1.1. This Privacy and Data Protection Policy deals with the reception, collection, use, storage, processing and protection of personal data from customers, who are users of the websites: https://www.thermomatic.com.br/, https://loja.thermomatic.com.br/ and https://www.desidrat.com.br/, demonstrating compliance with legal requirements for personal data protection by the controller, allowing the customer to transparently know about the types of data that are collected, the reasons for collection, and how they can exercise their rights.
1.2. The terms of this policy apply to all customers, users of the aforementioned websites, as well as to those whose personal data information comes from another source such as email, registration forms, belonging to the controller THERMOMATIC DO BRASIL LTDA, a private legal entity, registered under CNPJ number 04.721.842/0001-93, headquartered at Rua João de Paula Franco, 263, Jardim Marabá, São Paulo, SP, CEP: 04775-165.
1.3. This policy was developed in accordance with the Brazilian General Data Protection Law (Law 13,709/18) and the Brazilian Civil Rights Framework for the Internet (Law 12,965/14).
1.4. This policy may be amended at any time, and it is the customer's responsibility to periodically check for changes.
|Controller and Data Protection Officer (DPO)||Qualification|
1. Thermomatic do Brasil Ltda.
2. CNPJ: 04.721.842/0001-93
3. Address: Rua João de Paula Franco, 263, Jardim Marabá, São Paulo, SP, CEP: 04775-165.
|Data Protection Officer (DPO)||
1. Dra. Roberta Paris
2. [email protected]
3. Tel.: (11) 5681-8000 (extension: 1007)
4. Address: Rua João de Paula Franco, 263, Jardim Marabá, São Paulo, SP, CEP: 04775-165.
3.1. The customer's personal data is collected in the following ways:
c) "E-commerce": https://loja.thermomatic.com.br/: filling out a form with the following data: name; surname; email; password creation; CPF; and RG; complete address; information about the credit card;
d) Newsletter: the email registered by the visitor who chooses to subscribe to the Newsletter will be collected and stored until the user requests to unsubscribe.
e) Phone: (11) 5681-8000, (11) 5681-8001, and (11) 5525-2770: providing full name; email; CPF; RG; complete address;
f) Email: @thermomatic.com.br: providing full name; email; CPF; RG; complete address.
4.1. The collected and stored personal data have the following purposes:
a) Customer experience: improving the customer experience in using the platforms by developing new functionalities;
b) Advertisements: providing ads that meet the customer's needs;
c) Registration data: enabling the user's access to exclusive platform content;
d) Contractual data: enabling the secure completion of purchases;
e) Supply of Desidrat equipment;
f) Issuance of Invoice;
g) Compliance with legal and/or regulatory obligations by the controller;
h) Credit protection;
i) Lead generation for potential sales.
4.2. The processing of personal data may occur for various purposes, occurring through prior communication with the data subject or by changing this policy, with the data subject's rights being safeguarded.
5.1. The customer's personal data is stored by the platform, server, and software protected against unauthorized access, during the necessary period to complete the supply of Desidrat equipment and comply with legal and/or regulatory obligations by the controller.
5.2. The data may be removed or anonymized at the express request of the customer, except in legal cases for maintaining such data.
5.3. Customer personal data may be retained after the end of its treatment in the following situations:
a) Compliance with legal and/or regulatory obligations by the controller;
b) Study by a research organization, ensuring, whenever possible, the anonymization of personal data;
c) Transfer to a third party, provided that the data processing requirements set forth in this Law are respected;
d) Exclusive use of the controller, prohibited from access by third parties, and provided that the data is anonymized.
6.1. The controller adopts technical and administrative measures capable of protecting personal data from unauthorized access and situations of destruction, loss, alteration, communication, or dissemination of such data.
6.2. Credit card data is encrypted, which guarantees its transmission in a safe and confidential manner.
6.3. The controller adopts preventive measures against unauthorized access, committing to inform the customer in case of any violation of their personal data security.
