SAINT-GOBAIN PRIVACY AND DATA HANDLING POLICY (“POLICY”)
The purpose of this Policy is to demonstrate the commitment of SAINT-GOBAIN DO BRASIL PRODUTOS INDUSTRIAIS E PARA CONSTRUÇÃO LTDA (“We”), Avenida Santa Marina, 482, 1º andar, Água Branca, ZIP CODE: 05036-903 Corporate Taxpayers Identification (CNPJ): 61.064.838/0001-33 to privacy and data protection, in addition to establishing the rules on the Handling of your Personal Data, in both online environments, such as our electronic address saint-gobain.com.br, and in our facilities (“Our Environments”).
This Policy describes how We collect, storage and use your Personal Data, as well as Your rights under the terms of the applicable law, in particular Law No. 13.709/2018 (“General Data Protection Law”).
As a condition for accessing and using the exclusive features in Our Environments, You declare to have completely and carefully read this Policy, being fully aware of its contents.
SPECIAL NOTE FOR CHILDREN AND TEENAGERS UNDER 16 YEARS OF AGE
Please do not register in Our Environments if you are under 16 years old.
SPECIAL NOTE FOR LEGAL REPRESENTATIVES
Although we prohibit the registration of children and teenagers under the age of 16, parents must supervise the online activities of their underage children.
The activities of teenagers over 16 and under 18 years of age must be assisted by parents or legal representatives.
2. REGARDING THE DATA WE COLLECT
2.1. How we collect Data. Data, including Personal Data, may be collected when You submit it or interact with Our Environments and services, which include:
|What do we collect?||What do we collect it for?|
(i) To fulfill the obligations resulting from the use of our services.
(ii) To guarantee the portability of the Registration Data to another Controller in the same filed of our activity, if requested by You, complying with the obligation of article 18 of General Data Protection Law.
(iii) To expand our relationship, Inform You about updates, features, contents, news e other events we consider relevant to You.
(iv) To enrich your experience with us and promote our products and services.
(v) To recruit employees in case You want to work with us.
(vi) To identify professional profile.
(Vii) To recruit employees in case You want to work with us.
|Digital identification data|
|IP Address and Source Logic Gate|
(viii) To comply with legal record-keeping obligations established by the Brazilian Civil Rights Framework for the Internet - Law 12.965/2014.
|Device information (operating system version)|
|Record of day and time of every action You take|
|Which screens you accessed|
2.2. Required data. Many of our services depend directly on some Data reported in the table above, in special the Registration data. If you choose not to provide some of this Data, we may be unable to provide You all or part of our services.
2.3. Data Update and Veracity. You are solely responsible for the accuracy, veracity, or lack of it of the Data you provide or for its out-dating. Please be aware because it is your responsibility to ensure their accuracy or to keep them updated.
2.3.1. Likewise, We are not obligated to process or handle any of your Data if there is reason to believe that such processing or handling could imply any breach of any applicable law, or if you are using Our Environments for any illegal, illicit or unethical purpose.
2.4. Database. The database build by the collection of Data is our property and is under our responsibility, and its use, access and sharing, when necessary, will be done within limits and purposes of business described in this Policy.
2.5. Technologies used. We use the following technologies: (i) Cookies, being up to You to configure you Internet browser if you wish to block them. In this case, some features we offer may be limited.
2.5.1. All technologies used will always comply with current law and terms of this Policy.
2.6. We do not use any kind of solely automated decision that impacts You.
3.2. How are they stored. Cookies allow Our Environments to store information when you access them, such as your preferred language, the location and recurrence of your sessions and other variables We consider relevant to enrich your experience. Cookies may also be used to collect anonymous and aggregated statistics that allow us to understand how You use Our Environments, as well as to improve their structure and content. We will not personally identify You through this data.
3.3. Types of Cookies. There are two types of Cookies that may be used in Our Environments: "Sessions Cookies" and "Persistent Cookies". Session Cookies are temporary Cookies that will remain in your device until you finish browsing or using Our Environments. Persistent Cookies are Cookies that remain on your device until deleted (how long the Cookie will remain on the device depends on the lifetime of the specific Cookie and the settings of the browser used).
