CORPORATE

Privacy Policy

1. GENERAL INFORMATION

This Privacy Policy contains information on how we treat, in whole or in part, whether automated or not, the personal data of users who, through social networks, face-to-face events or the website, provide their information via registration or marketing actions originated by World Trade Center Curitiba, World Trade Center Joinville and/or World Trade Center Porto Alegre. Our aim is to clarify the types of data collected, the reasons for collection and how users can update, manage or delete this information.

This Privacy Policy has been drawn up in accordance with Federal Law n. 12.965 of April 23, 2014 (Marco Civil da Internet), Federal Law n. 13.709 of August 14, 2018 (Personal Data Protection Law) and EU Regulation n. 2016/679 of April 27, 2016 (European General Data Protection Regulation - GDPR). It is worth noting that this Privacy Policy may be updated as a result of any regulatory updates, which is why users are invited to consult this section periodically.

2. USER RIGHTS

World Trade Center Curitiba, World Trade Center Joinville and World Trade Center Porto Alegre undertake to comply with the rules set out in the GDPR and the General Data Protection Act, in respect of the following principles:

The user's personal data will only be collected for specific, explicit and legitimate purposes and may not be further processed in a manner incompatible with those purposes (purpose limitation);
The user's personal data will be collected in a way that is adequate, relevant and limited to the needs of the purpose for which it is processed (data minimization);
The user's personal data will be accurate and updated whenever necessary, so that inaccurate data is erased or rectified when possible (accuracy);
The user's personal data will be stored in a way that allows the identification of the data subjects only for the period necessary for the purposes for which they are processed (storage limitation);
The user's personal data will be processed securely, protected from unauthorized or unlawful processing and against accidental loss, destruction or damage, adopting the appropriate technical or organizational measures (integrity and confidentiality).
Your personal data may be shared with our strategic partners if they so request.

Website users have the following rights under the Personal Data Protection Act and the GDPR:

Right to confirmation and access: This is the user's right to obtain confirmation from the system or website that personal data concerning them is or is not being processed and, if this is the case, the right to access their personal data;

Right of rectification: the user's right to obtain from the system or website, without undue delay, the rectification of inaccurate personal data concerning them;

Right to erasure of data (right to be forgotten): this is the user's right to have their data erased from the website's system or database;

Right to restriction of data processing: this is the user's right to restrict the processing of their personal data, which they can obtain when they dispute the accuracy of the data, when the processing is unlawful, when the system or website no longer needs the data for the purposes proposed and when they have objected to the processing of the data and in the event of unnecessary data processing;

Right to object: this is the user's right to object at any time, on grounds relating to their particular situation, to the processing of personal data concerning them, and to object to the use of their personal data for profiling purposes;

Right to data portability: this is the user's right to receive the personal data concerning them that they have provided to the system or on the website, in a structured, commonly used and machine-readable format, and the right to transmit this data to another application;

The right not to be subjected to automated decisions: the user's right not to be subjected to any decision taken solely on the basis of automated processing, including profiling, which produces effects in their legal sphere or significantly affects them in a similar way.

Users can exercise their rights by sending a written communication to the system with the subject "LGPD-", specifying:

Full name or company name, CPF (Individual Taxpayer Registry, of the Federal Revenue Service of Brazil) or CNPJ (National Registry of Legal Entities, of the Federal Revenue Service of Brazil) number and e-mail address of the user and, if applicable, their representative;

The right you wish to exercise in the system;

Date of the request and the user's signature;

Any document that can demonstrate or justify the exercise of their right.

The request should be sent to the following e-mail address: contato@wtcsb.com.br or by post to the following address:

World Trade Center Curitiba

Presidente Getúlio Vargas Avenue, 2932 – Água Verde

Curitiba – PR

ZIP 80240-040

Users will be informed if their data is rectified or deleted.

3. DUTY NOT TO PROVIDE THIRD PARTY DATA

When using the system or website, in order to safeguard and protect the rights of third parties, the user must only provide their personal data and not that of third parties.

4. INFORMATION COLLECTED

The collection of user data will be carried out in accordance with the provisions of this Privacy Policy and will depend on the user's consent, which is only dispensable in the cases provided for in art. 11, II of the Personal Data Protection Act.

4.1 TYPES OF DATA COLLECTED

4.1.1 Data provided in the contact form

Any data provided by the user using the contact form available on the website, including the content of the message sent, will be collected and stored.

4.1.2 Sensitive data

Sensitive user data, as defined in articles 9 and 10 of the GDPR and articles 11 et seq. of the Personal Data Protection Act, will not be collected. Thus, among other things, the following data will not be collected:

data revealing the racial or ethnic origin, political opinions, religious or philosophical convictions, or trade union membership of the user;

genetic data;
biometric data to unequivocally identify a person;
data relating to the user's health;
data relating to the user's sex life or sexual orientation;
data relating to criminal convictions or offenses or related security measures.

