holder, through the implementation of information security and personal data protection controls;
- Promote transparency about how Zuri processes personal data;
- Adopt risk mitigation measures for security incidents involving personal data;
- Meet the rights of personal data holders, within an appropriate timeframe, considering the technology used with its limitations and the guarantee of Zuri’s secrecy and business intelligence.
5. GUIDELINES
5.1. Principles of this policy
All existing or future actions related to the processing of personal data and the personal data holder must necessarily follow the following principles:
a. Purpose. Carrying out the processing for legitimate, specific and transparent purposes for the holder;
b. Necessity. Limiting the processing to the minimum necessary personal data and exclusively for the purpose of its purpose;
c. Rights of the Holders. The holders have the right to knowledge (consultation) about their personal data: existing data, correction of incorrect data, objection to the processing of any specific personal data, type of processing, duration of processing, sharing with other organizations, data processed in non-compliance with the legislation and portability of their data to another organization;
d. Information Security. Zuri has activities and processes related to information security that defines, implements and manages controls for the protection of information and personal data;
e. Non-discrimination. Zuri does not process personal data for illicit or abusive discriminatory purposes;
f. Transparency. Zuri is transparent in personal data processing procedures;
g. Data retention. Personal data is retained exclusively for the time necessary for Zuri to comply with legal regulations and ensure its protection.
5.2. Respect for the personal data holder
Zuri respects the natural person who owns personal data and undertakes to carry out all necessary controls, considering the reasonableness of existing technology, to protect the personal data under its responsibility and enable the privacy of the personal data holder.
5.3. Personal Data Processing
a. Zuri processes personal data exclusively for the specific purpose of its professional relationship with the data subject and collects the minimum amount of data necessary to meet this purpose;
b. Zuri shares personal data with other organizations, public administration or judicial bodies, exclusively for the operational management of the relationship with the personal data holder and only passes on the minimum data necessary for this activity;
c. The data subject may be informed of any processing of their personal data, if they so wish. Respecting Zuri’s business secret and intelligence;
d. If it is necessary to transfer data to other countries for the provision of services or other processing, always limited to the existing purpose, it will only be carried out with countries that have personal data protection legislation and with organizations that have management for the protection of personal data;
e. All personal data processing carried out by Zuri is supported by at least one legal basis for personal data processing, as defined in the General Personal Data Protection Law;
f. Zuri has defined the responsibilities of its employees in relation to the processing of personal data and provides continuous training on personal data protection;
g. Zuri implements new procedures and continuous technological improvements to protect all personal data processed under Zuri’s responsibility.
5.4. Use of Cookies
Zuri uses cookies on its website only to improve navigation, information security and the user experience. The cookies generated are used to collect the access information of internet users, which in turn is shared with tools under Zuri’s responsibility for the management of navigation statistics and data protection.
Zuri does not use cookies for any purpose other than the guidelines of this policy and they are stored within the organizational environment under its responsibility.
5.5. Communication of the Personal Data Holder with Zuri
The personal data holder may contact Zuri using the contact information available on Zuri’s website (www.gozuri.com), on the “Contacts” and “Contact Us” page. In this case, you must put in the subject: “Personal Data”. Or send an email to privacidade@zuri.wf.