|Type of Cookies||Expiration||Purpose of Collection|
|Session: lang||Session Cookie: expires when You close the navigation session||This cookie is used to remember the language selection in Our online Environments.|
|Persistent: _ga||Expires in 2 years||This cookie registers an ID that is used to generate statistical data when You visit Our online Environments.|
|Persistent: gat||Expires in 1 day||Cookie related to the use of Google Analytics for navigation registration.|
|Session: gid||Expires in 1 day||This cookie registers an ID that is used to generate statistical data when You visit Our online Environments.|
|Persistent: fbp||Expires in 3 months||Cookie related to the use of Facebook for advertising purposes.|
|Session: Ads/ga-audiences||expires when You close the navigation session||Cookie related to the use of Google Adwords for navigation registration.|
|Persistent: bcookie||Expires in 2 years||Cookie related to the use of Linkedin to track the use of integrated services.|
|Persistent: bscookie||Expires in 2 years.||Cookie related to the use of Linkedin to track the use of integrated services.|
|Persistent: fr||Expires in 3 months||Cookie related to the use of Facebook for advertising purposes.|
|Persistent: lidc||Expires in 1 day||Cookie related to the use of Linkedin to track the use of integrated services.|
|Persistent: lissc||Expires in 1 year||Cookie related to the use of Linkedin to track the use of integrated services.|
|Session: tr||expires when You close the navigation session||Cookie related to the use of Facebook for advertising purposes.|
|UserMatchHistory||Expires in 29 days||Cookie related to the use of Linkedin to track navigability and usage and to display relevant ads.|
4. HOW WE SHARE DATA AND INFORMTION
4.1. Data sharing hypotheses. Collected data and recorded activities can be shared:
(i) With competent, legal, administrative or governmental authorities whenever there is a legal determination, request requisition or judicial order;
(ii) With companies hired to provide recruitment and selection services, always required from such organizations the compliance with data security and protection guidelines, according to item “5.6”;
(iii) With companies responsible for dealing with complaints that violate the Code of Ethics and that ensure the handling without conflict of interest of the complaints, always required from such organizations the compliance with the data security and protection guidelines, according to item “6.6”; and
(ix) Automatically, in case of corporate transactions, such as mergers, acquisitions, and incorporations.
4.2. Data Anonymization. For the purposes of market intelligence research, dissemination of data to the press and advertising, the data provided by You will be shared anonymously, that is, in a way that does not allow its identification.
5. HOW WE PROTECT YOUR DATA AND HOW YOU CAN ALSO PROTECT IT
5.1. Password sharing. You are also responsible for the confidentiality of your Personal Data and should always be aware that sharing passwords and access data violates this Policy and may compromise the security of your Data and Our Environments.
5.2. Precautions You Should Take. t is very important that You protect your Data against unauthorized access to your computer, account or password, in addition to make sure to always click "log out" when you end your navigation on a shared computer. It is also very important that You know that we will never send you electronic messages requesting confirmation of data or with attachments that can be executed (extensions: .exe, .com, among others) or links for eventual downloads.
5.3. Information Security. All payment transactions, whether with a credit card or not, are executed using SSL technology (secure socket layer), ensuring that all your Data, such as delivery address, credit card data and order history, are not illicitly disclosed. In addition, this technology aims to prevent information from being transmitted or accessed by third parties.
5.4. Access to Personal Data, proportionality, and relevance. Internally, the Personal Data collected are only accessed by duly authorized professionals, respecting the principles of proportionality, necessity and relevance to the objectives of our business, in addition to the commitment to confidentiality and preservation of your privacy under this Policy.
5.5. External links. When you use Our Environments, you may be led, via link to other portals or platforms, which may collect your information and have their own Data Processing Policy.
5.5.1. You are responsible for reading the Privacy and Data Handling Policies of such portals or platforms outside our environment and it is your responsibility to accept or reject it. We are not responsible for the Privacy and Data Handling Policies of third parties nor for the content of any websites or services linked to environments other than ours.
5.5.2. Partner services. We have business partners that can eventually offer services through functionalities or websites that can be accessed from Our Environments. The Data You provide to these partners will be under their responsibility, thus being subject to their own data collection and use practices.
5.6. Processing by third parties under our directive. In case third parties Handle on our behalf any Personal Data we collect they will be obligated to comply with the conditions set forth herein and the information security rules.
5.7. Communication by email. In order to optimize and improve our communication, when we send an email to You we can receive a notification when they are opened, provided that this possibility is available. It is important to be aware, because the emails are sent only by the domains: @saint-gobain.com
6. HOW WE STORE YOUR PERSONAL DATA AND ACTIVITY RECORDS
6.1. The Personal Data collected, and the activity records are stored in a safe and controlled environment for a minimum period of time that follows the table below:
|STORAGE PERIOD||LEGAL GROUND|
|5 years after the end of the relationship||Art. 12 and 34 of Consumer Protection Code|
|Digital identification data|
|6 months||Art. 15, Brazilian Civil Rights Framework for the Internet|
|While the relationship lasts and there is no request for deletion or withdraw of consent||Art. 9, item II of the General Data Protection Law|
6.2. Superior storage terms.For auditing, security, fraud control, credit protection and preservation of rights purposes, we may keep your Data registration history for a longer period of time in the event that the law or regulatory norm so establishes or for preservation of rights.
6.3. Collected Data will be stored in our servers located in Brazil, as well as in an environment of use of resources or servers in the cloud (cloud computing), which may require a transfer and/or processing of this Data outside of Brazil.
