<\/p>\n\n\n<\/p>\n
1. PURPOSE<\/strong><\/p>\n ROBBU TECNOLOGIA is committed to protecting the Privacy and Personal Data of its employees, clients, business partners, and other identifiable natural persons, both in cases of direct and indirect Personal Data collection. Accordingly, ROBBU TECNOLOGIA has developed a Global Personal Data Protection Program to establish and maintain high standards for collecting and processing Personal Data. This Global Personal Data Protection Policy is the foundation of the Personal Data Protection Program and describes the approach adopted by ROBBU TECNOLOGIA when processing Personal Data in all countries where it operates or may come to operate.<\/p>\n This document covers aspects regarding the collection and processing of personal data both in cases where the company acts as a Controller of personal data (with respect to the data processed by the Human Resources department or other personal data obtained directly) and when acting as a Processor, on behalf of clients (Controllers) who use the services offered by Robbu Tecnologia to process the data under their responsibility, in accordance with the law and the contract.<\/p>\n 2. SCOPE<\/strong><\/p>\n This policy applies to, and must be respected by, all employees, service providers, consultants, temporary staff, and other personnel at ROBBU TECNOLOGIA, as well as its subsidiaries and partner companies, including all staff affiliated with third parties who may, in any way, have access to any applicable resource of ROBBU TECNOLOGIA, including cloud-based services, hosted within or outside of ROBBU TECNOLOGIA.<\/p>\n This Global Privacy and Personal Data Protection Policy also applies internationally to acts of collection and processing of personal data involving ROBBU TECNOLOGIA and\/or partner companies, whether by electronic or physical means (such as data managed on paper or any other analog format) in any country or territory in the world where it operates or may come to operate.<\/p>\n Additional documents may be developed and managed by the company’s Compliance<\/em> team, aiming to provide more specific regulation regarding certain departments and\/or types of Personal Data collected and processed.<\/p>\n The Policy and the Program referred to herein must also aim to protect all types of non-personal data processed, especially regarding security issues during processing.<\/p>\n 3. POLICY STATEMENTS<\/strong><\/p>\n 3.1 Adequate safeguards for the processing of personal data<\/strong><\/p>\n This Policy, together with other documents provided for in national and international laws and regulations, also aims to provide adequate protections for the processing of personal data entrusted to ROBBU TECNOLOGIA, which may occasionally be accessed and\/or processed from countries that require such protections.<\/p>\n This set of documentation allows ROBBU TECNOLOGIA to transfer and\/or receive personal data at an international level, enabling and supporting its internal commercial processes and\/or in order to make product and service functionalities available. To this end, additional documents, such as data processing agreements and contracts \/ clauses for international transfer of personal data, will be duly established and respected between the parties involved in the data processing.<\/p>\n All partners, directors, and other direct or indirect employees, as well as any third party who, at the request and with the knowledge of Robbu Tecnologia, need to have any type of contact, access, or any kind of processing of personal data managed by the company, must take note of and fully comply with the provisions of this policy, and other applicable documents, before carrying out the necessary act.<\/p>\n 3.2 Compliance with applicable laws<\/strong><\/p>\n Robbu Tecnologia declares that it respects the local Principles and Personal Data Protection Laws applicable in all countries where it carries out any type of processing of personal data, with emphasis on the LGPD (General Data Protection Law) in Brazil and the GDPR (General Data Protection Regulation) in Europe.<\/p>\n Considering the type of service offered by the company (core business<\/em>), it should be noted that the business model involves only the processing of data provided by third parties (service clients). In this respect, it is declared that Robbu Tecnologia offers services and will occasionally access personal data originating from clients, acting only as a PROCESSOR of personal data, with the service client being the CONTROLLER of such data.<\/p>\n Robbu Tecnologia will only be a CONTROLLER of personal data with respect to situations involving data of Employees (Human Resources sector) and other personal data obtained directly, under the terms of the law. For this type of activity, appropriate measures and manuals will be additionally made available to those involved.<\/p>\n It is declared that, in any cases where applicable data protection laws require a higher standard of protection for personal data than the standard established in this policy, the requirements of the applicable data protection law shall prevail. Moreover, in the possible event that applicable data protection laws establish a lower standard of protection for personal data than the standard established in this policy, the requirements of this policy shall prevail.