top of page
banner-castelo.webp

PRIVACY POLICY

The present Privacy and Personal Data Protection Policy aims to demonstrate Pavei Brasil's commitment, headquartered at Rua Coronel Marcos Rovaris, No. 165, Centro Neighborhood, Zip Code 88820-000, Içara/SC, hereinafter referred to as the CONTROLLER, to the protection of the personal data it collects from its clients and prospects, hereinafter referred to as DATA SUBJECTS, clarifying the rules on the processing of personal data, in accordance with the provisions of the General Data Protection Law (Law No. 13,709/2018).

It is highlighted that the present policy has been fully read by the DATA SUBJECTS, who declare their free and express agreement to the provisions stipulated herein, transparently, in a clear and unequivocal manner, authorizing the obtaining of the data and information mentioned below, which will be used for the purposes described below, being aware of the indispensability of the data processing to enable the provision of the services eventually contracted, pursuant to §3, of art. 9, of the General Data Protection Law.

DATA COLLECTION

DATA SUBJECTS declare that the CONTROLLER, in this capacity, processes their personal data, limited to the minimum necessary to meet the purposes informed in this Policy, especially for the execution of the service provision contract signed between the parties.

The data will be collected and stored for the purpose of fulfilling the contract, legal and regulatory obligations, public policy compliance, as well as for improvements in service provision, for the period required for the fulfillment of the data collection purpose or until the end of the legal or regulatory storage requirement.

Personal Data is collected through the submission of forms on the "Quero Revender" and "Contato" pages; by placing an order or purchasing one of the services offered on the website; by interacting with the Customer Service; by participating in surveys or marketing promotions, etc.

Personal Data that may be collected includes: full name, email address, personal document (CPF/CNPJ number, date of birth), gender, address, nationality, phone numbers, data on financial restrictions, information about credit history, score generated by credit bureaus, information on debts to be paid or overdue, co-obligations and guarantees, participation in any politically exposed person list (PEP) or restriction list (such as OFAC, CSNU, and other international lists), information from the Credit Information System (SCR) database, location, among others, related to the purpose of the service provision contract/product supply.

Registration data, such as full name, marital status, CPF, address, telephone contact, profession, email, among others, are used to comply with the contract, legal obligation, sharing data with third parties and authorities when required and strictly necessary, if possible, in an anonymized way, to protect credit and billing procedures, and ensure the security of the DATA SUBJECTS.

The collected data is used for the purposes described below, but not limited to:

  • Providing high-quality service and offering the best products to the DATA SUBJECTS;

  • Identification, authentication, and verification of requirements for the purchase of Pavei Brasil products and services;

  • Meeting requests and inquiries;

  • Contact by phone, email, SMS, WhatsApp, or other means of communication, including sending notifications or push notifications;

  • Sending communications in general;

  • Marketing, prospecting, market research, opinion polls, and promotion of our products and services, or those of our partners, including enabling offers and sending information about products, services, news, features, content, news, and other events relevant to maintaining the relationship with the DATA SUBJECTS;

  • Displaying advertising, whether on our website, social networks, or on third-party websites, applications, or institutional materials;

  • Queries about your information in the Credit Information System (SCR) database;

  • Prevention and resolution of technical or security problems;

  • Investigations and measures to prevent and combat illicit activities, fraud, financial crimes, and ensure the security of Pavei Brasil customers;

  • Regular exercise of Pavei Brasil's rights, including presenting documents in judicial and administrative proceedings, if necessary;

  • Collaboration or compliance with court orders, competent authority, or regulatory body;

  • Compliance with legal or regulatory obligations;

  • Delivering the purchased products or contracted service, as well as sending updates on the status of the order;

  • Coordinating with partners the delivery or provision of services;

  • Optimizing your interaction with us;

  • Generating statistics, studies, research, and surveys relevant to the activities and behavior in the use of products or services;

  • Administrative and management purposes.

DATA SUBJECTS are aware that the non-provision of some data may prevent their access to features or content provided by the CONTROLLER.

The CONTROLLER may also automatically collect some information from DATA SUBJECTS when they access and use the website, such as characteristics of the access device, browser, internet protocol (IP with date, time, and origin), information about clicks, pages accessed, searches performed on the website, and cookies.

