Privacy Policy

  1. PURPOSE

Inform all customers and consumers of ADESTE regarding the application of the General Law on the Protection of Personal Data (LGPD) (Law No. 13.709, dated August 14, 2018).  

  1. APPLICATION AND SCOPE

It applies to all customers and consumers of ADESTE. 

  1. PROCESS DESCRIPTION

ADESTE needs to collect and process personal data from its customers. In this regard, this Privacy and Personal Data Policy of ADESTE (referred to as the “Privacy Policy”) aims to help our customers understand what personal data we collect, how and why we use it, to whom we disclose it, and how we protect their privacy when they use our services. 

  1. WHY?

ADESTE is committed to protecting the security and privacy of its customers. In this context, it has developed this Privacy Policy to affirm its commitment and respect for the rules of privacy and the protection of personal data. 

Our intention is for our customers to be aware of the general privacy rules and the terms of processing the data we collect, in strict compliance with the applicable legislation in this regard, namely Law No. 13.709, dated August 14, 2018 (“General Law on the Protection of Personal Data – LGPD” or simply “LGPD.”). 

ADESTE adopts best practices in terms of security and protection of personal data, promoting awareness of good practices in this area, and improving systems to manage the protection of data provided by its customers, in strict compliance with legal obligations. 

The completion of data collection forms and the provision of data directly or indirectly imply an understanding of the conditions of this Policy, as well as any other terms, policies, and specific conditions related to the services provided. 

  1. WHAT IS PERSONAL DATA?

Personal data is understood as any information related to an identified or identifiable natural person (data subject), of any nature and regardless of the respective medium. An identifiable person is one who can be identified directly or indirectly, particularly by reference to an identification number or by more specific elements of their physical, physiological, psychological, economic, cultural, or social identity. 

Personal data may have a differentiated nature in certain situations, classifying them under the LGPD as “sensitive data.” These may pertain to the racial or ethnic origin of the data subject, their political opinions, religious or philosophical beliefs, genetic information, biometric identifiers, sexual life, sexual orientation, or health status.

  1. OTHER IMPORTANT DEFINITIONS
  2. Consent of the data subject: a manifestation of will that is free, specific, informed, and explicit, by which the data subject agrees, through a statement or an unequivocal positive act, to the processing of personal data concerning them.
  3. Controller: A natural or legal person, whether public or private, who is responsible for making decisions regarding the processing of personal data.
  • Definition of profiling: any form of automated processing of personal data that involves the use of such personal data to, among other things, categorize an individual concerning their professional performance, economic situation, health, personal preferences, interests, behavior, location, or movement.
  1. Data Protection Officer – “DPO”: A person or entity appointed to ensure, within an organization, compliance with the processing of personal data according to the LGPD, ensuring efficient communication with data subjects and cooperation with regulatory authorities, while also serving as a liaison with the different areas of activity within ADESTE. The DPO does not receive instructions regarding the exercise of their functions and reports directly to the governing bodies of the entity that appointed them.
  2. Data processor: a natural or legal person, public authority, agency, or other body that, individually or jointly with others, determines the purposes and means of processing personal data.
  3. Third party: a natural or legal person, service, or entity that is not the data subject, the Controller, the Processor, or individuals who, under the direct authority of the Controller or the Processor, are authorized to process personal data.
  • Data subject: an identified or identifiable natural person to whom the personal data relates.
  • Processing: an operation or set of operations performed on personal data or sets of personal data, by automated or non-automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or any other form of availability, comparison or interconnection, restriction, erasure, or destruction.
  1. Operator: Natural or legal person, whether public or private, that processes personal data on behalf of the controller.
  2. Data breach: a security violation that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access to personal data that is transmitted, stored, or otherwise processed.
  3. Pseudonymization: the processing of personal data in such a way that it can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separately and subject to technical and organizational measures to ensure that personal data cannot be attributed to an identified or identifiable natural person.
  • Anonymization: a technique that results from the processing of personal data in order to remove sufficient elements so that the data subject can no longer be identified, in an irreversible manner. More specifically, the data must be processed in such a way that it can no longer be used to identify a natural person using the means that could reasonably be used, whether by the data processor or by third parties.
  • National Data Protection Authority – ANPD: A public administration body responsible for overseeing, implementing, and enforcing compliance with the law.
  1. WHO IS RESPONSIBLE FOR THE PROCESSING OF YOUR PERSONAL DATA?

