PRIVACY POLICY

Welcome!

This privacy policy applies to the operations and websites of CentralServer (main site, blog, and wiki) and aims to inform about our commitment to security, transparency, and confidentiality in the processing of personal data, in addition to the measures we adopt to comply with current legislation.

Our products and services are varied, as CentralServer always seeks improvement and innovation. Therefore, additional Terms, Licenses, and Agreements may provide specific clauses and usage conditions for each product or service. These documents will be available to each customer and user in their access panel when hiring CentralServer’s products and services.

With the enforcement of Brazilian Law No. 13,709/2018 (LGPD – General Data Protection Law), express consent about the Privacy Policy is required for Brazilian citizens, which can be done on the CentralServer websites, customer panel, or communication channels.

About the Collection and Processing of Personal Data

CentralServer collects necessary data for contract issuance, execution of its products and services, communication with current customers, prospective customers, and job applicants. Thus, we collect data from the legal entity (Company Name, CNPJ number, address, phone, email), from individuals who are authorized representatives of the company to sign contracts and participate in the management of contracted products and services (name, role, CPF, RG or other official identification document, email, phone, address, and access credentials) and from prospects or candidates (name, role, email, phone, address, and professional history).

Personal data will be used for drafting and signing contracts and legal documents between the parties, identification of users and their use of products and services, access to the customer panel, payment processing and purchases, communication with current and prospective customers, and recruitment and selection processes. There may be specific purposes for data use depending on the product or service, due to their technical characteristics, which will be expressly informed in the respective contract.

The user who signs contracts and accepts the manifestation of consent on behalf of a legal entity declares, under the penalties of the law, that he/she is its legitimate legal representative (e.g., partner, manager, employee, deputy, or legal attorney).

To improve the quality of our services or to comply with current legislation, we store data related to access to our services. Such data is combined with others to produce logs and aggregate statistical information, as far as possible, anonymously (e.g., number of visitors, source and destination IP addresses, country of the internet access provider, date, and time of access).

To enable us to charge for the products and services provided by CentralServer, we pass on identification information of a legal or natural person, as well as the payment method chosen by the customer, to financial institutions and payment service providers, in accordance with applicable laws, norms, and security standards.

Communications with CentralServer’s Customer Service may be recorded or listened to, in accordance with applicable laws, for local operational needs (e.g., for quality reasons, training, or clarification of issues).

We do not intend to collect or process sensitive personal data in the normal course of our activities. When it is necessary to process sensitive personal data for any reason, we will obtain prior and express consent for any voluntary processing (e.g., for marketing purposes) or rely on legal bases (e.g., detection and prevention of crimes and fraud or compliance with applicable law).

To make business contacts with the aim of presenting our products and services, we may collect information that you share publicly or that is part of your profile on a social network (e.g., Facebook, Twitter, LinkedIn, etc.). This includes your basic account information (name, email address, gender, date of birth, current city, profile picture, user ID, friends list), and any other information or additional activities that you allow the social network to share with us.

When you interact with our materials, content, and events, we may collect information that you choose to share through forms, emails, instant messages, phone calls, and apps, among others. For our marketing actions to meet your professional and business objectives, it may be necessary to cross-reference the collected data. We guarantee that this cross-referencing is not done discriminately and that it also does not infringe on your individual rights or freedoms. All personal data collected is for the exclusive use of CentralServer and is not disclosed or sold to third parties. Also, you can request to change or remove such data processing permissions at any time.

We inform that the sending of newsletters will only be carried out with your express authorization, through specific registration for this purpose, and can be canceled at any time upon your request.

About Legal Bases

We use as legal bases for data collection and processing only the forms authorized by law, such as, but not limited to the consent of the holder, the preparation or execution of contact, the fulfillment of legal or regulatory obligation, and legitimate interest. When the legal basis for the collection is not consent, we will always observe the current legislation, as well as respect the individual rights and freedoms of data owners.

