Privacy Policy
In order to ensure the privacy of users of the AMAGGI website, we have established a Privacy Policy that provides for how the personal data of everyone who visits our pages will be treated. See our policy below and understand how and why we collect personal data from our users.
1. OBJECTIVE
Care for your privacy, therefore we understand that any and all personal data processing must be limited to what is strictly necessary, pertinent, and proportionate to achieve the intended purposes. To this end, the personal data we collect about you will only be those compatible with your relationship with us, i.e., as employee, candidates, client, supplier, service provider, among others.
1.1 Scope
AMAGGI’s Privacy Policy covers all dimensions and activities, in all regions where the company operate and applies to the processing of personal data collected by AMAGGI, directly or indirectly, from all individuals, including, but not limited to, current, future or potential job seekers, employees, customers, producers, consumers, dependents, suppliers, contractors/subcontractors, shareholders or any 3rd parties, with “Personal Data” defined as any data relating to an identified or identifiable individual, in compliance with the General Data Protection Law (LGPD) in force in our country.
2. DEFINITIONS, TERMINOLOGY AND ACRONYMS
See below some important definitions to better understand the protection we apply to your personal data, the limits of our use and your rights:
I – You or Data Owner –Individual to whom the Personal Data refers to, which will be processed by AMAGGI.
II – Personal data – Identified or identifiable information about the holder. Examples of personal data are your name, Individual Taxpayer Registration Number – CPF, Identity Number – RG, address, computer IP address, and telephone.
III – Sensitive personal data – Personal data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, union membership, in addition to genetic, biometric data with the purpose of exclusively identifying a natural person, health-related data or data relating to the sexual life or sexual orientation of an individual person.
IV – Anonymized data – Information that does not identify or lead to the identification of any individual, considering the use of reasonable technical means available at the time of processing the data.
V – Controller – Individual responsible for making decisions related to the processing of personal data. In this case, the controller is AMAGGI.
VI – Co-controller: Controllers with joint responsibilities, co-existing in the processing of personal data.
VII – Operator – Individual responsible for processing data pursuant to lawful instructions from a Controller of the personal data.
VIII – Data Protection Officer – DPO – Individual appointed by the Controller as responsible for data protection within AMAGGI, ensuring the security of information, both for the data owner and for the organization itself. They also act as a communication channel between the controller, data subjects and the National Data Protection Authority (ANPD).
IX – Treatment – Any operation that is carried out with personal data, which may include obtaining, accessing, analyzing, transferring, storing, anonymizing, deleting etc.
3. AMAGGI PRIVACY POLICY
This Privacy Policy explains how we protect your privacy when sharing data with AMAGGI. Should you have questions regarding this Privacy Policy, please contact us through AMAGGI’s Privacy Portal.
3.1 Which are your rights regarding privacy and personal data protection?
A) See below your main rights related to your personal data (Article 18 of the LGPD):
I – Confirmation of the existence and processing of your personal data;
II – Access to your personal data;
III – Correction of incomplete, inaccurate or outdated data;
IV- Anonymization, blocking or deletion of personal data that are unnecessary, excessive or that are being treated in violation of any law;
V – Obtaining information about how your personal data will be processed;
VI – Deletion of your personal data, which have been processed based on the consent given by you previously, except in the cases mentioned below;
VII – Information on which public and private entities AMAGGI shared data with;
VIII – Possibility of not providing consent for the processing of your data and being informed of the consequences of such refusal;
IX – Revocation of consent under the LGPD;
X – Request for the portability of your data, upon express request, to another service or product provider, in a format to be regulated by the National Data Protection Authority (“ANPD”).
B) In some cases, the data may not be deleted after the treatment, according to the provisions of the LGPD, such as:
I – Compliance with a legal or regulatory obligation by the controller;
II – study by a research body, ensuring, whenever possible, the anonymization of personal data;
III – transfer to a 3rd party, provided that the data processing requirements set out in the LGPD are respected; or
IV – exclusive use of the controller, its access by a 3rd party being prohibited, and provided that the data is anonymized.
3.2 Personal data collection and usage
3.2.1. AMAGGI undertakes to comply with all applicable legislations regarding the protection of personal data and ensure that these is collected and processed in accordance with the provisions of the General Data Protection Act and other applicable local laws.
3.2.2. Below we indicate which data is collected and processed by AMAGGI, as well as the purpose/need and legal basis for such.
