Términos y Políticas
Políticas y Procedimientos para Proveedores
Términos y Políticas
Políticas y Procedimientos para Proveedores
WHO WE ARE ?
The ORGANIZATION acts as Controller/Processor and collects your personal data in accordance with this Privacy Policy in compliance with the Regulation (EU) 2016/679 (General Data Protection Regulation).
Our commitment is to respect your privacy and guarantee the confidentiality of all information you provide to us. Therefore, in order to provide clear and accurate information to data subjetcts regarding the processing of personal data, we present our privacy policy.
GLOSSARY
GDPR – Regulation (EU) 2016/679 (General Data Protection Regulation) – European Regulation that rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data.
PERSONAL DATA PROCESSING – Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
PERSONAL DATA – Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
THIRD PARTS: Companies directly responsible for implementing our products and services, or that act as resellers of these solutions to their own customers.
USERS: all those who, in some way, interact with each of our solutions.
CONTROLLERS: understand as the controller the company/partner that enabled your access registration in our solution.
PROCESSOR: This means that we at NDD carry out Personal Data Processing activities on behalf and order of one or more Controller(s), notably the client with which You (User) have a professional relationship, whether occasional or recurring.
COLLECTION, USE OF DATA AND ACTIVITY RECORDING
We collect and process the minimum amount of personal data, as specified in the table below:
| DATA TYPE | SERVICE/PRODUCT | PURPOSE | RETENTION PERIOD |
|---|---|---|---|
| Full Name | NDD PRINT MPS | Execution of the contract (art. 6, letter b) of the GDPR) | 1 year after the end of the Contract |
| 1 year after the end of the Contract | |||
| Phone Number | 1 year after the end of the Contract | ||
| Full Name | NDD PRINT 360 | Execution of the contract (art. 6, letter b) of the GDPR) | 1 year after the end of the Contract |
| 1 year after the end of the Contract | |||
| Physical identifier | 1 year after the end of the Contract | ||
| PIN Number | 1 year after the end of the Contract | ||
| Login (can be name or any other type) | NDD ORBIX | Execution of the contract (art. 6, letter b) of the GDPR) | 1 year after the end of the Contract |
| 1 year after the end of the Contract | |||
| Phone Number | 1 year after the end of the Contract | ||
| Mobile phone number* (*optional data) | 1 year after the end of the Contract | ||
| Geolocation of Equipment | 1 year after the end of the Contract |
The ORGANIZATION keeps records of all processing of personal data.
USE OF COOKIES
Cookies are small files saved on the DATA SUBJECT’s devices, such as computer, smartphone and tablet, when a website is accessed. The ORGANIZATION’s use of cookies is necessary to provide the user of our website with a good, secure experience. THE ORGANIZATION uses the following types of cookies:
Essential Cookies: These are necessary to ensure navigation and use of the resources on the website.
- Temporary: These are session cookies. They are temporary and expire when the USER closes the browser. They are intended to allow language and security control during the session time.
- Persistent: Cookies that remain on the USER’s hard drive until they expire or are deleted by the browser. They are intended to store USER information, such as information about the use of cookies on this website.
Third-Party Cookies: These are added to the USER’s devices by third parties, such as analytical systems. They are intended to collect information about how the USER uses the website, such as visited pages and clicked links. None of this information can be used to identify you. It’s only purpose is to enable analytics and improve the site’s functions.
- Temporary: These are session cookies. They are temporary and expire when the USER closes the browser.
- Persistent: Cookies that remain on the USER’s hard drive until they expire or are deleted by the USER.
Below are guidelines on how the USER can disable cookies by changing their browser settings, however this may affect the functioning of our website:
SHARING OF PERSONAL DATA
It is possible that the ORGANIZATION shares some of its data with third parties, namely:
- With competent judicial, administrative or governmental authorities, whenever there is a request, request or court order;
- With the online payment gateway so that it can allow you to purchase using your credit card.
- With third parties engaged by us who support our operations, such as technology service providers
THE ORGANIZATION does not sell, exchange or rent personal information of its users. We can use generic information about the profile of our visitors, without exposing any personal information, thus protecting the identity of our users with our commercial partners.
INFORMATION SECURITY
We take appropriate security measures to protect against unauthorized access, alteration, disclosure or destruction of data. These measures include internal reviews of our data collection, storage and processing practices and security measures, including encryption and appropriate physical security measures to protect us against unauthorized access to systems where we store personal data.
Our website uses advanced security technology. All data traffic is encrypted, which is a standard method used on the Internet to protect communications between web users and websites, providing secure browsing.
We limit access to personal information to those ORGANIZATION employees, contractors and agents who need to know that information in order to process it on our behalf. These people are committed to confidentiality obligations and may be subject to punishment, including contract termination and criminal prosecution, if they fail to comply with these obligations. The Organization never registers any user without their permission.
RIGHTS OF PERSONAL DATA SUBJECTS
The ORGANIZATION allows holders to exercise their rights specified in Art.15 to Art.22 of the GDPR free of charge, within the deadlines and under the terms provided for in this law.
- Right of access by the data subject (Art. 15): The data subject shall have the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed;
- Right to rectification (Art. 16):The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her;
- Right to erasure (‘right to be forgotten’) (Art. 17): The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay;
- Right to restriction of processing (Art. 18): The data subject shall have the right to obtain from the controller restriction of processing, when applicable;
- Notification obligation regarding rectification or erasure of personal data or restriction of processing (Art. 19): The controller shall communicate any rectification or erasure of personal data or restriction of processing carried out in accordance with Articles 16, 17(1) and 18 to each recipient to whom the personal data have been disclosed;
- Right to data portability (Art. 20): The data subject shall have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format;
- Right to object (Art. 21): The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her;
- The right not to be subject to a decision based solely on automated processing, including profiling (Art. 22): The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling;
DATA PROTECTION OFFICER
Given the need to appoint a Data Protection Officer (Art. 37, n.º 5 e n.º 7 – Regulation (EU) 2016/679 (General Data Protection Regulation)). The Data Protection Officer in the ORGANIZATION is responsible for ensuring compliance with the GDPR, ensuring that personal data processing is always carried out appropriately, as well as being the communication channel between the Controller, Data Subjects and Supervisory Authority.
The data protection officer named by ORGANIZATION is Glauber Antonio de Souza and will resolve any doubts related to the provisions contained in this Policy through the email contact channel: glauber.souza@nddprint.com.
GENERAL PROVISIONS
This Privacy Policy may be changed periodically. Therefore, we recommend that you visit this page whenever possible for clarifications and to obtain updated information.
This version of the Privacy Policy was published on December 6, 2023.
Reviewed: April 2024
Soporte