This Privacy Policy aims to inform customers about the terms of processing personal data at ADESTE, defining the purposes and means of processing their data in the context of service provision, whereby ADESTE should be considered the Controller, according to the LGPD. 

Thus, when assisted by an independent third party on behalf of ADESTE, this third party will be considered a Processor, according to the LGPD. Therefore, if there are any inquiries regarding the privacy of the customer’s data, we request that the competent third party be indicated, when applicable, for the purpose of investigating any potential violation, intent, negligence, recklessness, or lack of skill.

  1. WHAT PERSONAL DATA DO WE COLLECT AND THROUGH WHAT MEANS?

ADESTE collects personal information provided by the customer, information that is capable of identifying them. The information collected may vary depending on its use at ADESTE, as well as the type of information you choose to provide to us.

For the proper functioning of the service, the customer of ADESTE provides certain information about both individuals and legal entities, such as: Corporate name, phone number, email, address, CPF (Individual Taxpayer Registry), education level, registration date, among others. ADESTE may use a specific system through which additional information is also provided. 

All of this information collected by ADESTE is cumulative, so that ADESTE and its Processors can provide better service.

  1. CATEGORY OF DATA PROCESSED, MEANS AND METHODS OF COLLECTION

The customer will always be duly informed of the necessity to provide this data to continue the registration process with ADESTE.

ADESTE does not collect sensitive data without the prior consent and approval of the customer, and only for specific purposes.

  1. WHAT ARE THE PURPOSES OF COLLECTING YOUR PERSONAL DATA?

The personal data received may only be used for the contracted purpose. If ADESTE processes data for purposes other than those consented to, due to the customer’s contractual relationship, it must obtain new consent from the data subject.

The legal basis used for the processing of personal data is the execution of the contract and legitimate interest; therefore, ADESTE does not need to obtain the consent of the data subject. The purpose for processing the data must be specific, unless there is a legitimate interest of the controller.

We may use the categories of personal information mentioned above for one or more of the following business purposes:

  • To process your request for information (e.g., products/services, Independent Consultant opportunities).
  • To process transactions for products and services and send notifications regarding your transactions.
  • To provide sales support and customer service, as well as quality assurance.
  • To provide targeted marketing and advertising, send service update notifications, and make promotional offers based on your communication preferences.
  • To allow emails to friends: We can enable the sharing feature, allowing users to send messages about content related to the Site to a friend through the Site itself. If you wish to use this feature, you can provide us with your friend’s email address so that we can facilitate sending your message to them.
  • To verify your identity, including account-related inquiries.
  • To send administrative communications related to the Site, service-related announcements, etc., that are necessary to assist you, address your concerns, and provide the high level of customer service that ADESTE offers. As these communications may be important for your use of the Site, you cannot opt out of receiving such communications unless you explicitly withdraw your consent for our use of your personal information as described in this Privacy Policy. To review/manage the use and operations of the Site and to ensure compliance with our Terms of Use and the law.
  • To resolve issues with the Site, our business, or our services.
  • To contact you at any phone number, via voice call or through text messages (SMS) or email, as permitted by our Terms and Conditions.
  • To detect, prevent, or investigate security violations, fraud, or other suspicious/prohibited/illegal activities; or violations of our Privacy Policy.
  • To maintain appropriate records for internal administrative purposes.
  • To provide important information about product safety.
  • We use your IP address and the IP addresses of all users for the purposes of calculating usage levels of the Site, helping to diagnose problems with the Site’s servers, administering the Site, analyzing trends, conducting internal statistics/research, including the detection and prevention of suspicious activities, managing the Site, tracking traffic patterns, and gathering demographic information for aggregated use.
  • To improve our site and present content to you.
  • For testing, research, analysis, and product development.
  • As described to you when collecting your personal information.
  • We may use these technologies to collect information for various purposes, including analyzing how the Site is used, personalizing your experience on the Site, or improving our content or offerings. Your browser may provide tools to block or delete cookies. However, if your browser is set to reject cookies or you manually delete them, you may encounter issues accessing and using certain pages and features currently available on our Site or that we may add to our Site in the future.
  1. ON WHAT BASIS DO WE PROCESS YOUR PERSONAL DATA?

