Privacy Statement
Versão 2nd
September 21, 2022
PRIVACY POLICY
CMA Consultoria, Métodos, Assessoria e Mercantil S.A.
CMA Consultoria, Métodos, Assessoria e Mercantil S/A (“CMA”), registered at cnpj under no. 43.819.978/0001-92, registered in the City of São Paulo, State of São Paulo, at Rua Prof. Filadelfo Azevedo, nº 712, Bairro Vl. Nova Conceição, CEP 04508-011 and, other business units, “CMA Mercados”, “Agência CMA” and “SAFRAS & Mercado”, privacy and protection of your personal data. For this reason, the Privacy Policy has been developed to inform you about the collection, use, sharing and, in general, how we treat your personal data under the General Law on the Protection of Personal Data (Law No. 13,709/18, “LGPD”).
We encourage you to read this document in its entirety, because by expressing your acceptance of this Policy you agree and agree to its conditions.
This policy provides for:
- Terms and definitions
- From Data Collection
- From The Collected Data
- Option not to provide your personal data
- The need for consent.
– Consent for the processing of sensitive personal data - The sharing of personal data.
- The storage of personal data.
- How long will we keep your data.
- How we guarantee the security of your personal data.
- Rights related to your personal data.
- Incident Notification.
- Additional information.
- Talk to us.
1- TERMS AND DENIFITIONS
Each time you read a term that is capitalized in this Policy, it means that it is a term with specifically defined meaning.
This Privacy Policy is not limited to individuals who receive/enjoy our services, that is, it extends to customers, legal guardians, service providers, interested third parties and other persons in which they somehow relate to the company, when they, called “Data Subject”, provide their information and personal data to CMA.
This Privacy Policy establishes terms for the collection, processing and use of sensitive information from customers and other persons accessing the websites of CMA Mercados (https://www.cma.com.br/), Agencie CMA (https://www.agenciacma.com.br/) and SAFRAS & Mercado (http://www.safras.com.br/) or any other means of digital communication, including their respective social networks and landing pages.
Whenever there is mention of the terms “CMA”, “we” or “our”, we are referring to every CMA group; similarly, whenever there is mention of the terms “you”, “your”, “your”, we are referring to the Data Subject.
The practices described in this Privacy Policy only apply to the processing of your personal data in Brazil and are subject to applicable local laws, with emphasis on Law No. 13,709/2018 (General Law for the Protection of Personal Data, or “LGPD”).
Considering that there are some technical terms of the LGPD, as well as for you to better understand this policy, the same terms and definitions set out in Article 5 of the LGPD will apply. If you have any questions about the terms used in this policy, we suggest consulting the table below:
TERMS | DEFINITIONS |
Personal dame | Any information related to the natural person, directly or indirectly, identified or identifiable. |
Sensitive personal | Special category of personal data relating to racial or ethnic origin, religious belief, political opinion, membership of a trade union or religious, philosophical or political organisation relating to health or sexual life, genetic or biometric data relating to the natural person |
Data Subject | Natural person to whom personal data refer, such as former, present or potential customers, employees, contractors, business partners and third parties. |
Controller | Legal entity of public or private law, to whom the decisions relating to the Processing of Personal Data are responsible. |
Operator | Legal entity under public or private law, which performs the Processing of Personal Data on behalf of the controller. |
Incumbent | Person appointed by the Controller and Operator to act as a communication channel between the Controller, the Data Subjects and the National Data Protection Authority (ANPD) |
Assent | Free, informed and unambiguous manifestation by which the Holder and/or Legal Guardian agrees to the processing of personal data for a specific purpose. |
Treatment | Every operation carried out with personal data, such as those referred to: the collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, deletion, evaluation or control of information, modification, communication, transfer, dissemination or extraction. |
Anonymization | Process by which the data loses the possibility of association, directly or indirectly, with an individual, considered the reasonable technical means available at the time of treatment. |
2- DATA COLLECTION
Personal data will be collected as described below, but not limited to such activities. In this way, we clarify that this Privacy Policy extends to other forms of collection of personal data that allow the provision and/or improvement of our services.