3.3 Data we collect about you
Following the principles of loyalty, justice and transparency, AMAGGI does not collect or process personal data without having a legitimate, contractual and/or legal reason for doing so. In order for us to provide our services and/or products, it is essential to collect some information about you as detailed below:
3.3.1 Data collected through our channels (websites or applications)
3.3.1.1. AMAGGI will collect the personal data entered or forwarded when accessing our channels (websites or applications), when filling out your interest, registration, pre-registration or information request forms. The data collected is necessary to fulfill information and requests through the Contact Us and the Complaints Channel; for other purposes for which we provide a specific notice at the time of collection, or otherwise as authorized or required by law.
3.3.1.2. These are:
a) Identification data such as name, Individual Taxpayer Registration Number – CPF, Identity Number – RG, nationality, license plate;
b) Personal and professional contact details such as e-mail and telephone;
c) Employment data such as company/entity, complaints and claims.
3.3.1.3. As a channel where holders can send complaints or situations that violate our code of ethics, AMAGGI may receive personal data classified as sensitive such as health, race and ethnicity, sexual orientation, union membership or religious organization, philosophical and political or other information that may be sources of discrimination against such subjects. The channel is open to all, and AMAGGI may process data from employees, candidates, drivers, customers, producers, suppliers, service providers, among other citizens who do not necessarily have a direct link to AMAGGI.
3.3.1.4. Data are collected by consent provided by the owner who described the situations and are treated in accordance with the LGPD, in compliance with the legal obligations of the controller, including those provided for in the Anti-Corruption Law.
3.3.2 Candidate data
Data on candidates for job vacancies at AMAGGI are collected to support the recruitment and selection process, as well as conflicts of interest verification.These are:a) Identification data such as name, Individual Taxpayer Registration Number – CPF, Identity Number – RG, CNH, date of birth, nationality, place of birth, parents’ names, marital status, voter registration, military discharge certificate, social media accounts;
b) Personal contact details such as e-mail, telephone and home address;
c) Educational, professional and employment data such as educational/academic history, curriculum vitae, educational level, school/university, diploma, educational history and training, information on courses and training, qualifications/certifications, languages, data on benefits and rights, work portfolio, previous work history, enrollment, end date and reason for termination, title/function, salary and salary expectation;
3.3.2.2. We may also collect sensitive personal biometric data such as photo, image; health data such as PCD (person with disability), information and reports related to health and safety, occupational health certificate, medical record; racial or ethnic origin.
3.3.3 Employee data
3.3.3.1. Employee data are collected for the completeness of human resources processes; perform access control to AMAGGI; comply with regulations; and other purposes necessary for the full performance of activities, as well as the signed employment contract.
3.3.3.2. These are:
a) Identification data such as name, Individual Taxpayer Registration Number – CPF, Identity Number – RG, Driver’s License – CNH, Social Contribution to the Social Integration Plan – PIS, Politically Exposed Person – PPE, Social Security Number – INSS, date of birth, birth certificate, name mother’s, father’s name, nationality, place of birth, marital status, voter registration card, marriage certificate, death certificate, children’s names, traffic fines or warnings, license plate, signature, social media accounts;
b) Identification data of the collaborator’s spouse, such as Individual Taxpayer Registration Number – CPF, Identity Number – RG, marriage certificate, birth certificate, death certificate;
c) Personal and professional contact details such as e-mail, telephone, and home address;
d) Educational, professional and employment data such as school/academic history, education level, professional registration, company/entity, position/function, area, immediate superior, date of admission, enrollment, work card, data on benefits and rights, end date and reason for termination, pay-slips, disciplinary actions, complaints and claims, previous work history, absence record/time monitoring/annual leave, salary/expiration, information on courses and training, working hours, shift, psychographic profile, performance evaluation;
e) Financial data such as bank account details and compensation, corporate credit or debit card;
f) Browsing data such as browsing time, IP address, network interaction history, website history, user.
3.3.3.3. Other data are sensitive personal biometric data such as fingerprint, photo, image, voice recognition; health data such as medical certificate, medical record, occupational health certificate, information and reports related to health and safety, vaccination card, National Health Card (CNS) of the employee and their spouse, racial or ethnic origin; membership and political activities, and union membership.
3.3.3.4. In case of event images registration, the processing of personal data will occur by providing the data subject’s consent through a written document. In addition, information can be collected to meet information and requests made directly by the data subject, through AMAGGI’s Privacy Portal.
3.3.4 Data on directors, counselors and legal representatives
3.3.4.1. Personal data of officers, directors and legal representatives are necessary to guarantee the execution of a contract or meet the prerequisites for entering into a contract; comply with regulations; for other purposes for which we provide a specific notice at the time of collection, or otherwise as authorized or required by law; and the fulfillment of information and requests by AMAGGI’s Privacy Portal.