7. WHAT ARE YOUR RIGHTS AND HOW TO EXERCISE THEM
7.1. Your Basic Rights. You may request our Personal Data Officer to confirm the existence of the treatment of Personal Data, in addition to the display or rectification of your Personal Data, through our Service Channel.
7.2. Limitation, opposition, and exclusion of data. Through the Service Channels, you may also request:
(i) The limitation of the use of your Personal Data;
(ii) Manifesting your opposition and/or withdrawing consent to the use of your Personal Data; or
(iii) Request the deletion of your Personal Data that has been collected by Us.
7.2.1. If You withdraw Your consent for purposes fundamental to the proper functioning of Our Environments and services, such environments and services may become unavailable to You.
7.2.2. If You request the deletion of Your Personal Data, the Data may need to be kept for a period longer than the request for deletion, in accordance with article 16 of the General Data Protection Law, in order to (i) comply with a legal or regulatory obligation, (ii) study by a research body, and (iii) transfer to a third party (respecting the data processing requirements provided in the same Law). In all cases through the anonymization of Personal Data, whenever possible.
7.2.3. After the period of maintenance and the legal need have expired, the Personal Data will be deleted using safe disposal methods or used anonymously for statistical purposes.
8. INFORMATION ABOUT THIS POLICY
8.1. Changing the content and updating. You acknowledge our right to change the content of this Policy at any time, according to the purpose or need, such as for adequacy and legal compliance of a provision of law or rule that has equivalent legal force, and it is up to You to check it whenever you access Our Environments or use our services.
8.1.1. In the event of updates to this document requiring new collection of consent, You will be notified through the contact channels You inform.
8.2. Inapplicability. Should any part of this Policy be considered inapplicable by a Data Authority or court, other conditions will remain in full force and effect.
8.3. Electronic Communication. You acknowledge that any communication made by email (to the addresses informed in your registration), text message, instant communication applications or any other digital form, are also valid, effective and sufficient for the disclosure of any matter that refers to the services we provide, your Data, as well as the conditions of its provision or any other subject addressed therein, being the exception only that this Policy provides as such.
8.4. Service Channels. In case of any doubt regarding the provisions of this Privacy and Data Processing Policy, you may contact us through the service channels indicated below, whose hours of operation are from Monday to Friday, from 8 am to 6 pm, except national holidays:
8.5. Applicable law and jurisdiction. This Policy will be interpreted according to the Brazilian legislation, in the Portuguese language, being elected the forum of your domicile to settle any controversy that involves this document, except for specific reservation of personal, territorial or functional competence by the applicable legislation.
8.5.1. In case You do not have a domicile in Brazil, and due to the services offered by the Company only in national territory, you are subject to the Brazilian legislation, agreeing, therefore, that in case of litigation to be resolved, the action shall be filed at the Court of the Judicial District of São Paulo.
8.6. Public registration. This Policy is registered in the Official Registry of Deeds and Documents.
9.1. For the purposes of this Policy, the following definitions and descriptions should be considered for your best understanding:
(i) Data: Any information entered, processed, or transmitted through Our Environments.
(ii) Personal Data: Data related to an identified or identifiable person.
(iii) Anonymization: Use of reasonable and available technical means at the time of processing by which a data subject loses the possibility of direct or indirect association with an individual.
(x) Sensitive Personal Data: Personal data on racial or ethnic origin, religious conviction, political opinion, union membership or religious, philosophical, or political organization, data concerning health or sex life, genetic or biometric data when linked to a person.
(xi) Data Protection Officer (DPO): Person appointed by Us to act as a communication channel between the controller, data subjects and the National Data Protection Authority (ANPD).
(xii) Cloud Computing: is service virtualization technology built from the interconnection of more than one server through a common information network (e.g. the Internet), with the objective of reducing costs and increasing the availability of sustained services.
(xiii) Our Environments: Designates our physical stores and the email address www.telhanorte.com.br and its subdomains.
(xiv) Access Account: Credential required to use or access the exclusive functionalities of Our Environments.
(xv) Cookies: Small files sent by Our Environments, saved on your devices, which store preferences and little other information, in order to customize your navigation according to your profile.
(xvi) IP: Abbreviation for Internet Protocol. It is an alphanumeric set that identifies the USERS' devices on the Internet;
(xvii) Logs: Records of activities of any users who use Our Environments.
(xviii) Session ID: Identification of the session of users when access is made to Our Environments
(xix) Solely Automated Decisions: These are decisions that affect a user that have been programmed to operate automatically, without the need for human operation, based on automated processing of personal data.
(xx) Handling: Any operation carried out with Personal Data, such as those referring to collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, deletion, evaluation or control of information, modification, communication, transfer, dissemination or extraction.
Update: [november]  of 2020.