4.1.3 Collection of data not expressly provided for

Occasionally, other types of data not expressly provided for in this Privacy Policy may be collected, provided that they are provided with the user's consent, or that the collection is permitted or imposed by law.

4.2 LEGAL BASIS FOR PROCESSING PERSONAL DATA

By using the services of the website, social networks or participating in any event or marketing action of World Trade Center Brasília, World Trade Center Curitiba, World Trade Center Joinville, World Trade Center Porto Alegre and/or World Trade Center Sinop, the user is consenting to this Privacy Policy.

Users have the right to withdraw their consent at any time, without compromising the lawfulness of the processing of their personal data prior to withdrawal. Withdrawal of consent can be made by e-mail: contato@wtcsb.com.br, or by post to the following address already mentioned in item 2.0 Consent of the relatively or absolutely incapable, especially children under 16 (sixteen) years of age, can only be made, respectively, if duly assisted or represented. The processing of personal data without the user's consent will only be carried out for reasons of legitimate interest or in the cases provided for by law, i.e., among others, the following:

for the controller to comply with a legal or regulatory obligation;
for studies to be carried out by a research organization, guaranteeing, whenever possible, the anonymization of personal data;
when necessary for the performance of a contract or preliminary procedures related to a contract to which the user is a party, at the request of the data subject;
for the regular exercise of rights in judicial, administrative or arbitration proceedings, the latter under the terms of Law No. 9,307 of September 23, 1996 (Arbitration Law);
for the protection of the life or physical safety of the data subject or a third party;
for the protection of health, in a procedure carried out by health professionals or health entities;
when necessary to meet the legitimate interests of the controller or a third party, except where the fundamental rights and freedoms of the data subject that require the protection of personal data prevail;
for credit protection, including the provisions of the relevant legislation.

4.3 PURPOSES OF PROCESSING PERSONAL DATA

The purpose of the user's personal data collected by the system, website or registration is to facilitate, speed up and fulfill the commitments established with the user and to enforce requests made by filling in forms.

Personal data may also be used for commercial purposes, to personalize the content offered to the user, as well as to help the system or website improve the quality and operation of its services.

The processing of personal data for purposes not provided for in this Privacy Policy will only take place with prior notice to the user, and in any case the rights and obligations provided for herein will remain applicable.

4.4 RETENTION PERIOD OF PERSONAL DATA

The user's personal data will be kept for no longer than is required to fulfill the purposes for which they are processed.

The data retention period is defined according to the following criteria:

The data will be stored by the Plano system for the duration of the contract with the client and after cancellation, the data will be deleted.The data collected on the website through the contact form will be used to establish a business relationship with the person or company that made the contact. The data will be deleted after it has been returned to the person responsible for the contact.

Users' personal data may only be retained after processing has ended in the following cases:

for the controller to comply with a legal or regulatory obligation;
for study by a research organization, guaranteeing, whenever possible, the anonymization of personal data;
for transfer to a third party, provided that the data processing requirements set out in the legislation are complied with;
for the exclusive use of the controller, with no access by third parties, and provided that the data is anonymized.

4.5 RECIPIENTS AND TRANSFER OF PERSONAL DATA

The user's personal data will not be shared with third parties, except in situations such as that provided for in item 2 - "The user's personal data may be shared with our strategic partners if they request it." For the most part, therefore, they will only be processed by World Trade Center Brasília, World Trade Center Curitiba, World Trade Center Joinville, World Trade Center Porto Alegre and World Trade Center Sinop.

5 PROCESSING OF PERSONAL DATA

5.1 DATA CONTROLLER

The controller, responsible for processing the user's personal data, is the natural or legal person, public authority, agency or other body which, individually or jointly with others, determines the purposes and means of processing personal data.

On this site, the person responsible for processing the personal data collected is the IT department of the World Trade Center Curitiba, which can be contacted by e-mail at contato@wtcsb.com.br or at the following address: Presidente Getúlio Vargas Avenue, 2932 - Água Verde - Curitiba/PR.

5.2 THE DATA PROTECTION OFFICER

The data protection officer is the professional responsible for informing, advising and monitoring the data controller and the subcontracted data processor, as well as the employees who process the data, regarding the application's obligations under the GDPR, the Personal Data Protection Act and other data protection provisions in national and international legislation, in cooperation with the competent supervisory authority.

The data protection officer is the IT department of the World Trade Center Curitiba, which can be contacted at contato@wtcsb.com.br.

