Privacy Policy
 

The present Terms and Conditions of Use described in this Privacy Policy aim to regulate the use by you, the user, of our business through the XPR Group web platform. In its daily business operations, the XPR Group company makes use of a variety of data, such as:

 

• Customers

• Users of your website

• Providers

• other interested parties

 

We are concerned about compliance with laws that protect your privacy and we are committed to the transparency of our activities.

 

When establishing this Privacy Policy, we describe the attitudes that XPR Group adopts to ensure the security of your Data and respect for your privacidade. We reinforce that our commitment is to ensure that you are in control of your Personal Data.

 

This control applies to everyone os fluxos e dados who makes up the company's information system.

​

Definitions

Personal data is defined as: Information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one who can be identified, directly or indirectly, by information such as a name, an identification number, location data or specific factors such as physical, biological, genetic, mental, economic, cultural or social identity;

 

Treatment means: Any operation carried out with personal data, such as those referring to the collection, production, reception, classification, use, access, reproduction, transmission, distribution, treatment, archiving, storage, elimination, evaluation or control of the information, modification, communication, transfer, diffusion or extraction;

 

Controller means: Natural or legal person, of public or private law, who are responsible for decisions regarding the processing of personal data; the purposes and means of such processing being determined by legislation, by the controller or by specific criteria. XPR Group is the controller of the data spontaneously provided by its customers, suppliers, employees and users of its web platform.

​

Principles

The collection of personal data must respect:

1. goal: 
   ​processing for legitimate, specific, explicit and informed purposes to the holder, without the possibility of further processing in a way that is incompatible with these purposes;

2. adequacy: 
   compatibility of the treatment with the purposes informed to the holder, according to the context of the treatment;

3. need: 
   limitation of the treatment to the minimum necessary for the accomplishment of its purposes, with coverage of the relevant, proportional and not excessive data in relation to the purposes of the data processing;

4. free access: 
   guarantee, to the holders, of facilitated and free consultation on the form and duration of the treatment, as well as on the integrality of their personal data;

5. data quality: 
   guarantee, to the holders, of accuracy, clarity, relevance and updating of the data, according to the need and for the fulfillment of the purpose of its treatment;

6. transparency: 
   guarantee, to the holders, of clear, precise and easily accessible information about the execution of the treatment and the respective treatment agents, observing the commercial and industrial secrets;

7. safety: 
   use of technical and administrative measures capable of protecting personal data from unauthorized access and from accidental or unlawful situations of destruction, loss, alteration, communication or dissemination;

8. prevention: 
   adoption of measures to prevent the occurrence of damages due to the processing of personal data;

9. non-discrimination: 
   impossibility of carrying out the treatment for illicit or abusive discriminatory purposes;

10. accountability and accountability: 
    demonstration, by the agent, of the adoption of effective measures capable of proving compliance and compliance with the rules for the protection of personal data, and even the effectiveness of these measures.

​

Group guarantees that it complies with all these principles both in the treatment it currently carries out and in the introduction of new methods that provide  maiorsecurity and control.

​

individual's rights

The data subject has rights provided for in the General Personal Data Protection Law (“LGPD”). These consist of:

 

1. Right to information

2. Right of rectification

3. Right of revocation

4. Right to anonymization or blocking of treatment

5. Right to object to automated decision making

 

While using our means, you are responsible for every act, action or omission, performed on our platform, being responsible for the content generated by you.

​

 

WEBSITE AND REGISTRATION FORMS

Through our Website we collect Personal Data in order to optimize the user experience, namely:

 

1. Name or Company Name

2. E-mail address

3. Telephone

4. City and state

5. Address

6. interests

7. Matters

8. Other pertinent data, except sensitive data.

 

Sensitive Data

While providing services to you, we do not collect information that could reveal your racial or ethnic origin, physical or mental health, religious beliefs, political opinion, membership of a trade union or organization of a philosophical or political nature, data relating to your sex life, genetic data or biometric when linked to a natural person. This information is considered "sensitive personal data".

​

​XPR Group is committed com a to maintaining the privacy and data security of non-publishable information, not limited to that personal information provided to XPR Group. The user expressly consents and authorizes the processing of their personal data and sensitive personal data, which consists of the collection, production, reception, classification, use, access, data traffic, archiving, storage, elimination, in compliance with the rules and conditions contained herein.

