PRIVACY POLICY

CSI Tech Informática Ltda ("CSI Tech") treats privacy with the utmost seriousness. In this Privacy Policy ("Policy"), we outline the practices related to the use, storage, sharing and protection of personal data obtained through the use of our services and solutions, globally referred to as "Services", and during the visit to our websites. In addition, we clarify how data subjects can exercise the rights granted by applicable law.

The personal information we collect varies depending on the context of your interactions with CSI Tech. To make it clearer, we have outlined in this Policy how we process the data of (i) CSI Tech customers ("Customers"), customers ("Consumers") and users of our websites ("Users"), collectively referred to as ("Holders" or "you").

There may be specific Privacy Policies applicable to certain products and services we offer. For detailed information about our privacy practices related to a specific product or service, we recommend that you visit the web page dedicated to that product or service.

1. Who we are:

CSI Tech presents a set of digital solutions and Software as a Service, incorporating web technologies from version 1.0 to version 3.0 (Blockchain), adapted for companies of all sizes and maturity levels. We operate in several areas, including On-Premises (local) and Cloud Computer Network Infrastructure, Data Security, VoIP Telephony, among others. Find out more about our services at: www.csitech.com.br.

2. Important Settings:

• General Data Protection Law (LGPD): Federal Law No. 13,709, promulgated on August 14, 2018, regulates the practices of Personal Data Processing, including in digital media, by natural or legal persons, whether public or private law. The purpose of this legislation is to safeguard the fundamental rights to freedom, privacy and the free development of the personality of the natural person.
  
  
  
• Treatment Agents: These are responsible for the Processing of Personal Data, divided into two categories: Controller and Operator. The Controller represents the natural or legal person responsible for decisions related to the Processing of Personal Data. On the other hand, the Operator is the natural or legal person who conducts the Processing of Personal Data on behalf of the Controller, following the guidelines established by it.
• Personal Data: Information related to the identified or identifiable natural person.
• Treatment: Refers to any operation conducted, in an automated way or not, with Personal Data. It therefore includes activities such as collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, storage, archiving, deletion, evaluation or control of information, as well as modifications, communication, transfer, dissemination or extraction of such data.

3. Customers

• 3. Data we collect:In general, when interacting with the Services as a Customer (or, for the purposes of this section, "you") or when your company hires or uses our Services, we collect your personal data, which may be categorized into three broad groups:
  
  
  • Data provided by you: During the engagement, use or interaction with the Services, or when communicating with us, you (or your company) may provide us with a variety of data. These include:
    
    
    • Professional contact information, such as name, job title, company, location, phone number and email address;
    • Marketing preferences;
    • Account credentials, such as email address, username, and password;
    • Payment details such as credit card details, bank information and billing address;
    • Technical support and troubleshooting information. This data covers details about opening tickets, type of product or service linked to the request for assistance, contact information or authentication, as well as the content of interactions, including telephone recordings, where applicable;
    • Third party data when using our platforms and services, exclusively for the purposes of the services contracted under the terms set forth.
      
      
  • Data we collect automatically: We can acquire data from a variety of sources, such as public databases, public social media profiles, and credit protection organizations. This includes:
    
    • Data from the devices you use to access the Services, such as IP address, operating system, geolocation information, and device identifier;
    • Registration data, such as IP address and your activities on the Services, such as date and time associated with your use, pages and files viewed, searches performed, functionalities used and other actions performed;
    • Navigation data, which includes information about your interaction with our Services and the Services integrated with our platforms. This can include usage dates, browsing activities, actions taken, adjusted settings, records taken, and saved information. We also collect data about the performance of the Services, including metrics related to the sending of emails and other types of communication transmitted through the Services.
      
      
  • Data collected from other sources: We can get data from a variety of sources, such as public databases, public profile information on social networks, and credit protection agencies.
    
    
    
• How we use this data: The data we collect or receive while using the Services is used for the following purposes:
  
  
  • Compliance with contractual obligations: This includes the creation and administration of accounts, identity verification, collection of amounts due, provision, customization and continuous improvement of our services;
  • Notice of changes: We notify you of any changes to our products and services;
  • Strengthening security: We implement procedures to improve the security and protection of services, aiming to offer a safer and more effective environment;
  • Internal Operations: We carry out internal operations such as support, troubleshooting, data analysis, testing, research and statistics;
  • Offering of additional services: We provide information on other services or products similar to those already contracted, adapting them to your capabilities and needs;
  • Advertising evaluation: We evaluate the effectiveness of broadcast advertising to deliver relevant ads.
  • Risk management and fraud prevention: We implement measures to detect, prevent and remedy fraud, potentially illegal or prohibited activities, and violations of applicable policies, contracts or terms of use;
  • Defense in legal proceedings: When necessary, we use the data to establish, exercise and defend rights in judicial, administrative or arbitration proceedings;
  • Compliance with legal or regulatory obligations: We comply with legal or regulatory obligations, whether by judicial requirement, law enforcement agencies or the competent government;
  • Risk management and fraud prevention: We implement measures to detect, prevent and remedy fraud, potentially illegal or prohibited activities, and violations of applicable policies, contracts or terms of use;

4. Consumers

This section covers the personal data of our Customers' Consumers (or, for the purposes of this section, "you"), when we act as Controllers. It should be noted that, in most of the products and services we offer, CSI Tech acts as the Personal Data Operator, following the instructions of our Customers. It is important to note that CSI Tech is not responsible for the privacy or security practices of our Customers. To understand how your data is handled by our Customers, it is essential to consult the relevant privacy policies.

