Higra Privacy Policy
INTRODUCTION
Higra Industrial Ltda, a legal entity governed by private law, registered with the CNPJ under no. 04.124.390/0001-62 (“Higra”), headquartered in the city of São Leopoldo/RS, is committed to respecting the privacy of its users and customers, as well as the protection and security of their personal data.
This Privacy Policy is the document through which HIgra demonstrates to the holders of personal data, all the practices and processes adopted to make the relationship transparent, informing them of all the rights, guarantees, forms of use, data collected, processing and disposal of all personal information, in compliance with the legal norms of Brazilian legislation, in particular Law 13.709/2018 (“LGPD”).
GUIDELINES AND DEFINITIONS
In September 2020, the General Data Protection Law (Law 13.709/2018), popularly known as the LGPD, came into force in Brazil. The law aims to regulate the processing of personal data for transparent, legitimate, explicit and informed purposes, respecting the principles of compatibility of the processing with the informed purposes and the limitation of processing to what is necessary.
With this in mind, Higra has drawn up this policy so that you, the data subject, can understand how your personal data is processed.
In this way, any information and/or data forwarded by our employees will be protected in accordance with confidentiality standards and only used for the purposes for which it was collected.
So, for a better understanding, we highlight some concepts, the basis of which is taken from Article 5 of the LGPD:
Personal data: any information relating to an identified or identifiable natural person. In a nutshell, it is any information that allows an individual to be identified, directly or indirectly, and is considered personal data.
Sensitive personal data: all personal data on racial or ethnic origin, religious conviction, political opinion, trade union membership or religious, philosophical or political organization. Also, data related to health, sex life, genetic or biometric data.
Data processors: those responsible for making decisions regarding the processing of data and ensuring that they are effective
Processing: means any operation, such as collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, deletion, evaluation or control of information, modification, communication, transfer, dissemination or extraction, carried out with personal data.
Controller: a natural or legal person, whether governed by public or private law, who is responsible for decisions regarding the processing of personal data;
Operator: a natural or legal person, governed by public or private law, who processes personal data on behalf of the controller;
Handler: person appointed by the controller and operator to act as a communication channel between the controller, the data subjects and the ANPD;
The National Data Protection Authority (ANPD) is the public administration body responsible for ensuring, implementing and monitoring compliance with this law throughout the country.
Security Incident: includes unauthorized access and accidental or unlawful destruction, loss, alteration, communication or dissemination, as well as any other event resulting in the unlawful or abusive Processing of Personal Data and/or Sensitive Personal Data(s);
Claim(s): any claim, charge, complaint and/or out-of-court demand, as well as any action, litigation, investigation, inquiry, inspection, proceeding or process (whether judicial, arbitral or administrative) proposed or instituted;
Data subject(s): natural person to whom the personal data being processed refers;
PERSONAL DATA COLLECTED AND PROCESSED BY HIGRA
Higra collects, uses and processes personal data in order to provide you with services, products and information of interest to you. The collection will be completely transparent and you, the data subject, will have the chance to decide whether or not to provide it.
The personal data processed varies according to the purposes of use, including those indicated in this Privacy Policy, as well as the activities carried out.
Where applicable, Higra may request your consent by means of a “Consent Form”. If you choose not to provide any requested data, Higra may not be able to complete your transaction or provide you with the information about services or products that you have requested.
In addition, Higra may collect information, including personal data, when you submit a form or request, such as: name, contact telephone numbers, e-mail addresses, occupation, as well as any other personal data that you provide to Higra.
THE PURPOSE FOR WHICH HIGRA COLLECTS PERSONAL DATA
The personal data collected by Higra is for the purpose of registering people interested in receiving information about the products made available by the company, sending content or news about new products, the collection of which will take place through the spontaneous provision by the holder of the personal data. In other words, the purpose of collecting personal data is to provide personalized services and content relevant to your specific needs and interests.
It is pertinent to clarify that your information may be used by Higra to fulfill our contractual obligations, authenticate you as a user and allow you to access certain areas of our Website, applications, social media sites or allow you to apply for an opportunity at Higra.
LEGAL BASIS FOR PROCESSING THE PERSONAL DATA COLLECTED
In accordance with Article 7 of Law 13.709/2018, Higra processes personal data for the following purposes:
I – through the provision of consent by the holder;
II – for compliance with a legal or regulatory obligation by the controlling shareholder;
III – by the public administration, for the processing and shared use of data necessary for the execution of public policies provided for in laws and regulations or supported by contracts, agreements or similar instruments, subject to the provisions of Chapter IV of this Law;
IV – for studies to be carried out by a research body, guaranteeing, whenever possible, the anonymization of personal data;
V – when necessary for the performance of a contract or preliminary procedures related to a contract to which the data subject is a party, at the request of the data subject;
VI – for the regular exercise of rights in judicial, administrative or arbitration proceedings, the latter under the terms of Law No. 9.307, of September 23, 1996 (Arbitration Law);
VII – for the protection of the life or physical safety of the holder or third parties;
VIII – for the protection of health, exclusively in procedures carried out by health professionals, health services or health authorities;
IX – when necessary to meet the legitimate interests of the controller or a third party, except where the fundamental rights and freedoms of the data subject that require the protection of personal data prevail; or
X – for credit protection, including the provisions of the relevant legislation.
For all operational processes that carry out the proper treatment of Higra, they meet at least one of the above legal requirements.
WHAT ARE THE RIGHTS OF THE OWNERS?
Transparency about the processing of your personal data is a priority for Higra.