3.3.4.2. These are:a) Identification data such as name, Individual Taxpayer Registration Number – CPF, Identity Number – RG, Driver’s License – CNH, Social Contribution to the Social Integration Plan – PIS, marital status, nationality, signature;
b) Contact details such as home address;
c) Professional and employment data such as profession, professional record, position/function;
d) Financial data such as bank account details.
e) Other data are sensitive personal biometric data such as image, fingerprint (if entering AMAGGI premises) and voice recognition (if using AMAGGI extensions).
3.3.5 Data on visitors, drivers, crew and inspection agents
3.3.5.1. Data from visitors, drivers, crew and inspection agents are necessary to control access to AMAGGI; comply with legal regulations; for other purposes for which we provide a specific notice at the time of collection, or otherwise as authorized or required by law; and fulfillment of information and requests through AMAGGI’s Privacy Portal.
3.3.5.2. These are:
a) Identification data such as name, Individual Taxpayer Registration Number – CPF, Identity Number – RG, Driver’s License – CNH, Registration Card – CIR, date of birth, nationality, passport, signature, license plate;
b) Personal and professional contact details such as telephone and e-mail;
c) Educational, professional and employment data such as school/university, company/entity, position/function, badge;
d) Other data are sensitive personal biometric data such as image, fingerprint (if entering AMAGGI premises) and voice recognition (if using AMAGGI extensions).
3.3.6 Data from suppliers, producers, service providers, third parties and independent workers
3.3.6.1. Data from suppliers, service providers, 3rd parties and independent workers are necessary to: control access to AMAGGI; ensure the execution of contracts, documents, and meet the prerequisites for entering into a contract; full execution of its activities, as well as the contract for the provision of services signed; comply with regulations; for other purposes for which we provide specific notice at the time of collection, perform 3rd party due diligence as set forth in the Company Policy or otherwise as authorized or required by law; in addition to answering information and requests on AMAGGI’s Privacy Portal.
3.3.6.2. These are:
a) Identification data such as name, Individual Taxpayer Registration Number – CPF, Identity Number – RG, Driver’s License – CNH, Social Contribution to the Social Integration Plan – PIS, Social Security Number – INSS, date of birth, nationality, marital status, signature, license plate;
b) Personal and professional contact details such as e-mail, telephone and home address;
c) Professional and employment data such as resume, company/entity, position/function, area, profession, professional registration, registration, badge, qualifications/certifications, information on courses and training, work card, salary, absence record/monitoring of time/annual leave, complaints and claims, shift, working hours, absences, pay stub;
d) Financial data such as bank account details;
e) Background data such as disciplinary action, criminal history.
3.3.6.3. Other data are sensitive personal biometric data such as fingerprint, voice recognition (if using AMAGGI extensions), photo and image; health data such as information and reports related to health and safety and occupational health certificate.
3.3.7 Minors’ personal data
3.3.7.1. AMAGGI can process minors’ personal data (persons under the age of 18) in the case of young apprentices, as well as employees’ dependents and beneficiaries.
3.3.7.2. These are:
a)Identification data such as name, Individual Taxpayer Registration Number – CPF, Identity Number – RG, date of birth, degree of kinship, mother’s name, birth certificate, death certificate, signature;
b)Personal and professional contact details such as telephone, e-mail and home address;
c)Professional and employment data such as resume, company/entity, position/function, area, work card, working hours, ID, badge number, information regarding courses and training, and termination interview;
d)Financial data such as bank account details.
3.3.7.3. Other data are sensitive personal biometric data such as fingerprints, photo, image and voice recognition; health data such as health and safety related information and reports; occupational health certificate, and National Health Card (CNS).
These data are collected through the consent provided by the legally responsible in a clear and explicit manner, as established by the General Data Protection Law No. 13.709/2018.
3.3.8 Client data
3.3.8.1. AMAGGI may process customers’ personal data who take part in the Customer Satisfaction Survey sent annually by AMAGGI.
3.3.8.2. The personal data processed belong to employees (representatives of the client company) who answer the survey and provide full name, title, company and telephone data (messaging applications) to send the questionnaire.
3.3.8.3. These data are collected through the consent provided by the legally responsible in a clear and explicit manner, as established by the General Data Protection Law No. 13.709/2018.
3.3.9 Personal data automatically collected
AMAGGI uses technology for automatic data collection that helps us to improve our website and offer personalized services using market technologies, such as cookies, subject to the provisions contained in the LGPD.
