Tothbe Corporate Training and Solutions
The Tothbe Corporate Training and Solutions (“tothbe”) is committed to ensuring the privacy and protection of personal data processed for carrying out its business activities, as well as complying with the General Law on the Protection of Personal Data – Law 13,709/18 (LGPD) and applicable regulations on data processing.
Tothbe reserves the right to amend this Policy for Privacy and Protection of Personal Data (“Politics”) at any time without notice.
1.1. The terms and expressions used in this Privacy Policy have the meanings defined below:
“National Data Protection Authority” or “ANPD”: Central Body for the Interpretation of the General Data Protection Law, which is responsible for establishing norms and guidelines for its implementation, seeking to ensure the guarantee of the right of all Brazilians to have their personal data duly protected;
“Tothbe collaborators”: All TOTHBE employees, including, exclusively for the purposes of this Privacy Policy (without a direct relationship with the constitution of an employment relationship), partners, directors, directors, employees, managers, service providers and any other person who has a direct link with Tothbe;
“consent”: Free, informed and unequivocal manifestation by which the holder agrees to the processing of his personal data, including sensitive personal data for a specific purpose;
“Data Controller” or “Controller”: natural or legal person, governed by public or private law, who are responsible for decisions regarding the processing of personal data;
“Anonymized Data”: Data relating to the holder that does not allow its identification through the use of reasonable technical means available at the time of its treatment;
“Personal Data” or “Personal Data”: information related to the natural person who somehow allows to identify it;
“Sensitive Personal Data” or “Sensitive Personal Data”: Personal data on racial or ethnic origin, religious conviction, political opinion, union affiliation or organization of a religious, philosophical or political nature, data concerning health or sexual life, genetic or biometric data;
“Data Manager”: Person indicated by the data controller and the data operator to act as a communication channel with the data subjects and with the National Data Protection Authority (ANPD);
lgpd: General law for the protection of personal data (Law 13,709/18);
“Data Operator” or “Operator”: natural or legal person, governed by public or private law, which performs the processing of personal data on behalf of the controller;
“tothbe”: Tothbe Training and Corporate Solutions – CNPJ: 20.807.710/0001-35;
“Data Holder” or “Holder”: The natural person to whom the personal data and sensitive personal data that are subject to treatment refer to; and
“data treatment” or “treatment”: Every operation carried out with personal data, including sensitive personal data, such as those referring to: collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation or control of information, modification, communication, transfer, diffusion or extraction.
2. Objective
2.1. The aim of this Privacy Policy is to define the main rules and principles for the processing of data collected from Tothbe employees, suppliers, service providers, customers and/or their representatives and employees, as well as any other related parties in the execution of Tothbe’s activities, ensuring an adequate level of security, through protection actions in alignment with the LGPD and other regulations that establish rules on the subject.
2.2. This Privacy Policy should be observed by all Tothbe employees, suppliers, service providers, customers, or any individual or legal entity who may play the role of Data Holder and/or Data Operator, where Tothbe plays the role of Data Controller.
3. Personal data collection points
3.1. Tothbe can collect personal data in a variety of ways, either directly or indirectly. For example, but not exclusively by the following means:
(a) Tothbe website, such as registration for newsletter and contact;
(b) e-mail, communication applications and corporate social networks; and,
(C) platform used by Tothbe.
4. Purposes of data processing
4.1. Any data processing performed by Tothbe uses only the strictly necessary data to achieve specific objectives, including but not limited to:”:
(a) fulfillment of contractual obligations with customers, for which personal data are treated, such as: name, e-mail, IP, CPF, registration and telephone;
(b) fulfillment of contractual obligations with suppliers and/or service providers, for which personal data are treated, such as: name, e-mail, telephone, CPF, date of birth, registration, address and bank details;
(c) compliance with legal and regulatory obligations with service providers, for which personal data are treated, such as: name, e-mail, telephone, CPF, bank details, registration and address;
(d) compliance with legal, regulatory and contractual obligations with TOTHBE employees, for which personal data are treated, such as: name, CPF, registration and bank details;
(e) sales and prospecting activities, for which personal data are treated, such as: name, e-mail, company name and telephone;
(f) sending a newsletter, for which personal data such as: name and e-mail are treated;
(g) Use of cookies during the owner’s navigation on the Tothbe website, for which personal data are treated, such as: IP and Location.
4.2. The personal data indicated above are processed by Tothbe and by companies contracted by it. The data collected by Tothbe is stored on its servers for the period necessary to fulfill the specific purposes mentioned.
4.3. TOTHBE uses global tools and assets, therefore, it performs the international transfer of personal data, respecting the terms of the LGPD.