- Browse the CMA Markets website (https://www.cma.com.br);
- Browse the CMA Agency website (https://www.agenciacma.com.br/);
- Browse the SAFRAS & Mercado website (http://www.safras.com.br/);
- Hire or use any of our products or services;
- Contact us through our service channels;
- Contact us and browse our social networks (Instagram, Facebook, Youtube, Twitter, LinkedIn, Telegram and other social networks that may arise).
2.1 OF THE COLLECTED DATE
2.1 OF THE COLLECTED DATA
CATEGORY | INFORMATION | PURPOSE |
PERSONAL DATA | Full name; Email addresses; DDD and telephones; Profiles on social networks; Profession; Company and market segment in which he works; Professional subjects/topics of interest; Date of birth; | It is used to identify and confirm identity for the purposes of: offering news, newsletters, newsletters, market information and demonstrations of CMA services to interested parties; assistance and clarification of doubts, warnings, conference and compliance with legal and regulatory requirements to the authorities; marketing; market research; prevention and resolution of technical problems; |
DIGITAL PERSONAL DATA |
IP address of the mobile device used to access CMA services; Interactions performed and site usage profile; Technical data, such as URL, network connection, provider, and device information; Cookies; Device attributes, such as ID, operating system, browser, and model. I. Customer service history; History of access and use of products and services; | They are used for identification and confirmation of identity, in order to optimize and / or customize service, support, user experience and sale of products. |
Data collection and/or receipts occur when:
- You inform us directly through: registrations, forms, e-mail and/or telephone.
- We receive your data from legitimate sources, such as business partners you already relate to.
3- OPTION NOT TO PROVIDE YOUR PERSONAL DATA
The CMA stresses the importance of providing personal data and that they are essential for the provision/performance of our services. The processing of personal data is a condition for the use of our services, but we guarantee that the collection of this data is restricted to the minimum necessary.
We emphasize compliance with the General Data Protection Law – Law 13.709/2018 (“LGPD”) and ensure that the provision of our services is based on confidentiality and confidentiality.
4- THE NEED FOR CONSCENT
The LGPD establishes legal bases for the processing of data, that is, different situations in which we are allowed to process personal data without the need for the consent of the holder.
By opting for one of our services and/or platforms, we may collect and process your data without your consent (provided there is a legal basis provided for in the LGPD that authorizes us), for purposes such as: performance of contract, compliance with legal and/or regulatory obligations and legitimate interest.
If consent is legally necessary for the processing of personal data, we will expressly request that the data subject may withdraw his consent at any time, since this right does not compromise the lawfulness of the processing carried out on the basis of prior consent and does not harm the same house is mandatory.
To revoke your consent, you can contact us through our official communication channel: privacidade@cma.com.br
5- CONSENT FOR THE PROCESSING OF SENSITIVE PERSONAL DATA
Sensitive personal data is information that refers to racial or ethnic origin, religious belief, political opinion, union membership or the organization of religious, philosophical or political car, given to the health or sexual life, genetic or biometric data of an individual.
When used to process sensitive data, in addition to complying with the other rules set out in this Policy, consent shall:
- Occur in a specific way, directed exclusively to the treatment of such information;
- Be inserted in a prominent manner of the other terms and requests for authorization.
6- THE SHARING OF PERSONAL DATA
The CMA does not sell or even sell personal data. The information collected and/or received may be shared with: internal departments; partner companies; companies of the same group; judicial, administrative and/or governmental authorities whenever there is legal determination; audit companies, when the audit is carried out in cma’s operations; compliance with legal or regulatory obligations.
7- THE STORAGE OF PERSONAL DATA
The personal data collected is stored in a secure environment. For this, the CMA uses on-site servers, as well as in environments with cloud computing resources or servers that require transmission and/or processing outside Brazil. These transfers occur only with companies that demonstrate compliance with applicable laws and maintain the level of compliance with that required by Brazilian law.
