Privacy Policy/Notice

WHAT WE DO WITH YOUR INFORMATION

We have made every effort to explain clearly and simply what personal data we will need from you and what we will do with each of them. Therefore, we have listed below the most important points, which can also be read in a comprehensive and detailed manner in our Privacy Notice.

Furthermore, we are always available to answer any questions you may have via email at contato@digisac.com.br. For inquiries specifically related to your personal data, we have a dedicated channel: encarregado@ikatec.com.br.

We are data controllers for the processing of personal data relating to our clients. In other words, once the contracting company chooses to use our services, we will request some information and make decisions in order to provide our service in the best and safest way possible.
We are data processors for the personal data of third parties that are entered into our solutions by the contracting company. This means that we process data based on the decisions of our clients, who are the data controllers.
Additionally, DIGISAC has also engaged some third-party processors who may process personal data, such as legal advisors, technology partners, servers, among others.
WhatsApp, as well as other channels, is independent and has no relation to the content of this text. Therefore, we recommend that you also read the terms of use and privacy policies of these platforms and ensure that you agree with all provisions before using our services.
DIGISAC places great importance on the security of your personal data. Therefore, we implement all the measures suggested by the National Data Protection Authority (ANPD) in its Guidance for Small-Scale Data Processing Agents, which includes a variety of technologies and security procedures to help protect your information.
To ensure that your information is stored in a secure environment, the platform utilizes servers from Amazon Web Services and DigitalOcean, with restricted access. As a result, these companies only have access to your data for the purpose of storing it once you provide it to DIGISAC. Additionally, the use of these servers may involve the international transfer of your personal data to the country where the servers are located, the United States.
To register and use our services, you will need to provide the following information:
• If you are a Collaborator User: Name, CPF (Brazilian Individual Taxpayer Registry)
• If you are an Administrator User: Name, CPF, Email, Company brand, Legal name (company name), Address, Phone number.
All your data is processed for specific purposes and in accordance with the General Data Protection Law. We may process this information for the following purposes:
• Providing our service
• Providing support and customer service;
• Sending sales and marketing communications;
• Offering our services or products.
We will not share your data with third parties, except in the cases mentioned in the Privacy Notice, with the legal consent of the data subject, or in compliance with a court order or legal requirement.
When you access our platform, we collect your access records. This means that we gather information about the date and time of your use of a specific internet application from a specific IP address. These records will be kept confidential by DIGISAC in a controlled and secure environment for a minimum period of 6 (six) months, in accordance with Law No. 12,965/2014 and Article 7, II, of Law No. 13,709/2018.
In addition to access records, we may also collect some information indirectly, in accordance with our Cookie Policies.
We will also store the conversations you have with us through our communication channels, as this will improve your customer service experience and make it more efficient. Without this history, you would likely have to repeat the information you provided us each time you contacted us.
Even if you have already provided us with your personal data, you have the full right to, at any time, request from the data controller: confirmation of the existence of data processing; access to your data; correction of your data; anonymization of data; blocking or elimination of unnecessary, excessive, or data processed in non-compliance with the law; data portability to another provider; deletion of data, except those required by law; information on with whom DIGISAC has shared your data; information on the possibility of not providing consent and the consequences of refusal; and to withdraw your consent.
The Privacy Notice is structured as follows to facilitate your access to information:

a) Date of Availability of the Text;
b) Explanation of Technical Terms or Foreign Language Terms;
c) Data Processing Agents;
d) Information Security;
e) Data Collection;
f) Processing of Personal Data;
g) Platform Cancellation, Account Deactivation, and Data Deletion;
h) Rights of the Data Subject;
i) Changes to the Privacy Notice;
j) Privacy Communication Channel;
k) Contact for General Matters.

DIGISAC.



PRIVACY NOTICE

Before accessing the DIGISAC platform, it is important that you read, understand, and freely, unequivocally, and informedly accept this Privacy Notice.

This platform, named DIGISAC, is owned, maintained, and operated by E.M. SOLUCOES INTEGRADAS DE SISTEMAS LTDA, registered under CNPJ number 18.716.151/0001-06, with headquarters at Rua Sérgio Arcangelo, No. 1-49, Jardim Nicéia, Bauru/SP, ZIP code: 17.047-430.