<\/p>\n Furthermore, it is declared that in situations where ROBBU TECNOLOGIA employees identify that applicable law prevents ROBBU TECNOLOGIA from fulfilling its obligations under this policy, they must immediately report the fact to the company’s global privacy office (admin@robbu.com.br<\/a>) and\/or the legal department of ROBBU TECNOLOGIA (juridico@robbu.com.br<\/a>) so that appropriate measures may be taken in the shortest possible time.<\/p>\n Finally, it is declared that in the event of a conflict between applicable law and this policy, the Compliance<\/em> department and the legal department of ROBBU TECNOLOGIA will jointly analyze the factual situation and present a deliberative opinion including the appropriate actions to be taken to resolve such conflict, as well as, when applicable, will consult the appropriate regulatory authority, under the terms of the law.<\/p>\n 3.3 Privacy principles<\/strong><\/p>\n The guiding principles of ROBBU TECNOLOGIA’s practices, as well as those of group companies or partners, for any type of personal data processing, such as: collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation or control of information, modification, communication, transfer, dissemination, or extraction, are presented below.<\/p>\n Furthermore, it should be noted that, with respect to personal data controlled by third parties (clients), these will be processed under the terms expressly requested by the respective controllers, who assume responsibility for respecting the principles and legislations applicable in their respective country of operation, and the legal and contractual rules must always be respected.<\/p>\n Reasonableness:<\/em> the company will process personal data in a legal, fair, and transparent manner, when acting as a Controller of such data and, where applicable, when acting as a processor.<\/p>\n Individual rights:<\/em> the company will process personal data in such a way that the rights of the data subjects are respected, under the terms of applicable data protection laws, as well as under the contractual terms in relation to the controllers.<\/p>\n Purpose:<\/em> the company will only carry out processing for legitimate, specific, explicit purposes that have been informed to the data subject (directly or by the respective Controller), with no possibility of subsequent processing in a manner incompatible with those purposes.<\/p>\n Adequacy:<\/em> the company will always respect the compatibility of the processing with the purposes informed to the data subject (directly when acting as controller and indirectly when acting as processor), according to the context of the processing.<\/p>\n Necessity:<\/em> the company will respect the limitation of processing to the minimum necessary for the fulfillment of its purposes, with coverage of the relevant, proportional, and non-excessive data in relation to the purposes of the data processing, and will always respect the express requests of the data controllers, when applicable.<\/p>\n Free access:<\/em> the company will always seek to guarantee data subjects and\/or data controllers easy and free consultation regarding the form and duration of the processing, as well as regarding the entirety of their personal data (directly when acting as controller of the data, or in other cases provided for by law and\/or contracts).<\/p>\n Data quality:<\/em> the company will provide means to guarantee data subjects accuracy, clarity, relevance, and updating of data, according to necessity and for the fulfillment of the purpose of its processing, when acting as controller of the data, as well as facilitating the ability of the controllers (clients) to respect this principle.<\/p>\n Transparency:<\/em> the company will respect the guarantee, to data subjects, of clear, precise, and easily accessible information about the processing carried out and the respective processing agents, with due regard to commercial and industrial secrets, and under the terms of the law and contract when acting as processor of the data.<\/p>\n Security:<\/em> the company will always seek to use technical and administrative measures capable of protecting personal data from unauthorized access and from accidental or unlawful situations of destruction, loss, alteration, communication, or dissemination.<\/p>\n Prevention:<\/em> the company will always seek to adopt measures to prevent the occurrence of damages as a result of the processing of personal data.<\/p>\n Non-discrimination:<\/em> the company shall always process data in such a way as not to carry out processing for unlawful or abusive discriminatory purposes, whenever it is the controller of such data.<\/p>\n Accountability:<\/em> the company will always seek to keep updated, and under legal terms, the demonstration of the adoption of effective measures capable of proving the observance and compliance with the rules for the protection of personal data and, also, the effectiveness of such measures. This principle will be respected before the competent authorities, both in Brazil and abroad, as well as in relation to data controllers (clients).