DATA PROTECTION AND PRIVACY POLICY
Versão 2nd
September 21, 2022
CMA Consultoria, Métodos, Assessoria e Mercantil S/A (“CMA”), registered at cnpj under no. 43.819.978/0001-92, registered in the City of São Paulo, State of São Paulo, at Rua Prof. Filadelfo Azevedo, nº 712, Bairro Vl. Nova Conceição, CEP 04508-011 and, other business units, “CMA Mercados”, “Agência CMA” and “SAFRAS & Mercado”, privacy and protection of your personal data. For this reason, the Privacy Policy has been developed to inform you about the collection, use, sharing and, in general, how we treat your personal data under the General Law on the Protection of Personal Data (Law No. 13,709/18, “LGPD”).
We encourage you to read this document in its entirety, because by expressing your acceptance of this Policy you agree to its conditions.
This policy provides:
– Consent for the processing of sensitive personal data
This Privacy Policy is not limited to individuals who receive our services, that is, it extends to customers, legal guardians, service providers, interested third parties and other persons in which they somehow relate to the company, when they, their information and personal data to CMA.
This Privacy Policy establishes terms for the collection, processing and use of sensitive information from customers and other persons accessing the websites of CMA Mercados (https://www.cma.com.br/), Agencia CMA (https://www.agenciacma.com.br/) and SAFRAS & Mercado (http://www.safras.com.br/) or any other means of digital communication, including their respective social networks and landing pages.
Whenever there is mention of the terms “CMA”, “we” or “our”, we are referring to every CMA group; similarly, whenever there is mention of the terms “you”, “your”, “your”, we are referring to the Data Subject.
The practices described in this Privacy Policy only apply to the processing of your personal data in Brazil and are subject to applicable local laws, with emphasis on Law No. 13,709/2018 (General Law for the Protection of Personal Data, or “LGPD”).
Considering that there are some technical terms of the LGPD, as well as for you to better understand this policy, the same terms and definitions set out in Article 5 of the LGPD will apply. If you have any questions about the terms used in this policy, we suggest consulting the table below:
TERMS | DEFINITIONS |
Personal | Any information related to the natural person, directly or indirectly, identified or identifiable. |
Sensitive personal | Special category of personal data relating to racial or ethnic origin, religious belief, political opinion, membership of a trade union or religious, philosophical or political organization relating to health or sexual life, genetic or biometric data relating to the natural person |
Data Subject | Natural person to whom personal data refer, such as former, present or potential customers, employees, contractors, business partners and third parties. |
Controller | Legal entity of public or private law, to whom the decisions relating to the Processing of Personal Data are responsible. |
Operator | Legal entity under public or private law, which performs the Processing of Personal Data on behalf of the controller. |
Incumbent | Person appointed by the Controller and Operator to act as a communication channel between the Controller, the Data Subjects, and the National Data Protection Authority (ANPD) |
Assent | Free, informed, and unambiguous manifestation by which the Holder and/or Legal Guardian agrees to the processing of personal data for a specific purpose. |
Treatment | Every operation carried out with personal data, such as those referred to: the collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, deletion, evaluation or control of information, modification, communication, transfer, dissemination, or extraction. |
Anonymization | Process by which the data loses the possibility of association, directly or indirectly, with an individual, considered the reasonable technical means available at the time of treatment. |
Personal data will be collected as described below, but not limited to such activities. In this way, we clarify that this Privacy Policy extends to other forms of collection of personal data that allow the provision and/or improvement of our services.
2.1 OF THE COLLECTED DATA
CATEGORY | INFORMATION | PURPOSE |
PERSONAL DATA |
Full name; Email addresses; DDD and telephones; Profiles on social networks; Profession; Company and market segment in which he works; Professional subjects/topics of interest; Date of birth; |
It is used to identify and confirm identity for the purposes of: offering news, newsletters, newsletters, market information and demonstrations of CMA services to interested parties; assistance and clarification of doubts, warnings, conference and compliance with legal and regulatory requirements to the authorities; marketing; market research; prevention and resolution of technical problems; |
DIGITAL PERSONAL DATA |
IP address of the mobile device used to access CMA services; Interactions performed and site usage profile; Technical data, such as URL, network connection, provider, and device information; Cookies; Device attributes, such as ID, operating system, browser, and model. I. Customer service history; History of access and use of products and services; |
They are used for identification and confirmation of identity, to optimize and / or customize service, support, user experience and sale of products. |
Data collection and/or receipts occur when:
CMA stresses the importance of providing personal data and that they are essential for the provision/performance of our services. The processing of personal data is a condition for the use of our services, but we guarantee that the collection of this data is restricted to the minimum necessary.
