Rules of Security and Privacy

GLOBAL PRIVACY POLICY - GRUPO UOL

This document has the purpose to establish rules for handling data, including, e.g., operations of collection, production, reception, ranking, use, access, reproduction, transmission, distribution, processing, filing, storage, removal, assessment or control of information, change, communication, transfer, disclosure or extraction of data collected from the USERS, in addition to the record of their activities, pursuant to applicable law.

By accepting this Privacy Policy, the USER grants its free and express consent to the terms herein established.

1. Glossary

1.1. For purposes hereof, the following definitions and descriptions shall be considered for its better understanding:


Account: means through which the USER is represented when accessing certain restricted areas, exclusive features of the websites, applications, and services provided by Grupo UOL, usually reflecting a group of data representing the USER (e.g., registration information) and other material data to ensure a better and fuller relationship of Grupo UOL with the USER (such as the record of activities performed by the USER in the websites, applications, and services provided by Grupo UOL).


Cookies: small files or data packages submitted by Grupo UOL to the USER’s device in order to identify it and collect information that will help Grupo UOL to improve the services provided to the USER.


Credentials: group of data used by the USER in order to authenticate the access to certain restricted areas and/or exclusive features of the websites, applications, and services provided by Grupo UOL. Usually, such data are the login and password, but it may also include additional data that helps with the authentication process.


Data: set of Anonymized Data and Personal Data.

Anonymized Data: information that, whether individually or together with other Anonymized Data, does not allow the identification of a person, taking into account the use of reasonable technical means that are available at its handling. Those may include gender, age and geolocation (such as the city where the person is) and statistics.


Personal Data: means information related to the identified or identifiable individual. It may include, for instance, name, address, email address, telephone number, credit/debit card number, IP address, and geolocation data.


Data Protection Officer (DPO): person (whether an individual or legal entity) appointed by Grupo UOL that will be acting as the communication channel between Grupo UOL, the USER and governmental authorities in matters concerning this Privacy Policy and the use, collection and handling of Data by Grupo UOL.


Grupo UOL: all subsidiary companies controlled by the UOL economic group, represented by the legal entity UNIVERSO ONLINE S.A. (Brazilian Corporate Taxpayers’ Registry “CNPJ” number 01.109.184/0001-95).

IP Address: Internet Protocol address linked to the device used by the USER. Each IP Address corresponds to an alphanumeric group, which, together with other information, helps identifying the specific device that the USER is using to access the Internet and, therefore, to access websites, applications, and services provided by Grupo UOL.


Applicable Law: means the law applicable to the relationship between Grupo UOL and the USER, which may vary due to (i) location where the service is being provided; (ii) residency or living location of one of the Parties, including the USER; (iii) other factors provided by specific legislation. Grupo UOL holds representation in various countries, and it is subject, in addition to the Brazilian law, to several other rules, including the General Data Protection Regulation (GDPR).


Logs: record of USERS’ activities made on the websites, applications, and services provided by Grupo UOL.


Privacy Policy: means, jointly, this Global Privacy Policy - Grupo UOL and its exhibits, as well as other documents expressly referred herein.


USERS: persons accessing or interacting with the features offered by the websites, applications, and services provided by Grupo UOL. The USER shall have the legal capacity to accept and consent with this Privacy Policy and other documents of Grupo UOL. If the USER does not have such capacity, the USER declares to have previously obtained all required authorization to accept this Privacy Policy and other documents submitted by Grupo UOL.

 

2. Data Collection

SUMMARY

We collect the data from the USER as per they provide it to us, whether directly or indirectly, during the access to and use of the websites, applications, and services provided by Grupo UOL or by partners who have been duly authorized by Grupo UOL (who follow the same Data privacy guidelines of Grupo UOL hereunder). We have also explained what Cookies mean and how the USER may manage them.

2.1. Data will be collected:

(i) whenever they are voluntarily inserted or submitted by USERS in the websites, applications, and services provided by Grupo UOL, such as the creation of an Account, browsing, interaction with the content and acquisition of services;

(ii) whenever the USER submits third-party strong>Data to Grupo UOL (such as data of friends). Grupo UOL may use such data according to this Privacy Policy, and the USER represents to authorize, under applicable laws and regulations, to submit such Data for acknowledgment and record by Grupo UOL, holding Grupo UOL harmless from any liability;

(iii) whenever the Data are submitted automatically without the need for any action by the USERS, such as through Cookies; or

(iv) from partners who have obtained prior consent to share the Data with Grupo UOL.

