Loading breadcrumb...

Global Privacy Policy

1. OBJECTIVE

SoftExpert Software S.A. (“SoftExpert” or “organization”) was founded on February 1, 1995, and is currently a leading company in the information technology sector, with the main objective of offering its clients software and services aimed at continuous improvement and optimization of their business processes, transforming operational excellence into a true competitive advantage.

SoftExpert's business is the commercialization of products and services for legal entities. However, in the performance of its functions, the organization may carry out activities characterized as processing personal data. During the execution of these operations, SoftExpert is committed to observing the basic security and privacy requirements defined by the General Data Protection Law (“LGPD”).

The privacy and security of personal data collected by SoftExpert are of enormous importance. For this reason, SoftExpert seeks, through this document, to demonstrate its commitment to the protection and privacy of personal data, covering topics such as data subjects' rights, data usage methods and types, legal bases legitimizing the processing, and means of contact for exercising rights and communication with SoftExpert.

2. SCOPE

This document is applicable to all data subjects whose personal data is processed by SoftExpert, including employees, clients, suppliers, business partners, and any other involved parties, in accordance with applicable data protection legislation.

3. REFERENCES

The following are the standards that this document adopts:

  • a) LGPD - General Data Protection Law.
  • b) NBR ISO27001 - Information security management systems - Requirements.

4. TERMS

For the purposes of this document, the following terms and definitions are adopted:

4.1 Data Subject

Natural person to whom the personal data being processed refers.

4.2 Controller

The natural or legal person, public or private, to whom the decisions regarding the processing of personal data belong. In other words, it is the entity responsible for decision-making related to the activity to be performed with personal data.

4.3 Processor

The natural or legal person, public or private, who processes personal data on behalf of the controller and in accordance with the purpose determined by them.

4.4 Personal Data

Any information or combination of information that can uniquely identify a data subject without ambiguity.

4.5 Sensitive Personal Data

Personal data related to racial or ethnic origin, religious beliefs, political opinions, union membership or membership in religious, philosophical, or political organizations, data concerning health or sex life, genetic or biometric data.

4.6 Data Protection Officer/DPO

The person responsible for acting as a communication channel between the Controller, data subjects, and the National Data Protection Authority, when the matter involves personal data.

4.7 Processing

Any activity that uses personal data in its execution, including but not limited to collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, deletion, and evaluation.

5. About This Policy

This Policy aims to:

  1. Ensure that individuals from whom SoftExpert collects information understand what personal data SoftExpert processes, the reasons for processing it, and whether their information is shared or not.
  2. Explain how SoftExpert uses the mentioned personal data.
  3. Explain that SoftExpert collects and processes data and how SoftExpert will protect this data.

SoftExpert hopes that this policy helps in understanding its commitment to the privacy of its clients and third parties from whom SoftExpert collects information.

6. Rights and preferences of individuals: SoftExpert provides users with options and control

As provided in applicable law and unless limited by it, the rights granted to individuals are as follows:

  1. Right to confirmation and access: The data subject has the right to verify if a certain organization processes their personal data. If so, they also have the right to access their own information.
  2. Right to correct incomplete, inaccurate, or outdated data: This is the right to request that SoftExpert corrects or updates personal data whenever it is incorrect or incomplete.
  3. Right to information deletion, where possible: The data subject has the right to request the deletion of their data, provided there is no legal basis justifying the retention of their information in the database.

It should also be clarified that the data subject may exercise their rights through written communication, specifying the right they wish to exercise, as well as requesting clarifications on any questions about processing. For this, they should send an email to dpo@softexpert.com. SoftExpert will respond to requests within the legal timeframe of 15 days, reserving the right to extend this period, provided it is justified.

7. How SoftExpert collects personal data

SoftExpert collects personal data in the following ways:

8. Personal data processed by SoftExpert

In carrying out SoftExpert's commercial activities, it may process personal data relating to individuals who interact, have interacted, or will interact with the organization, directly or indirectly, as well as personal data specifically related to clients, business partners, service providers, employees, and associates. Such personal data may be expanded depending on the specific case; however, SoftExpert primarily processes:

SoftExpert may, in certain situations, process personal data of children or adolescents, always linking this processing to the legal basis that makes it legitimate, as per LGPD. dpo@softexpert.com.

9. SoftExpert's role as Data Controller and/or Data Processor

Depending on the formalized legal relationship, SoftExpert may occupy the position of Controller or Processor of data, according to the concepts indicated in this document and in accordance with LGPD.

10. Legal basis for Personal Data Processing

LGPD establishes, in its article 7, the grounds that legitimize personal data processing, i.e., it lists situations that authorize the execution of activities considered data processing. The Law establishes that each process involving data processing must be based on at least one legal basis that authorizes the operation.

11. International Data Transfers

SoftExpert processes personal information within national territory and in countries with similar and equivalent legislation. In this regard, when SoftExpert performs cross-border data processing, it safeguards data subjects' rights and adopts technical and organizational measures capable of protecting data subjects' personal data.

Additionally, SoftExpert may share personal data to assist in fraud investigations and prevention, where requests from corresponding authorities are compatible with legal, regulatory, or applicable legal process requirements.

12. Data Retention and Disposal

SoftExpert may retain personal data collected for as long as necessary to provide the services it makes available to its clients and for legitimate and essential commercial purposes, such as to maintain the performance of its software, make business decisions regarding features and offerings based on data, meet legal obligations, and resolve disputes.

Once the intended purpose is met, such information may be discarded unless another legal basis justifies the retention of this information.

13. Personal Data Security

SoftExpert is committed to adopting the necessary technical and organizational measures to protect personal data it processes, ensuring it is safeguarded against unauthorized access, destruction, loss, alteration, improper communication, or unauthorized disclosure. Although we strive to maintain a high level of security, it is important to emphasize that no system is completely immune to risks.

To ensure adequate protection, SoftExpert uses solutions that follow the best technical practices available in the market, considering implementation costs, the nature and context of data processing, specific purposes, and risks associated with data subjects' rights and freedoms.

SoftExpert also holds ISO 27001:2022 certification, attesting to the existence of an Information Security Management System (ISMS). This system includes policies, procedures, and processes that guide the protection of information confidentiality, integrity, and availability. As part of this commitment, internal and external audits are periodically conducted by certification bodies, ensuring continuous improvement and compliance with high-security standards.

In addition, SoftExpert commits to promptly notify data subjects in the event of a security incident that could pose risks or cause significant harm to their rights and freedoms, adopting all necessary corrective measures.

It is worth noting that, under the General Data Protection Law (LGPD), SoftExpert cannot be held responsible for events exclusively caused by third parties or by the data subject.

Finally, SoftExpert ensures that personal data under its management is processed based on the principles of confidentiality, integrity, and availability, in accordance with legal requirements and information security standards.

14. Data Protection Officer (DPO)

The figure of the Data Protection Officer, also known as the DPO, is the person appointed by the Controller to act as a communication channel between the Controller, data subjects, and the ANPD.

The Substitute Data Protection Officer (DPO) at SoftExpert is Daniele da Silva Novaes, who can be contacted at dpo@softexpert.com.

15. How to contact us

If you have any questions about this document or how personal data is handled by the organization, you can contact us through the following means:

  1. Controller/Processor: SoftExpert Software S.A.
  2. Phone: +55 (47) 2101-9900
  3. Data Protection Officer (DPO): dpo@softexpert.com