6. SECURITY IN THE PROCESSING OF THE USER'S PERSONAL DATA

World Trade Center Brasilia, World Trade Center Curitiba, World Trade Center Joinville, World Trade Center Porto Alegre and World Trade Center Sinop undertake to apply technical and organizational measures to protect personal data from unauthorized access and from situations of destruction, loss, alteration, communication or dissemination of such data.

To ensure security, solutions will be adopted that take into account: appropriate techniques; the costs of implementation; the nature, scope, context and purposes of the processing; and the risks to the rights and freedoms of the user.

The system and website use an SSL (Secure Socket Layer) certificate which guarantees that personal data is transmitted in a secure and confidential manner, so that the transmission of data between the server and the user, and back again, takes place in a fully encrypted manner.

However, the system or website cannot be held liable for the sole fault of a third party, such as in the event of an attack by hackers or crackers, or the sole fault of the user, such as when they transfer their data to a third party.

A personal data breach is a breach of security which accidentally or unlawfully causes the unauthorized destruction, loss, alteration, disclosure of or access to personal data transmitted, stored or otherwise processed.

Finally, the application undertakes to treat the user's personal data confidentially, within the legal limits and the premises set out in section 2 of this document.

7. BROWSING DATA (COOKIES)

Cookies are small text files sent by the application to the user's computer and stored there, containing information related to browsing the application.

Through cookies, small amounts of information are stored by the user's browser so that our server can read them later. For example, data can be stored about the device used by the user, as well as the location and time of access to the application.

Cookies do not allow any files or information to be extracted from the user's hard disk, and it is not possible to access personal information that does not originate from the user or the way they use the application's resources.

It is important to note that not every cookie contains information that allows the user to be identified, and that certain types of cookies may be used simply to ensure that the application loads correctly or that its functionalities work as expected.

Any information stored in cookies that allows a user to be identified is considered personal data. Therefore, all the rules set out in this Privacy Policy also apply to them.

7.1 APPLICATION COOKIES

Application cookies are those sent to the user's computer or device and administered exclusively by the application.

The information collected through these cookies is used to improve and personalize the user experience, and some cookies may, for example, be used to remember user preferences and choices, as well as to offer personalized content.

This browsing data may also be shared with any partners of the application in order to improve the products and services offered to the user.

7.2 MANAGEMENT OF COOKIES AND BROWSER SETTINGS

The user can oppose the registration of cookies by the application, simply by deactivating this option in their own browser or device. The deactivation of cookies, however, may affect the availability of some tools and functionalities of the system, compromising its correct and expected functioning. Another possible consequence is the removal of user preferences that may have been saved, impairing the user's experience.

Below are some links to the help and support pages of the most commonly used browsers, which can be accessed by users interested in obtaining more information about managing cookies in their browser:

8. COMPLAINT TO A SUPERVISORY AUTHORITY

Without prejudice to any other administrative or judicial remedy, all data subjects have the right to lodge a complaint with a supervisory authority. The complaint may be made to the authority of the application's headquarters, the user's country of habitual residence, their place of work or the place where the infringement is alleged to have taken place.

9. AMENDMENTS

This version of this Privacy Policy was last updated on: 21/05/2024.

The editor reserves the right to modify these rules at any time, in particular to adapt them to developments in the system or the site, either by making new features available or by deleting or modifying existing ones.

The user will be explicitly notified in the event of a change to this policy. By using the service after any changes have been made, the user demonstrates their agreement with the new rules. If you disagree with any of the changes, you must immediately stop accessing the application and submit your complaint to customer service, if you so wish.

10. APPLICABLE LAW AND JURISDICTION

In order to resolve any disputes arising from this instrument, Brazilian law shall apply in full.

Any disputes shall be submitted to the courts of the district in which the app publisher's headquarters are located.

Curitiba, May 21, 2024.

CORPORATE

Privacy Policy

INSTITUTIONAL

Privacy Policy

WTC Brasília

Parque Tecnológico de Brasília
Lot 4, Governance Building - Block B
Brasília - DF
ZIP 70635-815

WTC Porto Alegre

Instituto Caldeira
São José Street, 455
Navegantes, Porto Alegre - RS
ZIP 90240-200

WTC Curitiba

MindBub
Visc. de Guarapuava Ave., 3263 - 8º andar
Downtown, Curitiba - PR
ZIP 80010-100

WTC Sinop

Figueiras Avenue, 5120
Aquarelas das Artes, Sinop - MT
ZIP 78555-902

WTC Joinville

Ágora Tech Park
Dona Francisca Street, 8300
Industrial District, Joinville - SC
ZIP 89219-600