3.4 Cookies
As many companies, our website uses “cookies”. Cookies are pieces of text placed on your computer’s hard drive when visiting certain websites. We may use cookies to let us know, e.g., if you have visited us before or if you are a new visitor, and to help us identify resources in which you may be most interested in. Cookies can enhance online experience by saving preferences while visiting a website.
We will inform you when you visit our website which types of cookies we use and how to disable them; you can visit our website and refuse the use of cookies or manage your preferences at any time on your computer. Personal data are collected for specific and legitimate purposes and are not processed in a manner incompatible with these purposes in accordance with – DE-0152 – AMAGGI Cookies Policy.
3.5 Information security
3.5.1. We implement appropriate technical and organizational measures so to protect Personal Data from accidental or unlawful alteration or loss, or from any unauthorized use, disclosure or access, in accordance with AMAGGI’s Information Security Policy.
3.5.2. The treatment and responses to security incidents consists of receiving, filtering, classifying and responding to requests and alerts, and performing analyzes of security incidents, seeking to extract information that allows preventing the continuation of malicious action and also identifying vulnerabilities through the Procedure PO – 0624 – AMAGGI Incident Response Procedure.
3.5.3. We take, where appropriate, all reasonable measures based on privacy by design, and privacy by default principles, so to implement the necessary safeguards and protect the processing of personal data. We also carry out, depending on the level of risk raised by processing, a privacy impact assessment (“DPIA”) to take appropriate measures and ensure the protection of personal data.
3.6 Sharing personal data
3.6.1. We may, in the normal course of our business, internally share personal data between our employees and contractors/subcontractors so to meet legitimate interests, subject to the LGPD provisions and also to:
I – Business partners: We will always advise business partners on how to handle their data, keep it safe and comply with the law.
II – External/internal audits: personal data may be shared with external audit services for our operations, especially for analysis regarding compliance with privacy parameters, data protection and information security.
III –Public authorities or official bodies: in order to comply with legal obligations to which we are subject to, we may have to share data with public authorities or official bodies, upon request or express legal provision.
3.7 Data retention period
3.7.1. Personal data will not be used for any purpose other than described in this Privacy Policy. Should there be a need to use your data for other purposes, AMAGGI will ask for your consent prior to proceeding, unless it is to fulfill a legal obligation or serve our legitimate interests, such as conducting internal investigations, preventing fraud, and any other illegalities.
3.7.2. In addition, the personal data indicated will be kept in our system only for as long as necessary to fulfill the purposes described herein, including to safeguard the company’s rights and interests in the event of a legal claim.
3.8 International transfer of personal data
Taking into consideration AMAGGI’s international presence, personal data may be transferred to other group companies or 3rd parties located outside Brazil. AMAGGI will ensure that when personal data is transferred to countries that have different data protection standards, adequate safeguards will be put into place so to protect the personal data and ensure that such data transfers comply with applicable data protection laws.
3.9 Data storage
3.9.1. AMAGGI will keep all personal data processed accurately and, when necessary, updated. In addition, it will only retain personal data for as long as necessary for the purposes for which it is processed in accordance with our Data Retention Policy.
3.9.2. Personal data, processed by the Company, will be deleted when no longer necessary for the purposes for which they were collected, or when requested by you, except in the event of the need to comply with a legal or regulatory obligation, transfer to a 3rd party – provided that the data processing requirements are respected – and exclusive use by the Company, including for the exercise of its rights in judicial or administrative proceedings.
3.10 Update
We may update this Data Protection Policy from time to time as our business, or legal requirements, change. Should we incur significant changes to this policy, we will post a notice on our website when these take effect; the date of the last revision to this policy is identified at the top of the page.
3.11 Contact us
Should you have any doubts regarding the collection and processing of your personal data by AMAGGI, please send your queries, comments, complaints, or exercise your data holder rights to AMAGGI’s Data Protection Officer, through AMAGGI’s Privacy Portal.
We will ensure that the personal data processed is adequate, relevant and limited to what is necessary for the purposes for which they are processed and in compliance with the legal bases established by the General Data Protection Law – LGPD
4. RESPONSIBILITES, EXCEPTIONALITIES AND GENERAL PROVISIONS
All employees are individually responsible for ensuring compliance with this document in line with the Code of Ethics and Conduct and with the laws and regulations in force.
Direct superiors must ensure that their subordinates receive the necessary guidance to meet the requirements of this document. This document and its updating, whenever necessary, are the responsibility of the Compliance area, and any exception to the provisions must be sent through to the Compliance Manager.
5 REFERENCES
General Data Protection Law No. 13.709/2018.
