Privacy Notice
Welcome to Apolo Embalagens
We recognize the importance of privacy and the protection of personal data of our customers, employees, suppliers and other partners.
In compliance with the General Data Protection Law No. 13,709/2018 (GDPL), we guarantee that all personal information collected throughout our business activities will be used ethically and transparently, in strict compliance with the purposes for which it was provided.
And with that, we commit to implementing appropriate technical and organizational measures to protect this data against unauthorized access, disclosure, alteration or destruction or any other improper processing activity.
1. FROM THE DATA PROTECTION OFFICER
The Data Protection Officer is the person chosen by Apolo Embalagens to act as a communication channel between the Controller, data subjects (customers, representatives, suppliers and employees) and the National Data Protection Authority (NDPA) and will be represented by:
Responsible for Data Protection Officer as a service: Deborah Francielle Mesquita Polsaque Alves Individual Law Firm
CNPJ 34.283.369/0001-70
Contact email: sac@apoloembalagens.com.br
2. DEFINITIONS
To facilitate the reading and understanding of this Privacy Notice, Apolo Embalagens presents below some important definitions brought by the General Data Protection Law and fundamental to the understanding of this:
PERSONAL DATA: information related to an identified or identifiable natural person, such as name, identity number, telephone number, among others.
SENSITIVE PERSONAL DATA: personal data about racial or ethnic origin, religious conviction, political opinion, membership of a trade union or organization of a religious, philosophical or political nature, data relating to health or sexual life, genetic or biometric data, when linked to a natural person.
TREATMENT: any operation carried out with personal data, such as those relating to collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation or control of information, modification, communication, transfer, dissemination or extraction;
CONTROLLER: natural or legal person, under public or private law, responsible for decisions regarding the processing of Personal Data;
OPERATOR: natural or legal person, under public or private law, that processes Personal Data on behalf of the controller;
DATA PROTECTION OFFICER: person appointed by the controller and operator to act as a communication channel with data subjects and the National Data Protection Authority;
HOLDER: natural person to whom the personal data being processed refer;
CONSENT: free, informed and unequivocal expression by which the holder agrees to the processing of their personal data for a specific purpose.
3. LEGAL BASES FOR THE PROCESSING OF PERSONAL DATA (ART. 7)
In view of the activities carried out by the Controller in the production of customized, sustainable, and high-quality packaging, it is important to clarify that all processing activities must be based on one of the legal bases included in the General Data Protection Law.
For processing involving personal data, the bases are described in articles 7:
I. Upon provision of consent by the holder;
II. For compliance with a legal or regulatory obligation by the controller;
III. By the public administration, for the processing and shared use of data necessary for the execution of public policies provided for in laws and regulations or supported by contracts, agreements or similar instruments, in compliance with the provisions of Chapter IV of this Law;
IV. For studies to be carried out by a research organization, ensuring, whenever possible, the anonymization of personal data;
V. When necessary for the execution of a contract or preliminary procedures related to a contract to which the data subject is a party, at the request of the data subject;
VI. For the regular exercise of rights in judicial, administrative or arbitration proceedings, the latter under the terms of Law No. 9,307 of September 23, 1996 (Arbitration Law);
VII. To protect the life or physical safety of the holder or third parties;
VIII. For the protection of health, exclusively, in a procedure carried out by health professionals, health services or health authorities;
IX. When necessary to meet the legitimate interests of the controller or third parties, except in the case where fundamental rights and freedoms of the data holder prevail, which require the protection of personal data; or
X. For credit protection, including as provided for in the relevant legislation.
4. LEGAL BASES FOR THE PROCESSING OF SENSITIVE PERSONAL DATA (ART. 11)
For processing involving sensitive personal data, the bases are described in articles 11:
I. When the holder or his/her legal guardian consents, specifically and clearly, for specific purposes (item I of the GDPL);
II. without providing consent from the holder, in cases where it is essential to:
a) compliance with a legal or regulatory obligation by the controller;
b) shared processing of data necessary for the execution, by the public administration, of public policies provided for in laws or regulations;
c) carrying out studies by a research body, ensuring, whenever possible, the anonymization of sensitive personal data;
d) regular exercise of rights, including in contracts and in judicial, administrative and arbitration proceedings, the latter under the terms of Law No. 9,307 of September 23, 1996 (Arbitration Law);
e) protection of the life or physical safety of the holder or third party;
f) health protection, exclusively, in a procedure carried out by health professionals, health services or health authorities; or
g) guarantee of fraud prevention and data subject security, in the identification and authentication processes for registration in electronic systems, safeguarding the rights mentioned in Article 9 of this Law and except in the case where fundamental rights and freedoms of the data subject prevail, which require the protection of personal data.
