For the processing of personal data, this document aims to record the free, informed, and unequivocal manifestation by which the Data Subject agrees to the processing of their personal data for a specific purpose, in accordance with applicable United States federal and state data protection and privacy laws.
By accepting this term, the Data Subject consents and agrees that REW SERVICIOS DE INTERNET S.A., operating under the name “GENDO”, a privately held company registered under CNPJ no. 08.824.442/0001-64, with headquarters at Avenida Engenheiro Armando de Arruda Pereira, 2937 - Sala 120, Jabaquara – São Paulo – SP – Brazil, email:
sos@gendo.app, hereinafter referred to as the Data Controller, may make decisions regarding the processing of their personal data, data related to companies in which users operate, or data necessary for the use of services offered by GENDO.
Such processing may include operations such as collection, production, receipt, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, deletion, evaluation, control of information, modification, communication, transfer, disclosure, or extraction.
For the purposes of this document, the following definitions apply:
DATABASE
A structured set of personal data, established in one or more locations, in electronic or physical form.
DATA SUBJECT
A natural person to whom the personal data subject to processing relates.
DATA CONTROLLER
A natural or legal person responsible for decisions regarding the processing of personal data.
DATA PROCESSOR
A natural or legal person who processes personal data on behalf of the Data Controller.
PERSONAL DATA
Any information relating to an identified or identifiable natural person.
ANONYMIZED DATA
Data that cannot be associated with an identified or identifiable individual using reasonable and available technical means.
PROCESSING
Any operation performed with personal data.
ANONYMIZATION
The use of reasonable and available technical means through which data loses the possibility of association, directly or indirectly, with an individual.
CONSENT
A free, informed, and unequivocal manifestation by which the Data Subject agrees to the processing of their personal data for a specific purpose.
PURPOSE
The processing of data for legitimate, specific, and explicit purposes informed to the Data Subject.
RESTRICTION
The temporary suspension of any processing operation through the retention of personal data or databases.
DELETION
The removal of data or a set of data stored in a database, regardless of the method used.
SUPERVISORY AUTHORITY
The competent public authority responsible for overseeing compliance with applicable data protection laws.
PERSONAL DATA
The Data Controller is authorized to make decisions regarding and to process the following personal data of the Data Subject:
Full name.
Date of birth.
Identification document number and image.
Tax identification number.
Driver’s license number and image.
Passport-style photograph.
Marital status.
Level of education.
Full address.
Telephone numbers, WhatsApp number, and email addresses.
Bank name, branch, and bank account number.
Credit card brand, number, expiration date, and security code.
Username and password used to access the services.
Verbal and written communications between the Data Subject and the Data Controller.
PURPOSES OF DATA PROCESSING
The processing of the personal data listed in this document serves the following purposes:
To enable the Data Controller to identify and contact the Data Subject for business relationship purposes.
To enable the Data Controller to prepare commercial contracts and issue billing or charges.
To enable the Data Controller to provide products and services, whether paid or free of charge.
To enable the Data Controller to structure, test, promote, and advertise products and services, whether personalized or not.
DATA SHARING
The Data Controller is authorized to share the Data Subject’s personal data with other data processing agents when necessary to achieve the purposes described in this document, in accordance with applicable laws and safeguards.
DATA SECURITY
The Data Controller is responsible for maintaining technical and administrative security measures designed to protect personal data against unauthorized access and against accidental or unlawful destruction, loss, alteration, disclosure, or improper processing.In the event of a security incident that may result in a material risk or damage to the Data Subject, the Data Controller will notify the Data Subject and the competent authority, as required by applicable law.
DATA RETENTION AND TERMINATION
The Data Controller may retain and process the Data Subject’s personal data for as long as necessary to achieve the purposes described in this document.After such purposes have been fulfilled, the Data Subject’s data may remain stored for a period of up to five years for future business communications or outreach, provided there is a lawful basis for such retention.Anonymized personal data, with no possibility of association with an individual, may be retained indefinitely.
The Data Subject may request, at any time, the deletion of their non-anonymized personal data by contacting the Data Controller via email or written correspondence. The Data Subject acknowledges that deletion of personal data may make it impossible for the Data Controller to continue providing certain products or services.
DATA SUBJECT RIGHTS
The Data Subject has the right to obtain from the Data Controller, at any time and upon request:
Confirmation of whether personal data is being processed.
Access to their personal data.
Correction of incomplete, inaccurate, or outdated data.
Deletion or restriction of data that is unnecessary, excessive, or processed in violation of applicable law.
Data portability, where applicable.
Information about public and private entities with which data has been shared.
Information about the possibility of refusing consent and the consequences thereof.
Withdrawal of consent at any time.
WITHDRAWAL OF CONSENT
This consent may be withdrawn by the Data Subject at any time by submitting a request via email or written correspondence to the Data Controller, without affecting the lawfulness of processing carried out prior to the withdrawal.
