Privacy and Personal Data Protection Notice
1 – Introduction
This Privacy Notice (“Notice”) aims to demonstrate Ornare’s commitment to your privacy and the protection of your Data. Here, we reaffirm our commitment to transparency in the Processing of Personal Data of all our users and customers.
This Notice explains how we process the Data of customers and other individuals who access or use our products, services, and features, especially through our website available at https://www.ornare.com.br/ (“Our Platforms”). We will also inform you of your rights as a personal data subject and how you can request assistance.
By using our products and services, you understand that we will process your Personal Data as described in this Notice, in accordance with applicable data protection regulations. We are constantly updating our practices to offer products, services, and features with the highest efficiency and security.
For this reason, this Notice may be amended at any time. It is your responsibility to check it regularly through this web address.
Data Subject: You. All natural persons have personal data.
Personal Data: Information that makes you identified or identifiable, such as your name, phone number, email, etc.
Sensitive Data: Data related to health, biometrics or genetics, race and ethnicity, religious, philosophical or political beliefs, union membership, and sex life.
Processing: Any operation performed on your Personal Data, such as storage, access, and use, from collection to deletion.
Controller: The entity that makes decisions regarding the Processing of Personal Data. In this case, it’s us, Ornare.
Legal Bases: The LGPD outlines situations that allow the Processing of Personal Data, even without your consent. We call these permissions “legal bases.”
2 – ABOUT THE DATA WE COLLECT
2.1. How we collect Data
Data, including Personal Data, may be collected when you submit them or when you interact with Our Platforms, acquire our products and services. This may include:
| What do we collect? | Why do we collect it? |
|---|---|
| Full name | (i) To identify and authenticate you; |
| (ii) To fulfill obligations related to our products and services, including legal and regulatory provisions; | |
| Contact phone number | (iii) To enable contact with you; |
| State of residence | (iv) For recruitment purposes, if you wish to work with us; |
| ID number (RG) | (v) To ensure credit protection and security in the service process and sale of our products; |
| CPF (Tax ID) | (vi) To provide more personalized and suitable products, services, and features based on your needs and our legitimate commercial interests; |
| Driver’s license (CNH) | |
| Photo | |
| Nationality | |
| Full address | |
| Date of birth | |
| Gender | |
| Professional experience | |
| Academic background | |
| Resume data |
3 – HOW WE SHARE DATA AND INFORMATION
3.1 – Circumstances for sharing Data
Your data may be shared under the following circumstances, always respecting the principle of sharing only the minimum necessary information to achieve the intended purposes:
-
With Ornare companies and branches;
-
Whenever there is a legal requirement, request, demand, or court order by competent judicial, administrative, or governmental authorities;
-
In case of corporate operations such as mergers, acquisitions, or incorporations, automatically;
-
To protect Ornare’s rights in any type of dispute, including legal disputes;
-
With partner companies and service providers necessary for the sale of our products, execution of our services and features, always requiring these organizations to comply with security and data protection guidelines, as provided in item 4.5 of this Notice.
4 – HOW WE PROTECT YOUR DATA AND HOW YOU CAN ALSO PROTECT IT
4.1 – Measures we take
We make our best efforts to maintain your privacy and the security of your information by implementing technical, physical, and administrative security measures. These measures are applied considering the nature of the Personal Data collected, the context and purpose of the Processing, and the risks that possible breaches may pose to the rights and freedoms of the data subjects:
-
Technical measures, such as secure web pages for transmitting Personal Data, electronic storage with security standards, use of access-controlled systems;
-
Physical measures, such as restricted access to authorized persons and use of facilities with market-standard security tools;
-
Administrative measures, including Security Policies and Rules, employee training/awareness, and confidentiality agreements.
4.2 – Measures you should take
It is very important that you protect your Data from unauthorized access to your device. Also, be aware that we never send executable files via email (extensions like .exe and similar).
4.3 – Access to Personal Data, proportionality, and relevance
Internally, collected Personal Data is accessed only by duly authorized professionals, following the principles of proportionality, necessity, and relevance for our business purposes, along with a confidentiality commitment.
4.4 – External links
When using our Site, you may be directed via links to other portals or platforms, including our social media, which may collect your information and have their own Privacy Notices.