5. PERSONAL DATA PROCESSING ACTIVITIES
The processing of personal data involving the service provision activity of Apolo Embalagens will occur in the most diverse relationships with the data subject, for which the following are considered:
a) Browsing the Website – “Contact” and “Request Quote”
A form for requesting a quote for our products is available on the Apolo Embalagens institutional website (https://www.apoloembalagens.com.br/#Contato), through the collection of personal data:
✔ Name;
✔ Email;
✔ Telephone;
✔ Company name;
✔ City;
✔ State;
✔ Company uptime;
✔ Desired product;
✔ Message
PURPOSE: This information is necessary to provide a more accurate quote for the product the user wants.
LEGAL BASIS: By providing the consent of the holder (article 7, item I of the GDPL)
b) Prospecting customers
Apolo Embalagens actively searches for potential buyers of its products through digital platforms such as Google and social media. This provides access to the following data:
✔ Full name;
✔ Email;
✔ Phone/WhatsApp;
PURPOSE: If the prospective client is interested, the data collected initially is not stored in internal management systems and is only used for initial contact to send samples and quotes, if requested.
LEGAL BASIS: Upon the provision of consent by the holder (article 7, item I of the GDPL)
c) The purchase of customized products
The sale of our products requires the collection of various information given the need for the commercial relationship established, including:
✔ Name;
✔ Email;
✔ Telephone;
✔ Cell phone/WhatsApp;
✔ CRN;
✔ Order Data;
✔ Customer logo;
✔ Delivery address;
PURPOSE: To operationalize the purchase and sale of products sold by Apolo Embalagens and, in some cases, through the release of credit in installments.
LEGAL BASIS: When necessary for the execution of a contract or preliminary procedures related to the contract to which the data subject is a party, at the request of the data subject (article 7, item V of the GDPL)
d) From the Logistics activity
In cases where it is necessary to send Apolo Embalagens products to the customer, through the contracting of external logistics, the following data is collected from the drivers of the contracted companies:
✔ Name;
✔ Vehicle license plate
PURPOSE: To operationalize the delivery to the customer of customized products that were developed by Apolo Embalagens, by contracting transportation with third parties.
LEGAL BASIS: When necessary for the execution of a contract or preliminary procedures related to the contract to which the data subject is a party, at the request of the data subject (article 7, item V of the GDPL)
e) Labor relations
When it comes to the processing of data involving our employees, it is necessary to clarify that we collect all data required by applicable law and necessary for the employment relationship to be established lawfully and properly, namely:
✔ Full Name;
✔ IC;
✔ SSN;
✔ Telephone/Cell phone;
✔ Date of Birth;
✔ NISS Registration Number;
✔ Sex;
✔ Naturalness;
✔ Nationality;
✔ Mother's Name;
✔ Father's Name;
✔ Date of Birth;
✔ Email;
✔ Full Address;
✔ City;
✔ Neighborhood;
✔ Resume;
✔ Admission, Periodic and Dismissal Exams;
✔ National Driver's License for those who hold the position of driver;
✔ Work Card – WSSC;
✔ Bank details for compliance with salary charges;
✔ Marriage Certificate;
✔ Birth certificate of children;
PURPOSE: Information necessary to effectively register the employee in relation to their labor rights as established by law.
LEGAL BASIS: When necessary for the execution of a contract (article 7, item V of the GDPL) and; For the fulfillment of a Legal Obligation (article 7, item II of the GDPL).
v NOTE: As required by e-social guidelines, data will be collected from the spouse of dependents, if any.
f) Control of visitor access to the physical establishment
All visitors to Apolo Embalagens are duly identified at the entrance using a dedicated system with access control and storage in a secure location, through the collection of the following data:
✔ Name;
✔ Company name;
✔ License plate (when the permit is for indoor parking)
PURPOSE: Information necessary to guarantee the security of the owner and the company in relation to the business operation developed and its employees.
LEGAL BASIS: Protection of the life or physical safety of the holder or third party (art. 7, item VII of the GDPL);
g) Hiring a Supplier/Service Provider
The hiring of product or service suppliers will be carried out through a contract and with the collection of the following personal data:
✔ Name;
✔ Address;
✔ IC;
✔ SSN;
✔ Email;
✔ Bank details;
PURPOSE: Information necessary to enter into a contract between the parties, arising from rights and obligations or to carry out some business activity for the benefit of Apolo Embalagens.