This document aims to provide information about the collection, use, and storage (”processing”) of data provided by Users and is in compliance with Law No. 12,965/2014 (Internet Civil Rights Framework) and Law No. 13,709/2018 (General Data Protection Law).

Furthermore, these terms of use regulate the processing of personal data on the DIGISAC platform specifically related to the WhatsApp integration solution. If you are a user of other solutions, please access the corresponding document: https://digisac.com.br/politicasdeprivacidade.html

This document was drafted and made available on February 07, 2023.
2.1 Below are the meanings of technical terms and terms in the English language:

API: Set of routines and programming standards for accessing a web-based application or platform. The acronym API stands for ”Application Programming Interface” in Portuguese translation.

Controller: Natural or legal person, whether public or private, who is responsible for decisions regarding the processing of personal data.

Cookies: Small text files that are stored on the user's computer and can be retrieved by the website that sent them during browsing. They are mainly used to identify and store information about users.

Encryption: Set of principles and techniques for encrypting writing, making it unintelligible to those who do not have access to the agreed conventions.

Personal Data: Information related to an identified or identifiable natural person.

Sensitive Personal Data: Personal data relating to racial or ethnic origin, religious belief, political opinion, union membership, or membership in religious, philosophical, or political organizations, data related to health or sexual life, genetic or biometric data when linked to a natural person.

Data Protection Officer: Person appointed by the controller and processor to act as a communication channel between the controller, data subjects, and the National Data Protection Authority (ANPD).

IP (or Internet Protocol): Unique identification for each computer connected to a network.

Processor: Natural or legal person, whether public or private, who processes personal data on behalf of the controller.

Data Processing: Any operation performed with personal data, such as collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, deletion, evaluation, or control of information, modification, communication, transfer, dissemination, or extraction.

User(s): Those who use the platform's services.

2.2. Types of Platform Users:

2.2.1. Administrator User: The person responsible for the company on the platform, who will register the Collaborator Users.

2.2.2. Collaborator User: Employees or general collaborators of the company that hires the platform.
3.1. We are controllers of the personal data processing related to Users, which means that once the User registers on our platform or uses our tools, we will collect some information and make decisions in order to provide our service in the best and safest possible way.

3.2. We are processors of the personal data of third parties entered into our solutions by the contracting company. In other words, we process data based on the decisions of our clients, the controllers.
3.2.1. The contracting party of DIGISAC's services acts as the controller of the data of the individuals with whom the User contacts through the platform. That is, they are the person responsible for decisions regarding the processing of personal data.
3.2.2. DIGISAC does not have access to User conversations with third parties and is not responsible for the data processing carried out by Users, proper information collection, legality of contacts, conversation content, or any actions of the Users.

3.3. Some processors are necessary for the availability of the platform. Therefore, they will have access to User data for the following purposes:
3.3.1. Amazon Web Service: as the personal data is stored on their servers;
3.3.2. DigitalOcean: as the personal data is stored on their servers.
3.4. WhatsApp, as well as other channels used by the User, are independent platforms and are not related to this text. Therefore, we recommend that you also read the terms of use and privacy policies of these platforms and agree with all provisions before using our services.

3.5. Our contracts always prioritize the secure processing of User information. Therefore, from the moment these companies have access to this data, they will be responsible for the security, processing, and appropriate sharing of this information. They are prohibited from disclosing it for other purposes in violation of applicable laws or this Privacy Notice, under penalty of being held liable for all penalties, particularly civil, criminal, and those imposed by the National Data Protection Authority.

3.6. International transfer: The servers used by DIGISAC, which are equipped with mechanisms to ensure the security of your data, are located outside Brazil, specifically in the United States. They are used to enable DIGISAC to provide its service properly, as required by Article 33, IX of Law No. 13,709/18.
4.1. DIGISAC places great importance on the security of your personal data. Therefore, we implement all measures suggested by the National Data Protection Authority (ANPD) in its Guiding Guide for Small-Scale Processing Agents. This includes a variety of technologies and security procedures to help protect your information.
4.1.1. Additionally, we have effective measures and controls in place to prevent or reduce Information Security risks, with an approach focused on the principles of the field, aiming to prevent, detect, respond to, and quickly recover from a threat in order to protect the confidentiality, integrity, and availability of technological assets and information.