We emphasize compliance with the General Data Protection Law – Law 13.709/2018 (“LGPD”) and ensure that the provision of our services is based on confidentiality and confidentiality.
The LGPD establishes legal bases for the processing of data, that is, different situations in which we are allowed to process personal data without the need for the consent of the holder.
By opting for one of our services and/or platforms, we may collect and process your data without your consent (provided there is a legal basis provided for in the LGPD that authorizes us), for purposes such as: performance of contract, compliance with legal and/or regulatory obligations and legitimate interest.
If consent is legally necessary for the processing of personal data, we will expressly request that the data subject may withdraw his consent at any time, since this right does not compromise the lawfulness of the processing carried out based on prior consent and does not harm the same house is mandatory.
To revoke your consent, you can contact us through our official communication channel: privacidade@cma.com.br
Sensitive personal data is information that refers to racial or ethnic origin, religious belief, political opinion, union membership or the organization of religious, philosophical, or political car, given to the health or sexual life, genetic or biometric data of an individual.
When used to process sensitive data, in addition to complying with the other rules set out in this Policy, consent shall:
CMA does not sell or even sell personal data. The information collected and/or received may be shared with internal departments; partner companies; companies of the same group; judicial, administrative and/or governmental authorities whenever there is legal determination; audit companies, when the audit is carried out in CMA’s operations; compliance with legal or regulatory obligations.
The personal data collected is stored in a secure environment. For this, CMA uses on-site servers, as well as in environments with cloud computing resources or servers that require transmission and/or processing outside Brazil. These transfers occur only with companies that demonstrate compliance with applicable laws and maintain the level of compliance with that required by Brazilian law.
CMA will keep its data, mainly, but not limited to, for the time required to comply with legal and regulatory obligations, as well as for the period necessary for us to eventually exercise guaranteed rights, including before the Judiciary.
We know that it is not possible to guarantee 100% the security of information, but, thinking of minimizing risks and providing greater security, our performance takes place in line with best practices, technical and administrative, able to protect your Personal Data from unauthorized access, accidental and unlawful situations of destruction, loss, alteration, communication or any other form of improper or unlawful treatment, from the design of our platform to its respective execution. To this end, we use and apply the standards and good practices adopted internationally, such as: Continuous monitoring of the environment; Continuous analysis and testing of information security in our systems, made by internal and external teams; periodic audits, as well as the establishment of an Information Security and Data Privacy Committee (CSIPD), and a Governance, Risk and Compliance (GRC) team.
From the entry into force of the LGPD, you, as the holder of personal data, may exercise your rights before the controllers of your personal data. We detail below so that you understand clearly and transparently how to exercise your rights and our team will be ready to fulfill any requests.
We process your personal data, even if such processing is, among other things, the storage of personal data in a safe and controlled environment. You may ask us to confirm that we process your personal data.
You may request that we provide and provide the personal data we hold in relation to you.
If you find that your personal data is incomplete, inaccurate, or outdated, you may request correction or supplementation. To do this you will need to send a document that proves the correct and current form of the personal data. It is important that your data is always up to date so that there are no errors or defects in our relationship.
If any personal data is treated in an unnecessary manner, in excess for the purpose for which it is intended or in non-compliance with the LGPD, you may request CMA to anonymize, block or delete this data, provided that the excess, lack of necessity or non-compliance with the law is effectively found.
If you have given consent to the processing of your personal data for specific purposes (and not necessary for the provision of our services or delivery of our products), you may request the deletion of such personal data.
You may request which third parties we share with or from whom we receive your personal data.
If your consent is necessary for a particular company activity, you may ask that you be informed of whether it is possible to perform this activity without your consent to the processing of your personal data, or what are the consequences of not providing consent for this case.
If you have given your consent to the processing of your personal data, you may request the revocation of this consent. Revocation of consent may result in the unfeasibility of our agreement but does not prevent the use of (i) anonymized data; and (ii) data whose processing is based on another legal hypothesis provided for in the LGPD.
To exercise any of these rights we ask that you contact us at “privacidade@cma.com.br” and in order to affect your rights, we may ask for proof of your identity as a security, authentication and fraud prevention measure.
Privacy and Data Protection Incidents will be reported through the company’s official website (www.cma.com.br).
This document may be changed at any time as understood by CMA. To maintain the transparency of the information, every time this document undertakes any change, it will be validated and will be in full force, starting from:
If after reading this Privacy Policy there are still doubts or for any reason you need to communicate with us for matters involving your personal data, you can contact our Data Processing Officer:
E-mail: privacidade@cma.com.br
We hope we have helped you better understand how we treat your data and are on hand to clarify doubts and continue with a healthy and transparent work!