2.2. Information collected by Grupo UOL may include, but are not limited to:

(i) name;

(ii) gender;

(iii) Brazilian Individual Taxpayers’ Registry - CPF;

(iv) email address;

(v) e-mail address;

(vi) telephone number and recordings (in the event the USER has made any contact);

(vii) date of birth;

(viii) payment information;

(ix) information concerning the browser and the operating system of the device;

(x) IP Address;

(xi) visited webpages;

(xii) URL links and buttons clicked;

(xiii) contacts information;

(xiv) biometric data (such as, but not limited to, face picture).

2.2.1. Other data collected by Grupo UOL are defined in item 7 hereof, grouped by companies and, as applicable, set of products/services.

2.3. Grupo UOL is not liable for the accuracy, inaccuracy, or obsolescence of information and Data provided by the USER, as the USER is responsible for providing such with accuracy and for updating them. Grupo UOL may request, from time to time, the USER to update the information provided and Data submitted.

2.4. Grupo UOL uses anonymous identifiers and Cookies in order to control engagement, browsing, security and advertisement, and the USER agrees with that use when accepting this Privacy Policy. The Cookies used by Grupo UOL may be ranked as follows:

(i) According to their expiration:

a) of Session: those Cookies are temporary and they are kept until the webpage or the browser is closed. They may be used in e-commerce (for the USER to continue browsing without losing their shopping cart, for instance), in order to analyze patterns of Internet traffic and to provide a better experience and content fit to the USERS.

b) Persistent: they persist even if the browser has been closed. They may be used to remember login and password information of the USERS, for instance, or in order to ensure a better user experience between various sessions.

(ii) According to their ownership:

a) First-Party Cookies: Cookies that are owned by Grupo UOL, who has full control over them.

b) Third-Party Cookies: Cookies that are owned by third-parties, but included in the USERS’ devices upon the websites, applications, and services provided by Grupo UOL.

(iii) According to their purpose:

a) strictly necessary Cookies: These Cookies are essential for the USER to browse the websites, applications, and services provided by Grupo UOL, which would not be duly provided without them. They usually are Session and First-Party Cookies.

b) performance Cookies: these Cookies collect anonymous information about how the USERS use and interact with the websites, applications, and services provided by Grupo UOL, which allows to recognize their profiles and account for the visits and interactions. They are usually first-party Cookies.

c) functionality Cookies: these Cookies allow Grupo UOL to remember choices made by the USERS (such as login and location), delivering more personal experiences, in addition to allowing any customizations (whenever available). This information may be anonymized (becoming Anonymized Data) and it does not track activities outside the websites, applications, and services provided by Grupo UOL. They are usually first-party Cookies.

d) analytics and marketing Cookies: these Cookies allow for the advertisers of Grupo UOL to deliver more relevant information and ads to the USERS. They are also used in order to limit the times that the USER views certain ads and to measure the effectiveness of marketing campaigns. These cookies remember certain preferences of the USER and are used for helping create their profiles in order to improve the USER’s experience. These are usually persistent and may be third-party Cookies (such as Google Analytics, referred to below).

e) social media Cookies: they allow for the USER to connect with social media, such as LinkedIn, Twitter, Facebook, Pinterest, and Instagram. They are usually persistent and third-party Cookies.

f) secure Cookies: these Cookies help Grupo UOL to monitor fraudulent activities and to protect user data in unauthorized access. They are usually persistent and third-party Cookies.

2.5. The USER may reject the Cookies when using the websites, applications, and services provided by Grupo UOL, but for these cases, Grupo UOL cannot ensure the proper operation of such websites, applications and services offered. Cookies may be accepted, removed or rejected through management tools of the browser used by the USER.

