Privacy Policy
INTRODUCTION
Vitopel do Brasil Ltda. (“Vitopel”) is a company that provides solutions in bioriented polypropylene – BOPP with important and expressive global presence. Leader in the manufacture and sale of BOPP, we have a wide portfolio of products, including metallized, opaque, matte and transparent films
Vitopel is committed to guaranteeing and preserving the security of Holders’ Personal Data by adopting technical and administrative measures to safeguard them, in compliance with the legal provisions on privacy and protection of Personal Data.
The processes carried out by Vitopel are guided by the full guarantee of the rights of the Data Holders, especially the fundamental rights of freedom and privacy and the free development of the personality of the natural person. Likewise, all practices carried out by Vitopel are structured on the principles of purpose, suitability, necessity, free access, quality of personal data, transparency, security, prevention, non-discrimination, responsibility and accountability.
OBJECTIVE
The objective of this Personal Data Privacy Policy (“Policy”) is to inform interested parties about (i) the collection, (ii) the use, (iii) the purpose, (iv) the Processing, (v) the sharing, (vi) the transfer, and (vii) the retention of Personal Data shared with Vitopel or collected by it through its employees
This Policy demonstrates our commitment to protecting Holders’ Personal Data with integrity, responsibility and ethics, in accordance with the provisions of Law No. 13,709/2018 (General Law on Personal Data Protection) and other applicable legislation.
By using this site, you signify your agreement to the use of your Personal Data in accordance with the terms described in this Policy.
For more information or to clarify questions regarding the Policy, please contact lgpd@vitopel.com
DEFINITIONS
For the purposes of this Policy, the terms defined below shall have the following meaning:
– Anonymization: the use of reasonable and available technical means at the time of Processing whereby a data loses the possibility of association, directly or indirectly, with an individual; in these circumstances, anonymization must be irreversible;
– Autoridade Nacional de Proteção de Dados (“ANPD”): a public administration body responsible for overseeing, implementing, and enforcing compliance with the LGPD throughout the Brazilian national territory;
– Controller: the legal entity that is responsible for decisions concerning the Processing of Personal Data;
– Cookies: text files that the visited sites send to their terminals (usually the browser), where they are stored for subsequent retransmission to the same sites when the user accesses them again;
– Personal Data: Information related to an identified or identifiable natural person;
– Person in Charge of Personal Data (“Charger”): natural or legal person indicated and appointed by Vitopel to act as a communication channel between Vitopel, the Operator(s), the Holders and the ANPD;
– Security Incident: breach of security of systems, files, bases, equipment and/or locations used that leads to the destruction, loss, alteration, access, acquisition, disclosure, use or illegal access to Personal Data;
– General Data Protection Law (“LGPD”): Law No. 13,709, dated August 14, 2018, of the Brazilian legal system, which has been in effect since September 18, 2020;
– Operator: legal entity that processes Personal Data on behalf of the Controller;
– Third Parties: collectively and generally, suppliers, service providers and partners are referred to solely as Third Parties. Eventual specific obligations for any of the groups will be duly pointed out. Otherwise, it is understood to be directed to Third Parties in general.
– Data Subject (“Data Subject”): the natural person to whom the Personal Data that is the object of Processing relates;
– Processing (and the related terms “Treat” and “Processed”): any operation carried out with Personal Data, such as those relating to the collection, production, receipt, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, deletion, evaluation or control of information, modification, communication, transfer, dissemination or extraction;
TYPES OF DATA COLLECTED
Vitopel collects Personal Data that may include, in relation to Data Subjects: name; age; date of birth; gender; email address; home address; country of residence; lifestyle and social circumstances; family circumstances (e.g. marital status and dependents); employment and education details; financial and tax information; postings on blogs, forums, wikis and any other social media applications and services we provide; IP address; the browser type and language; access times; complaint details; details of how our products and services are used; among others.
Vitopel collects Personal Data from the Holders by means of forms and other channels available on its website, by institutional e-mail, as well as physical forms and documents, institutional social networks and by institutional telephone.
PURPOSE OF DATA COLLECTION
The Personal Data collected is processed for the following purposes:
– Conduct selection processes;
– Comply with legal and/or regulatory obligations;
Execution of a contract or of preliminary procedures related to a contract to which the Holder is a party;
Regular exercise of rights in judicial, administrative or arbitration proceedings;
Serving the legitimate interests of the Controller or a Third Party, except in the event that the Holder’s fundamental rights and freedoms prevail
Respond to Holder requests;
Respond to the demands of the whistleblower channel;
Control access to Vitopel’s facilities;
Carry out perception surveys about Vitopel;
Attending sponsorship requests
For other purposes required by the Brazilian legal system.
PERSONAL DATA OF MINORS COLLECTED AND PROCESSED BY VITOPEL
Vitopel may process the Personal Data of minors by providing clear, unequivocal and explicit consent of the legal guardian, as established by the LGPD, for hiring young apprentices and for granting benefits to dependents of Vitopel employees.