• Data We Collect:
  • Data received from our customers: CSI Tech Customers have the possibility to provide their personal data. For example, when registering users on our services or registering suppliers, partners and customers in our management services, the Customer may provide us with information such as name, email address, telephone number or payment data.
  • Data collected automatically: When you interact with the Services purchased by the Customer, such as by participating in the reporting or ombudsman channel service for example, we may collect information about your device and its activities. These include:
    • Data of the device used to access the Services, such as IP address, operating system, geolocation information, and unique device identifiers;
    • Browsing data, i.e. information about how you use and interact with our Services, including usage dates, browsing activities and pages viewed. We also collect information about the performance of the Services, including metrics related to the sending of emails and other forms of communication by our Customers through the Services.
  • Data collected from other sources: We may also obtain data from other sources, such as public databases, public profiles on social networks and credit protection entities, especially when you make a purchase on a website that uses our payment intermediation services.
• • How we use this data: We may use the data collected or received through the Services for the following purposes:
    • Provide, customize and improve our Services;
    • Conduct internal operations, including customer support, troubleshooting, data analysis, testing, research and statistics;
    • Conduct internal operations, including customer support, troubleshooting, data analysis, testing, research and statistics;
    • Manage risks, detect, prevent and/or remedy fraud or other potentially illegal or prohibited activities, as well as violations of applicable policies or terms of use;
    • Establish, exercise and defend rights in judicial, administrative or arbitration proceedings;
    • Comply with legal or regulatory obligations, or as required in a court proceeding, by law enforcement or government agencies with jurisdiction or claim of jurisdiction;
    • Integrate products and services offered by CSI Tech used by you;
    • For other purposes, where we provide specific notice at the time of collection or otherwise as authorized or required by law.
      
      

5. Users

This section applies to personal data collected during Users’ visits (or, for the purposes of this section, "you") to CSI Tech websites.

• Given that we collect:
  
  • Data you provide to us: Our websites offer various forms of contact, in which you can provide personal data by expressing an interest in obtaining information about our products and services, participating in surveys, subscribing to our newsletter, downloading informational content or contacting us in other ways. This data includes:
    
    • Professional contact details, such as name, position, company, location, phone number and email address;
    • Area of expertise and interests;
    • Nature of your communication with us;
    • Marketing preferences;
    • Any other information you choose to provide to us.
  • Data we collect automatically: By using our websites, we may collect and store data automatically. These include:
    • Data of the device used to access the Services, such as IP address, operating system, browser information, geolocation, and unique device identifiers;
    • Navigation data, i.e. information about how you use and interact with our Services, including usage dates, navigation activities, and interactions with our information materials. We also collect information about the performance of the Services, including metrics related to the sending of emails and other types of communication you send through the Services.
• How we use this data: We may use the data collected from the websites for the following purposes:
  • Provide, customize and improve our websites;
  • Strengthen security procedures to provide a safer and more effective service;
  • Conduct internal operations, troubleshoot, analyze data, conduct tests, surveys, and statistics;
  • Process transactions and manage your online accounts;
  • Send marketing communications and recommendations for CSI Tech products or services, in accordance with your marketing preferences;
  • Assess the effectiveness of advertisements served to deliver relevant advertisements;
  • Manage risks and detect, prevent and/or remedy fraud or other potentially illegal or prohibited activities, as well as violations of applicable policies or terms of use;
  • Where necessary, to establish, exercise and defend rights in judicial, administrative or arbitral proceedings;
  • Comply with legal or regulatory obligations, or as required in a court proceeding, by law enforcement or government agencies with jurisdiction or claim of jurisdiction;
  • For other purposes, where we provide specific notice at the time of collection or otherwise as authorized or required by law.

6. Sharing personal data

We reserve the right to share the personal data collected with third parties and business partners as necessary to enable the provision and integration of the Services. This sharing takes place based on the criteria set out below and for the purposes described:

