Privacy Policy

 

FIRMARE is a consultancy specialized in the implementation of Food Safety and Quality Management Systems for Food Industries, Restaurants and other Food Service companies based on the following values:

  • Transparency
  • Honesty
  • Respect
  • Commitment
  • Dedication
  • Professionalism
  • Confidentiality

 

In line with these values, FIRMARE recognizes that the privacy and protection of its customers' personal data is a priority and a commitment for FIRMARE, which is why it establishes this Privacy and Data Protection Policy, in which it undertakes:

  • Respect the privacy of the holder of personal data and maintain total confidentiality of this information;
  • Adopt and implement internal processes and policies that ensure compliance with Law No. 13,709/2018 and current legal regulations, in addition to good practices and other commitments assumed by FIRMARE regarding the protection of personal data;
  • Apply this Policy to the set of personal data that are under the control of FIRMARE;
  • Adapt the Policy to the structure, scale and volume of FIRMARE's operations, as well as the sensitivity of the data processed;
  • Establish adequate policies and safeguards based on a systematic assessment of impacts and risks to privacy;
  • Establish a relationship of trust with the holder of personal data, whatever the nature and purpose of data processing, through transparent action and that ensures mechanisms for their participation;
  • Integrar a presente Política à sua estrutura geral de governança e estabeleça e aplique mecanismos de supervisão internos e externos;
  • Implementar planos de resposta a incidentes e remediação; e
  • Estimular objetivos consistentes com a melhoria dos processos e atualizar constantemente com base em informações obtidas a partir de monitoramento contínuo e avaliações periódicas.

 

  1. Definitions

This Privacy and Data Protection Policy is based on the concepts defined by the General Data Protection Law (LGPD) and, for its correct interpretation, the terms below must be understood in accordance with the definitions established herein:

Personal Data(s): Information related to an identified or identifiable natural person, being considered identifiable the one that can be identified, directly or indirectly, due to one or more data, such as, for example, a location, a physical identity , genetics, economics, among others.

Database: Structured set of personal data, established in one or several places, in electronic or physical support.

Holder of Personal Data: Natural person to whom the personal data that are subject to processing refer.

Controller: Natural or legal person, public or private, who is responsible for decisions regarding the processing of personal data.

Operator: Natural or legal person, public or private, that processes personal data on behalf of the Controller.

Person in charge: Person appointed by the Controller to act as a communication channel between it, the data subjects and the National Data Protection Authority.

Processing of Personal Data: Any operation carried out with personal data, such as those referring to the collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation or control of information, modification, communication, transfer, diffusion or extraction.

Consent: Free, informed and unequivocal statement by which the Holder agrees with the processing of his personal data for the purpose previously communicated.

Deletion: Exclusion of data or a set of data stored in a database, regardless of the procedure used.

Shared use of data: Communication, dissemination, transfer, interconnection of personal data or shared treatment of personal databases by public bodies and entities in compliance with their legal competences, or between these and private entities, reciprocally, with specific authorization, for a or more modalities of treatment allowed by these public entities, or between private entities.

Website: Means the website http://www.firmareconsultoria.com.br.

 

  1. Data Processing Controller

The company responsible and controller for the Processing of Personal Data, for the purposes of this Policy, is the company FIRMARE GERENCIAMENTO E SERVIÇOS EM SEGURANÇA DE ALIMENTOS LTDA.-ME, hereinafter referred to as “Controller” or “FIRMARE”, registered with CNPJ/MF under No. 14.774 .314/0001-56, located at Rua Manoel da Nóbrega, 111, Suite 52, Paraíso, in the City of São Paulo, State of São Paulo, CEP: 04001-090.

 

  1. Purpose of Collection and Processing of Personal Data 

FIRMARE may use, store, process and trat Personal Data to:

 

3.1.  Improve and develop its Site, in accordance with the following purposes:

 

  • Allow access and use by customers and users in general.
  • Operate, protect, improve and optimize the experience of customers and users on the Site, such as performing statistical analysis and conducting research.
  • Provide customer service.
  • Send messages, updates, security alerts and account notifications.
  • Perform assessments based on your interactions with the Site, your profile information, preferences, service history and other content.
  • Perform checks on databases and other sources of information.
  • Improve the products and services offered by FIRMARE brand.

Achieve continual service improvement and enhance customer experience.

 

3.2. Evaluate, develop and improve the advertising and marketing of FIRMARE brand:

  • Send promotional messages, marketing, advertising and other information that may be of interest to customers and users based on their preferences, including advertisements from partners and advertisements on social media platforms such as Facebook, Instagram or Google.
  • Customize, measure and improve brand advertising.
  • Develop and manage campaigns, surveys or other promotional activities or events sponsored or carried out by FIRMARE or by our third-party business partners.
  • Evaluate the preferences and profile of customers and users, according to the information provided and their interactions on the Site, to send promotional messages, marketing, advertisements and other information that may be of your interest via SMS, WhastApp and email.