Vitopel’s website does not currently collect Personal Data or request information from Holders who are minors, however, due to the anonymous nature of the internet, it is possible that a Holder under the age of eighteen may access the website and provide personal information in the forms and channels available. If this situation occurs and is brought to Vitopel’s attention, the information will be immediately destroyed, as a measure to interrupt any Treatment without the prior consent of those legally responsible, and all reasonable measures will be taken to prevent this from happening again.
LEGAL BASES APPLIED IN THE DUE TREATMENT OF PERSONAL DATA
In Vitopel, we process Personal Data of the Data Subjects based on the legal bases provided by articles 7 and 11 of LGPD, among which:
– Consent: when the Data Subject provides the Controller with his/her express and informed consent to the Processing of his/her Personal Data and for a specific purpose.
– Contract: when the Processing of Personal Data is necessary to fulfill the obligations contained in a contract between the Data Controller and Vitopel.
– Legal or regulatory obligation: when the Processing of Personal Data is necessary for the Controller or Vitopel to comply with the provisions of applicable laws and other specific regulations.
– Protection of life or limb: where the processing of Personal Data is necessary to protect the life or limb of someone.
– Legitimate Interests of the Controller or of a Third Party: where the Processing of Personal Data is necessary for the purposes of the legitimate interests of the Controller or of a Third Party, except where such interests give way to the fundamental rights of the Data Subject requiring protection of Personal Data, in particular where the Data Subject is a minor. It should be noted that, should Vitopel rely on legitimate interests as a legal basis for processing Personal Data, it must be considered that these interests prevail over the rights of the Data Subject affected by this purpose
– For the regular exercise of rights in legal, administrative or arbitral proceedings: when Processing of Personal Data is necessary in legal, administrative or arbitral proceedings.
– Guaranteeing the prevention of fraud and the security of the Data Subject: when the Processing of Personal Data is necessary in the identification and authentication processes for registration in electronic systems, except in the event that the fundamental rights and freedoms of the Data Subject require the protection of Personal Data.
RIGHT OF THE PERSONAL DATA SUBJECTS
In order to exercise his rights, the Card Holder must submit a formal request to the In Charge through the Card Holder Service Channel by sending an e-mail to dpo@vitopel.com
Requests will be answered within forty-eight (48) hours by Vitopel, in the event of a request for information in simplified format, or within fifteen (15) days from the date of the request by the Data Controller, to send a clear and complete statement indicating the origin of the Personal Data, the non-existence of a record, the criteria used and the purpose of the Treatment. The requests will be analyzed as stipulated by the LGPD.
Below are the Holders’ rights related to their Personal Data:
– Confirmation of the existence of Treatment.
– Access to Personal Data: the Data Controller has the right to access his/her Personal Data held by the Processing Agents, as well as to know this Policy.
– Correction of incomplete, inaccurate or outdated Personal Data: the Data Controller or his/her legal representative has the right to correct them when they are inaccurate or incomplete. When the Personal Data were transmitted before the rectification date and continue to be processed by Third Parties, the Controller shall inform them of the said request for rectification, so that they can carry it out as well.
– Anonymization, blocking or deletion of Personal Data that is unnecessary, excessive or not in compliance with the LGPD: in legal cases in which consent of the Data Subject is waived, the Data Subject may request the anonymization, blocking or deletion of Personal Data that is excessive or processed in violation of the LGPD. The blocking period will be equivalent to the limitation period for actions deriving from the legal relationship that meets the Treatment under the terms of the applicable law on the subject.
– Portability of Personal Data to another service or product provider.
– Deletion of Personal Data Processed with the consent of the Data Subject: the Data Subject has the right to delete, in the applicable hypotheses, his/her Personal Data at any time. The request for deletion of Personal Data will give rise to a blocking period after which the Personal Data will be deleted. As soon as the Personal Data are deleted, the Data Subject will be notified. Where Personal Data have been transmitted before the date of deletion and continue to be processed by Third Parties, the Controller shall inform them of such request for cancellation, so that they may also carry it out.
– Information about the entities with which the Controller has shared Personal Data.
– Right to object to processing: the Data Subject has the right to be informed about the possibility of not giving consent as well as to object to the processing of his or her Personal Data.
– Revocation of consent: in the event that the Data Subject revokes consent to the processing of his/her Personal Data, the processing agents may keep it solely for the purposes of the responsibilities arising from the processing.
It is worth noting that some requests may not be granted, since the Treatment activity in question may be linked to other legal bases, such as:
– Compliance with legal or regulatory obligations by the Controller;
– Regular exercise of rights in judicial, administrative or arbitration proceedings;
– Existence of a contract in effect to which the Card Holder is a party;
– If the law determines minimum retention periods for Personal Data.
However, the Holder will be informed of the impossibility of complying with the request and of the legal basis linked to the activity of Treatment
If Vitopel verifies, upon receiving the request, the impossibility to promptly meet the request of the Holder due to lack of information, it will send a confirmation of receipt to the requester’s e-mail with:
– Instructions, including the list of documents required, for confirming the identity of the Holder or the authenticity of his representative;
– Request for additional personal information, if applicable;
– Deadline for fulfilling the request;
– Information that the request will be closed, with no response, if the documents and complementary information are not sent within the deadline given.
