This Policy aims to demonstrate the commitment of
Avenida Chedid Jafet, 222, Bloco B, 5º andar, Bairro Vila Olímpia, in the city and state of São Paulo
Corporate Taxpayer’s ID (CNPJ): 02.846.056/0001-97
with the privacy and protection of your Data, in addition to establishing the rules on the Treatment of your Personal Data, within the scope of the services and functionalities of www.ccr.com.br ("www.ccr.com.br"), in accordance with the laws in force, with transparency and clarity with You and the market in general.
As a condition for the access and use of the exclusive functionalities at www.ccr.com.br, You declare that You have read this Policy fully and carefully, being fully aware, thus granting Your free and express agreement with the terms stipulated herein, including the collection of the Data mentioned herein, as well as its use for the purposes specified below. If You do not agree with the provisions of this Policy, You may terminate Your access or use of www.ccr.com.br.
2.1. How we collect Data. Data, including Personal Data, may be collected when You submit it or when You interact with the www.ccr.com.br and services, that includes:
What do we collect?
Why do we collect for?
(i) Identifying You.
(ii) To comply with the obligations arising from the use of our services.
(iii) To expand our relationship, inform you about news, features, content, news and other events that we consider relevant to you.
(iv) To enhance your experience with us and promote our products and services.
(v) To comply with our legal and regulatory obligations.
Digital Identification Data
IP Address and Logical Source Port
(i) Identifying You.
(ii) To comply with legal obligations of record maintenance established by the Civil Landmark of the Internet - Law 12,965/2014.
(iii) To comply with our legal and regulatory obligations.
Device (operating system version)
Registers of date, time and each action that You perform
Which screens have you accessed
2.2. Required data. Most of our services depend directly on some Data informed in the chart above, mainly Registration Data. If you choose not to provide some of this Data, we may be unable to provide all or part of our services to You.
2.3. Data Update and Accuracy. You are solely responsible for the accuracy, reliability or lack of it in relation to the Data you provide or for its out-date. Be aware that it is your responsibility to ensure accuracy or keep them updated.
2.3.1. Likewise, We are not be under any obligation to process or handle any of your Data if there is reason to believe that such processing or handling may attribute to CCR S.A. any violation of any applicable law or if you are using www.ccr.com.br for any unlawful, illicit, or unethical purpose.
2.4. Data base. The database constituted through the collection of Data is our property and is under our responsibility, and its use, access and sharing, when necessary, will be done within the limits and purposes of the business described in this Policy.
2.5. Technologies used. We use the following technology(s):
(i) Functionality Cookies, it is up to you to configure your Internet browser if you want to block them. In this case, some features we offer may be limited.
2.5.1. All technologies used will always respect the current legislation and the terms of this Policy.
3.1. Data sharing assumptions. Data collected and recorded activities may be shared:
(i) Along with appropriate judicial, administrative or governmental authorities, whenever there is a legal determination, request, requisition or judicial order;
(ii) When necessary to the commercial activities and services provided by Us through the www.ccr.com.br;
(iii) Automatically, in case of corporate transactions, such as mergers, acquisitions and incorporations.
3.2. Data Anonymization. For the purposes of market intelligence research, disclosure of data to the press and advertising, the data provided by You will be shared anonymously, that is, in a way that does not allow its identification.
4.1. Measures that you should take. It is very important that you protect your Data from unauthorized access to your computer, account, or password, and make sure to always click "exit" when you exit from a shared computer. It is also very important that you know that we will never send electronic messages requesting data confirmation or with attachments that can be executed (extensions: exe, .com, among others) or even links for eventual downloads.
4.2. Access to Personal Data, proportionality and relevance. Internally, the Personal Data collected are only accessed by properly authorized professionals, respecting the principles of proportionality, necessity and relevance to the objectives of our business, in addition to the commitment to confidentiality and preservation of your privacy under this Policy.
4.3. External links. When you use www.ccr.com.br, you may be conducted, via link to other portals or platforms, which may collect your information and have their own Data Processing Policy.
4.3.1. You are responsible for reading the Privacy and Data Processing Policies of such platforms or portals outside our environment and it is your responsibility to accept or reject it. We are not responsible for the privacy and data processing policies of third parties and the content of any websites content or services linked to environments other than ours.
4.3.2. Third-Party Services. We have business partners that can eventually offer services through features or websites that can be accessed from www.ccr.com.br. The Data You provide to these partners will be the responsibility of these partners, thus being subject to their own data collection and use practices.
4.4. Third party processing under our guidelines. In case third party companies perform the Treatment on our behalf of any Personal Data we collect, they will respect the conditions here stipulated and the information security rules, mandatorily.
4.5. E-mail communication. To optimize and improve our communication, when we send an email to You we can receive a notification when they are opened, provided this possibility is available. It is important that you be aware because e-mails are sent only by the domain: @grupoccr.com.br.