6.4. All personal data is treated confidentially, in accordance with the law. However, data disclosure may occur in legal situations.
6.5. All platforms, storage servers, cloud backup servers, and software used by the controller are protected by security certificates to prevent unauthorized access or loss of personal data.
7.1. Personal data may be shared with third parties, as operators, all of whom are committed to this policy and compliant with the General Data Protection Law.
7.2. Operators receive only the minimal data necessary to enable the performance of their respective services.
7.3. Third-party service providers, such as financial institutions, payment and credit card providers, transportation companies, and information technology service providers, have their own privacy policies. Therefore, the customer must access their respective privacy policies for awareness.
8.1. Customers may be located outside the national territory, in which case the data will be processed by the controller, subject to this policy and Brazilian legislation on personal data protection.
8.2. By providing their data, the customer consents to the treatment and transfer of such information to other countries.
8.3. When redirected to a third-party application or website, this policy will no longer apply. The controller will not be responsible for the privacy practices of other sites/controllers, and it is up to the customer to consent to their respective privacy policies.
9.1. "Cookies" are text files containing website navigation data transmitted by the platform and stored on the customer's computer/mobile device. Such information is related to access data and is stored by the customer's browser so that the platform's server can interpret and personalize its services.
9.2. The customer, as a platform user, consents that a navigation data collection system through "cookies" may be used.
9.3. The persistent "cookie" remains on the customer's hard drive even after the browser is closed, being used by the browser in new visits to the website. This "cookie" can be removed by following the browser's instructions. The session "cookie" is temporary and is removed after the browser is closed. It is possible to reset the web browser to reject all "cookies", but some features of the platform may not work properly.
10.2. By registering, the customer acknowledges their right to cancel their registration, access and update their personal data, and guarantees the truthfulness of the information provided by them.
11.1. The rights shall be exercised upon express request of the customer, now subject, through direct contact with the data protection officer, according to the information provided in the Summary Table (clause 2).
11.2. When applicable, the request will be met at no cost to the subject, within the timeframes and terms to be regulated.
11.3. The customer, as the subject of personal data, has the right to obtain from the controller, at any time and upon express request to the data protection officer:
a) Confirmation of the existence of treatment;
b) Access to data;
c) Correction of incomplete, inaccurate, or outdated data;
d) Anonymization, blocking or elimination of unnecessary, excessive or unlawfully treated data;
e) Data portability to another service or product provider, upon express request, in accordance with the regulation of the national authority, subject to commercial and industrial secrets;
f) Elimination of personal data processed, except in the legal hypotheses;
g) Information on public and private entities with which the controller shared data;
h) Possibility of not providing consent, which would make it impossible to access the platform and formalize any legal transaction between the parties;
i) Revocation of consent, at any time, upon express manifestation of the subject, through contact with the data protection officer (clause 2);
j) The personal data subject has the right to petition against the controller in relation to their data before the national authority;
k) The subject may object to treatment based on one of the exceptions to consent, in case of noncompliance with the law.
12.1. The data processing agents include the controller and the operators.
12.2. The operators will be jointly liable for damages caused by processing when they breach data protection legislation obligations or fail to comply with lawful instructions from the controller.
12.3. Controllers directly involved in processing resulting in damages to data subjects will be jointly liable.
12.4. Data processing agents will not be held responsible if they did not process personal data, if there was no violation of data protection legislation, or if the damages resulted from the data subject's or a third party's exclusive fault.
14.1. The controller reserves the right to modify this policy at any time, and it is the customer's duty to access it to verify the latest amendment.
14.2. Amendments will come into effect immediately upon publication on the platform. By using the service or providing personal information after any modifications, the customer indicates their agreement with the amendments.
15.1. Brazilian law will apply fully to solve doubts arising from this policy.
15.2. Any conflicts must be presented to the Santo Amaro Regional Court in the city of São Paulo, SP.
Last amendment: 07/20/2021.