This Privacy Policy aims to demonstrate the commitment of ELSYS EQUIPAMENTOS ELETRONICOS LTDA (“ELSYS”) with the privacy and protection of personal data processed by ELSYS in its activities and business processes, establishing the guidelines that guide the collection, recording, storage, use, exchange, processing and disposal or disposal of data, maintaining the object and purpose of the treatments carried out within the scope of the services provided to the data subjects, ensuring compliance with good practices and current Brazilian legislation, providing transparency and clarity about the risks, controls and guarantees for the protection and safeguarding of this data for the holders, control bodies and other interested parties.

1. GLOSSARY

For the purposes of this policy, the following definitions, concepts and descriptions should be considered:

USERS: Individuals or legal entities that interact and access ELSYS information systems, devices, applications and other means and information resources in order to consume the services and products offered by the company and that provide personal and identification data during this interaction and/or access.

BEACONS: These are small devices that use Bluetooth Low Energy (BLE) technology, which emit signals that can be captured by technological resources, enabling interaction between USERS and the technological resource. Web Beacons are programs whose purpose is to collect data on the navigation of a USER on an Internet page.

CLOUD COMPUTING: Or cloud computing, is a service virtualization technology built on the interconnection of more than one server over a common information network (e.g., the Internet), with the goal of reducing technology ownership costs and increasing the availability of sustained services.

COOKIES: Files sent to the USER’S computer, in order to identify the computer and collect data on browsing habits, such as pages visited or links visited, allowing to customize the USER’S navigation according to their profile and needs.

ACCESS ACCOUNT: A USER’S credential necessary to use applications or access restricted content areas and exclusive functionalities of ELSYS PRODUCTS and Services.

IP ADDRESS: Abbreviation for Internet Protocol. It is an alphanumeric set that identifies USER devices when they connect to a network or the Internet.

PLATFORM: Software or Computer Applications used to provide the Remote Management Service of ELSYS devices and equipment, including Applications for User Interaction with ELSYS equipment.

PRODUCTS: Devices, Equipment, Applications, Software and Apps developed and/or made available by ELSYS for Users to interact and benefit from the desired functionalities offered by the Services provided by ELSYS.

SERVICES: Activities, actions, processes, data and resources mobilized by ELSYS to meet the demands and interactions of users of ELSYS products, corporate systems and platform.

CORPORATE SYSTEMS: Software developed and/or acquired and maintained by ELSYS and used to process, store, transmit and make available data used by Elsys’ Business and Administrative Processes.

ELSYS CONTENT: Videos, presentations and other instructional and/or educational materials generated by professionals hired and supervised by ELSYS that detail and answer USERS’ questions about the operation of ELSYS products and services, including YouTube video curation services developed by ELSYS.

PERSONAL DATA: Data collected on the individual characteristics of a natural person that refer to his or her unique identification and/or characterization as an individual, whether this natural person is a customer, a supplier, an employee, a third party, a visitor or simply a user.

2. SCOPE OF APPLICATION

2.1. This policy applies to all types of personal data processing collected, stored, processed, made available, transmitted, accessed, accessed, deleted and deleted by ELSYS, in all administrative, management and business processes it performs and which present any type of data processing activity to be framed under the terms of Law 13.709/2018 (Brazilian LGPD). Also covering all data exchange relationship performed by ELSYS involving the provision and/or receipt of personal data with partners, suppliers and contractors, regardless of the type of processing of this data is performed in technological, physical or virtual means.

3. MOTIVATIONS AND PURPOSE OF PERSONAL DATA COLLECTION AND PROCESSING

3.1.

ELSYS only collects and processes USERS’ Personal Data in its Corporate Systems and applications to provide security and a better USER experience with the PRODUCTS and SERVICES and for the following purposes:

a) To properly identify and authenticate USERS, making available to them the functionalities and accesses that they need and are appropriate to their access and use profile;

b) To manage, provide the services and comply with the obligations related to the use of the services and/or PRODUCTS contracted;

c) To adequately attend to the specific requests and doubts of the users;

d) Establish and maintain personalized contact through instant communication applications, email, direct mail and/or other means of communication indicated by the Users;

e) Improve the use and experience of ELSYS SERVICES and/or PRODUCTS;

f) Conduct statistical analysis, studies, research and surveys relevant to the activities and behavior of Users in the use of the SERVICES and/or PRODUCTS;

g) Promote the SERVICES and PRODUCTS of interest to the users and according to the behavior in the interaction with the PLATFORM and with the CORPORATE SYSTEMS.

h) Comply with the contractual, legal, civil, civil, criminal and labor obligations existing in the federal, state and municipal legislation where ELSYS operates and/or makes available its PRODUCTS and SERVICES.

i) To inform about new features, functionalities, content, news and events relevant to the maintenance and improvement of the User’s experience with the PRODUCTS and SERVICES;

j) To safeguard the rights and obligations related to the identification and use of the CORPORATE SYSTEMS, PLATFORM and/or PRODUCTS and SERVICES of ELSYS;

k) For the identification of the parties and formation of evidentiary means in legal questions, doubts and claims involving the PRODUCTS and SERVICES performed by ELSYS.

l) To share essential data with partners and contractors, so that the obligations assumed in the execution of contracts with ELSYS for the provision of services and operationalization of products to users can be fulfilled;

3.2.

