This website is maintained and operated by TRUE CHANGE TECNOLOGIA LTDA.
We collect and use some personal data from those who use our website. In doing so, we act as the controller of this data and are subject to the provisions of Federal Law No. 13.709/2018 (General Data Protection Law – LGPD).
We take care to protect your personal data, and therefore, we make this privacy policy available, which contains important information about:
- Who should use our website
- What data we collect and what we do with it
- Your rights regarding your personal data
- How to contact us
1. Data We Collect and Reasons for Collection
Our website collects and uses some personal data from our users, as detailed in this section.
1.1 Personal Data Provided Directly by the User
We collect the following personal data that users provide to us when using our website:
- User’s name
- User’s email address
The collection of these data occurs at the following moments: Filling out a standard form provided to the user.
The data provided by our users are collected for the following purposes:
- To send the conditions of the contracted product/service
- To keep the user fully informed about the progress of requests and/or complaints submitted to our attention and actions
2.1 Sensitive Data
We do not collect sensitive data from our users, as defined in Articles 11 and subsequent of the Personal Data Protection Law (Law No. 13.709/2018). Therefore, we do not collect data related to racial or ethnic origin, religious beliefs, political opinions, union membership or affiliation with a religious, philosophical, or political organization, health or sexual life data, genetic or biometric data when linked to an individual.
3.1 Cookies
Cookies are small text files automatically downloaded to your device when you access and navigate through a website. They serve primarily to identify devices, user activities, and preferences.
Cookies do not allow any file or information to be extracted from the user’s hard drive, nor can they access personal information that has not been provided by the user or by the way the user uses the website’s features.
Site Cookies
Site cookies are those sent to the user’s computer or device and administrator exclusively by the website.
The information collected through these cookies is used to improve and personalize the user experience. Some cookies may, for example, be used to remember the user’s preferences and choices, as well as to offer personalized content that may interest them.
Cookie Management
The user may oppose the use of cookies on the website by disabling them when they begin using the service by following the instructions below:
- Select a newsletter received from TrueChange and click “unsubscribe” in the email footer.
However, it will not be possible to disable all cookies, as some are essential for the website to function correctly. Furthermore, disabling cookies that can be disabled may impair the user experience, as the information used to personalize it will no longer be available.
4.1 Collection of Data Not Explicitly Foreseen
Occasionally, other types of data not explicitly covered by this Privacy Policy may be collected, provided that they are provided with the user’s consent or if the collection is permitted based on another legal basis provided by law.
In any case, the data collection and any subsequent processing activities will be informed to the website’s users.
2. Sharing Personal Data with Third Parties
We do not share your personal data with third parties. However, this may occur to comply with any legal or regulatory determination, or to fulfill an order issued by a public authority.
3. How Long Your Personal Data Will Be Stored
The personal data collected by the website are stored and used for a period of time corresponding to what is necessary to achieve the purposes listed in this document and considering the rights of their holders, the rights of the website controller, and applicable legal or regulatory provisions.
Once the storage periods for personal data have expired, they are removed from our databases or anonymized, unless there is a possibility or need for storage due to legal or regulatory requirements.
4. Legal Bases for Processing Personal Data
A legal basis for processing personal data is a legal justification provided by law for such processing. Each data processing activity must have a corresponding legal basis.
We process the personal data of our users in the following situations:
- With the consent of the data subject
- For the regular exercise of rights in judicial, administrative, or arbitral proceedings
- For the execution of a contract or preliminary procedures related to a contract to which the data subject is a party, at the request of the data subject
- When necessary to meet the legitimate interests of the controller or a third party
4.1 Consent
Certain personal data processing operations carried out on our website will depend on the prior agreement of the user, which must be freely, informed, and unequivocally expressed.
The user may revoke their consent at any time, and if no legal grounds for storing the data exist, the data provided with consent will be deleted.
Furthermore, the user may choose not to consent to a specific data processing activity. In such cases, however, it may not be possible to use certain website functionalities that depend on that specific processing. The consequences of the lack of consent for a particular activity will be informed before processing.
4.2 Execution of Contract
For the execution of a purchase or service contract that may be entered into between the website and the user, additional data related or necessary for its execution may be collected and stored, including the content of any communications with the user.
4.3 Legitimate Interest
For certain personal data processing operations, we rely solely on our legitimate interest. To learn more about the specific cases in which we rely on this legal basis, or to obtain further information on the tests we conduct to ensure we can use it, please contact our Data Protection Officer via one of the contact channels provided in this Privacy Policy, in the “How to Contact Us” section (Item 9).
5. User Rights
The user of the website has the following rights granted by the Personal Data Protection Law:
- Confirmation of the existence of processing
- Access to data
- Correction of incomplete, inaccurate, or outdated data
- Anonymization, blocking, or deletion of unnecessary, excessive data or data processed in violation of the law
- Portability of data to another service or product provider, upon express request, in accordance with national authority regulations, subject to commercial and industrial secrecy
- Deletion of personal data processed with the consent of the data subject, except in cases provided by law
- Information on the public and private entities with which the controller has shared data
- Information on the possibility of not providing consent and the consequences of refusal
- Revocation of consent
It is important to emphasize that, under LGPD, there is no right to deletion of data processed based on legal grounds other than consent, unless the data are unnecessary, excessive, or processed in violation of the law.
5.1 How the Data Subject Can Exercise Their Rights
To ensure that the user seeking to exercise their rights is indeed the data subject of the request, we may ask for documents or other information that can help properly identify them, in order to protect our rights and those of third parties. This will only be done if absolutely necessary, and the requester will be informed of all related procedures.
6. Security Measures in the Processing of Personal Data
We employ technical and organizational measures to protect personal data from unauthorized access and situations of destruction, loss, theft, or alteration of this data.
The measures we use consider the nature of the data, the context and purpose of processing, the risks that a potential breach could pose to the rights and freedoms of the user, and the standards currently employed in the market by companies similar to ours.
Among the security measures adopted by us, we highlight the following:
- Security protocols and encryption (e.g., cryptographic hashes)
- Access control systems
- Firewalls
- Monitoring software
- Multi-factor authentication
- Patch and update management/distribution
- Endpoint protection solutions
- DLP (Data Loss Prevention)
- Secure development and code review
- Web Application Firewall and Database Firewall (WAF/DBF)
Although we do everything within our power to avoid security incidents, it is possible for problems to arise due to third parties (e.g., hacker or cracker attacks) or due to user fault, such as when the user shares their data with third parties. Thus, while we are generally responsible for the personal data we process, we are not liable in cases of exceptional events beyond our control.
In any case, if a security incident occurs that could pose a risk or significant damage to any of our users, we will notify the affected individuals and the National Data Protection Authority, in accordance with the General Data Protection Law.
7. Complaints to a Control Authority
Without prejudice to any other administrative or judicial recourse, data subjects who feel harmed in any way may file a complaint with the National Data Protection Authority.
8. Changes to This Policy
This version of the Privacy Policy was last updated on: 12/02/2021.
We reserve the right to modify these terms at any time, especially to adapt them to changes made to our website, either by introducing new features or removing/modifying existing ones.
Whenever there is a modification, our users will be notified about the change.
9. How to Contact Us
For any questions regarding this Privacy Policy or the personal data we process, please contact our Data Protection Officer through one of the channels mentioned below:
Responsible: Caio Régis
Email: [email protected]
Postal Address: Rua Dona Maria César, 170/Sala 303D. Edf. Luciano Costa – Bairro do Recife, Recife – PE. 50030-140
