Loading breadcrumb...

Global Privacy Policy

1. OBJECTIVE

SoftExpert Software S.A. (“SoftExpert” or “organization”) was founded on February 1, 1995, and is currently a leading company in the information technology sector, with the main objective of offering its clients software and services aimed at continuous improvement and optimization of their business processes, transforming operational excellence into a true competitive advantage.

SoftExpert's business is the commercialization of products and services for legal entities. However, in the performance of its functions, the organization may carry out activities characterized as processing personal data. During the execution of these operations, SoftExpert is committed to observing the basic security and privacy requirements defined by the General Data Protection Law (“LGPD”).

The privacy and security of personal data collected by SoftExpert are of enormous importance. For this reason, SoftExpert seeks, through this document, to demonstrate its commitment to the protection and privacy of personal data, covering topics such as data subjects' rights, data usage methods and types, legal bases legitimizing the processing, and means of contact for exercising rights and communication with SoftExpert.

2. SCOPE

This document is applicable to all data subjects whose personal data is processed by SoftExpert, including employees, clients, suppliers, business partners, and any other involved parties, in accordance with applicable data protection legislation.

3. REFERENCES

The following are the standards that this document adopts:

  • a) LGPD - General Data Protection Law.
  • b) NBR ISO27001 - Information security management systems - Requirements.

4. TERMS

For the purposes of this document, the following terms and definitions are adopted:

4.1 Data Subject

Natural person to whom the personal data being processed refers.

4.2 Controller

The natural or legal person, public or private, to whom the decisions regarding the processing of personal data belong. In other words, it is the entity responsible for decision-making related to the activity to be performed with personal data.

4.3 Processor

The natural or legal person, public or private, who processes personal data on behalf of the controller and in accordance with the purpose determined by them.

4.4 Personal Data

Any information or combination of information that can uniquely identify a data subject without ambiguity.

4.5 Sensitive Personal Data

Personal data related to racial or ethnic origin, religious beliefs, political opinions, union membership or membership in religious, philosophical, or political organizations, data concerning health or sex life, genetic or biometric data.

4.6 Data Protection Officer/DPO

The person responsible for acting as a communication channel between the Controller, data subjects, and the National Data Protection Authority, when the matter involves personal data.

4.7 Processing

Any activity that uses personal data in its execution, including but not limited to collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, deletion, and evaluation.

5. About This Policy

This Policy aims to:

  1. Ensure that individuals from whom SoftExpert collects information understand what personal data SoftExpert processes, the reasons for processing it, and whether their information is shared or not.
  2. Explain how SoftExpert uses the mentioned personal data.
  3. Explain that SoftExpert collects and processes data and how SoftExpert will protect this data.

SoftExpert hopes that this policy helps in understanding its commitment to the privacy of its clients and third parties from whom SoftExpert collects information.

6. Rights and preferences of individuals: SoftExpert provides users with options and control

As provided in applicable law and unless limited by it, the rights granted to individuals are as follows:

  1. Right to confirmation and access: The data subject has the right to verify if a certain organization processes their personal data. If so, they also have the right to access their own information.
  2. Right to correct incomplete, inaccurate, or outdated data: This is the right to request that SoftExpert corrects or updates personal data whenever it is incorrect or incomplete.
  3. Right to information deletion, where possible: The data subject has the right to request the deletion of their data, provided there is no legal basis justifying the retention of their information in the database.

It should also be clarified that the data subject may exercise their rights through written communication, specifying the right they wish to exercise, as well as requesting clarifications on any questions about processing. For this, they should send an email to privacy@softexpert.com. SoftExpert will respond to requests within the legal timeframe of 15 days, reserving the right to extend this period, provided it is justified.

7. How SoftExpert collects personal data

SoftExpert collects personal data in the following ways:

8. Personal data processed by SoftExpert

In carrying out SoftExpert's commercial activities, it may process personal data relating to individuals who interact, have interacted, or will interact with the organization, directly or indirectly, as well as personal data specifically related to clients, business partners, service providers, employees, and associates. Such personal data may be expanded depending on the specific case; however, SoftExpert primarily processes:

SoftExpert may, in certain situations, process personal data of children or adolescents, always linking this processing to the legal basis that makes it legitimate, as per LGPD. privacy@softexpert.com.

9. SoftExpert's role as Data Controller and/or Data Processor

Depending on the formalized legal relationship, SoftExpert may occupy the position of Controller or Processor of data, according to the concepts indicated in this document and in accordance with LGPD.

10. Legal basis for Personal Data Processing

LGPD establishes, in its article 7, the grounds that legitimize personal data processing, i.e., it lists situations that authorize the execution of activities considered data processing. The Law establishes that each process involving data processing must be based on at least one legal basis that authorizes the operation.