LEGAL BASIS: When necessary for the execution of a contract or preliminary steps related to the contract to which the data subject is a party, at the request of the data subject (article 7, item V of the GDPL);
Regardless of the activities described, which may also involve other activities not listed, Apolo Embalagens clarifies that all processing activities involving personal data and sensitive personal data will be carried out in a manner that meets ethical principles, based on transparency, purpose and adequacy, from collection to effective elimination.
6. PERSONAL DATA OF CHILDREN AND ADOLESCENTS
There is no intentional collection of data from children and/or adolescents when using our website or registering to request quotes, which are also available through digital means, which is subject to the age of majority currently in force in Brazil, as is the case for anyone who is 18 (eighteen) years old.
- Special note: We recommend that parents and legal guardians of children and adolescents check and monitor their children's use of our website to ensure that personal data is not shared with us. If this occurs, please contact us and report the incident for appropriate internal action.
7. SHARING OF PERSONAL DATA
No personal data will be shared or disclosed without the consent of its holder, except when meeting a legal or regulatory requirement, in order to comply with the guidelines stipulated in the contract for the provision of our services, as a result of the regular exercise of the right in administrative, judicial or arbitration proceedings to which we may be subject, or even for the purposes specified in this Privacy Notice for which they have a specific purpose, namely:
a) Service providers or suppliers: Personal data collected through our business activities may be shared with third parties who perform services under the guidance of Apolo Embalagens, such as: auditing companies for specific certifications to which they are affiliated, shipping companies, postal services, occupational health and safety clinics, accounting firms, and others. All of these companies will be required to adopt contractual guidelines regarding how data is processed, particularly in compliance with privacy and data protection principles, as well as secrecy and confidentiality measures relating to the information.
b) Financial institutions for payment transactions: to process financial transactions for the sale of products sold by Apolo Embalagens, personal data may be shared with banking institutions for the issuance of invoices, for example.
c) Release of credit for the purchase of products: the customer's request to purchase Apolo Embalagens products on credit requires the sharing of data with credit protection agencies such as SCPC and Serasa.
d) Customer service: for customer relations, whether in the pre- or post-contractual phase, Apolo Embalagens offers a customer service channel to answer questions, via corporate telephone, email and WhatsApp, for which they have a contractual guarantee of encryption and adequate security measures, as well as control of access to data and information.
e) Compliance with fiscal and tax obligations: there will be a need to share data of holders with government institutions, when resulting from the issuance of invoices, issuance of tax guides and other fees arising from commercial activity.
f) Events, Fairs and other advertising acts: Apolo Embalagens participates as an exhibitor in several fairs and events in its business sector and collects specific information, with consent, for subsequent contact for sales prospecting by the responsible sector.
g) Software and service and management platforms: Apolo Embalagens' commercial activities are fully managed through software and platforms, preferably hosted in-house. However, specific service platforms may need to be used, including healthcare, dental, public transportation, hotel reservation, and airline ticket providers. These platforms may have access to data from customers, contracted service providers, employees, and others. However, this must always be in compliance with a specific, previously informed and/or permitted purpose, if the legal basis for consent applies.
h) Public Entities: the obligation to issue invoices, collect fees, taxes and other duties requires the sharing of customer data with competent public entities, which in most cases will be legal entities.
i) Legitimate interest: in cases of sharing in support actions, marketing or prospecting of former clients, the legal basis of legitimate interest will be used, but in compliance with the guidelines that permeate the prevalence of the fundamental rights and freedoms of the holder, in compliance with the protection of personal data.
The exemption in the face of possible data sharing will be applied when it arises from compliance with a determination issued by a competent authority or in a collaborative manner, in the case of investigations into illegal acts, including internal ones, through the establishment of a regular investigation procedure, with respect to the principles of adversarial proceedings and full defense.
Important: It is possible that data may be shared with other public and/or private institutions that have not been described, however, we will always be restricted to complying with the legal bases of the General Data Protection Law given the qualification of Apolo Embalagens as a processing Agent, especially with regard to confidentiality and data protection.
In any case, under no circumstances will the personal data processed be commercialized.
8. DATA SECURITY AND CONFIDENTIALITY
Several technical and organizational security measures were undertaken by Apolo Embalagens in order to meet the minimum standards of information technology in favor of confidentiality, integrity and availability of data for the continuity of the activity of its services provided, such as:
▪ Technological mechanisms to protect against unauthorized access to systems;
▪ Control access to data, information and personal data storage locations only for previously authorized persons, including the use of passwords for authentication;
▪ Development and applicability of policies, booklets, manuals and procedures involving the governance program through the creation of good practice rules, educational training and supervision mechanisms;
▪ Adoption of organizational security measures such as: password policy, access to CCTV cameras, alarm-monitored surveillance, as well as technical security measures such as: UPS, antivirus, firewall, log records, backup policy and periodic software updates;
▪ Service providers and other institutions qualified as Data Operators were subject to a Data Processing Agreement, with mandatory guidelines regarding any data processing, as well as ensuring security policies and principles of confidentiality and secrecy.