<\/p>\n 3.4 Rights of data subjects<\/strong><\/p>\n ROBBU TECNOLOGIA undertakes to always seek the best means to meet and guarantee the effectiveness of the rights of data subjects, under legal terms. When the company acts as a CONTROLLER of data, it will maintain contact and access tools that facilitate the operation of the request made.<\/p>\n In situations where the company acts as a PROCESSOR of personal data (core business<\/em>), means will be made available so that the respective CONTROLLER (client) may, within the legal deadlines, meet the requested demand. Moreover, under legal and contractual terms, in the eventual cases where the company must directly meet the request, it will maintain mechanisms so that such acts are duly carried out.<\/p>\n 3.5 Consent and other legal bases for the processing of personal data<\/strong><\/p>\n ROBBU TECNOLOGIA understands that, for the proper processing of personal data by means of consent, it must be carried out through a free, informed, and unequivocal manifestation by which the data subject agrees to the processing of their personal data for a specific purpose.<\/p>\n Therefore, in situations where the company is the CONTROLLER of personal data, systems and documents will be maintained that inform about the use of the data collected and demonstrate the proper consent, under the applicable legal terms.<\/p>\n In other cases, where the company is a PROCESSOR of personal data, it is the responsibility of the client (CONTROLLER of the personal data) to obtain and prove consent, or another legal act of processing authorization, when applicable, under the terms of the law.<\/p>\n In cases where the processing of personal data is carried out by means of other legal bases, ROBBU TECNOLOGIA must implement measures to record and demonstrate the respective legal requirements.<\/p>\n 3.6 Personal data security<\/strong><\/p>\n All employees, and involved third parties, are responsible for ensuring that any personal data processed by ROBBU TECNOLOGIA is kept securely and is not made available to third parties, unless that third party has been specifically authorized by the company, responsible CONTROLLER, or the data subject, to receive such information, as well as has previously entered into an appropriate confidentiality agreement.<\/p>\n All personal data must be accessible only to those who need to process it in some way, as well as granted through agreement with the access control policy. All personal data must be treated with the highest security and must be kept, among others:<\/p>\n in a locked room with controlled access; and\/or<\/p>\n<\/li>\n in a locked drawer or filing cabinet; and\/or<\/p>\n<\/li>\n if computerized, password-protected in accordance with corporate requirements in the access control policy; and\/or<\/p>\n<\/li>\n stored on computer media (including removable media) that are appropriate and protected in accordance with the Information Security Policy, as well as discarded in accordance with the Secure Digital Data Elimination Policy.<\/p>\n<\/li>\n<\/ul>\n Work routines must be observed in order to ensure that the screens and terminals of computers, notebooks, and similar devices are not visible to third parties, except for employees and other persons authorized by ROBBU TECNOLOGIA.<\/p>\n Records of personal data in physical support cannot be left where they may be accessed by unauthorized persons, nor can they be removed from the commercial facilities without the express authorization of the management, legal department, or any person responsible from the compliance<\/em> department. All printed or handwritten records must, after their proper use, be stored in a safe place or destroyed, in accordance with the rules and determinations of the compliance<\/em> area.<\/p>\n Personal data may only be deleted or eliminated in compliance with the record retention and deletion procedures, which are managed by the compliance<\/em> department.<\/p>\n The possible processing of personal data outside the commercial facilities of ROBBU TECNOLOGIA may present a potentially greater risk of loss, theft, or damage to such data. In such cases, if there is a need for such acts, the employee must request prior and express authorization from the management or the compliance<\/em> department, as well as follow the appropriate security rules.<\/p>\n 3.6.1 Essential security measures<\/em><\/p>\n Physical access control to the company’s facilities (such as: passwords, biometrics, and\/or keys);<\/p>\n<\/li>\n Access control to digital systems and\/or databases, including passwords and usage logs, among others;<\/p>\n<\/li>\n Use of updated digital security systems, such as licensed and regularly updated operating systems; antivirus software<\/em>; VPN software<\/em> and\/or firewalls<\/em>, among others to be determined by the Information Security team and the compliance<\/em> department;<\/p>\n<\/li>\n Use of encryption and\/or pseudonymization systems, under the terms studied and presented by the Information Security team and the compliance<\/em> department.<\/p>\n<\/li>\n Contracting third-party services, which includes storage and processing of data, in accordance with data protection legislation and the contents of this document, also considering the physical location of the servers and security measures made available.