Data processing that requires accessing, using and/or sharing with third parties may also occur due to the following reasons:

a. To meet the demands of judicial, administrative or governmental authorities, provided that there is a request, requisition or court order;

b. To fulfill obligations related to corporate movements, such as merger, acquisition and incorporation of companies, maintaining the main purpose established by ELSYS for the processing of data;

c. To enable the execution of contracts with partners and third parties that supply technologies for ELSYS.

d. To meet the requests of the holders of personal data and privacy law regulators;

e. To meet security, fraud prevention and credit verification requirements, in the manner and under the conditions defined by the credit legislation and in law 13.709/2018 (LGPD).

3.3. For the security and protection of users and ELSYS itself, there may be validation, authentication and confirmation of personal data reported by users in the identification and authentication processes through consultation with government agencies, reputable companies specialized in providing such services, and the information obtained by ELSYS classified and treated as confidential and restricted access, being used only and solely for the purposes stipulated in this point.

3.4. ELSYS undertakes to treat the database formed through the collection and storage of data and personal data provided by users in interaction with the CORPORATE SYSTEMS, on the PLATFORM and/or the SERVICES and PRODUCTS in a responsible manner and restricting the processing to the minimum necessary and only when necessary within the limits and purposes of ELSYS’ business.

3.4.1. ELSYS informs that USERS’ access credentials and passwords are secret data for individual use and must be kept confidential, without any kind of sharing with third parties, including ELSYS. The sharing of access credential and/or password data makes the USER co-responsible for any act of breach of security and violation of personal data and privacy.

3.5. All processing of USERS’ personal data will be carried out by duly authorized professionals with a bond of confidentiality and secrecy with ELSYS, who are obliged to respect in all their actions the principles of proportionality, necessity and relevance to the business objectives of ELSYS and safeguarding the rights of the holder of the personal data.

4. TYPES OF PERSONAL DATA COLLECTED

4.1. ELSYS collects USERS’ Personal Data explicitly, mainly in the USERS’ interactions with the CORPORATE SYSTEMS, with the PLATFORM and/or in the use of the SERVICES and PRODUCTS, mainly at the time of personal identification, in the creation of the Access Credential to the CORPORATE SYSTEMS, to the SERVICES and to the ELSYS PLATFORM, in the navigation through the Internet sites and in the access to the videos and educational content viewed.

4.2. ELSYS also collects data on the behavior in the use of the PRODUCTS, mainly on the receivers used and on the activities performed by the USER on the PLATFORM and in the Call Center of ELSYS SERVICES.

4.3.

The personal data that ELSYS needs to process in order to carry out the business operations and fulfill the User’s contract include, but are not limited to, the following types of data:

I. Registration data: Full name, CPF number, RG number, contact email, date of birth, gender, address, state, city and contact telephone numbers;

II. Navigation data: Date and time of access and exit from the CORPORATE SYSTEMS and PLATFORM, type of receiver used, operating system and interactions performed by the user on the ELSYS SERVICES and PRODUCTS.

III. Location data: Geolocation coordinates and geospatial positioning (Satellite) of the ELSYS equipment.

IV. IP Address and Logical Port of origin of the USER’s data;

V. Cookies: it is up to the USER to configure his/her Internet browser if he/she wishes to block them, being aware that some functionalities of the CORPORATE SYSTEMS and PLATFORM may be limited by this action;

VI. Web Beacons to collect data on the USER’s usage behavior when accessing the ELSYS PRODUCTS and SERVICES pages;

VII. Data on browsing habits performed by the USER on other technological platforms that interact with ELSYS.

4.4. ELSYS makes available to USERS a free communication and attention channel exclusively for matters related to privacy and personal data protection. Therefore, all questions related to these issues should be addressed to the ELSYS Data Controller, through the contact below:

• Name of ELSYS Personal Data Officer: Matheus Luís Gonçalves;
• Mail: contato.encarregado@elsys.com.br
• Business Address: Rua Doutor Alcides Gomes de Miranda, nº 251, Vila Pagano – Valinhos/SP – Postal Code: 13277-220.

4.5. The accuracy, outdatedness, truthfulness or lack thereof in the data provided by the USER with the attention channels of ELSYS SERVICES or with the CORPORATE SYSTEMS and PLATFORM are the sole and exclusive responsibility of the USER, having to keep the most current data updated with ELSYS, accurately, zealously and whenever required and/or modified.

4.6. All technologies used by ELSYS for the collection and processing of data and personal data are developed and configured in accordance with current legislation, the rights of the data subject and the guidelines of this Privacy Policy and Information Security Policy of ELSYS.

4.7. During the interaction with the CORPORATE SYSTEMS, PLATFORM, SERVICES and PRODUCTS of ELSYS, the USER may be directed to applications, content or services of other companies, which may or may not collect other data from the USER without knowledge and/or control of ELSYS, so we recommend that before providing such data, the USER consult the Privacy Policy of such companies.

