ish

privacy policy

21/08/2020

Introduction

The ISH Group, in its commitment to the Brazilian legal system, as well as to the basic principles of information security for those who access its digital platforms, reaffirms its commitment to respecting the privacy and protection of anyone's personal data.

Therefore, in order to demonstrate our commitment, we present our Privacy Policy, which aims to provide clear and precise information on the collection, processing and control of personal and sensitive data carried out by the ISH Group when anyone uses its products, portals, websites, services and applications.

Collection of Personal Data

ISH only collects the information that the holder agrees to provide when using our products, portals, websites, services and applications, for example, by filling in the forms we make available for registration, directly on our relationship channels or through the use of any of our products or security tools.

1.1. REGISTRATION INFORMATION

By using ISH products you share the Information below:

a) Registration data: this is the personal information we need to identify you in order to offer you our products and services. This can be: name, surname, profession, CPF, ID, address, telephone number, e-mail address, etc.

At any time you can check the full list of the Registration Information that ISH collects using the specific link in the "Privacy Service" menu. From this link you can also request a copy of all the data we hold about you, exercising your legal right to change, adjust or even delete it.

Remember that some of this information can be obtained through public sources or even through the sharing of your personal data by social networks and consented to by you there, when you registered and allowed the networks to share it with third parties, especially when it speeds up authentication, characterizes behavior, answers surveys and so on.

1.2 NAVIGATION INFORMATION

In order to improve the experience of those who use our digital platforms, improving the performance of applications, personalizing the offer of possible products or services, sending alerts or notifications regarding your profile, if already known in our environment, ISH may collect, with your clear and unequivocal consent, the company's legitimate interest in your data, with due legal protection, or even by determination regulated by law in Brazil, the following information:

a) Traffic data: (i) geolocation and telemetry, if using a mobile device, (ii) date and time of access, (iii) time spent on a particular information page, (iv) SMS sent, for cases of double authentication, (v) volume of data trafficked in accesses, (vi) data on the level/quality of services (occurrence of failures, intermittencies, etc.), (vii) protocols, including internet protocols (IP), with their addressing and ports used (viii) type of browser, (ix) resources and devices used, (x) functionalities accessed, etc;

b) Voice data: when there is contact through one of the Customer or Employee Service channels, with a recording of the service;

c) Profile Data: preferences for specific products, services and activities, this information being provided by the user themselves or deducible from the way in which the products and services are used or accessed;

d) Browsing data: browsing history, as well as search terms and links used, with a view to possible personalized offers and recommendations when the user consents, through the collection of categories of websites/services/applications, all provided through the mobile device, computer, TV or other compatible device used for browsing).

1.3. USE OF COOKIES

Cookies are files that store some basic information about you and what you access on our digital platforms, or about some advertising. They are temporarily stored on the devices you use to browse or access our platforms, so that when you return in the future we know it's you.

The use of cookies helps ISH to provide you with a personalized and agile service, based on your previous choices, also allowing us to analyze trends to improve your experience on our platforms.

To find out more about how the ISH Group uses cookies, as well as the right and possibility you have to reject this feature, check out our Cookie Policy available at ish.com.br/cookies-policy

1.4. THIRD-PARTY WEBSITES AND APPLICATIONS

Some ISH Group services and products may be contracted and/or provided through different applications, operating systems or platforms, including those of third parties, such as social networks and search platforms (providers).

An example of this is the possibility of connecting to the ISH Group's websites and social networks by authenticating to existing accounts at the application provider of your choice, such as registration accounts on social networks and internet search engines (activity in which there will be cross-publishing and authentication features between services).

In these cases, the information from your Provider that you have spontaneously agreed to share will be passed on to ISH when it is used for identification or authentication in our environment, such as, for example, Registration Information, for the purposes of verification and guarantee of access, and Consumer Information, for the continuous improvement of the experience of those who use our platforms.

You need to be aware that the information that GRUPO ISH receives has been shared by you, in accordance with the Privacy Policies of your Provider and, only from the moment it is received and stored, are we responsible for its safekeeping, care and commitment to your privacy, ensuring that it is only used with your consent and for the purpose for which it was collected.

It is therefore recommended that you consult the respective privacy policies of your provider's websites and applications in order to be adequately informed about the use of your personal information and, if you do not agree, to check the existence of resources made available by the provider to control your privacy.

1.5. DATA ON MINORS

The ISH Group may collect and process the personal data of minors (people under the age of 18) with the specific and prominent consent of at least one parent or legal guardian and is used to guarantee continued access to services and products in the area of interest to the minor, such as supervised school internships, knowledge of innovative products and entries into awards promoted by the company, etc.

At any time you can check the full list of data collected from minors using the specific link in the "Privacy Service" menu. From this link, the parents and/or legal guardian can request a copy of all the data we hold on the child, exercising their legal right to control access, alteration, adjustments or even request deletion of the data collected.

It should also be noted that the ISH Group does not use data on minors for marketing purposes and/or to offer products and services.

Processing of Personal Data

The ISH Group may process the personal data collected for:

a) carrying out marketing projects and activities and offering products and services, whether personalized or not;

b) carrying out customer service and relationship activities;

c) sale of products and/or services;

d) carrying out marketing activities aimed at attracting new customers;

e) profiling;

f) analysis of indicators and metrics;

g) granting benefits or discounts on products and services for loyalty or browsing the platforms;

h) execution of contractual activities related to the products and/or services purchased;

i) compliance with legal and regulatory obligations;

j) risk analysis;

k) responding to requests from clients, former clients, prospects and other contacts;

l) improve the products and services offered;

m) comply with the determinations of competent authorities, such as the National Data Protection Authority or other authorities legitimized by law;

ISH Group may also use the information collected in an anonymized form, i.e. without the possibility of direct or indirect association with specific people who use our platforms, with the aim of improving and personalizing the products and/or services we provide.