 

XPR Group is not responsible for the veracity, untruth or outdated dasinformation and Data provided by the USER, being the responsibility of the holder or user to provide them accurately and update them.

 

​

Cookies Policy

XPR Group uses Cookies and anonymous identifiers to control audience, navigation, security and advertising, and the USER is informed about this policy when accessing the company's website.

 

 

Legality of treatment

O Compartilhamento dos seus dados serão  apenas with our technology product partners, with credit protection agencies and with the judiciary for the execution of contracts.

                                    

Consent

This document includes the act of consent to collect and process USER data, except for the exceptions provided for in the data protection law.

 

Transparent information will be provided on the types of data collected, the way in which they are used and the procedures for exercising rights. This information will be provided in an accessible form, written in clear language and free of charge.

 

Through our Portal, personal data of minors under 18 years of age may be collected and it is up to the parents or the legal guardian to give due authorization so that underage holders can exercise their right to purchase through our platform.

 

You can request at any time information about which Personal Data the company processes, as well as the correction, restriction or opposition of this data. Please note, however, that will only delete (or may delete) your Personal Data if there is no obligation and no prevailing right to retain it.

 

If you wish to send a request to correct, restrict or oppose the processing of Personal Data that you have previously provided to us, or if you wish to send a request to receive an electronic copy of your Personal Data, you can contact us. pelo email contact@xploregp.com , we will respond to your request in accordance with applicable law.

 

 

Legitimate interests

If the processing of personal data takes place due to the legitimate interest of XPR Group, and it is verified that it does not significantly affect the rights and freedoms of the data subject, then it will be safeguarded by law.

​

How we protect your data

The Data obtained from the holder may be stored on its own server or a third party hired for this purpose, whether located in Brazil or abroad, and may also be stored using cloud computing technology, always aiming at the improvement and improvement of the company's activities. .

 

Whenever Personal Information is stored on our systems, that information is protected from unauthorized access or use by third parties. In addition, this information is kept on servers that are protected from unauthorized access.

 

Our website is designed for you to have the best experience, and it's critical que that it happens in a secure way . All data reported on our pages are processed securely and kept in complete secrecy. We use Digital Security so that your data is encrypted, preventing access by third parties.

  

Under the terms of this Privacy Policy, if your information is stored by third parties, XPR Group will not have any responsibility for its custody and security, considering that they have specific controls and their own privacy and data security policies.

 

XPR Group adheres to the Privacy by Design principles. It is not allowed to develop any project, product or service without privacy protection being at the heart of that development, including carrying out one or more data protection impact assessments.

​

Orders and Contracts Involving the Specific Purpose

In order to enter into a commercial order with the holder, we only collect the personal data necessary for the evolution of the negotiation.

  

XPR Group is entitled to share the USER's data solely and exclusively with the group's companies and other business partner companies in order to carry out the necessary assistance for the evolution of its services and services provided. As well as sending emails and other instructive and informative means of communication . For future cases of sharing that involve the processing of personal data, they will be subject to a documented contract that includes the information and specific terms required by the LGPD.

 

How long do we protect your data

 Os Data  serão reservados for the time necessary or permitted under the current law. If there is no legal requirement, we will only store them as long as they are necessary to fulfill each specific treatment and use purpose.

 

We, or one of our partners, may contact you at this time to offer new products and services. 

 

Billing data is kept during the execution of an order or contract and, after its termination, may still be kept for a reasonable period, if you decide to use our services again. Billing data will also be kept after the end of the contract, for the period necessary for XPR Group to comply with its legal obligations.

 

Notice of Infringement

 

In line with the LGPD, in the event that a violation that may result in a risk to the rights and freedoms of individuals is verified, the supervisory authority will be informed within 72 (seventy-two) hours. This will be managed in accordance with our Information Security Incident Response Procedure, which defines the information security incident handling process.

 

Changes to the Privacy Policy

A Privacy Policy may be updated to reflect improvements made. Therefore, we recommend that you periodically visit this page so that you are aware of the changes made.

​

 

​XPR Group thanks everyone!