<\/p>\n<\/li>\n Training and review of work routines of employees, and third parties, aiming at the constant care and respect for the rules of Information Security and applicable legislation.<\/p>\n<\/li>\n<\/ul>\n 3.7 Retention and deletion of personal data<\/strong><\/p>\n ROBBU TECNOLOGIA shall not keep personal data in a manner that allows the identification of data subjects for a period longer than necessary, in relation to the purpose(s) for which the data was originally collected, in cases where it is CONTROLLER of such data. In situations where it acts as PROCESSOR of data on behalf of clients (CONTROLLERS), the term will be defined by them, respecting the legal and contractual terms.<\/p>\n The company may, occasionally, store personal data for longer periods in the cases provided for by Law, respecting its precepts and adopting the appropriate technical measures.<\/p>\n The retention period for each category of personal data will be defined by the company’s compliance<\/em> department, together with the criteria used to determine that period, including any statutory obligations that ROBBU TECNOLOGIA has in maintaining the data, also considering the provisions of the contract in cases where the company is the Processor of the data.<\/p>\n Personal Data must be securely eliminated, in accordance with the principles and terms provided for in applicable law, as well as in the contractual terms in cases of acting as Processor of the data, thus protecting the rights and freedoms of the data subjects. The company’s compliance<\/em> department will develop and maintain documented rules for these procedures.<\/p>\n 3.8 International transfer of personal data<\/strong><\/p>\n All occasional exports of Personal Data, involving the storage or any type of processing, to countries and\/or territories other than that of the collection and\/or residence of the data subject, will only be carried out under the terms of applicable legislation, and after the necessary proper adequacy.<\/p>\n Considering the market expansion plan, through group companies and\/or partner companies, to the European territory, it is emphasized that the determinations and safeguards provided for in the GDPR must be duly respected, so that personal data of data subjects residing in Europe may be processed by the company.<\/p>\n ROBBU TECNOLOGIA will only act as PROCESSOR of data on behalf of the CONTROLLERS of data of subjects located in European territory (clients who have used the services offered by the company).<\/p>\n ROBBU TECNOLOGIA must maintain contracts with services and servers within the European territory, in order to store and process data of data subjects located on that continent. Furthermore, given that the company’s technical team is located in Brazil, occasional access to the database containing personal data may occur, upon documented request of the client (CONTROLLER of the data) and\/or responsible partner company, in order to carry out the implementation of services\/data, as well as acts of adjustment, maintenance, or deletion of data. Additionally, unscheduled access may be carried out in order to resolve any technical problems or system updates.<\/p>\n The Compliance<\/em> department of ROBBU TECNOLOGIA will maintain updated instructions and control over all access to personal data of European data subjects, which must be mandatorily documented and previously authorized by this department.<\/p>\n ROBBU TECNOLOGIA, in compliance with the provisions of the GDPR, will adopt approved model contractual clauses for the transfer of data outside the EEA, with, under legal terms, an automatic recognition of adequacy.<\/p>\n 3.9 Records on personal data processing<\/strong><\/p>\n ROBBU TECNOLOGIA will establish and maintain a data inventory and a data flow process as part of its approach to addressing risks and opportunities throughout the Compliance<\/em> project regarding the protection of Personal Data. The documentation will be created, updated, and managed by the Compliance<\/em> department together with the Information Security team.<\/p>\n 4. POLICY COMPLIANCE<\/strong><\/p>\n ROBBU TECNOLOGIA is committed to always seeking the guarantee that this Global Personal Data Protection Policy is observed by all of its employees, group companies, partner companies, and other subcontractors.<\/p>\n 4.1 Effective date of compliance <\/strong><\/p>\n This policy becomes effective as of the date of its approval.<\/p>\n 4.2 Compliance measurement <\/strong><\/p>\n Compliance with this Policy will be verified, on an ongoing basis, by various means available, including reports from business tools, internal and external audits, and self-assessment and\/or feedback<\/em> to those responsible in the Compliance<\/em> area of the company.<\/p>\n ROBBU TECNOLOGIA will periodically verify whether this Global Personal Data Protection Policy remains in compliance with applicable data protection laws.<\/p>\n 4.3 Compliance exceptions<\/strong><\/p>\n Any exceptions to this Policy require written approval from the Compliance<\/em> department and the legal department of ROBBU TECNOLOGIA.<\/p>\n All records of exceptions must be archived in accordance with the ROBBU TECNOLOGIA records management process, which will be managed by the Compliance<\/em> department.