Sharing Personal Data

The ISH Group may share the personal information contained in its database with other companies in its economic group, service providers or business partners, provided that there is the consent of the data subject; or based on the legitimate interest of the ISH Group for the execution of contractual activities or legal obligations and that the information can be protected and safeguarded by those who will receive it.

In addition to the above, the ISH Group may share personal data by court order and/or legal or regulatory determination, in which case it will not be necessary to collect your consent.

Hiring and Providing Databases

ISH Group may contract third-party databases in order to enrich its own database, supplementing it with information that will help us to offer you services and products in a more personalized way. In this case, we will ensure that this contracting is based on the most improved and competent procedures for adherence to Brazilian data protection legislation.

The ISH Group may also make its database available to third parties, provided that the information contained therein is aggregated and anonymized (for example, the country of origin of a particular navigation on our platform) and that the third party uses the information for legitimate purposes, such as expanding competition, conducting a survey, etc.

In this way, we make it clear that the ISH Group does not commercialize the information belonging to you (personal data of the holder), but only shares non-identifiable information with third parties, i.e. there is no possibility of direct or indirect association with an individual.

Users' Rights with regard to Personal Data

The holder of personal data, a user of the ISH Group's digital platforms, can exercise the following rights at any time, free of charge:

a) Access: by choosing to exercise the right of access, you will be able to view the data that ISH Group processes about you, and you can generate a file and export it for your use.

b) Portability: by choosing to exercise the right of portability, you will receive a report of the registration data that ISH Group processes about you to share with any third party you wish;

c) Rectification/Update: due to the need to evaluate and supervise the data to be rectified or updated, and also in view of the scope and complexity of the products and services offered by the ISH Group to its clients, we have opted to standardize the process of rectifying/updating user data, so that you can request to send the data that the ISH Group has about you and, subsequently, by promoting your adjustment, request that they be rectified/updated using our contact telephone number or e-mail.

d) Explanation: you can choose to receive information about the origin, purpose and processing of the data, as well as any sharing with third parties.

e) Clarifications on Automated Decision: by choosing to exercise this right, you will receive explanations on automated decisions, such as the use of robots to gather data for the creation of online marketing campaigns, and you can request their review.

f) Deletion: by selecting this option, you may request the deletion of personal data processed by the ISH Group, and this request will be subject to a feasibility assessment, due to a series of legal and/or regulatory deadlines applicable to the deletion of data, and the data will only be effectively deleted once these deadlines have passed, without prejudice to any possible legal obligations that the ISH Group may have under the Brazilian legislation governing the matter.

g) Anonymization: by selecting this option, the ISH Group will evaluate the feasibility of your request, due to a series of legal and/or regulatory deadlines applicable to data anonymization, as well as deletion, and the data will only be effectively anonymized once these deadlines have passed, without prejudice to any legal obligations that the ISH Group may have under the Brazilian legislation governing the matter.

h) Blocking: as with Anonymization, selecting this option will redirect you to the Delete option.

i) Revocation of consent: by selecting this option, you will be able to have explanations about the consent (confirmation given for the collection and processing of your data) and your confirmation to revoke it.

j) Preferences for receiving marketing: you can choose whether or not to continue receiving communications about promotional campaigns and/or offers for ISH Group products and services. The user can access the form available for this purpose through the ISH Group portal, menu "Institutional", "Integrity System", item "06-Rights of the Holder", or click directly on ish.com.br/my-rights/

To exercise any of these rights, the user can access the specific link in the "Privacy Service" menu on the ISH Group Privacy portal.

Duties of Users

You are responsible for sharing only truthful information with the ISH Group, as well as protecting the confidentiality of your login(s) and password(s) for accessing the services and products of the ISH Group's digital platforms, including to prevent their unauthorized use, and you must not share them with third parties.

You should also be aware that the contracts signed with the ISH Group also contain clauses on the collection, processing and sharing of personal data, which we recommend you read in full beforehand.

Storage of Personal Data

The ISH Group stores and processes the personal data collected in a secure location, often on the Group's own datacenter servers or through cloud technology, always aiming to improve processes and the delivery of products and services.

As provided for in this Privacy Policy, in the records of use of the services and in current and applicable legislation, the storage periods will be:

a) for application records (profile information and content shared on the websites and applications of the ISH Group's digital platforms): 6 months;

b) for any type of information collected (used for legal purposes or requested by public authorities in accordance with the legal and/or regulatory retention period): between 5 and 20 years.

Personal data security

The ISH Group uses:

a) appropriate technical security solutions and measures to guarantee the confidentiality, integrity and inviolability of data, such as antivirus, firewall, network protection, encryption and other technical and process measures that are minimally compatible with international standards and the use of good market practices;

b) security measures appropriate to the risks, such as against accidental or unlawful destruction or accidental loss, alteration, disclosure or unauthorized access;

c) access controls to stored information, delimiting permission and access privileges according to the responsibilities involved.

Changes to the Privacy Policy

The ISH Group reserves the right to modify this Privacy Policy at any time, keeping it updated and available on the website ish.com.br/privacy-policy

In this case, the user will be informed of the substantial changes made, as required by the applicable legislation, and it is highly recommended that the user read this Privacy Policy periodically and in full.

Privacy Policy