2.6. Grupo UOL uses partners to collect and process Data, whose information may be accessed by clicking here.

2.7. Grupo UOL will also record the activities performed by the USER in the websites, applications, and services provided by Grupo UOL, creating Logs that may include, but are not limited to:

(i) USER’s IP address;

(ii) Actions performed by the USER in the websites, applications, and services provided by Grupo UOL;

(iii) URL addresses of pages and screens accessed by the USER in the websites, applications, and services provided by Grupo UOL;

(iv) Date and time of all actions performed by the USERS in the websites, applications, and services provided by Grupo UOL, in addition to access to webpages and screens, and the tools and features that were used;

(v) Information about the device used by the USER, version of operating system, browser, among other applications and software installed;

(vi) Session and User ID, when available;

(vii) Type of connection of the USER, such as Wi-Fi or cellphone networks (EDGE, 3G, and 4G, for instance); and

(viii) Geolocation.

2.8. Other technologies may be used for the collection of browsing data from the USER. However, such technologies shall comply with the terms hereof and the USERS choices concerning their collection and storage, provided that the USER shall be previously notified in the event of any changes. If other Data, aside from the ones listed above, are to be collected, the USER will be previously notified. Information collected by Grupo UOL may be matched with the information collected by other sources (including third-party partners) or deriving from other technologies.

 

3. Use of Data

SUMMARY

The Data may be accessed only by companies who are part of Grupo UOL, partners, contractors, and authorities. However, if the USER accesses features or websites of partners, the USER shall be subject to their own practices and policies. We will also disclose how we are going to use the Data collected from the USER.

3.1. Data collected from the USERS may be used with the following purposes:

(i) Identification, authentication and authorization;

(ii) To provide proper support to requests and questions from the USERS;

(iii) To keep registration updated for purposes of telephone contact, e-mail, SMS, mailing list or communication through other means;

(iv) To improve the interactive experience and use during the browsing at the websites, applications, and services provided by Grupo UOL;

(v) To create statistics, studies, researches, project planning and evaluations concerning the activities and behaviors of the USER when using the websites, applications, and services provided by Grupo UOL, performing such operations in anonymous way with Anonymized Data;

(vi) To promote services by Grupo UOL and its partners, in addition to informing about new features, tools, contents, news and other information relevant to the relationship with Grupo UOL;

(vii) To protect Grupo UOL from rights and obligations concerning the use of the website, applications, and services provided by Grupo UOL;

(viii) To cooperate and/or to comply with court order or requisition from administrative authority, as well as to comply with the obligations of preventively reporting certain activities to the applicable authorities;

(ix) To proceed with payment orders made by the USERS;

(x) To submit newsletters and emails that the USERS have expressly agreed to receive;

(xi) To manage risks and to detect, prevent and/or remedy fraud or any other potentially illegal or forbidden activities, in addition to breach of applicable policies and terms of use;

(xii) To share payment information between the companies of Grupo UOL, in order to streamline the USERS’ experience when using the websites, applications, and services provided by Grupo UOL; and

(xiii) To check Data in private and public bureaus in order to verify if they are accurate, to update them, or to request supplementary data.

3.2. The use, access and sharing of the database created hereunder shall be made within the limits and purposes of Grupo UOL’s activities, and it may be provided and made available for access and/or research to companies who are part of Grupo UOL, in addition to business partners, vendors, service providers, contractors, authorities or general third parties, provided that in compliance with the provisions hereunder, Applicable Law or court order. USER’s sensitive data, such as personal information about their race or ethnic origin, religious belief, political opinion, trade union membership, or affiliation to religious, philosophical or political organization, data concerning their health or sexual life, genetic or biometric information, when linked to an individual, shall be shared exclusively upon the USER’s consent.

3.2.1. The sharing of USERS’ Data may be performed with entities located outside the country of residency of the USER (such as countries in the European Economic Area, South America or North America). In those cases, the processing, handling, use and sharing of Data shall be made pursuant to the Applicable Law and this Privacy Policy. Particularly, when the transfer of Data from the European Economic Area to countries that have not been recognized by the relevant authorities occurs with the proper level of protection, Grupo UOL shall ensure the use of the proper measures and tools (such as the Standard Contractual Clauses of the European Commission).

