This document has the purpose to establish rules for handling data, including, e.g., operations of collection, production, reception, ranking, use, access, reproduction, transmission, distribution, processing, filing, storage, removal, assessment or control of information, change, communication, transfer, disclosure or extraction of data collected from the USERS, in addition to the record of their activities, pursuant to applicable law.
1.1. For purposes hereof, the following definitions and descriptions shall be considered for its better understanding:
Account: means through which the USER is represented when accessing certain restricted areas, exclusive features of the websites, applications, and services provided by Grupo UOL, usually reflecting a group of data representing the USER (e.g., registration information) and other material data to ensure a better and fuller relationship of Grupo UOL with the USER (such as the record of activities performed by the USER in the websites, applications, and services provided by Grupo UOL).
Cookies: small files or data packages submitted by Grupo UOL to the USER’s device in order to identify it and collect information that will help Grupo UOL to improve the services provided to the USER.
Credentials: group of data used by the USER in order to authenticate the access to certain restricted areas and/or exclusive features of the websites, applications, and services provided by Grupo UOL. Usually, such data are the login and password, but it may also include additional data that helps with the authentication process.
Data: set of Anonymized Data and Personal Data.
Anonymized Data: information that, whether individually or together with other Anonymized Data, does not allow the identification of a person, taking into account the use of reasonable technical means that are available at its handling. Those may include gender, age and geolocation (such as the city where the person is) and statistics.
Personal Data: means information related to the identified or identifiable individual. It may include, for instance, name, address, email address, telephone number, credit/debit card number, IP address, and geolocation data.
Grupo UOL: all subsidiary companies controlled by the UOL economic group, represented by the legal entity UNIVERSO ONLINE S.A. (Brazilian Corporate Taxpayers’ Registry “CNPJ” number 01.109.184/0001-95).
IP Address: Internet Protocol address linked to the device used by the USER. Each IP Address corresponds to an alphanumeric group, which, together with other information, helps identifying the specific device that the USER is using to access the Internet and, therefore, to access websites, applications, and services provided by Grupo UOL.
Applicable Law: means the law applicable to the relationship between Grupo UOL and the USER, which may vary due to (i) location where the service is being provided; (ii) residency or living location of one of the Parties, including the USER; (iii) other factors provided by specific legislation. Grupo UOL holds representation in various countries, and it is subject, in addition to the Brazilian law, to several other rules, including the General Data Protection Regulation (GDPR).
Logs: record of USERS’ activities made on the websites, applications, and services provided by Grupo UOL.
2. Data Collection
We collect the data from the USER as per they provide it to us, whether directly or indirectly, during the access to and use of the websites, applications, and services provided by Grupo UOL or by partners who have been duly authorized by Grupo UOL (who follow the same Data privacy guidelines of Grupo UOL hereunder). We have also explained what Cookies mean and how the USER may manage them.
2.1. Data will be collected:
(i) whenever they are voluntarily inserted or submitted by USERS in the websites, applications, and services provided by Grupo UOL, such as the creation of an Account, browsing, interaction with the content and acquisition of services;
(iii) whenever the Data are submitted automatically without the need for any action by the USERS, such as through Cookies; or
(iv) from partners who have obtained prior consent to share the Data with Grupo UOL.
2.2. Information collected by Grupo UOL may include, but are not limited to:
(iii) Brazilian Individual Taxpayers’ Registry - CPF;
(iv) email address;
(v) mail address;
(vi) telephone number and recordings (in the event the USER has made any contact);
(vii) date of birth;
(viii) payment information;
(ix) information concerning the browser and the operating system of the device;
(x) IP Address;
(xi) visited webpages;
(xii) URL links and buttons clicked;
(xiii) contacts information;
(xiv) biometric data (such as, but not limited to, face picture).
2.2.1. Other data collected by Grupo UOL are defined in item 7 hereof, grouped by companies and, as applicable, set of products/services.
2.3. Grupo UOL is not liable for the accuracy, inaccuracy, or obsolescence of information and Data provided by the USER, as the USER is responsible for providing such with accuracy and for updating them. Grupo UOL may request, from time to time, the USER to update the information provided and Data submitted.