ADESTE is an industry in the food and health sector, and therefore it is necessary to process certain personal data to carry out this service. The LGPD requires that, for the processing of personal data to be lawful, there must be an appropriate legal basis for each specific processing activity. 

Regarding the processing of your data by ADESTE to improve our services and fulfill our administrative and quality objectives, the appropriate legal basis will be the pursuit of legitimate interests, as well as Contractual Compliance, when applicable, in addition to the customer’s consent and regulatory compliance. 

This means that data subjects may oppose the processing of their data for the purposes mentioned above, under the LGPD, if they present valid reasons related to their particular situation. In such an eventuality, the Controller may present legitimate reasons that justify the continuation of that processing, in which case it reserves the right to continue processing your data for those purposes, as well as in cases where such processing is necessary for the declaration, exercise, or defense of a right in legal proceedings. 

As for the processing of data carried out by ADESTE in the context of fulfilling legal obligations, the legal basis for such processing—mostly involving communications of data to external entities—will be the necessity of processing for the fulfillment of the legal and regulatory obligations of the Controller, including contractual compliance or legitimate interest. 

  1. WHICH ADESTE PROFESSIONALS HAVE ACCESS TO YOUR DATA?

In the context of processing your personal data, ADESTE consistently observes the principles of data protection by design (privacy by design). Such a commitment means, among other aspects, that your personal data will have limited access to those individuals who need to know it in the performance of their duties, strictly to the extent necessary for the pursuit of the processing purposes outlined above. 

  1. WHAT IS THE RETENTION PERIOD FOR YOUR PERSONAL DATA?

The controller (customer) sends their database with the personal data that will be processed by ADESTE (Processor). Such data is retained in a format that allows for the identification of data subjects only for as long as necessary for the purposes for which it is processed. 

After the services are completed, the data is returned to the client; however, for legal security reasons, some data is stored in the cloud (cloud services) contracted by ADESTE.

  1. WHAT ARE THE RIGHTS OF DATA SUBJECTS?

Under the applicable legislation, the data subject may request, at any time, access to their personal data, as well as its rectification and the portability of their data, either directly via the email privacidade@adeste.com.br or through in-person contact with ADESTE. 

The data subject has the right to:

  • Request details about the categories of personal information collected about you and, if permitted and practical, a copy of the personal information (data portability).
  • Request the deletion of any personal information we have collected from you, subject to certain exceptions. Once your request is verified, we will proceed with it, unless an exception applies. There is a possibility that we may deny your deletion request if retaining the information is necessary for us or our service providers to:
  • Complete the transaction for which we collected the personal information, provide a good or service you requested, carry out actions reasonably anticipated in the context of our ongoing business relationship with you, or otherwise fulfill our contract with you.
  • Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activities, or prosecute those responsible for such activities.
  • Debug products to identify and fix errors that impair the intended functionality.
  • Exercise free speech, ensure the right of another consumer to exercise their rights to free speech, or exercise another right provided by law.
  • Comply with the LGPD and applicable legislation.
  • Engage in public or scientific research, historical, or peer-reviewed statistical research of public interest that complies with all other applicable ethics and privacy laws, if deleting the information would likely impede or seriously harm the completion of the research, provided you have previously informed your consent.
  • Allow only internal uses that are reasonably aligned with consumer expectations based on their relationship with us.
  • Fulfill a legal obligation.
  • Make other internal and lawful uses of this information that are compatible with the context in which you provided it.

    Without prejudice to any other administrative or judicial recourse, the data subject has the right to file a complaint with the ANPD or another competent supervisory authority under the law if they believe that their data is not being processed legitimately by ADESTE, in accordance with applicable legislation and this Policy. 