4.2. All access records, which include information regarding the date and time of use of a specific internet application from a specific IP address, will be kept confidential by DIGISAC in a controlled and secure environment for a minimum period of 6 (six) months, in accordance with Law No. 12,965/2014 and Article 7, II of Law No. 13,709/18.

4.3. DIGISAC is committed to preserving the stability, security, and functionality of the platform through technical measures in line with international standards and by encouraging the use of best practices. However, no service available on the internet can guarantee complete protection against illegal invasions. In cases where unauthorized third parties unlawfully breach the system, DIGISAC will make every effort to identify the responsible party, but we are not liable for any damages caused by them.
5.1. For the registration and use of DIGISAC services, the following information will be required:
5.1.1. For Collaborator Users: Name and CPF (Brazilian Individual Taxpayer Registry number).
5.1.2. For Administrator Users: Name, CPF, Email, company brand, company name, address, and phone number.

5.2. Contact history: DIGISAC stores information about all interactions already made with Users through WhatsApp, messages, and email. This helps improve customer service and make it more efficient. Without this history, the User would likely have to repeat information previously provided every time they contacted us.

5.3. Indirectly collected information: In addition to access logs, we may also collect some information indirectly, in accordance with our Cookie Policies.
6.1. Ao aceitar o presente aviso de privacidade, o Usuário compreende que a coleta e tratamento dos dados pessoais abaixo são necessários para a execução do contrato com a DIGISAC, conforme informações apresentadas a seguir.
Personal Data Type
Legal Base
Purpose
Name
Required for the execution of a contract or preliminary procedures related to a contract of which the data subject is a party, at the request of the data subject (Art. 7, V, Law No. 13,709/2018).
User Identification. This refers to essential personal data that allows us to contact the User, fulfill their requests, and provide targeted responses.
CPF
Required for the execution of a contract or preliminary procedures related to a contract of which the data subject is a party, at the request of the data subject (Art. 7, V, Law No. 13,709/2018).
Used to prepare the service agreement for the platform and for anti-fraud control.
E-mail
a) Required for the execution of a contract or preliminary procedures related to a contract of which the data subject is a party, at the request of the data subject (Art. 7, V, Law No. 13,709/2018).

b) Necessary to fulfill the legitimate interests of the controller or a third party (Art. 7, IX, Law No. 13,709/2018).
a) Used as a means of communication with the User, for contacts and interactions throughout the user's journey on the Platform.

b) Used for sending marketing emails, news emails, classifieds, and newsletters.
Brand of the company / Legal name
Required for the execution of a contract or preliminary procedures related to a contract of which the data subject is a party, at the request of the data subject (Art. 7, V, Law No. 13,709/2018).
Required to be able to provide the service, as it caters to legal entities.
Banking information
Required for the execution of a contract or preliminary procedures related to a contract of which the data subject is a party, at the request of the data subject (Art. 7, V, Law No. 13,709/2018).
Collected only from the Administrator User. It is used to prepare the service agreement and process the payment related to the use of the platform's services. This payment is usually processed via the IUGU API.
IP (Internet Protocol), Location, Referral Source, Browser Type, Visit Duration, Visited Pages.
Compliance with a legal or regulatory obligation by the data controller (Article 7, II, Law No. 13,709/2018).
Compliance with Article 15 of Law No. 12,965/2014, which imposes the duty of DIGISAC to keep the respective records of access to internet applications confidential, in a controlled and secure environment, for a period of 6 (six) months
7.1. Account cancellation by DIGISAC: DIGISAC may, at its sole discretion, block, restrict, disable, or prevent access to the platform for any User when inappropriate conduct is detected.

7.2. Account cancellation by the User: To cancel services and request the deletion of the access account, the User should make the request by email to contato@digisac.com.br.