<\/p>\n 4.4 Non-compliance<\/strong><\/p>\n All ROBBU TECNOLOGIA employees, and others involved with the processing of personal data, must always respect this Policy and applicable laws. Any deviations or non-compliance with this document, as well as disregard for applicable laws, including attempts to circumvent the policy and\/or the determined process, by manipulating or avoiding the process, the system, or the data, may result in disciplinary actions, including termination of the employment relationship, under legal terms.<\/p>\n Moreover, under the terms of applicable laws, such violations may result in administrative sanctions, penalties, claims for indemnification or injunctive relief and\/or other civil and\/or criminal actions.<\/p>\n 5. RELATED PROCESSES AND POLICIES<\/strong><\/p>\n Other documents, such as policies, manuals, and supplementary records may be created and managed by the Compliance<\/em> department, Information Security team, and\/or other departments of the company. Such documents must respect this Policy and other applicable legal determinations, as well as be made available to the parties involved with the referred procedure.<\/p>\n 6. DEFINITIONS<\/strong><\/p>\n The following terms and definitions have been used in this document:<\/p>\n Robbu Tecnologia \/ company:<\/em> company registered under the name ROBBU TECNOLOGIA DA INFORMA\u00c7\u00c3O LTDA, a limited liability company, registered with CNPJ\/MF under no. 26.400.981\/0001-58, with its head office at Avenida Ang\u00e9lica, no. 2546, room 151, Consola\u00e7\u00e3o, S\u00e3o Paulo\/SP, ZIP code 01228-200, and its subsidiaries of the business group and\/or partner companies.<\/p>\n Personal data:<\/em> Any information relating to an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.<\/p>\n Personal data provided by controllers \/ clients:<\/em> Personal data processed by Robbu Tecnologia on behalf of the data controller (platform client), under specific written determinations from the latter, under the terms of the data processing agreement. In these cases, Robbu Tecnologia acts as data processor, and the controlling party (client) must adopt all measures provided for by law for the collection and processing of data in relation to the respective data subject, under the terms and exceptions of applicable law.<\/p>\n Client:<\/em> means the legal entity or natural person that contracts the data processing services made available by Robbu Tecnologia (or through its group companies and\/or partner companies). The Client is responsible for the personal data collected and sent (and\/or registered) in the service provided, and is therefore the CONTROLLER of the personal data, under the terms of the LGPD and other applicable legislation.<\/p>\n Data Controller:<\/em> natural or legal person, of public or private law, to whom the decisions concerning the processing of personal data are incumbent.<\/p>\n Data Processor:<\/em> natural or legal person, of public or private law, who carries out the processing of personal data on behalf of the controller.<\/p>\n Robbu Tecnologia Employee:<\/em> A person who provides personal services to Robbu Tecnologia in exchange for payment, including outsourced employees and service providers, consultants, and interns.<\/p>\n Data Processing:<\/em> any operation carried out with personal data, such as those referring to collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation or control of information, modification, communication, transfer, dissemination, or extraction.<\/p>\n National Authority:<\/em> public administration body responsible for overseeing, implementing, and enforcing compliance with the Data Protection Law in the respective country involved.<\/p>\n LGPD:<\/em> Law 13.709\/2018 \u2013 Brazilian General Data Protection Law and other related rules.<\/p>\n GDPR:<\/em> European Data Protection Law – General Data Protection Regulation (EU\/2016\/679 of the European Parliament and of the Council, of April 27, 2016) and other related rules.<\/p>\n 7. UPDATES TO THIS POLICY<\/strong><\/p>\n ROBBU TECNOLOGIA may periodically review and revise data protection practices, policies, and procedures, including this Global Privacy and Personal Data Protection Policy. If any significant changes are made, ROBBU TECNOLOGIA shall:<\/p>\n A) Take reasonable steps to inform all ROBBU TECNOLOGIA group companies, employees, business partners, partner companies, clients (data controllers), and other data subjects affected by the changes; and<\/p>\n<\/li>\n B) Publish appropriate notices regarding the changes on the relevant websites \u2013 internal and external, as appropriate.<\/p>\n<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":" 1. PURPOSE ROBBU TECNOLOGIA is committed to protecting the Privacy and Personal Data of its employees, clients, business partners, and other identifiable natural persons, both in cases of direct and indirect Personal Data collection. Accordingly, ROBBU TECNOLOGIA has developed a Global Personal Data Protection Program to establish and maintain high standards for collecting and processing […]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"folder":[],"class_list":["post-5978","page","type-page","status-publish","hentry"],"yoast_head":"\n\n
\n
\n