1. WHOM IT IS APPLIED TO
STARA values the privacy and data protection laws around the world and is committed to complying with the Brazilian General Data Protection Regulation (Law 13.709/18) – LGPD.
Thus, through this Policy, we clarify how we protect the privacy and personal data of our Users and Visitors (“you” or “your”) of the Website. We provide the type of information we collect and process, what we do with it, what we do to keep it safe, your rights and how to contact us.
It is fundamental that you read and understand our terms when accessing our website. If you have any questions about the content of this Policy, our privacy team will be pleased to help you by the email firstname.lastname@example.org.
What they are:
Legal basis: It is the legal hypotheses in LGPD that authorize us to handle Personal Data, which can be your consent, the need to honor a contract we have with you, or honor a legal obligation, for example.
Personal data or “data”: is any information that relates to an identified or identifiable living individual. Name, social number, identification number, cell phone number, email address are examples of personal data.
Data protection officer: is appointed by STARA to apply the law protecting your personal data and clear up doubts regarding the Processing of Personal Data.
General Data Protection Regulation (LGPD): it the law 13.709 of August 14th, 2019, that regulates the processing of personal data, including in digital media, by a physical person or by a public or private legal entity, to protect the fundamental rights of liberty and privacy and the free development of the physical person personality.
Personal data holder: is any physical person who relates to an identified or identifiable living individual and refers to the processed Personal Data, for example, our customers and consumers.
Processing: is the handling, operation, use of Personal Data under our responsibility such as collecting, production, reception, classification, usage, access, reproduction, transmission, application, storage, elimination, evaluation or information control, changing, communication, transference, diffusion or extraction, among others.
3. PERSONAL DATA PROVIDED BY YOU
3.1. CONTACT FORM– When you fill out our form, we collect:
- Phone number;
- Email address;
- Social number/ National Registry of Legal Entities;
3.3. WEBMAIL – Our internal message system https://webmail.stara.com.br/ does not require register with name and password, personal and not-transferable.
4. DURING AND AFTER YOUR VISIT AND USAGE ON THE WEBSITE
You can visit our website without telling us who you are or providing any personal information. However, when you access and browse this website (including when you submit personal information to us through the data fields provided by the website, such as the items mentioned above, or through the Contact us form, we may directly and/or indirectly collect and process certain information, including, but not limited to, the following:
- logs register;
- IP address;
- mobile device identifier or information about your computer equipment;
- logs register;
- cookies and another tracking tools;
- location data;
We can also collect information about your consumption behavior, your interaction with the content we make available and use of the website features, as well as the duration of your visit.
Whenever you want, you can disable some or all cookies of ours, and set them up in the “options” or browser “preferences” menu. Please note that, when disabling cookies, you may prevent some Website services from functioning correctly, partially or totally affecting your Website experience.
5. PURPOSES AND LEGAL BASIS FOR DATA PROCESSING
The purpose for which we request, process and store your personal information includes, but is not limited to:
(a) Allow you to access and use the Website and see our content;
(b) Reply to your requests; respect your rights; receive your suggestions or comments;
(c) Manage your account and the activities of the site you have chosen to participate;
(d) Ensure that the Website is working properly to monitor, investigate any technical problem;
(e) Maintain analytical and statistical data about the interaction with the content;
(f) Recognize you when you return to our Website;
(g) Improve your user experience;
(h) Allow third parties to process or manage information to provide the services described herein;
(i) Share this information with external third parties for marketing analysis (where it will only be shared for the corresponding purposes and the results will be returned anonymously and in aggregate) or for segmentation;
(j) For business development and marketing purposes, informing you about products and services that may interest you, if you have consented or if you are in our legitimate interest.
Please note that, as established in this policy, we will not disclose, sell or rent your personal information unless you have consented or we are required by law to do so. If you agree and later change your mind, you can contact us, then we will immediately cease any such activity.
Also, when you register on our website for the activities described above, you can choose to receive marketing communication and set your communication preferences; no longer choose it (people who are included in the mailing lists have authorized the receiving of emails with communication, newsletters and/or promotions); and change your communication preferences at any time.