4.4.1. You are responsible for reading the Privacy Notices of such external portals or platforms. We are not responsible for third-party Privacy Notices, website contents, or services outside our Platforms.
4.5 – Processing by third parties under our guidance
Third-party companies that process Personal Data on our behalf must comply with the conditions set out here and with information security regulations.
4.6 – Incident notification
In the event of security incidents that may pose significant risk or harm to you or any of our users/customers, we will notify the affected parties and the National Data Protection Authority (ANPD), in accordance with the LGPD.
5 – INTERNATIONAL TRANSFER OF PERSONAL DATA
5.1. We transfer some of your personal data to our branches and service providers abroad, including cloud service providers. Because we take data protection seriously, we ensure these transfers follow legal mechanisms and regulatory rules.
6 – HOW WE STORE YOUR PERSONAL DATA AND ACTIVITY LOGS
6.1. We will store your Personal Data only for the time necessary to fulfill the purposes for which they were collected and processed. This period may be extended based on applicable legal or regulatory provisions.
6.2. Longer storage periods
For audit and security purposes, we may keep your data records for longer periods when required by law, regulation, or to preserve our rights in legal, administrative, or arbitration proceedings.
7 – YOUR RIGHTS AND HOW TO EXERCISE THEM
Right to confirm processing and access
You have the right to confirm whether we process your Personal Data and to access that data.
Right to rectification
If the data you provided through the site is incomplete, incorrect, or outdated, you can ask us to correct it.
Right to information about data sharing
You may request information about the companies with which we share your Personal Data (see item 3).
Right to withdraw consent
You may change your mind about the consent given and ask us to withdraw it at any time via our support channel. Any processing performed before withdrawal remains valid.
Right to anonymization, blocking, or deletion
You may request the anonymization (making your data no longer identifiable), blocking, or deletion of data that is unnecessary, excessive, or not being processed in accordance with the LGPD.
Right to object
You may object to the processing of your data in cases not requiring consent, if there is non-compliance with the LGPD.
Right to refuse consent and understand the consequences
You may always ask if it’s possible to refuse data sharing and understand the consequences of such refusal.
Right to delete Personal Data processed with consent
When we have your consent to process data, you may request deletion of such data.
However, exceptions apply as outlined in the LGPD:
-
Data used to comply with legal or regulatory obligations;
-
Data used in research by authorized organizations (we will attempt to anonymize it);
-
Data transferred to other companies, as long as LGPD is followed;
-
Data used exclusively by us and not shared with third parties (to be anonymized).
Right to data portability
In some cases, you may request us to transfer your Personal Data to another company, as per ANPD regulations. This does not apply to anonymized, deleted, or proprietary data.
Right to review automated decisions
You may request the review of decisions made solely by automated data processing. However, as mentioned in item 2.3, we do not use solely automated decision-making that affects you.
8 – INFORMATION ABOUT THE CONTROLLER AND DATA PROTECTION OFFICER
CONTROLLER
SEDER INDUSTRIA E COMERCIO DE MÓVEIS LTDA
CNPJ: 59.738.740/0001-72
Rua Etiópia, 310 – Jardim do Rio, Cotia – SP
ZIP Code: 06.715-775
Phone: +55 (11) 4615-4244
Email: privacidade@ornare.com.br
DATA PROTECTION OFFICER (DPO)
WELLINGTON TAVARES
Rua Etiópia, 310 – Jardim do Rio, Cotia – SP
ZIP Code: 06.715-775
Phone: +55 (11) 4615-4244
Email: privacidade@ornare.com.br
9 – GENERAL PROVISIONS
9.1. Changes and updates
Ornare reserves the right to amend this Notice due to necessity or changes in purposes, as well as to comply with applicable laws or regulations. You are responsible for checking the updated version when accessing our platforms.
9.2. Questions
If you have any questions about this Privacy and Data Processing Notice, please contact us at: privacidade@ornare.com.br
9.3. Applicable law and jurisdiction
This Notice shall be interpreted under Brazilian law, in Portuguese, and any dispute shall be settled in the court of São Paulo, unless specific legal jurisdiction applies.
Last updated:
May 8, 2023