The CONTROLLER may share personal data with third parties, whether public or private entities, provided they are used for the same purpose described in this policy, to comply with the contract entered into between the parties. In these cases, the CONTROLLER will only share the minimum necessary information to achieve the respective purposes.

Additionally, when using our application or browsing our websites, DATA SUBJECTS may be redirected to third-party websites or applications, in which case the privacy practices will be governed by the policies and terms of use of these third parties, and the CONTROLLER is not responsible for the practices and privacy content of third parties, which is why DATA SUBJECTS should carefully read the applicable policies to understand how they process the data they may collect.

The CONTROLLER may subcontract the data processing and storage service (Data Processor), so that DATA SUBJECTS are aware of the access and processing of personal data by third parties, service providers, whose hiring aims to ensure the efficiency of the services to be provided.

 

The CONTROLLER ensures DATA SUBJECTS, upon request, the right to information about entities, whether public or private, with which personal data has been shared.

The personal data of DATA SUBJECTS will be processed for a period of 5 (five) years, from the end of the contractual relationship, with their subsequent deletion, and its conservation is authorized in the hypotheses described in article 16 of the General Data Protection Law.

The parties declare that the data provided by DATA SUBJECTS, once anonymized, are not considered personal data, as established by article 12 of the General Data Protection Law.

DATA SUBJECTS are responsible for the accuracy and veracity of the information provided to the CONTROLLER, and must provide them accurately and update them whenever necessary.

DATA SUBJECTS may, at any time, request the display or rectification of their personal data, as well as change their permissions, grant new permissions, or withdraw their consent for the current permissions, through the Service Channels available in this policy, being warned of the consequences of withdrawing consent.

Access to the processed data is restricted to professionals authorized by the CONTROLLER, and its use, access, and sharing, when necessary, will be in accordance with the purposes described in this policy.

In the event that DATA SUBJECTS transmit their personal data to third parties, the CONTROLLER is exempt from any responsibilities arising from the leakage of the data provided.

The CONTROLLER undertakes to immediately notify DATA SUBJECTS if any type of violation of the security of the collected data that may cause risks is detected, considered as those that may accidentally or unlawfully cause destruction, loss, alteration, disclosure, or unauthorized access to personal data transmitted, stored, or subject to any other type of treatment.

DATA SUBJECTS must take the necessary preventive measures for using the internet, including the use of antivirus, personal access password, and other technical and managerial measures, in order to avoid failures, invasions, or other inconveniences in accessing the tools provided by the CONTROLLER.

INFORMATION ABOUT THE CONTROLLER

Pavei Brasil will be considered as the CONTROLLER and OPERATOR, for the purposes of the General Data Protection Law (Law No. 13.709/2019), and can be contacted through the telephone number (48) 3432-0010; the email address contato@pavei.com; or directly at its headquarters, located at Rua Coronel Marcos Rovaris, No. 165, Centro Neighborhood, Zip Code 88820-000, Içara/SC.

In addition to the CONTROLLER, the other companies in the group, listed below, may also carry out data processing, as provided in this policy:

Pavei Brasil Comércio Exterior EIRELI - CNPJ 13,832,863/0001-77

DATA SUBJECTS may contact the CONTROLLER at any time through the contacts mentioned in the preceding paragraph to exercise the rights provided by current legislation and in this policy.

When data sharing occurs, so that the processing is carried out by a third party indicated by the CONTROLLER, the third party will be considered as an OPERATOR, for the purposes of the General Data Protection Law.

In due course, the CONTROLLER will appoint the data protection officer on its website, as guaranteed by article 41 of the General Data Protection Law, who will act as a communication channel between the CONTROLLER and the DATA SUBJECTS and between the CONTROLLER and the National Authority.

CONTROLLER AND OTHER OPERATORS' OBLIGATIONS

The CONTROLLER will provide its service within the quality and security standards applicable to this type of work, using properly qualified personnel, being responsible for the faithful and accurate compliance with the obligations established in this policy and in the governing legislation.

The CONTROLLER will make its best efforts to protect the information, applying the necessary administrative and technical protection measures available at the time, requiring its partners and suppliers the same acceptable level of information security, based on best market practices, based on contractual clauses.

Certain services offered by the CONTROLLER may require the transfer of your data to other countries, such as in cloud computing servers located outside Brazil. In these cases, the data is processed in accordance with the LGPD (General Data Protection Law) and other protection laws, and security measures are taken in accordance with our policies, and standard clauses are adopted in contracts with suppliers and service providers.