Although various measures are adopted to protect the information, data, and documents entrusted to us, no electronic communication can be considered completely secure. Therefore, each data holder is also responsible for protecting their personal information, avoiding sharing information with unauthorized persons or using unqualified means to share data.
To this end, we carry out several scheduled internal training sessions so that our employees are aware of legal practices to avoid damage or potential security incidents involving personal data.
9. RIGHTS OF PERSONAL DATA HOLDER
Although Apolo Embalagens is committed to the principles of confidentiality, privacy and integrity of the data of our customers, employees, users, third parties and business partners, it is important to emphasize that there is unrestricted compliance with an internal compliance policy that aims to meet and guarantee the rights of data holders included in the General Data Protection Law (GDPL) regarding data protection, namely:
● Confirmation of the existence of treatment;
● Access to data;
● Correction of incomplete, inaccurate or outdated data;
● Anonymization, blocking or deletion of unnecessary, excessive data or data processed in non-compliance with legislation;
● Portability of data to another service or product provider, upon express request and in compliance with commercial and industrial secrets, in accordance with the regulations of the controlling body;
● Information from public and private entities with which the controller shared data;
● Information about the possibility of not providing consent and the resulting negative consequences;
● Revocation of consent;
● Complaint to the National Data Protection Authority;
● Opposition to treatment, if irregular;
● Deletion of personal data processed with the data holder's consent, except in cases where the controller complies with a legal or regulatory obligation. In this case, the processing of personal data will continue for the specific purpose of meeting these obligations.
Regardless of the right to be exercised by the data subject, we provide a “GDPL” Portal on our institutional website so that the data subject can easily request compliance with one of their rights under the Law, by completing a Specific Form.
If the holder prefers, another form of communication channel is also offered to the holder, via email: sac@apoloembalagens.com.br, so that they can also exercise one of their rights included in article 18 of the General Data Protection Law No. 13,709/2018 directly with the Data Protection Officer.
10. CONSEQUENCES OF NOT PROVIDING YOUR DATA
The collection of data and personal information is essential to fulfill the purposes set out in this Privacy Notice and, above all, to comply with the service agreements offered by Apolo Embalagens.
However, you are not required to provide your personal data or consent to the processing of your data. However, it remains to be clarified that Apolo Embalagens may not be able to offer some of its products in the way it would like, due to the impossibility of processing data.
11. INTERNATIONAL TRANSFER
The entire Apolo Embalagens database is stored in secure and controlled locations, including through the use of cloud computing resources, although to date no data sharing outside of Brazil has been detected.
However, if international sharing occurs, Apolo Embalagens undertakes to inform data holders and, consequently, to take all necessary precautions to ensure that transfers only involve companies that demonstrate compliance with applicable laws, maintaining a level of compliance similar to or more stringent than that provided for in Brazilian law.
12. TERMINATION OF DATA PROCESSING
The General Data Protection Law lists some occurrences subject to the termination of the processing of personal data, within the scope and technical limits of the activities, of which we exemplify some:
● Verification that the purpose has been achieved or that the data is no longer necessary or relevant to achieving the specific purpose sought;
● Determination of the national authority, when there is a violation of the dictates of the law;
● By requesting the deletion of the previously granted consent form;
● By requesting interruption and deletion of data processed based on legitimate interest;
● By requesting the deletion of data and resumes stored in the database, prior to the 2 (two) years previously stipulated.
In cases where there is no longer a need to process personal data in accordance with the Personal Data Retention and Disposal Policy, the data will be deleted or kept anonymously.
13. APPLICABLE LEGISLATION
This Privacy Policy was developed in accordance with the General Data Protection Law No. 13,709/2018, as amended by Law No. 13,853/2019, known by the acronym GDPL, and if there is any conflict arising from its applicability, the competent court to resolve the conflict will be the District of Maringá - Paraná.
14. CHANGES
This Privacy Notice is subject to change and updates at any time to enable the continuous improvement of Apolo Embalagens products. If there are significant changes, appropriate publicity will be provided, in accordance with the principle of transparency.
However, it is recommended that data subjects always pay attention to updates to this document, which will always be available on the website www.apoloembalagens.com.br
