EN

Talk to a specialist

MENU

Privacy Policy

1. Our Purpose

This Privacy Policy aims to highlight Positivo S+’s commitment to safeguarding privacy and personal data in its organizational processes, systems, and services. It establishes rules regarding the collection, recording, storage, use, sharing, enrichment, and deletion of collected data, in compliance with applicable legislation. This policy applies to all individuals whose personal data is processed by Positivo S+, including Job Applicants, Employees, Clients, Suppliers, Partners, and Visitors.

2. Description

2.1. Personal Data Processing

2.1.1. Within the general context of Positivo S+’s services, personal data may be processed for the following purposes, always respecting the principles outlined in the General Data Protection Law (LGPD):

  • Selling products or services, collecting payments, addressing client inquiries, or facilitating various requests from clients, their clients, or potential clients.
  • Resolving information security issues within Positivo S+.
  • Accessing team member information for evaluation and management purposes.
  • Recruiting and selecting potential employees or discarding
  • Approving vacation, travel, or purchase
  • Generating various
  • Controlling physical access to Positivo S+ premises and monitoring through internal security camera systems.
  • Recording customer service calls by employees for their
  • Creating user accounts within Positivo S+’s
  • Updating departmental
  • Managing SLA
  • Conducting internal
  • Producing performance
  • Generating
  • Improving and increasing the efficiency of services
  • Analyzing competitions, RFIs, RFQs, and
  • Updating client registration
  • Prospecting new
  • Managing judicial, extrajudicial, and administrative
  • Executing contracts and legal
  • Hiring suppliers and
  • Managing judicial and extrajudicial notifications

These purposes are justified by contractual, legal, or Positivo S+’s legitimate interests.

2.2. Data Collected, Purpose, and Legal Bases

Personal data is collected during various processes in Positivo S+’s systems and services. Data types include name, CPF, RG, email, address, phone number, username, banking information, employment contract details, vehicle data, position/profession, network login, education, photographs, biometrics, and more, always for specific purposes and with legal compliance.

A detailed table of data types, purposes, and legal bases can be requested via email: [email protected]

2.3. Data Retention Period

2.3.1. Storage

2.3.1.1. Personal data will be retained as long as necessary to fulfill processing When applicable, unnecessary, excessive, or anonymized data will be deleted upon request by the data subject or as required by law.

Data required for legal or regulatory compliance or for defending rights in administrative, judicial, or arbitration proceedings will be preserved.

2.3.1.2 Physical Storage

Physical storage of personal data will also adhere to the retention periods mentioned above for appropriate disposal.

2.4. Data Deletion

Data may be deleted before the specified retention period if requested by the data subject. However, data may need to be retained for longer in accordance with Article 16 of the General Data Protection Law for legal or regulatory compliance, contractual obligations, or third-party transfers (in line with the law’s data processing requirements). Once the retention period and legal need expire, data will be securely discarded or anonymized for statistical purposes.

2.5. Data Security

Positivo S+ commits to utilizing its best efforts to safeguard information, especially personal data, through administrative and technical protection measures. Governance best practices are implemented using available resources and require suppliers and clients to maintain acceptable information security levels based on market standards and contractual clauses.

2.6. Storage Servers

Collected data is stored on Positivo S+’s servers in Brazil and may also be processed or stored in cloud computing environments. When data is transferred internationally (e.g., via AWS servers in the U.S. or Europe), Positivo S+ ensures compliance with Article 33 of the General Data Protection Law and applicable regulations.

2.7. Data Accuracy

2.7.1. Positivo S+ is not responsible for the accuracy, veracity, or updates of information provided by the data subject. It is the data subject’s responsibility to ensure data is accurate and up to date.

2.7.2. Positivo S+ reserves the right not to process data if there are reasons to believe it could violate applicable laws, morality, or ethics.

2.8. Rights of Data Subjects

2.8.1. Data controllers must ensure data subjects can exercise their rights regarding collected data.

2.8.2. Data subjects have the right to:

  • Confirm if their data is being
  • Access, correct, or update their
  • Request anonymization, blocking, or deletion of unnecessary or excessive data.
  • Request data
  • Request details on data
  • Withdraw previously granted consent.

2.8.3. Requests must be submitted explicitly by the data subject or their legal representative to Positivo S+’s Data Protection Officer (DPO) via https://positivosmais.com/politica-de-privacidade/.

2.8.4. Ocorrendo atualizações neste documento que demandem nova coleta de consentimento, a Positivo S+ notificará o titular dos dados pessoais pelos meios de contato fornecidos.

2.8.5. Data subjects can also file complaints with the relevant data protection authority.

2.9. Data Sharing with Third Parties

2.9.1. The corporate instruments, powers of attorney, and copies of the personal documents of Positivo S+’s legal representatives may be shared via email with employees, clients, and suppliers as a means of verifying the authenticity of identification and qualification information.

2.9.2. Physical and digitized copies of documents used in legal, extrajudicial, and administrative proceedings related to citations and summonses may be requested by Positivo S+ CSC to support these processes and may be shared with law firms and third-party experts.