(i) According to their expiration:
a) of Session: those Cookies are temporary and they are kept until the webpage or the browser is closed. They may be used in e-commerce (for the USER to continue browsing without losing their shopping cart, for instance), in order to analyze patterns of Internet traffic and to provide a better experience and content fit to the USERS.
b) Persistent: they persist even if the browser has been closed. They may be used to remember login and password information of the USERS, for instance, or in order to ensure a better user experience between various sessions.
(ii) According to their ownership:
a) First-Party Cookies: Cookies that are owned by Grupo UOL, who has full control over them.
b) Third-Party Cookies: Cookies that are owned by third-parties, but included in the USERS’ devices upon the websites, applications, and services provided by Grupo UOL.
(iii) According to their purpose:
a) strictly necessary Cookies: These Cookies are essential for the USER to browse the websites, applications, and services provided by Grupo UOL, which would not be duly provided without them. They usually are Session and First-Party Cookies.
b) performance Cookies: these Cookies collect anonymous information about how the USERS use and interact with the websites, applications, and services provided by Grupo UOL, which allows to recognize their profiles and account for the visits and interactions. They are usually first-party Cookies.
c) functionality Cookies: these Cookies allow Grupo UOL to remember choices made by the USERS (such as login and location), delivering more personal experiences, in addition to allowing any customizations (whenever available). This information may be anonymized (becoming Anonymized Data) and it does not track activities outside the websites, applications, and services provided by Grupo UOL. They are usually first-party Cookies.
d) analytics and marketing Cookies: these Cookies allow for the advertisers of Grupo UOL to deliver more relevant information and ads to the USERS. They are also used in order to limit the times that the USER views certain ads and to measure the effectiveness of marketing campaigns. These cookies remember certain preferences of the USER and are used for helping create their profiles in order to improve the USER’s experience. These are usually persistent and may be third-party Cookies (such as Google Analytics, referred to below).
e) social media Cookies: they allow for the USER to connect with social media, such as LinkedIn, Twitter, Facebook, Pinterest, and Instagram. They are usually persistent and third-party Cookies.
f) secure Cookies: these Cookies help Grupo UOL to monitor fraudulent activities and to protect user data in unauthorized access. They are usually persistent and third-party Cookies.
2.5. The USER may reject the Cookies when using the websites, applications, and services provided by Grupo UOL, but for these cases, Grupo UOL cannot ensure the proper operation of such websites, applications and services offered. Cookies may be accepted, removed or rejected through management tools of the browser used by the USER.
2.7. Grupo UOL uses TailDMP solution for audience segmentation, which the USER may opt-out at any time by accessing http://optout.t.tailtarget.com.
2.8. Grupo UOL will also record the activities performed by the USER in the websites, applications, and services provided by Grupo UOL, creating logs that may include, but are not limited to:
(i) USER’s IP address;
(ii) Actions performed by the USER in the websites, applications, and services provided by Grupo UOL;
(iii) URL addresses of pages and screens accessed by the USER in the websites, applications, and services provided by Grupo UOL;
(iv) Date and time of all actions performed by the USERS in the websites, applications, and services provided by Grupo UOL, in addition to access to webpages and screens, and the tools and features that were used;
(v) Information about the device used by the USER, version of operating system, browser, among other applications and software installed;
(vi) Session and User ID, when available;
(vii) Type of connection of the USER, such as Wi-Fi or cellphone networks (EDGE, 3G, and 4G, for instance); and
2.9. Other technologies may be used for the collection of browsing data from the USER. However, such technologies shall comply with the terms hereof and the USERS choices concerning their collection and storage, provided that the USER shall be previously notified in the event of any changes. If other Data, aside from the ones listed above, are to be collected, the USER will be previously notified. Information collected by Grupo UOL may be matched with the information collected by other sources (including third-party partners) or deriving from other technologies.
3. Use of Data
The Data may be accessed only by companies who are part of Grupo UOL, partners, contractors, and authorities. However, if the USER accesses features or websites of partners, the USER shall be subject to their own practices and policies. We will also disclose how we are going to use the Data collected from the USER.