3.2.2. Grupo UOL undertakes to safeguard the financial and banking secrets of its clients and USERS by not sharing such information with companies to which the USER have not agreed. The USER acknowledges that Grupo UOL is not obliged to comply with various legal obligations arising from the Applicable Law concerning the identity of its clients and the origin of funds operated by Grupo UOL. Thus, Grupo UOL is hereby authorized to request, and the USER must provide, additional documents and information, also for the performance of know-your-customer and anti-money-laundering procedures. Information obtained by Grupo UOL in response to the request listed above shall be handled as confidential information. Grupo UOL is hereby authorized to share data required by Applicable Law with the competent authorities and third parties who need access to the Data in order to prepare/authenticate reports on the activities by Grupo UOL under such law.

3.2.3. The USER is responsible for the secrecy, utilization and all acts concerning the use of the Credentials (such as, but not limited to, the login, password and authentication token). If the USER identifies or suspects that a third party has access to their password, the USER shall change the password directly in the systems or services. The sharing of Credentials arising from an action by the USER constitutes a breach of this Privacy Policy.

3.3. The USER is hereby aware that Grupo UOL may perform (i) the anonymization of Personal Data, turning them into Anonymized Data; (ii) data enrichment, adding information derived from other lawful sources - including from databases of other companies part of Grupo UOL; and (iii) handling of Personal Data based on the legitimate interest of Grupo UOL, pursuant to Applicable Law. The USER expressly consents to such activities upon agreement with the terms hereof.

3.3.1. The USER acknowledges and agrees that Grupo UOL may use the Data to create the USER’s profile, in a way to improve Grupo UOL’s services or to comply with the Applicable Law, including, but not limited to, know-your-customer obligations. The USER’s profile will be exclusively shared under this Privacy Policy or Applicable Law.

3.4. Internally, the Data will only be accessed by professionals duly authorized by Grupo UOL, in compliance with the principles of the purpose, fitness and need, among other principles provided by Applicable Law, for the purposes of Grupo UOL, in addition to the commitment of confidentiality and preservation of privacy hereunder.

3.5. Anonymized Data may be collected, handled, stored, used, transferred and disclosed for any purpose, regardless of authorization from the USER.

3.6. Grupo UOL has business partners who may offer services through features or websites accessed from the websites, applications, and services provided by Grupo UOL. Data provided by the USER to these partners shall be under the responsibility of such, subject to their own practices in the collection and use of Data, holding Grupo UOL harmless of any liens concerning those Data.

3.7. Grupo UOL values the security and sanctity of the USER’s credentials. For that reason, Grupo UOL continuously searches and monitors the Internet in its various layers in order to identify, collect and handle for purposes of validation (authentication tests) logins and passwords that potentially belong to the USERS and that have been unduly published online by third parties.

3.7.1. If the authentication tests show that the USER’s Credentials were compromised (became accessible to third parties), Grupo UOL - for security and with the intention of preventing the undue access by third parties to the account and Data of the USER - will preventively block the USER’s Credentials. If any questions arise - including questions on how to unblock the Credentials - the USER may read the terms of use in the websites, applications, and services provided by Grupo UOL, or they may also contact Grupo UOL’s call center.

 

4. Data Storage

SUMMARY

All Data collected are stored in a safe location. The USER may, at any time, request the display, adjustment, or deletion of their Data. Except for specific cases, we may keep the Data collected for legal compliance, audit and preservation of rights, for the period required to comply with those responsibilities.

4.1. All Data collected will be stored in a safe and controlled environment. However, considering that no security system is flawless, Grupo UOL is held harmless from any liabilities for any damages and/or losses arising from flaws, virus, or hacking of the websites, applications, and services provided by Grupo UOL, except in the event of negligence or malicious fraud by Grupo UOL. However, if Grupo UOL detects that any of those events have occurred, Grupo UOL will notify the affected USERS informing that there was a breach of their Data and indicating that they should take all applicable measures.

4.2. Data obtained from the USER may be stored in Grupo UOL’s own server or third-party server hired for this purpose, whether they are located in Brazil or abroad, and they may also be stored through cloud computing technology and/or any other technologies that may arise in the future, always with the intention of improving Grupo UOL’s activities. Third parties who may eventually keep servers with stored Data are required by Grupo UOL to keep security and control standards according to all applicable legal regulations.