2.9.3. Personal documents and documents of legal representatives necessary for drafting legal instruments may be shared with third parties in cases of corporate instrument updates, including those granted to external attorneys, such as lawyers and accountants.

2.9.4. The Legal Department uses reports generated by Positivo S+ CSC to manage the necessary provisions for Positivo S+’s accounting management. As a result, personal data contained in these reports is shared with Positivo S+ CSC’s accounting department, which handles Positivo S+’s financial management.

2.9.5. Since it operates with its clients’ database, the GRC department works with data shared by its clients. This involves a large number of data subjects and personal data, many of which are processed automatically or enriched by Positivo S+ suppliers.

2.9.6. Documents and personal data of members may be shared with Positivo S+ clients when necessary for the execution of a contract or preliminary procedures related to a contract. If the data is shared through portals provided by clients and/or suppliers, an evaluation by the Information Security department will be required. This evaluation must be conducted through a request registered in the current incident management tool.

2.9.7. Personal data may be shared with Public Authorities and government entities that have legal competence to require Positivo S+ to disclose specific personal data. For example, in the case of an investigation, data will be shared unless Positivo S+ identifies an abuse of power.

2.9.8. Personal data may be shared with partner companies and suppliers for the development of activities and the provision of services, as long as they are properly contractually supported.

2.10. International Transfer

Personal data may be transferred to other countries (international transfer) in projects involving cloud services, as the servers of the provider performing this service, AWS, are located in the United States and Europe. This requires contract adjustments with the provider to ensure compliance with Chapter V of the LGPD (Brazilian General Data Protection Law).

2.11. Sending Marketing Emails and Consent Withdrawal

2.11.1. The RD Station tool is used to automate Marketing actions, managing the sending of marketing emails to individuals listed in the mailing list after lead generation.

2.11.2. Its configuration is shared between Positivo S+ and the solution provider when the marketing department itself triggers the email sending as requested by the department. All marketing emails allow the data subject to opt out of receiving them; however, they are only removed from the active list and not entirely deleted from RD Station’s database or other mailing lists unless explicitly requested.

2.11.3. The data subject has the right to withdraw consent for receiving marketing emails at any time.

2.12. Automated Decisions

2.12.1. Regarding Security Solutions at Positivo S+, detections may be automated through internally implemented monitoring software.

2.12.2. Personal data required for user creation in Active Directory is accessed automatically through the integration of internal solutions.

2.12.3. The RD Station tool is used to automate Marketing actions, as described in item 2.10.

2.13. Minors’ Data

2.13.1. Employee contracts must contain specific provisions regarding minor dependents, as parental or legal guardian consent is required for processing minors’ personal data.

2.13.2. The same applies to visits by minors to Positivo S+ premises, where their legal guardian must sign a data collection consent form authorizing the processing of the minor’s data.

2.14. Sensitive Data

2.14.1. Positivo S+ may, on occasion, collect sensitive data related to racial or ethnic origin, religious beliefs, political opinions, trade union membership, health, life, genetic, or biometric data. The processing of such data strictly follows the applicable legislation, ensuring that it serves a legitimate purpose and respects the necessary legal bases. Personal data and other information are anonymized through encryption and restricted access control.

2.14.2. Leads are used to obtain personal data from company employees who have decision-making power or influence over hiring services offered by Positivo S+, with the aim of initiating contact.

2.15. Incident Notification

2.15.1. If Positivo S+ detects or becomes aware of any breach or incident resulting in destruction, loss, alteration, disclosure, or unauthorized access during the processing of data, which may pose a risk to the data subject, the company commits to investigating the incident, notifying the data subject within the legally specified period, and taking reasonable measures to mitigate or minimize any resulting damage.

2.15.2. Incident notifications will be sent to the data subject through any means chosen by Positivo S+, including electronic means. Therefore, it is the data subject’s sole responsibility to ensure that Positivo S+ has their correct contact information.

2.15.3. Any data subject, whether an employee, supplier, client, or other, who becomes aware of potential misuse, unauthorized access, an incident, or a violation of their data related to Positivo S+ services must notify the company immediately.

2.16. Applicable Law and Jurisdiction

This Privacy Policy shall be governed by and interpreted in accordance with Brazilian law, in the Portuguese language.

2.17. Communication

The data subject acknowledges that all communication sent via email to the addresses provided in their registration, SMS (short message service), instant messaging applications, or any other digital and virtual means is valid as documentary evidence. These communications are effective and sufficient for the disclosure of any matters related to the services provided by Positivo S+, their conditions, or any other relevant topics, except as expressly provided in this Policy.

For any questions or requests, the Data Protection Officer (DPO), Mr. Edilson Rodrigues Braga, can be contacted at [email protected]

3. General Provisions

Positivo S+ reserves the right to amend this policy as needed for legal compliance or operational adjustments. Data subjects are advised to review updates through Positivo S+’s official website.

https://positivosmais.com/politica-de-privacidade/.

Follow us on social media

© Positivo Tecnologia S/A. All rights reserved. Photos for illustrative purposes only.
Use your browser tool if you want to change your cookie settings. | Consumer Protection Code.

Terms of Use

Privacy