3.1. Data collected from the USERS may be used with the following purposes:
(i) Identification, authentication and authorization;
(ii) To provide proper support to requests and questions from the USERS;
(iii) To keep registration updated for purposes of telephone contact, e-mail, SMS, mailing list or communication through other means;
(iv) To improve the interactive experience and use during the browsing at the websites, applications, and services provided by Grupo UOL;
(v) To create statistics, studies, researches, project planning and evaluations concerning the activities and behaviors of the USER when using the websites, applications, and services provided by Grupo UOL, performing such operations in anonymous way with Anonymized Data;
(vi) To promote services by Grupo UOL and its partners, in addition to informing about new features, tools, contents, news and other information relevant to the relationship with Grupo UOL;
(vii) To protect Grupo UOL from rights and obligations concerning the use of the website, applications, and services provided by Grupo UOL;
(viii) To cooperate and/or to comply with court order or requisition from administrative authority, as well as to comply with the obligations of preventively reporting certain activities to the applicable authorities;
(ix) To proceed with payment orders made by the USERS;
(x) To submit newsletters and emails that the USERS have expressly agreed to receive;
(xii) To share payment information between the companies of Grupo UOL, in order to streamline the USERS’ experience when using the websites, applications, and services provided by Grupo UOL; and
(xiii) To check Data in private and public bureaus in order to verify if they are accurate, to update them, or to request supplementary data.
3.2. The use, access and sharing of the database created hereunder shall be made within the limits and purposes of Grupo UOL’s activities, and it may be provided and made available for access and/or research to companies who are part of Grupo UOL, in addition to business partners, vendors, service providers, contractors, authorities or general third parties, provided that in compliance with the provisions hereunder, Applicable Law or court order. USER’s sensitive data, such as personal information about their race or ethnic origin, religious belief, political opinion, trade union membership, or affiliation to religious, philosophical or political organization, data concerning their health or sexual life, genetic or biometric information, when linked to an individual, shall be shared exclusively upon the USER’s consent.
3.2.2. Grupo UOL undertakes to safeguard the financial and banking secrets of its clients and USERS by not sharing such information with companies to which the USER have not agreed. The USER acknowledges that Grupo UOL is not obliged to comply with various legal obligations arising from the Applicable Law concerning the identity of its clients and the origin of funds operated by Grupo UOL. Thus, Grupo UOL is hereby authorized to request, and the USER must provide, additional documents and information, also for the performance of know-your-customer and anti-money-laundering procedures. Information obtained by Grupo UOL in response to the request listed above shall be handled as confidential information. Grupo UOL is hereby authorized to share data required by Applicable Law with the competent authorities and third parties who need access to the Data in order to prepare/authenticate reports on the activities by Grupo UOL under such law.
3.3. The USER is hereby aware that Grupo UOL may perform (i) the anonymization of Personal Data, turning them into Anonymized Data; (ii) data enrichment, adding information derived from other lawful sources - including from databases of other companies part of Grupo UOL; and (iii) handling of Personal Data based on the legitimate interest of Grupo UOL, pursuant to Applicable Law. The USER expressly consents to such activities upon agreement with the terms hereof.
3.4. Internally, the Data will only be accessed by professionals duly authorized by Grupo UOL, in compliance with the principles of the purpose, fitness and need, among other principles provided by Applicable Law, for the purposes of Grupo UOL, in addition to the commitment of confidentiality and preservation of privacy hereunder.
3.5. Anonymized Data may be collected, handled, stored, used, transferred and disclosed for any purpose, regardless of authorization from the USER.
3.6. Grupo UOL has business partners who may offer services through features or websites accessed from the websites, applications, and services provided by Grupo UOL. Data provided by the USER to these partners shall be under the responsibility of such, subject to their own practices in the collection and use of Data, holding Grupo UOL harmless of any liens concerning those Data.
3.7. Grupo UOL values the security and sanctity of the USER’s credentials. For that reason, Grupo UOL continuously searches and monitors the Internet in its various layers in order to identify, collect and handle for purposes of validation (authentication tests) logins and passwords that potentially belong to the USERS and that have been unduly published online by third parties.
4. Data Storage
All Data collected are stored in a safe location. The USER may, at any time, request the display, adjustment, or deletion of their Data. Except for specific cases, we may keep the Data collected for legal compliance, audit and preservation of rights, for the period required to comply with those responsibilities.