By browsing the CONTROLLER's website (https://www.bresciarms.com) and/or communicating with us, it is understood that there is agreement with the processing of your information, including international data transfer, when necessary.

The third party, as an OPERATOR, must carry out the treatment according to the instructions provided by the CONTROLLER, within the limits of the consent of the DATA SUBJECTS, expressed through adherence to this policy, and in full compliance with the governing legislation, especially the General Data Protection Law.

DATA SUBJECTS' RIGHTS

Every natural person is assured the ownership of their personal data and guaranteed the fundamental rights of freedom, privacy, and intimacy, in accordance with the 1988 Federal Constitution and the General Data Protection Law.

In accordance with article 18 of the General Data Protection Law, DATA SUBJECTS have the right to obtain from the CONTROLLER, regarding the processed data, at any time and upon request, the:

a) confirmation of the treatment's existence;

b) access to the data;

c) correction of incomplete, inaccurate, or outdated data;

d) anonymization, blocking, or elimination of unnecessary, excessive, or processed data in non-compliance with the provisions of the General Data Protection Law or this policy;

e) portability of data to another service provider, upon express request and observing commercial and industrial secrets, in accordance with the legal regulations and with the exception of data that have already been anonymized by the CONTROLLER;

f) deletion of personal data from the data processed with the consent of the DATA SUBJECTS, except in the cases provided for in article 16 of the General Data Protection Law;

g) information about the possibility of not giving consent and about the consequences of refusal, among which the impossibility of accessing some features or content of the website;

h) revocation of consent, in accordance with §5, of article 8, of the General Data Protection Law.

DATA SUBJECTS have the right to petition regarding their data, against the CONTROLLER, before the National Authority, and use legal means to enforce this instrument and the governing legislation.

DATA SUBJECTS can object to the treatment carried out in violation of the General Data Protection Law or this policy, by express request to the CONTROLLER.

The request will be attended to DATA SUBJECTS at no cost, within 15 (fifteen) days, unless another legal deadline, and in the terms established in this policy and in the legal norms.

In the event that the request aims to correct, delete, anonymize, or block the data, if these have been shared with a third party, the CONTROLLER will inform them immediately, so that they also meet the request of the DATA SUBJECTS.

In accordance with § 4 of article 18 of the General Data Protection Law, in the event of the impossibility of immediately adopting the measures referred to in the previous item, the CONTROLLER will send DATA SUBJECTS a response in which it may (i) communicate that it is not a data processing agent (CONTROLLER or OPERATOR) and indicate, whenever possible, the actual responsible party; or (ii) indicate the factual or legal reasons that prevent the immediate adoption of the measure.

FINAL PROVISIONS

DATA SUBJECTS confirm the veracity of the information provided at the time of registration, under penalty of civil and criminal liability.

The CONTROLLER reserves the right to modify this instrument in any of its provisions, including without prior notification, except in cases required by law.

From now on, DATA SUBJECTS express consent for the information and rights arising from this instrument to be transferred to third parties, as a result of the sale, acquisition, merger, corporate reorganization, or any other change in the control of the CONTROLLER, provided they are used for the same purpose described in the service provision contract and in this policy.

Communications made by the CONTROLLER through the registration data provided by DATA SUBJECTS will be considered valid for all purposes.

DATA SUBJECTS are responsible for making any updates to their registration data.

If any provision of this instrument is considered illegal, null, or unenforceable for any reason, the other provisions will not be affected and will remain valid and applicable.

Any failure by the CONTROLLER to enforce or exercise any provision of this instrument or related rights does not constitute a waiver of that right or provision.

The tolerance of one party towards the other's failure to comply with any of the obligations assumed in this contract will not imply novation or waiver of the right. The tolerant party may, at any time, demand from the other party the faithful and complete compliance with this policy.

The CONTROLLER will make the entirety of this policy available for consultation on its website.

Doubts related to this policy may be resolved by the CONTROLLER, through the channels mentioned in the "INFORMATION ABOUT THE CONTROLLER" section.

This policy will remain in effect as long as the effects resulting from its adherence persist.

This instrument will be governed in accordance with Brazilian laws.

The parties choose the jurisdiction of the Içara/SC District to resolve any doubts arising from the application of this instrument, expressly waiving any other, no matter how privileged it may be.

bottom of page