5. Legal hypotheses for data processing
5.1. The legal hypotheses for the processing of data by Tothbe, according to art. 7 of the LGPD are:
(a) provision of consent by the data subject;
(b) compliance with a legal or regulatory obligation by Tothbe;
(c) execution of a contract or preliminary procedures related to the contract of which the holder is a party, at the request of the holder;
(d) Regular exercise of Tothbe’s rights in judicial, administrative or arbitration proceedings; and
(E) legitimate interests of TOTHBE or third parties.
6. Saving and disposing of personal data
6.1. Any personal data provided by the data subject will be collected and stored in accordance with strict security standards. Therefore, Tothbe takes several precautions, in compliance with the guidelines on safety standards established in the applicable legislation.
6.2. In addition to technical security efforts, Tothbe also adopts organizational security measures aimed at protecting personal data.
6.3. Access to personal data collected is restricted to Tothbe employees and to persons authorized by Tothbe. Personal data will be hosted on servers and systems located in Brazil and in other countries that provide a degree of protection to personal data appropriate to that provided for in the LGPD.
6.4. After the fulfillment of the specific purposes for which they were collected, the personal data must be discarded within the scope and within the technical limits of the activities, authorized for conservation for the following purposes:
(a) Compliance with a legal or regulatory obligation by Tothbe;
(b) transfer to a third party, provided that the data processing requirements provided for in the LGPD are met; and
(c) exclusive use of Tothbe, its access by a third party prohibited, and provided that the data are anonymized.
7. GEOGRAPHIC SCOPE
7.1. This policy applies to cases in which the data processing occurs or when the personal data is collected within the Brazilian territory.
8. Data holders’ rights
8.1. The data subject, whenever possible, receives information about the processing of his personal data at the time of its collection, including: controller name, purpose, data collected, recipients of the data and information about their rights.
8.2. The holder may exercise rights in relation to the processing of his personal data, such as: access to information; objection to processing, automated decision making and profile definition; processing restriction; data portability; rectification and elimination of data; and revocation of consent, as applicable in each case, by the e-mail address indicated at the end of this policy.
8.3. Tothbe has implemented procedures to ensure responses to data subjects within the legally established deadlines and reserves, under the terms of the LGPD, entitled to evaluate the requests of the holders and meet them when technically feasible and effectively required by law. In any case, the response of the assessment will be informed to the data subject.
8.4. The data subject is aware that the exercise of some of their rights can prevent the continuity of their relationship with Tothbe.
9. Obligations of Data Holders
9.1. The data subject is responsible for the veracity, accuracy and confirmation of the personal data informed by him, either on the Tothbe website or by another means.
9.2. It is forbidden to the data subject: Share with other third party people or companies, including co-workers, family and friends, logins, passwords or any type of credential.
9.3. The data subject must use strong and unique passwords for Tothbe’s assets and tools. TOTHBE is not responsible for any violations of the data subject’s privacy and the protection of the data subject’s personal data per action or omission of the data subject itself..
9.4. The data subject is responsible for adopting in its devices, used for access to the assets and tools of TOTHBE, all the necessary security measures, as Tothbe is not responsible for possible violations of the holder’s privacy and personal data protection, if they result from this lack of due diligence.
10. Obligations of Tothbe Data Operators
10.1. Tothbe seeks to relate to data operators committed to the privacy and protection of personal data.
10.2. TOTHBE data operators must observe this policy and must comply with the GLPD, as well as other relevant legislation.
10.3. In the event of non-compliance with one or the other, Tothbe reserves the right to immediate contractual cancellation, at no cost to TOTHBE, as well as to apply the due legal and related contractual sanctions.
10.4. Tothbe reserves the right to verify that data operators follow the processes, operating instructions and procedures defined by Tothbe itself, through ordinary or extraordinary audits.
11. Cooperation with the ANPD
11.1. TOTHBE, while as a data controller, will cooperate with ANPD on issues related to the protection and privacy of personal data under its treatment, within the limits of the LGPD, and without resigning any rights of defense and resources that are guaranteed to it.
11.2. The Data Manager acts as the primary coordinator between Tothbe and the ANPD, supported by Tothbe employees and/or service providers and/or suppliers, potentially involved in the treatment or procedure questioned.
12. Communication Channel
12.1. Tothbe provides data owners, data operators and any other person (individual or legal) for free, communication channel and exclusive service for issues related to privacy and protection of personal data..
12.2. All issues related to the topic of privacy and protection of personal data should be directed to the person in charge of data, Marcia Medeiros, by email: marciamedeiros@tothbe.com.br.
13. GENERAL PROVISIONS
13.1. In the event of evidence of personal data being compromised by Tothbe, any and all TOTHBE collaborators or third parties who are aware must immediately notify the Data Manager.
13.2. It is the responsibility of all TOTHBE employees to observe and apply this policy. Failure to comply with these Privacy Rules and Principles may result in disciplinary action, in accordance with applicable human resource procedures and local laws.
13.3. This Tothbe Privacy Policy will enter into force on August 29, 2023, indefinitely.