    1. WHAT SECURITY MEASURES DOES ADESTE ADOPT?

    ADESTE is committed to ensuring the confidentiality, protection, and security of its customers’ personal data by implementing appropriate technical and organizational measures to protect their data against any form of improper or unlawful processing and against any accidental loss or destruction of this data. To this end, we have systems and teams dedicated to ensuring the security of the personal data processed, creating and updating procedures to prevent unauthorized access, accidental loss, and/or destruction of personal data, while committing to comply with legislation regarding the protection of customers’ personal data and to process this data only for the purposes for which it was collected, as well as to ensure that this data is processed with appropriate levels of security and confidentiality. 

    ADESTE may, in some cases, share your personal data with its employees and internal and external service providers. ADESTE has established clear contractual rules regarding the processing of personal data with its employees, internal service providers, and third-party service providers, and requires them to adopt appropriate technical and organizational measures to protect your personal data. However, in some cases, we may be required by law to disclose your personal data to third parties (such as regulatory authorities) over whom we have limited control regarding the protection of personal data. 

    It may be necessary—by law, legal process, litigation, and/or requests from public and governmental authorities within or outside your country of residence—for ADESTE to disclose your personal information. We may also disclose your information if we determine that, for national security purposes, law enforcement, or other matters of public importance, the disclosure is necessary or appropriate.

    We may also disclose your information if we determine that the disclosure is reasonably necessary to enforce our terms and conditions or protect our operations or users. Additionally, in the event of a reorganization, merger, or sale, we may transfer any and all personal information we collect to relevant third parties.

    1. UNDER WHAT CIRCUMSTANCES IS DATA SHARED WITH OTHER ENTITIES?

    ADESTE relies on other entities for the provision of certain services. This provision of services may eventually involve access by these entities to the personal data of their customers. 

    Thus, any entity that is characterized as a sub-processor will process the personal data of our customers, under the strict obligation to follow the instructions of the Controller (customer). ADESTE ensures that such entities characterized as sub-processors provide sufficient guarantees of implementing appropriate technical and organizational measures so that the processing meets the requirements of applicable law and ensures the security and protection of the rights of data subjects, in accordance with the contractual agreement made with the Controller.

    ADESTE may also transmit personal data of its customers to third parties when it deems such data communications necessary or appropriate:

    1. in light of the applicable law,
    2. in compliance with legal obligations/court orders, and; iii. to respond to requests from public or governmental authorities.

    In this regard, ADESTE may transmit your personal data to any Contracting Public Entity, to the Courts, Solicitors, criminal police authorities, or the Public Prosecutor’s Office when notified to do so or when such transmission is necessary to fulfill legal obligations, as legally provided.  

    In any of the above-mentioned situations, ADESTE is committed to taking all reasonable measures to ensure the effective protection of the personal data it processes.  

    1. CONTACT US

    You may contact the Data Protection Officer (“DPO”) of ADESTE for more information about the processing of your personal data, as well as any questions related to the exercise of the rights granted to you by applicable legislation, especially those mentioned in this Privacy Policy, through the following contact: 

    Email: privacidade@adeste.com.br

    1. RIGHT TO NON-DISCRIMINATION IN THE EXERCISE OF YOUR PRIVACY RIGHTS

    We will not discriminate against you for exercising any of the rights described above. This includes, but is not limited to: 

    • deny you goods or services;
    • charge you different prices or fees for goods or services, including through the use of discounts or other benefits or imposing penalties;
    • provide a different level or quality of goods or services; or
    • suggest that you will receive a different price or fee for goods or services or a different level or quality of goods or services.
    1. HOW WILL I BE INFORMED ABOUT CHANGES TO THE PRIVACY POLICY?

    ADESTE reserves the right to make modifications or updates to this Privacy Policy at any time, with such changes being duly updated on our Platforms. We suggest that you consult them regularly to stay informed of any changes.

    1. FINAL PROVISIONS

    This policy may be subject to audit at any time, in accordance with the directives of ADESTE’s senior management.