In addition to the information set out in this Privacy Policy, the owner may also exercise the rights set out in the General Data Protection Law, described in article 18:
Right of confirmation and access: this refers to confirmation of the data subject’s possession of data, indicating the existence or absence of this information in the processing and, where appropriate, the right to access their personal data;
Right to rectification of your data: this involves correcting personal data that is incomplete, inaccurate or out of date;
Right to erasure or disposal of data: the data subject’s right to have their data erased from the controller’s database;
Right to data portability: the data subject may request that the controller transfer the data to a new controller, if the latter so wishes.
Right to object: the data subject may, at any time, object on grounds relating to their particular situation to the processing of personal data concerning them. Furthermore, the data subject may object when their data is used for the purposes of said marketing.
Right to restriction of data processing: the data subject has the right to restrict the processing of their personal data, and can obtain this when the accuracy of the data is proven, when the processing is unlawful, when the controller no longer needs the data for the proposed purposes and has objected to the processing of the data, and in the case of unnecessary data processing;
Right to review automated decisions: the data subject has the right not to be subject to any decision taken solely on the basis of authorized processing, including profiling, which produces legal effects or significantly affects them in a similar way. In general, it has the right to obtain human intervention, to obtain justification for the decision reached after an evaluation and to challenge the decision.
Holders may exercise their rights by writing to our customer service channels, specifying the rights they wish to exercise vis-à-vis the controller.
SECURITY OF PERSONAL DATA PROCESSED
The security of your personal data is an important issue for Higra, where we are committed to protecting all the information we collect. We apply appropriate administrative, technical and organizational measures aimed exclusively at protecting the personal data you provide or that we collect from accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use.
To ensure security, solutions will be adopted that take into account appropriate technical considerations, implementation costs, the nature, scope, context and purposes of the processing and the risks to the rights and freedoms of the data subject. However, due to the nature of internet communications, we cannot guarantee that your transmission to us will be secure.
COOKIE POLICY
Cookies are temporary files saved on your computer, tablet or phone when you visit a website. They are used with the aim of improving navigation functionalities and facilitating user access, always with a view to improving content and services, such as:
Enable secure login
Remember where you are during an order
Save your login details
Memorize what’s in your shopping cart
Ensure that the website looks consistent
Allow pages to be shared on social networks
Allow comments to be sent and posted
Providing advertisements relevant to your interests
If you do not want cookies to be accessible, you can at any time adjust the settings in your browser to deny or disable the use of cookies. However, denying or disabling cookies or similar technologies may prevent you from accessing some of our content or using some of the features on the website.
It is important to note that cookies are not used to determine the personal identity of users who are visiting our site.
MANDATORY COOKIES
These cookies are necessary to enable the functionality of the website.
FUNCTIONAL COOKIES
These cookies are used with the aim of improving browsing functionalities and facilitating user access, always with a view to improving content and services.
Advertising cookies
These cookies are used to publish advertisements relevant to your interests.
Information from social networks
Social network information is any information that you allow a third-party social network to share with application developers. To find out how your information from a social network can be obtained by Higra, go to the social network’s settings page.
SHARING DATA WITH THIRD PARTIES
Higra may share personal data within its work group or with third-party partners and regulatory authorities, depending on the purpose and need.
We may share your data with
Third parties from whom we request the delivery of a product or service to you, such as delivery services or couriers who deliver the products you have ordered;
Third-party service providers, such as companies that process data for Higra;
Inspection bodies or public bodies, when they have followed the proper legal processes to request that we make the information available.
Tenant partners who support events promoted by Higra
In addition, Higra may also share your personal data with companies, organizations or individuals if it believes that this sharing is necessary for legal reasons, such as, (i) enforce the applicable terms of use of the Sites or Apps; (ii) investigate possible violations of applicable laws; (iii) detect, prevent and protect against fraud and any technical or security vulnerability; and (iv) comply with applicable laws and regulations, cooperate in any lawful investigations and comply with orders from public bodies.
INTERNATIONAL DATA TRANSFER
Higra may transfer your data to other countries for the purpose of processing personal data with Higra affiliates or partner entities.
In order to carry out the international transfer of data, Higra will check whether there is a legal restriction on the partner company carrying out the processing, as well as whether the country of destination offers an adequate level of data protection. If the destination country does not offer it, Higra will contractually establish that the receiving company must have a proportional standard of data protection and information security compatible with this Policy and the General Data Protection Law (Law No. 13,709/18).
RETENTION, CORRECTION AND DELETION OF PERSONAL DATA
Your personal data will be stored in a safe and secure environment for as long as necessary for the purposes indicated in section 4. However, at any time you can request the correction or deletion of your personal data contained in our databases through our customer service channels.
If you make a request for deletion, Higra points out that it may store your personal data for an additional period for the purposes of legal or regulatory obligations, regular exercise of rights or for the period that is in accordance with the legal basis justifying such retention.
CHANGES AND UPDATES TO THIS PRIVACY POLICY
Higra reserves the right to modify this Policy in accordance with applicable legislation at any time. If a new version is released, it will be published on this website, indicating its update date. If you do not agree with the changes, you can stop using it immediately and you can use the contact channels to submit requests of interest and exercise your rights.
THE DATA PROTECTION OFFICER (DPO)
According to article 41 of Law 13.709, Higra Importação e Exportação de Luminárias Ltda. The data controller is Igor Corrêa, who can be contacted at marketing@Higra.com.br.
LEGISLATION AND JURISDICTION
This Policy shall be governed, interpreted and enforced in accordance with Brazilian law, especially Law no. 13.709/2018, with the jurisdiction of the district of São Leopoldo/RS, to settle any doubts arising from this document.
CONTACT INFORMATION
If you have any questions, comments or suggestions about our privacy policy, or if you wish to access, correct, update or delete your personal data, please contact us at the e-mail addresses below:
Last updated: March 27, 2023.
São Leopoldo-RS, March 27, 2023.