4.1. All Data collected will be stored in a safe and controlled environment. However, considering that no security system is flawless, Grupo UOL is held harmless from any liabilities for any damages and/or losses arising from flaws, virus, or hacking of the websites, applications, and services provided by Grupo UOL, except in the event of negligence or malicious fraud by Grupo UOL. However, if Grupo UOL detects that any of those events have occurred, Grupo UOL will notify the affected USERS informing that there was a breach of their Data and indicating that they should take all applicable measures.
4.2. Data obtained from the USER may be stored in Grupo UOL’s own server or third-party server hired for this purpose, whether they are located in Brazil or abroad, and they may also be stored through cloud computing technology and/or any other technologies that may arise in the future, always with the intention of improving Grupo UOL’s activities. Third parties who may eventually keep servers with stored Data are required by Grupo UOL to keep security and control standards according to all applicable legal regulations.
4.3. Using the support tools available in the websites, applications, and services provided by Grupo UOL, the USER (subject to the verification of their identity) may:
(i) request access to the Data, including its display, adjustment with the correction of incomplete, inaccurate or outdated data, or the deletion of Personal Data concerning the USER;
(ii) request the deletion of all of their Personal Data collected and recorded by Grupo UOL, provided that the agreement between the USER and Grupo UOL has been terminated, the Account has been canceled, and that the minimum legal term for purposes of Grupo UOL’s legal obligations has expired;
(iii) revoke the consent for future collection, handling, use and processing of Personal Data concerning the USER or also restrict the processing of Personal Data. This will not affect the lawfulness of the handling and processing of Personal Data performed before the revocation, based on its consent or on the legitimate interest of Grupo UOL. The revocation of the consent may hinder the USER from using to the fullest or even preclude the use of the websites, applications, and services provided by Grupo UOL.
(iv) request portability of their Data; and
(v) request Grupo UOL not to use their Personal Data for marketing purposes.
4.3.1. Even if the USER has requested the deletion of their data and revoked their consent, in some specific cases Grupo UOL may be subject to Laws and regulations that may hinder the deletion/revocation of the Data.
4.3.2. USER’s Personal Data will also be deleted whenever they are no longer needed, except in the event of legal or contractual reason for their maintenance (e.g., in order to comply with any legal obligation concerning data retention or the need to preserve such to preserve legitimate interests and rights of one of the parties involved in the contract).
4.4. Privacy settings of the USERS and the products and resources that the USER uses have an impact over the USER’s Data that will be collected by Grupo UOL.
4.5. Grupo UOL may, for purposes of audit and preservation of rights, keep the Data record history of the USER, and Grupo UOL has the choice to finally delete them upon its convenience or under the circumstances required by law or regulatory norm. Grupo UOL may also keep the Anonymized Data and anonymized version of the Data with the purpose of statistics and studies, even after the request for deletion made by the USER or upon the end of the legal term for safekeeping.
5. General Provisions:
We may update this document at any time. Thus, it needs to be consulted from time to time. In the event any activity is outsourced, we will ensure that the companies hired will comply with all provisions hereunder.
5.1.1. In the event of any change to this document, Grupo UOL will notify the USER using the tools available in the websites, applications, and services provided by Grupo UOL and/or contact information registered by the USER. The USER shall be bound to the new terms of this document as from the delivery of the notice regarding such updates.
5.2. Contact information of the DPO: firstname.lastname@example.org. The USER may contact that email address for any questions that may arise concerning the provisions herein.
5.3. If you believe that Grupo UOL has breached any legal provision or clause herein, the USER is entitled to file a complaint with the proper supervising authority, in addition to directly contacting Grupo UOL.
5.4. If third-party companies perform the processing of any Data collected by Grupo UOL, they must comply with the conditions established herein and the rules of Information Security of Grupo UOL.
5.5. If any provision herein is considered unlawful or lacks standing by authorities where the USER is a resident or from where they are connecting to the Internet, all the other conditions shall remain in full force and effect.
6. Applicable Law and Venue
In the event of any lawsuits, the Brazilian law and the courts of the judicial district of São Paulo shall be chosen for conflict resolution, except if specifically provided otherwise by Applicable Law (such as the USER’s residency).