About the Use of Cookies

We automatically collect information about devices and applications used for browsing our pages through cookies. This depends on the enabling of cookies in your browser. Cookies are used to provide functionality and optimize the performance of the site, and are also used by social networks and advertising with which we operate – Google, Twitter, Facebook, Microsoft, and their affiliates – to target ads, presenting offers of products and services from the detected profile. Thus, when browsing our sites with the option to receive cookies enabled, you are susceptible to viewing information and advertising from CentralServer in other places on the internet.

To not provide this data from your browser, you can use the Consent Tool available on our site.

Alternatively, you can disable your browser’s cookie function. But remember, in this case, you will have to repeat the procedure every time you visit any of our sites.

About Data Storage Time

We will keep personal data only for as long as necessary to fulfill the purposes for which we collected them, including for the fulfillment of any legal, contractual, or request from competent authorities.

If you are a prospective CentralServer client, your personal information will be stored for up to 5 (five) years. If you have sent us your professional information to participate in recruitment processes, they will be stored for up to 1 (one) year. You can request the deletion of your data and, in this case, they will be deleted from our databases 72 (seventy-two hours) after receiving your request.

About Information Security

CentralServer uses best practices in information security, systems development, policies, and procedures to protect personal and corporate data, as well as to prevent unauthorized access to data, improper use, disclosure, loss, or destruction. More information about our security standards, methods, and procedures are available in this document.

However, despite CentralServer’s best efforts, it is the duty of each client to ensure and guarantee that their computer(s) and mobile devices are adequately protected against harmful software, such as viruses, spyware, adware, unauthorized remote access, among other malicious activities, and programs in the digital environment.

In addition, the client should be aware that without the adoption of adequate security measures (for example: use of strong passwords updated regularly, secure browser configuration, use of updated antivirus program, firewall systems, and not using vulnerable or illegal or dubious origin programs), the risk of leakage of personal data, without authorization for such, is considerably higher.

It is also warned that whenever the provision of data is carried out on open and public networks, such as the internet, your data may circulate without security conditions, existing the risk of being viewed and used by unauthorized third parties. Therefore, always follow the basic rules of digital security, keeping your computer and your data safe.

With the goal of delivering contracted products and services, we may store customer access credentials in systems provided by third parties (e.g., computer resource management and monitoring systems). In this case, the client declares that he/she is aware of the need to protect his/her access credentials to these systems with the use of strong passwords that should be updated regularly.

About the Rights of Personal Data Holders

Personal data is all information related to an identified or identifiable natural person. In accordance with the provisions of Law No. 13,709/2018 (LGPD), which protects the use and processing of personal data, CentralServer values the transparency and digital security of its customers, observing good norms and practices of information security. The data will only be used for the specific purposes of relationship, access, and use of users to the offered products and services and their hiring.

The holder of personal data has the right to request the correction and updating of their data, as well as inquire about its use and processing and cancel their consent. Law No. 13,709/2018 (LGPD) establishes in its art. 18 the following rights for all holders of personal data in Brazil:

Art. 18. The holder of personal data has the right to obtain from the controller, in relation to the data of the holder treated by him, at any time and upon request:
I – confirmation of treatment existence;
II – access to data;
III – correction of incomplete, inaccurate or outdated data;
IV – anonymization, blocking or elimination of unnecessary, excessive data or treated in non-compliance with the provisions of this Law;
V – portability of data to another service or product provider, upon express request and observing commercial and industrial secrets, according to the regulation of the controlling body;
V – portability of data to another service or product provider, upon express request, according to the regulation of the national authority, observing commercial and industrial secrets (Wording given by Law No. 13,853, of 2019)
VI – elimination of personal data treated with the consent of the holder, except in the cases provided for in art. 16 of this Law;
VII – information from public and private entities with which the controller has performed shared data use;
VIII – information about the possibility of not providing consent and about the consequences of denial;
IX – revocation of consent, as provided for in § 5 of art. 8 of this Law.
§ 1 The holder of personal data has the right to petition regarding his data against the controller before the national authority.
§ 2 The holder may oppose a treatment carried out with the basis on one of the consent waiver hypotheses, in case of non-compliance with the provisions of this Law.
§ 3 The rights provided for in this article will be exercised upon the holder’s or legally constituted representative’s express request to the treatment agent.
§ 4 In the event of impossibility of immediate adoption of the provision of § 3 of this article, the controller will send the holder a response in which he/she may:
I – communicate that he/she is not a treatment agent of the data and indicate, whenever possible, the agent; or
II – indicate the reasons of fact or law that prevent the immediate adoption of the provision.
§ 5 The request referred to in § 3 of this article will be fulfilled without cost to the holder, within the deadlines and terms provided for in regulation.
§ 6 The controller shall immediately inform the treatment agents with whom it has performed shared data use the correction, elimination, anonymization, or blocking of the data, for them to repeat the identical procedure. (Wording given by Law No. 13,853, of 2019)
§ 7 The portability of personal data referred to in item V of the caput of this article does not include data that has already been anonymized by the controller.
§ 8 The right referred to in § 1 of this article may also be exercised before consumer protection agencies.

If it is necessary to provide data of minors, they may only be provided with express consent from the parents, and CentralServer does not promote or sell its products and services to minors.

About the Disclosure and Transfer of Personal Data

All data belonging to CentralServer’s customers (personal data, files, pages, programming codes, databases, and email messages), stored on our servers, are covered by the confidentiality clause of the contract.

CentralServer may occasionally be required to disclose personal data to regulatory authorities, Judiciary, agencies, or other governmental bodies, in an administrative or judicial process, and will only do so when there is a manifest legal requirement, court order, or to defend rights, interests, and property of CentralServer and related third parties, especially its customers, always striving to protect the privacy and confidentiality of third-party data in its custody to the maximum extent. Except for the above hypotheses, we will not share your personal data, unless you request or there is prior approval for sharing.

In providing our services for the benefit of our clients, we may handle personal data on behalf of a Controller (be it the client or any other unit or branch of CentralServer). This is primarily for the administration, management, performance verification, or effective delivery of our services and products both in Brazil and internationally.

Personal data will be handled in an appropriate, relevant, and limited manner necessary for the purposes for which they will be processed. Personal data will only be shared with relevant and duly authorized personnel within CentralServer, as well as contractors or subcontractors, to ensure the execution and quality of the services and products offered, and to maintain commercial and technical operability.

In accordance with Brazilian, American, and European personal data protection laws, the international transfer of personal data will only be carried out to countries that guarantee an adequate level of protection. Should it be necessary to transfer personal data internationally to a country that does not yet meet European and Brazilian personal data protection standards, due to the need for product or service execution, CentralServer will inform the client and will provide additional protection to ensure the transferred data remain adequately secure.

Regarding Privacy Policy Updates

The Privacy Policy may be changed at any time at CentralServer’s discretion and in accordance with any legal changes and/or judicial and administrative requirements. When changes occur, clients will be informed via email or through the product and service access panel. Following the implementation of the LGPD (Law 13.709/18), when the Privacy Policy is altered, the personal data holder must express their consent through communication channels.

Regarding Controller Identification and Customer Service Channels

Our products and services are provided by Central Server Informática Ltda., located at Rua Fernando Amaro, No. 60, CEP 80.045-080, Alto da XV, Curitiba-PR, Brazil, registered under CNPJ No. 04.151.097/0001-94, telephone +55 (41) 2141-1800. The above information (Central Server Informática Ltda.) also refers to the Data Protection Officer, for the purposes of Brazilian Law No. 13.709/2018 (LGPD – General Data Protection Law), with expected enforcement in August 2020.

The personal data holder can contact CentralServer through the Contact form available on our main website and through these channels: email dpo@centralserver.com and telephone +55 (41) 2141-1800.

If you have any questions about this Privacy Policy, click here and get in touch with us.