The Data Subject may opt out of receiving marketing communications by following the unsubscribe instructions included in marketing communications and on the Site. If you express your agreement with such receipt, the customer acknowledges and accepts that the information collected by FIRMARE may be used for the advertising purposes mentioned above.

 

  1. Data Collection and General Information

The Site collects a set of data and general information when an automated system accesses it. This general data and information is stored in the server's log files. The collected data can be: (i) the types of browsers and versions used; (ii) the operating system used by the access system; (iii) the site from which an access system arrives at the Site; (iv) the sub-sites; (v) date and time of access to the Site; (vi) internet address (IP address); (vii) access system Internet access provider; and (viii) any other data and information that may be used in the event of attacks on our information technology systems.

The information will be necessary to: (i) deliver the Site's content correctly; (ii) optimize the content of the Site, as well as its advertising; (iii) ensure the long-term viability of our information technology systems and Site technology; and (iv) provide the authorities with the necessary information in case of intrusions or cyber-attacks.

Furthermore, when accessing or logging in through a social media service (Facebook, Instagram, among others) your user ID and/or the username associated with the social media service may be registered and, if so, may collect any information or content that the user has classified as public, for example, profile picture, email address, location, friends lists and others.

The Data Holder may register on the Site by providing his/her personal data such as full name, CPF, address, e-mail and cell phone, for the purposes set forth in Item 3 of this Policy.

When completing registration, the Data Holder expressly, freely and unequivocally consents to FIRMARE the right to collect, store and process his personal data in its database, including but not limited to the information provided by the Holder of Data.

This data is not communicated to third parties, with the exception of those provided for in Item 7 or unless imposed by legal rule or for criminal purposes.

 

  1. Data Subject Rights

 

  1. a) Right of Confirmation:

The data subject has the right to obtain from the person responsible for the treatment confirmation that the personal data are being processed or not.

  1. b) Right of Access:

The data subject has the right to obtain free information from the controller about stored personal data at any time.

  1. c) Right to Correction of Data:

The holder of personal data has the right to obtain from the controller the correction of incorrect, inaccurate or outdated personal data.

  1. d) Right to Block or Delete Data:

The holder of personal data has the right to obtain from the controller the blocking or deletion of personal data and the controller has the obligation to block or delete, in whole or in part.

  1. e) Right to Information:

The data subject has the right to obtain from the person responsible for the treatment the information that the personal data are or are not being shared with other public and private entities, as well as information on the possibility and not to provide consent for the treatment. of your data.

  1. e) Right to Withdraw Consent:

The data subject has the right to revoke the consent to the processing of his personal data at any time.

 

  1. Other Hypotheses for Data Processing

In addition to the hypotheses provided for in this Policy and in the applicable legislation, the processing of personal data may also be carried out, even without the due authorization of the holder, in the following hypotheses:

 

I - For compliance with a legal or regulatory obligation by the Controller;

II - When necessary for the execution of a contract or preliminary procedures related to a contract to which the holder is a party, at the request of the data subject;

III - For the regular exercise of rights in judicial, administrative or arbitration proceedings, the latter under the terms of Law No. 9,307, of September 23, 1996 (Arbitration Law);

IV - When necessary to meet the legitimate interests of the controller or a third party, except in the case of prevailing fundamental rights and freedoms of the holder that require the protection of personal data; or

V- For credit protection, including the provisions of the relevant legislation.

 

  1. Sharing of Personal Data

According to the current Policy, personal data will not be transferred or shared with third parties, with the exception of sharing with the Operator itself, third parties that may be contracted for the storage of data or services necessary for data processing, commercial partners and, also, in the case of corporate transactions involving the Controller, in which case the transfer of information will be necessary for the continuity of services.

 

  1. Personal Data Storage Period

Personal data will be stored by the Controller for the time necessary for the processing of the data, in accordance with the nature and purpose of the processing.

In addition, the data may be deleted in the following cases:

 

I - Verification that the purpose has been achieved or that the data are no longer necessary or relevant to achieve the specific purpose sought;

II - Communication of the holder in the exercise of his right of revocation; or

III - Determination of the National Data Protection Authority.

Os dados pessoais que não sejam mais necessários para o cumprimento do contrato ou de uma obrigação legal correspondente são rotineiramente excluídos do Banco de Dados da Controladora.

 

  1. Term of Policy

This Policy is effective November 1, 2019 and will remain in effect for an indefinite period.

 

  1. Changes

This Policy may be amended at any time with the publication of its most recent version, indicating the date on which the last amendment was made.

The Controller recommends that the data subject review this Policy at regular intervals. By visiting the Site, you also acknowledge that it is your responsibility to review this Policy periodically and see what changes may have been made.

 

  1. Data Protection Officer

In case of doubts related to this Policy or, even, if a data subject wants to exercise the rights related to the confirmation, access, correction, blocking, deletion, information or revocation of consent, he may contact the Data Protection Officer , Mr. _________________, or appointed representative, via email ..............

Contact us
  • This email address is being protected from spambots. You need JavaScript enabled to view it.

2022 © All rights reserved | Privacy Policy