• Third Party Service Providers: We work closely with third party service providers to operate, perform, enhance, understand, customize, support and promote our Services. When sharing data with these providers, we require them to follow our instructions and terms, or obtain your express consent where applicable.
• Credit Protection Entity: We may share your registration data with business partners and financial institutions for analysis, credit risk management, fraud prevention and credit offering. For analysis and credit offer, both CSI Tech and partner financial institutions may consult information in credit bureaus, including the Credit Information System-SCR, Receivables Registrars authorized by the Central Bank and Credit Card Accreditors, observing the provisions of article 7, items I, II
  and X of the LGPD while the data subject is active at CSI Tech in conjunction with the partner financial institutions.
• Regulatory Bodies, Judicial or Administrative Authorities: We reserve the right to share your personal information with competent authorities to provide all information requested in relation to you and the operations carried out. In addition, we may share your data with public authorities or private entities to combat fraud, abuse of the Services, investigate suspected violations of the law or combat other suspected breaches of our policies and contracts.
• Transfer of Assets: If CSI Tech undergoes a reorganization or sale, transferring all or a substantial part of the assets to a new owner, your personal information may be transferred to the buyer, ensuring the continuity of the services, regardless of your authorization.
• With your Authorization: In cases not covered above, when there is a need to share personal data, we will send you a notification with detailed information about such sharing, requesting your consent for the specific purpose.
• Third Parties Questioning Use or Content: In order to allow and comply with free initiative, free competition and defense of users' interests in commercial relations, we may share your name, address, CNPJ or CPF and email address in cases of questions from consumers and/or customers and/or users about the form and content conveyed in our products and/or services.

7. Cookies and Tracking Technology

We and our partners use a variety of technologies to automatically collect and store data about your use of the Services. These technologies include cookies, pixels, web beacons, and SDKs. The information obtained through these technologies is used to improve and personalize your browsing experience, direct advertising campaigns, implement security features and fraud prevention procedures, among other possible purposes.

For more details on the use of cookies and tracking technologies, please refer to our Cookie Policy available on our website at the following link:

https://csitech.com.br/en/cookie-policy.html

8. Transfer of personal data outside Brazil

We reserve the right to transfer some of your personal data to service providers located abroad, which includes cloud services. When performing international transfers of personal data, CSI Tech will implement appropriate measures to ensure the adequate protection of your information, in compliance with the requirements of applicable data protection legislation. Such measures may include the conclusion of appropriate data transfer contracts with third parties where necessary. For more details on how your information will be handled during these transfers, please refer to our Terms of Service or contact us for additional information.

9. Interactions with third-party websites

We provide links to other websites on the Internet as a way to offer additional features to our users. However, it is important to note that CSI Tech IS NOT RESPONSIBLE FOR THESE SITES AND THEIR CONTENT. In addition, we do not share, endorse, monitor, validate, or accept the way these websites or content storage tools collect, process, and transfer your personal and private information.

We recommend that you review the privacy policies specific to these sites to properly understand how your personal information is used by these third parties.

It is important to note that we may record your access to third-party websites for the purpose of assessing the relevance of these websites to our users. These records are intended to improve the quality and usefulness of the links provided, but do not imply any further sharing of your personal information.

10. Security

The Personal Data processed by CSI Tech is protected by physical, technical and organizational security measures to reduce risks of loss, misuse and unauthorized access, disclosure and alteration, such as firewalls and data encryption, physical access controls to data centers, as well as authorization controls of access to information.

11. Rights of personal data subjects

Personal Data Subjects have several rights in relation to their information and can exercise them by contacting us via email: privacidade@csitech.com.br. These rights include:

• Confirmation of the Existence of Personal Data Processing;
• Access to Personal Data: in accordance with applicable law;
• Correction of Incomplete, Inaccurate or Outdated Data;
• Data Portability;
• Data Exclusion: when processed based on the consent of the Data Subject, unnecessary, excessive or in breach of applicable law;
• Data Exclusion: when processed based on the consent of the Data Subject, unnecessary, excessive or in breach of applicable law;
• Revocation of Consent: where applicable.

For security reasons, we will respond to your request only after confirmation of your identity. Thus, we may request additional data or information to ensure the authenticity of the Holder.

CSI Tech acts as the Data Protection Officer (DPO). We emphasize that, as mentioned above, in most of the products and services we offer, we act as the operator of personal data, following the instructions of our Customers. If you are a Consumer and wish to exercise your rights in relation to personal data processed by CSI Tech as an operator, we recommend that you contact the Customer using the Services.

12. Termination of treatment

This Privacy Policy remains applicable throughout the period in which CSI Tech stores the personal data. The retention and maintenance of your information occurs for the following reasons: (i) for the time required by law; (ii) until the completion of the processing of personal data, as mentioned below; or (iii) for the period necessary to preserve CSI Tech’s legitimate interest. In this context, your data will be processed, for example, during the applicable statute of limitations or for as long as necessary to comply with legal or regulatory obligations.
The termination of the processing of personal data will occur in the following situations: (i) when the purpose for which the personal data was collected is achieved, and / or the personal data collected are no longer necessary or pertinent to achieve such purpose; (ii) when the Data Subject requests the deletion of his data; and (iii) when there is a legal determination to that effect.
Except in the cases established by applicable law or this Privacy Policy, personal data will be deleted when the processing is terminated, and this Policy will no longer apply to your relationship with CSI Tech.

13. Change in privacy policy

Due to the constant evolution of the business model, CSI Tech reserves the right to change this privacy policy at any time by publishing the updated version on its website. In the event of a material change in the processing of personal data, you will be informed and given the opportunity to review the revised policy before deciding to continue using our Services.

Contact us:

Questions about this Policy can be directed to the e-mail: privacidade@csitech.com.br