For the processing of personal data, this document aims to record the free, informed, and unequivocal expression by which the Data Subject consents to the processing of their personal data for a specific purpose, in accordance with applicable United States federal and state privacy laws, including, where applicable, the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and other relevant data protection regulations.
By accepting this document, the Data Subject consents and agrees that REW SERVICIOS DE INTERNET S.A., hereinafter referred to as “GENDO”, a privately held company, registered under CNPJ no. 08.824.442/0001-64, with its registered office at Avenida Engenheiro Armando de Arruda Pereira, 2937 – Sala 120, Jabaquara – São Paulo – SP – Brazil, email address:
sos@gendo.app, in its capacity as the Data Controller, may make decisions regarding the processing of the Data Subject’s personal data, data related to companies in which users operate, or data necessary for the use of the services offered by GENDO.
Such processing may include operations such as collection, recording, organization, structuring, use, access, reproduction, transmission, distribution, processing, filing, storage, deletion, evaluation, control of information, modification, communication, transfer, disclosure, or extraction of data.For the purposes of this document, the following definitions apply:
DATABASE
A structured set of personal data, established in one or more locations, in electronic or physical form.
DATA SUBJECT
A natural person to whom the personal data subject to processing relates.
DATA CONTROLLER
A natural or legal person who determines the purposes and means of processing personal data.
DATA PROCESSOR
A natural or legal person who processes personal data on behalf of the Data Controller.
PERSONAL DATA
Any information relating to an identified or identifiable natural person.
ANONYMIZED DATA
Data that cannot be associated with an identified or identifiable person using reasonable technical means.
PROCESSING
Any operation or set of operations performed on personal data.
ANONYMIZATION
The process by which data loses the possibility of association, directly or indirectly, with an individual.
CONSENT
A free, informed, and unequivocal indication by which the Data Subject agrees to the processing of their personal data for a specific purpose.
PURPOSE
A legitimate, specific, and explicit objective for processing personal data.
PROCESSING LIMITATION
The temporary restriction of the processing of personal data.
DELETION
The removal of stored personal data.
SUPERVISORY AUTHORITY
The competent authority responsible for overseeing compliance with applicable data protection laws in the United States.
PERSONAL DATAThe Data Controller is authorized to process the following personal data of the Data Subject:
Full name.
Date of birth.
Identification document number and image.
Tax identification number.
Driver’s license number and image.
Passport-style photograph.
Marital status.
Education or level of education.
Full address.
Telephone numbers, WhatsApp number, and email addresses.
Banking details, including bank name, branch, and account number.
Credit card details, including brand, number, expiration date, and security code.
Username and password for accessing services.
Verbal and written communications between the Data Subject and the Data Controller.
PURPOSES OF DATA PROCESSING
The processing of personal data serves the following purposes:
To identify and contact the Data Subject for business and commercial relationship purposes.
To prepare contracts and issue billing or charges.
To provide products and services, whether free of charge or paid.
To structure, test, promote, and advertise products and services, whether personalized or not.
DATA SHARING
The Data Controller is authorized to share the Data Subject’s personal data with other data processing agents when necessary to achieve the purposes described above, in accordance with applicable laws and safeguards.
DATA SECURITY
The Data Controller adopts appropriate technical and organizational measures to protect personal data against unauthorized access, loss, alteration, disclosure, or unlawful processing.In the event of a security incident that may pose a material risk to the Data Subject, the Data Subject and the competent authority will be notified in accordance with applicable law.
DATA RETENTION AND TERMINATION
Personal data will be processed for as long as necessary to fulfill the purposes described in this document.Once such purposes have been achieved, personal data may be retained for a maximum period of five years, provided there is a lawful basis for retention.Anonymized data may be retained indefinitely.
The Data Subject may request the deletion of their non-anonymized personal data at any time by contacting the Data Controller via email or written correspondence. The Data Subject acknowledges that deletion of personal data may make it impossible to continue providing certain services.
DATA SUBJECT RIGHTS
The Data Subject may exercise the following rights at any time, as applicable under United States law:
Confirmation of whether personal data is being processed.
Access to their personal data.
Correction of inaccurate or incomplete data.
Deletion of personal data, where applicable.
Restriction of processing.
Data portability, where applicable.
Information about third parties with whom data has been shared.
Information about the option not to provide consent and the consequences thereof.
Withdrawal of consent at any time.
WITHDRAWAL OF CONSENT
This consent may be withdrawn by the Data Subject at any time by submitting a request via email or written correspondence to the Data Controller, without affecting the lawfulness of processing carried out prior to the withdrawal.