Cases of violation to the Holders’ Personal Data occurring at any stage of the Processing of Personal Data and affecting the Holders’ patrimonial or moral rights will be reported immediately by the Controller to the Holder, so that the latter may take the corresponding measures to defend its own rights.
To exercise any of the rights listed above, the Data Controller should contact the Personal Data Treatment Officer, stating the grounds for the request and, when applicable, providing documentation to support his or her request to the e-mail address: dpo@vitopel.com
SHARING DATA WITH THIRD PARTIES
Vitopel may share Holders’ Personal Data with Third Parties that help to provide services, products and benefits, as well as in the administration of our operations and legal advice. It is worth noting that third parties involved in our activities are instructed by Vitopel on how to Handle Personal Data and ensure the security of information, in accordance with the LGPD. In addition, Personal Data may still be shared with competent judicial, administrative or government authorities, whenever there is a legal determination, request, requisition or court order. Vitopel may also share non-personal, non-identified and aggregated data with third parties for various purposes, including data analysis, research, contributions, eminent content and promotional purposes.
INTERNATIONAL TRANSFER OF PERSONAL DATA
Vitopel ensures that, should it be necessary to perform an international transfer of Personal Data, this will occur through absolute compliance with the applicable legislation and by adopting the best practices and technologies available at the time of the operation.
We emphasize that the degree of protection of Personal Data for the country or body to which the transfer is destined will be evaluated and the transfer will occur through adherence to standard clauses of privacy and protection of Personal Data; analysis of security, technical and administrative measures adopted by the Party importing the Personal Data, as well as seals, certificate and codes of conduct. Furthermore, the rights of the Data Subjects will be ensured, as well as transparency towards them, as explained in the LGPD.
RETENTION TIME OF PERSONAL DATA
The Personal Data of the Data Subjects arranged for Vitopel’s Treatment will be stored for the greater of the following periods: (i) while necessary for the relevant activity or services; (ii) any retention period required by law; (iii) end of the period in which disputes or investigations in relation to the services may arise; (iv) while the consent of the Data Subject is valid, in the applicable hypotheses; (v) under the terms of the legislation in force.
COOKIE COLLECTION
Cookies are used to observe visiting habits on websites and portals, allowing you to remember your preferences, analyze audiences and display personalized ads. The function of Cookies is to speed up the analysis of virtual traffic and/or indicate when a specific site is visited, guaranteeing the registration of the Holder’s browsing preferences.
It is worth mentioning that, by means of Cookies, Vitopel cannot access other information stored in the Holder’s device.
The Holder can manage their preferences for non-essential Cookies in their browser, i.e. those that are not essential to specific areas, during browsing. To learn more, please access the instructions on how to enable/disable cookies in your preferred browser: Internet Explorer, Mozilla Firefox, Google Chrome, Safari.
To this end, we detail below the four types of cookies that are used on our website:
– Essential Cookies – These cookies allow you to navigate through our products and/or services on the site and help keep our users safe.
– Functional cookies – These cookies allow provision of functionality and personalization. They can be set by us or by business partners whose services we add to our pages.
– Performance cookies – These cookies collect information about how you use our website, such as which pages you visit most often. These cookies are collected to provide you with the best possible experience by tracking page load times, site response times, error messages and navigation data.
– Targeting/advertising cookies – These cookies collect information about your use of the website so that we can improve your user experience and provide you with relevant content or advertising. They remember what you have accessed on our services and help us understand how you use them.
INFORMATION SECURITY
Vitopel declares that it has adopted technical and administrative measures to protect Personal Data from unauthorized access and accidental or unlawful destruction, loss, alteration, communication or disclosure. These measures include:
– Education and training of everyone who interacts with Personal Data;
– Administrative and technical controls to restrict access to Personal Data;
– Technological security measures, including firewalls, encryption, and antivirus software;
– Physical security measures, such as employee security passes to access Vitopel’s facilities.
We guarantee that the protection of the Holders’ Personal Data is a priority and that, should any Security Incident occur, all necessary measures will be taken to minimize possible damages. In addition, we will inform the ANPD and the Data Subjects involved, as determined by the LGPD.
DATA RESPONSIBLE AND CONTACT WITH VITOPEL
ICTS DESENVOLVIMENTO DE SISTEMAS E TECNOLOGIA LTDA. (“ICTS”), represented by Fernando Fleider and Heloisa Helena Tavano Macari, plays the role of Vitopel’s titular and substitute Data Controller. If you have any questions about this Policy or requests regarding the Processing of your Personal Data, please contact us via email at dpo@vitopel.com.
PRIVACY AND DATA PROTECTION POLICY UPDATE
Vitopel may alter this Policy to better meet the needs of the Holders, besides new technologies and organizational practices. Thus, we reserve the right to alter this document at any time and without prior notice. Thus, we encourage the Holders to periodically check this Policy.
Version 1.0 of 20/01/2023