8- HOW LONG WE’LL KEEP YOUR DATA
The CMA will keep its data, mainly, but not limited to, for the time required to comply with legal and regulatory obligations, as well as for the period necessary for us to eventually exercise guaranteed rights, including before the Judiciary
9- HOW WE GUARANTEE THE SECURITY OF YOUR PERSONAL DATA
We know that it is not possible to guarantee 100% the security of information, but, thinking of minimizing risks and providing greater security, our performance takes place in line with best practices, technical and administrative, able to protect your Personal Data from unauthorized access, accidental and unlawful situations of destruction, loss, alteration, communication or any other form of improper or unlawful treatment, from the design of our platform to its respective execution. To this end, we use and apply the standards and good practices adopted internationally, such as: Continuous monitoring of the environment; Continuous analysis and testing of information security in our systems, made by internal and external teams; periodic audits, as well as the establishment of an Information Security and Data Privacy Committee (CSIPD), and a Governance, Risk and Compliance (GRC) team.
10- RIGHTS RELATED TO YOUR PERSONAL DATA
From the entry into force of the LGPD, you, as the holder of personal data, may exercise your rights before the controllers of your personal data. We detail below so that you understand clearly and transparently how to exercise your rights and our team will be ready to fulfill any requests.
A- Confirmation of the existence of processing of personal data
We process your personal data, even if such processing is, among others, the storage of personal data in a safe and controlled environment. You may ask us to confirm that we process your personal data.
B- Access to personal data
You may request that we provide and provide the personal data we hold in relation to you.
C- Correction of incomplete, inaccurate or outdated personal data
If you find that your personal data is incomplete, inaccurate or outdated, you may request correction or supplementation. To do this you will need to send a document that proves the correct and current form of the personal data. It is important that your data is always up to date so that there are no errors or defects in our relationship.
D- Anonymization, blocking or deletion of unnecessary, excessive or non-LGPD data
If any personal data is treated in an unnecessary manner, in excess for the purpose for which it is intended or in non-compliance with the LGPD, you may request the CMA to anonymize, block or delete this data, provided that the excess, lack of necessity or non-compliance with the law is effectively found.
E- Deletion of personal data processed with consent
If you have given consent to the processing of your personal data for specific purposes (and not necessary for the provision of our services or delivery of our products), you may request the deletion of such personal data.
F- Information about the companies with which the CMA has shared or received your personal data
You may request which third parties we share with or from whom we receive your personal data.
G- Information on the possibility of not providing consent and on the consequences of the negative
If your consent is necessary for a particular company activity, you may ask that you be informed of whether it is possible to perform this activity without your consent to the processing of your personal data, or what are the consequences of not providing consent for this case.
H- Revocation of consent
If you have given your consent to the processing of your personal data, you may request the revocation of this consent. Revocation of consent may result in the unfeasibility of our agreement, but does not prevent the use of (i) anonymized data; and (ii) data whose processing is based on another legal hypothesis provided for in the LGPD.
To exercise any of these rights we ask that you contact us at “privacidade@cma.com.br” and in order to affect your rights, we may ask for proof of your identity as a security, authentication and fraud prevention measure.
11- INCIDENT NOTIFICATION
Privacy and Data Protection Incidents will be reported through the company’s official website (www.cma.com.br).
12- ADDITIONAL INFORMATION
This document may be changed at any time as understood by the CMA. In order to maintain the transparency of the information, every time this document undertakes any change, it will be validated and will be in full force, starting from:
- Publication/dissemination in the physical and digital locations of the CMA;
13- CONTACT US
If after reading this Privacy Policy there are still doubts or for any reason you need to communicate with us for matters involving your personal data, you can contact our Data Processing Officer:
E-mail: privacidade@cma.com.br
We hope we have helped you better understand how we treat your data and are on hand to clarify doubts and continue with a healthy and transparent work!
Group CMA
Rua Professor Filadelfo Azevedo, 712 – Vila Nova Conceição – São Paulo – SP
CEP: 04508-011 – Telefone: 55 11 3053-2600 – www.cma.com.br