7.3. When the purpose of data processing ends or upon request through the email encarregado@ikatec.com.br, the User's data will be immediately and permanently deleted, except for data that must be retained by law or regulation, data necessary for the regular exercise of rights in a judicial, administrative, or arbitration process, such as access logs. Access logs will be kept confidential in a controlled and secure environment, in accordance with Law No. 12,965/2014 and with the legal basis provided by Article 7, II of Law No. 13,709/18.
8.1. Only individuals strictly necessary for the provision of the service will have internal access to User information.

8.2. DIGISAC will not share User data with third parties. However, each company's Administrator User will be responsible for collecting data and registering their collaborators on the platform.

8.3. If the Administrator User chooses to share personal data stored in DIGISAC with third parties, such as independent APIs, they must fully assume responsibility for informing data subjects about such sharing, ensuring that the third party complies with the General Data Protection Law, and for any security incidents that may occur after the transmission of personal information. DIGISAC is only responsible for its platform, and the third-party API will be responsible for operations after the information transmission.
8.3.1. The User is informed that, when integrating via API, the external software may access the data under their control, with the option to subsequently revoke that access.

8.4. Once Users, WhatsApp, Telegram, SMS, Web Chat, email, AWS, DigitalOcean, and third-party APIs have access to this data, they become responsible for the security, processing, and appropriate sharing of this information. They are prohibited from disclosing it for other purposes in violation of applicable laws and this Privacy Notice, under penalty of being held liable for all penalties, particularly civil, criminal, and those imposed by the National Data Protection Authority.

8.5. The User is aware that they must comply with WhatsApp's rules, as well as those of other channels they use, especially regarding the sending of automated messages and the collection of third-party data through the platform.

8.6. DIGISAC will not share Users' confidential data with third parties, except as required by law or court order.
9.1. The data subject has the right to obtain from the controller, regarding the data being processed, at any time and upon request:
9.1.1. Confirmation of the existence of data processing.
9.1.2. Access to the data.
9.1.3. Correction of incomplete, inaccurate, or outdated data.
9.1.4. Anonymization, blocking, or deletion of unnecessary, excessive, or data processed in violation of the provisions of Law No. 13,709/2018.
9.1.5. Portability of data to another service provider, upon express request, in accordance with the regulations of the national authority, observing commercial and industrial secrets.
9.1.6. Deletion of data processed with the data subject's consent, except in cases provided by Law No. 13,709/2018.
9.1.7. Information about public and private entities with which DIGISAC has shared data.
9.1.8. Information about the possibility of not giving consent and about the consequences of refusal.
9.1.9. Revocation of consent.

9.2. Regarding the data of individuals with whom the User contacts through the platform, such as conversation history, requests to exercise data subject rights should be made directly to the controller.
10.1. DIGISAC may unilaterally add and/or modify any clause contained in this Privacy Notice. The updated version will apply to the use of the platform made after its publication. Continued access or use of the platform after the disclosure will confirm Users' acceptance of the new Privacy Notice.

10.2. If the change made requires User consent, the option to freely, unequivocally, and informedly accept the new text or reject it will be presented.

10.3. If the User does not agree with the change, they may choose not to give consent for specific actions or terminate their relationship with DIGISAC entirely. However, this termination will not exempt the User from fulfilling all obligations assumed under previous versions of the Privacy Notice.
11.1. DIGISAC designates Mr. William Oliveira da Silva as the Data Protection Officer (Encarregado), registered under CPF number 094.913.069-95, with the email address encarregado@ikatec.com.br, in accordance with Article 41 of the General Data Protection Law. The Data Protection Officer is responsible for receiving complaints and communications from data subjects and the National Data Protection Authority, providing clarifications, and taking appropriate actions.

11.2. DIGISAC has a separate document that regulates the software license, rights, duties, guarantees, and general provisions: the Terms of Use. All of these documents are integral parts of this Privacy Notice.
DIGISAC provides the following channel to receive all communications that Users wish to make: through the email contacto@digisac.com.br .

Cookie Consent

This website uses cookies to help the website function and to track how you interact with it so that we can provide you with an improved and personalized user experience. We will only use cookies if you agree to it by clicking Accept.

View cookiesAccept