7. Specific Conditions
7.1. Loan and Investment Platform
7.1.1. If the USER uses the online Loan and Investment Platform offered by companies part of Grupo UOL (“Loan and Investment Platform”), the following additional conditions shall be applicable.
7.1.2. When using the Loan and Investment Platform, the USER may be requested to submit additional documents and information, for purposes of credit analysis, in addition to the performance of know-your-client and anti-money-laundering procedures. Information obtained by Grupo UOL will be handled as confidential information, under Declaratory Statute No. 105 of January 10, 2001, which provides for the confidentiality of operations by financial institutions.
7.1.3. If Grupo UOL suspects that the USER provided fake information, third parties may be triggered in order to assess the possibility of fraud; these third parties shall have access to the information provided with the sole purpose of verifying whether there was an occurrence of fraud.
7.1.4. Grupo UOL may transfer collected Data to other market agents, such as financial institutions, who shall be needed, solely and exclusively with the purpose of performing the activities related to the Loan and Investment Platform.
(i) USER identity verification;
(ii) to prevent the occurrence of money-laundering and financial crimes;
(iii) to detect any fraud;
(iv) to perform credit analysis;
(v) to manage the Loan and Investment Platform;
(vi) to make the home page of the Loan and Investment Platform available to its users and to identify the services that may interest them;
(vii) to perform regulatory controls required by applicable law/regulation;
(viii) to provide information to any third parties that may be interested on and/or concerning the intended operation; and
(ix) to ensure the execution of the intended operation.
7.1.6. Grupo UOL has resources for physical, electronic and procedural protection to the Loan and Investment Platform, in compliance with the national and global legal standards of personal information protection, such as mechanisms of access authentication with two-factor authentication systems, ensuring the individual identification of the person responsible for the handling of records, inventory with details of access to the Loan and Investment Platform and the use of management solution of records through methods that ensure the sanctity of the data.
7.2. Payment Management Service
7.2.1. If the USER uses “PagBank” payment management service, the following additional conditions shall be applicable:
7.2.2. Upon authorization from the USER, Grupo UOL may access information available in the email of the USER to manage bank-issued invoices (boletos).
7.2.3. Any access of Grupo UOL to the email boxes of the USERS:
(i) shall only occur upon prior and express consent from the USER, which may be granted and revoked at any time through the tools available in the USER’s email.
(ii) shall occur automatically, without the involvement of any human element;
(iii) shall be restricted solely to emails concerning bank-issued invoices, for the proper operation of the feature offered by Grupo UOL, allowing the USER to manage their accounts payable, as well as streamlining the payment using Grupo UOL’s services/products; and
(iv) occurs only if the email provider of the USER has a feature allowing the authorized access by Grupo UOL. Under no circumstance Grupo UOL will request the USER to provide their credentials to access their email.
7.2.4. The use of information received by Gmail APIs from Grupo UOL is made in compliance with Google Limited Use Requirements (https://developers.google.com/terms/api-services-user-data-policy).
18.104.22.168. Grupo UOL shall only use such access to read the body of messages in Gmail (including exhibits), metadata, headers, and settings for allowing the user to manage consumption accounts, and Grupo UOL shall not transfer the Gmail data to third parties, unless it has to be done in order to provide and improve such resources, compliance with applicable law or in the event of a merger, acquisition or sell of assets.
22.214.171.124. Grupo UOL shall not use data from Gmail for advertisement purposes.
126.96.36.199. Grupo UOL will not allow humans to read such data, unless we have your consent for specific messages, which is required for security purposes, such as for investigating misuse, compliance with applicable law or for internal operation of Grupo UOL’s solutions, and, even so, only upon aggregation and anonymization of the data.
7.3.1. UOL Cloud/Host
188.8.131.52. If the USER uses virtual computing services and resources to create and use processing environment, data storage and provision of Internet access (“UOL Cloud”), the following additional conditions shall be applicable:
184.108.40.206. The Data may be stored in various servers at the same time, due to information security and redundancy. Those servers may be located in different regions or countries. The USER agrees that Grupo UOL may establish, at its sole discretion, where the Data will be stored. Upon USER’s request, Grupo UOL shall inform where their data are stored at the time of the request.
Updated on: October 21, 2020