5.1. The Personal Data collected and the activity records are stored in a safe and controlled environment for a minimum period that follows the table below:
5 years after the termination of the association
Article 12 and 34 of Brazilian Consumer Defense Code
Digital Identification Data
Article 15 of Civil Landmark of the Internet
For the duration of the association and no request for deletion or revocation of consent
Article 9, Item II of the General Data Protection Regulation
5.2. Higher storage times. For auditing, security, fraud control, credit protection and preservation of rights purposes, we may keep your Data registration history for a longer period of time in the event that the law or regulatory standard so establishes or for preservation of rights.
6.1. Your Basic Rights. You may request our Personal Data Officer to confirm the existence of the processing of Personal Data, in addition to the exhibition or amendment of your Personal Data, through our Communication Channels.
6.2. Data limitation, opposition and exclusion. Through the Communication Channels, You may also apply:
(i) The use restriction of your Personal Data;
(ii) Express your opposition and/or revoke consent to the use of your Personal Data; or
(iii) Request the exclusion of your Personal Data that has been collected by Us.
6.2.1. If You request the exclusion of your Personal Data or withdraw your consent for purposes fundamental to the regular operation of www.ccr.com.br and services, such environments and services may be unavailable to You.
6.2.2. In case you request the deletion of your Personal Data, it may occur that the Data need to be kept for a period longer than the request for deletion, according to article 16 of the General Data Protection Regulation, in order to (i) fulfill a legal or regulatory obligation, (ii) study by a research organization, and (iii) transfer to a third party (respecting the data process). In all cases by anonymizing the Personal Data, as long as possible.
6.2.3. Once the maintenance period and the legal requirement have expired, the Personal Data will be deleted using safe disposal methods or used anonymously for statistical purposes.
7.1. Amendment of the content and updating. You hereby agree that we have the right to change the content of this Policy at any time, for any purpose or need, as appropriate and in accordance with the law or any rule that has equivalent legal force, and it is your responsibility to check it whenever you access www.ccr.com.br or use our services.
7.1.1. If there are updates to this document that require further collection of consent, You will be notified through the contact channels You inform.
7.2. Non-applicability. Should any part of this Policy be deemed inapplicable by a Data Authority or court, the remaining conditions will remain in full force and effect.
7.3. Electronic Communication. You understand that any communication made by e-mail (to the addresses informed in your registration), SMS, instant communication applications or any other digital form, are also valid, effective and sufficient for the disclosure of any matter that refers to the services we provide, your Data, as well as the conditions of its provision or any other subject addressed therein, being the exception only that this Policy provides as such.
(i) Communication Channels. In case of any doubt regarding the provisions of this Privacy and Data Processing Policy, you may contact through the Communication Channel E-mail: email@example.com.
7.4. Applicable law and jurisdiction. This Policy will be interpreted according to the Brazilian legislation, in the Portuguese language, being elected the forum of its domicile to settle any controversy that involves this document, except for specific reservation of personal, territorial or functional competence by the applicable legislation.
7.4.1. If You do not reside in Brazil, and because of the services offered by Us only in the national territory, you submit yourself to the Brazilian legislation, agreeing, therefore, that in case of litigation to be resolved, the lawsuit should be proposed in the Courts of São Paulo - SP.
8.1. For the purposes of this Policy, the following definitions and descriptions should be considered for your best understanding:
(i) Data: Any information inserted, processed or transmitted through the www.ccr.com.br.
(ii) Personal Information: Data related to an identified or identifiable individual.
(iii) Anonymization: Use of reasonable and available technical means at the time of the Treatment, by which a data loses the possibility of association, directly or indirectly, to an individual.
(iv) In charge (Data Protection Officer -DPO): Person designated by Us to act as a communication channel between the controller, the data owners and the National Data Protection Authority (ANPD).
(v) Cloud Computing: Or cloud computing, is service virtualization technology built from the interconnection of more than one server via a common information network (e.g. the Internet), aiming to reduce costs and increase the availability of sustained services.
(vi) www.ccr.com.br: Assigns the electronic address [•] and its subdomains.
(vii) Cookies: Some small files sent by www.ccr.com.br, saved on your devices, which store the preferences and few other information, in order to customize your navigation according to your profile.
(viii) IP: Abbreviation for Internet Protocol; It is an alphanumeric combination that identifies users' devices on the Internet;
(ix) Logs: Activities registers of any users who use www.ccr.com.br.
(x) Decisions only automated: These are decisions that affect a user that have been programmed to operate automatically, without the need for a human operation, based on automated processing of personal data.
(xi) Treatment: Every activity executed with Personal Data, such as the collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, filing, storage, deletion, evaluation or control of information, modification, communication, transfer, dissemination or extraction.