4.3. Using the support tools available in the websites, applications, and services provided by Grupo UOL, the USER (subject to the verification of their identity) may:

(i) request access to the Data, including its display, adjustment with the correction of incomplete, inaccurate or outdated data, or the deletion of Personal Data concerning the USER;

(ii) request the deletion of all of their Personal Data collected and recorded by Grupo UOL, provided that the agreement between the USER and Grupo UOL has been terminated, the Account has been canceled, and that the minimum legal term for purposes of Grupo UOL’s legal obligations has expired;

(iii) revoke the consent for future collection, handling, use and processing of Personal Data concerning the USER or also restrict the processing of Personal Data. This will not affect the lawfulness of the handling and processing of Personal Data performed before the revocation, based on its consent or on the legitimate interest of Grupo UOL. The revocation of the consent may hinder the USER from using to the fullest or even preclude the use of the websites, applications, and services provided by Grupo UOL.

(iv) request portability of their Data; and

(v) request Grupo UOL not to use their Personal Data for marketing purposes.

4.3.1. Even if the USER has requested the deletion of their data and revoked their consent, in some specific cases Grupo UOL may be subject to Laws and regulations that may hinder the deletion/revocation of the Data.

4.3.2. USER’s Personal Data will also be deleted whenever they are no longer needed, except in the event of legal or contractual reason for their maintenance (e.g., in order to comply with any legal obligation concerning data retention or the need to preserve such to preserve legitimate interests and rights of one of the parties involved in the contract).

4.4. Privacy settings of the USERS and the products and resources that the USER uses have an impact over the USER’s Data that will be collected by Grupo UOL.

4.5. Grupo UOL may, for purposes of audit and preservation of rights, keep the Data record history of the USER, and Grupo UOL has the choice to finally delete them upon its convenience or under the circumstances required by law or regulatory norm. Grupo UOL may also keep the Anonymized Data and anonymized version of the Data with the purpose of statistics and studies, even after the request for deletion made by the USER or upon the end of the legal term for safekeeping.

 

5. General Provisions:

SUMMARY

We may update this document at any time. Thus, it needs to be consulted from time to time. In the event any activity is outsourced, we will ensure that the companies hired will comply with all provisions hereunder.

5.1. The content of this Privacy Policy may be updated or changed at any time, as per the purpose or convenience of Grupo UOL, such as for fitness and legal adjustment of provision by law or rule with equivalent legal force, and the USER shall be responsible for always verifying this document whenever accessing websites, applications, or services provided by Grupo UOL.

5.1.1. In the event of any change to this document, Grupo UOL will notify the USER using the tools available in the websites, applications, and services provided by Grupo UOL and/or contact information registered by the USER. The USER shall be bound to the new terms of this document as from the delivery of the notice regarding such updates.

5.2. Contact information of the DPO: l-lgpd@uolinc.com. The USER may contact that email address for any questions that may arise concerning the provisions herein.

5.3. If you believe that Grupo UOL has breached any legal provision or clause herein, the USER is entitled to file a complaint with the proper supervising authority, in addition to directly contacting Grupo UOL.

5.4. If third-party companies perform the processing of any Data collected by Grupo UOL, they must comply with the conditions established herein and the rules of Information Security of Grupo UOL.

5.5. If any provision herein is considered unlawful or lacks standing by authorities where the USER is a resident or from where they are connecting to the Internet, all the other conditions shall remain in full force and effect.

 

6. Applicable Law and Venue

SUMMARY

In the event of any lawsuits, the Brazilian law and the courts of the judicial district of São Paulo shall be chosen for conflict resolution, except if specifically provided otherwise by Applicable Law (such as the USER’s residency).

6.1. This Privacy Policy shall be construed according to the Brazilian law, in the Portuguese language, and the courts of the judicial district of São Paulo shall be elected for the resolution of any conflict or dispute concerning this document, except if specifically provided otherwise due to individual, territorial or functional competency by Applicable Law.

 

7. Specific conditions

Next, we present the specific conditions applicable to certain companies/products/services by Grupo UOL, defined in each section. If the USER hires any of the companies or uses one or more of the products/services described below, the following conditions shall not be applicable in addition to the provisions established in the Privacy Policy.

Loan and Investment Platform

Payment Management Service

UOL Cloud/Host

BoaCompra
 


Updated on: July 21, 2021


Versions in other languages are provided just for reference, if any question arises, the Portuguese version shall prevail.