We apply the following legal basis from General Data Protection Regulation:
a) Legitimate interest – when we conclude that there is significant interest in the processing of your data for the development of our activities, provided that this processing generates some kind of benefit for you, or if you have already interacted with us at another time.
b) Consent – when you expressly authorize, freely and spontaneously, that your data be processed for a specific and informed purpose at the time of collection of consent; you can withdraw consent whenever you wish.
c) Complying with legal obligation – when we process your data because the law requires us to;
d) Contract execution – when we maintain some contract with you.
6. SHARING PERSONAL DATA
We may share your personal data with:
Our affiliates such as STARA FINANCE;
Our resellers and dealerships;
Partner companies and suppliers, in the development of our activities, commercialization of products and provision of services;
Marketing and advertising companies, to select and produce ads matching your profile, as authorized;
Outsourced companies for the development of internal processes and website maintenance;
In case of mergers or acquisitions, for the companies that are involved in the respective negotiations;
Public and governmental authorities to meet court orders or requisitions from administrative authorities that have the legal competence to perform such requirements.
We are committed not to share your data beyond the strictest need, as we shall demand the same care and security offered in our environment.
7. DURATION OF DATA PROCESSING
We store your data until the purpose (as laid out in the item above) for which it was collected is achieved. Additionally, we may maintain it to meet legal or regulatory requirements during the statute of limitation period of possible contractual or legal liabilities.
We secure the Personal Data that is provided to us, so we adopt best practice of information security transformed into strict standards of performance, following the legal provisions and culture of precautions, through constant investment in the implementation and updating of technological resources to ensure that all information and personal data collected are not subject to destruction, loss, alteration, communication, or dissemination.
9. YOUR RIGHTS REGARDING YOUR PERSONAL DATA
We process your data with transparency, and therefore you can contact us to exercise your rights whenever you want.
However, two additional points are important: (i) we shall confirm your identity before providing you with any information or making any request; (ii) if there is any other legal basis or justification that authorizes us to keep your data, we must do so, always being cautious, of course, of your confidentiality.
Your rights are as follows:
- Confirmation and access
It allows you to verify whether or not STARA processes your Personal Data and, if so, request a copy of the Personal Data we have about you.
It allows you to request the correction of your incomplete, inaccurate or outdated Personal Data.
Anonymity, blockage, or elimination
It allows you to request us to: (a) Anonymize your data, so that they can no longer be related to you and therefore cease to be your Personal Data; (b) block your data, temporarily suspending your data processing; and (c) delete your data, in which case we will delete all your data without the possibility of reversal, except in the circumstances provided for by law.
You have the right to request the portability of your Personal Data to another service or product supplier through your express request, observing the commercial and industrial secrets, under future regulations of the National Data Protection Authority (ANPD).
- Information on sharing
You have the right to know the public and private entities with which STARA performs shared use of data, as provided in this Policy.
- Information on the possibility to not consent
It allows you to have clear and complete information about the possibility and consequences of not providing consent.
- Revoking the consent
You have the right to revoke your consent to Processing activities based on this Legal Basis.
The law authorizes the Processing of Personal Data even without your consent or an agreement with us. That being the case, you must demonstrate that there are legitimate reasons to Process your Data, such as preventing fraud or improving our communication with you. Should you not agree with this processing, you may object it by requesting the interruption.
We must mention that you have the right to a petition to the National Data Protection Authority when it is in operation.
If you have any other questions about our warnings, data protection and how we use your data, you can also contact our Privacy Team at any time by the email email@example.com.
STARA has appointed Mariano Lopes Machado as the Data Protection Officer (DPO). You can contact him by writing an email to firstname.lastname@example.org.
If you prefer to tell us through letters or other physical means, you may send the mailing to the address in item 1 of this Policy.
11. THIRD-PARTY LINKS
12. UPDATE AND REGULATION
This Policy may be reviewed from time to time, and you will be informed in the event of significant changes. Please, carefully read any warning concerning it.