4.8. ELSYS does not sell, donate, assign or transfer any personal data of users to other companies or third parties that do not have a formal business relationship and security and privacy with ELSYS or that perform treatments other than those specified in this Privacy Policy.

5. COLLECTION OF CONSENT FOR DATA PROCESSING

5.1. Some products and services provided by Elsys to users are only enabled and made available through the provision of Personal Data, in order to meet legal obligations and so that the service contracted by the User can be provided, therefore, by contracting such services and Products the USER gives consent to Elsys for the processing of such data for the period that remains the provision of such services and products and for the period necessary to meet legal obligations .

5.2. Other consents for Elsys to carry out the necessary processing of data and personal data collected from users will be collected when necessary at the time of collection of such data, whether this action is automated or manual by Elsys and its partners.

5.3. The USER should be aware that the non-provision or revocation of consent for the processing of some of their data and personal data may render unfeasible or generate inconveniences in the use and interaction with the corporate systems, the PLATFORM and/or PRODUCTS of Elsys, which in this case is exempt from the responsibility and obligation to reimburse the USER for any remedial action related to this matter.

6. STORAGE OF PROCESSED DATA

6.1. Personal data processed by ELSYS are stored in physical and technological environments adhering to good security and control practices practiced in Brazil and are retained and/or kept in custody for the period necessary for ELSYS to comply with its commercial, fiscal, tax, regulatory and legal obligations related to the activities, SERVICES and PRODUCTS it provides to USERS. The minimum term of conservation of the data collected and processed is one (1) year, with such data remaining stored until the end of the conservation obligations mentioned in this point.

6.2. ELSYS employs the best efforts and technologies available and accessible in the Brazilian market to protect and ensure control over the access and use of the data and personal data it collects and stores, keeping its corporate systems, platform, products, services and technological environments, including cloud computing environments within the standards of good data security practices practiced in the Brazilian market by companies of equal size and purpose.

7. DISPLAY, RECTIFICATION, RATIFICATION AND DELETION OF DATA

7.1. The USER may request the visualization, rectification or ratification of his/her personal data, using the service channels, the Access credentials and/or the USER service tools made available by ELSYS.

7.2. The USER may request the deletion of his/her personal data as soon as the contract for the provision of services and/or use of products between the USER and ELSYS is terminated, and the minimum legal period of conservation of such data has elapsed.

7.3. The deletion and/or destruction of the personal data of users whose legal retention periods have expired will be carried out by means of irretrievable data deletion techniques according to the technology available at the time of such action.

8. COMMUNICATIONS WITH USERS

8.1. ELSYS never sends e-mails, messages or phone calls requesting confirmation of personal data, bank passwords or personal registration data;

8.2. All ELSYS communications do not contain downloadable files or attachments that are executable or compressed (files with extensions such as .exe, .com, .scr, .bat, .zip, .rar, .clp).

8.3. All ELSYS promotional communications are directed to lojaonline@elsys.com.br, and links lead directly to ELSYS electronic environments.

8.4. Communications and messages will only be sent to USERS who opt-in to receive them and cancellation of this communication option is at the free choice of the user and can be made through ELSYS customer service channels.

9. DISPOSICIONES GENERALES

9.1. If there are significant updates to this Privacy Policy or other relevant documents, ELSYS will notify you so that you are aware of ELSYS’s privacy provisions and commitments in the processing of personal data.

9.2. In case of any doubt regarding the provisions contained in this Privacy Policy, the USER may contact ELSYS through the service channels indicated below, as also provided for in Clause 4.4 of this Policy, whose hours of operation are Monday to Friday, from 9 a.m. to 6 p.m., except national holidays:

E-mail:: contato.encarregado@elsys.com.br
Business Address: Rua Doutor Alcides Gomes de Miranda, nº 251, Vila Pagano – Valinhos/SP – Postal Code: 13277-220.

In all cases, the request must be addressed to the attention of Matheus Luís Gonçalves, ELSYS Personal Data Manager.

9.3. ELSYS does not sell or acquire personal data of illicit, dubious or unknown origin and discourages access to and processing of personal data for purposes other than those related to the SERVICES it provides and the PRODUCTS it markets.

9.4. If any provision of this Privacy Policy is deemed illegal or unlawful by the authority of the place where the USER resides, the other definitions and guidelines shall remain in full force and effect.

10. APPLICABLE LAW AND JURISDICTION

10.1. This Privacy Policy shall be governed and interpreted in accordance with Law 13.709/2018 of the Brazilian legislation, in Portuguese language, being chosen the jurisdiction of the USER’s domicile to settle any dispute or controversy involving this document, except for specific exception of personal, territorial or functional competence by the applicable legislation.

11. VERSION AND VALIDITY

11.1. This document has been reviewed and approved by the ELSYS Privacy and Information Security Committee on March 10, 2022 and becomes effective immediately upon publication, superseding previous versions and similar documents existing up to this date. For the purposes of this policy, the following definitions, concepts and descriptions should be considered:TYPES OF PERSONAL DATA COLLECTED