The Privacy Policy (“Policy”) serves to clarify in a simple, direct and transparent about the processing of personal data (“Data”) during the performance of the transactions (“Transactions”) made available in the ORO PAY solution or ORO PAY App (“ORO PLAY”).
By becoming a user (“User”) of ORO PAY, you understand and agree that collect and use your personal information in the ways described in this Policy, within the rules of the General Data Protection Law – LGPD, Law No. 13.709/2018, and the other rules of the Brazilian legal system applicable to the Services. If you have any questions or suggestions, please contact us via email. contato@i2020.digital.
1. DEFINITIONS
“ORO PAY” or “ORO PAY App” means the digital payment instrument made available to the user and which enables him to insert values to be available on the i2020Fintech Card (Load and Reload), the transfer of resources between ORO PAY User, the purchase of goods and services and the payment of consumption.
“User” natural person who chooses to join the i2020Fintech System and who is enabled to carry out transactions with ORO PAY and the i2020Fintech Card.
2. DEFINITIONS OF CONTROLLER AND OPERATOR ROLES
2.1. During the use of ORO PAY in relation to the processing of Data, we will have the following structure.
I. CONTROLLER
BANCO RODOBENS S.A, Financial Institution of the Financial System National. (“RODOBENS Bank”) CNPJ No. 33.603.457/0001-40 Rua Estado de Israel, nº 975. CEP 04022-002, São Paulo – SP.
II. OPERATOR
i2020 PAGAMENTOS DIGITAL S.A. (“i2020 FINTECH”) CNPJ No. 34.241.029/0001-87
Rua Irmã Gabriela, 51, room 210, Cidade Monções, CEP 04571-130, São Paulo – SP.
3. WHAT DATA WILL BE COLLECTED AND FOR WHAT PURPOSE?
3.1. ORO PAY offers via digital module financial transactions related to purchase of products and/or services through the use of electronic money.
3.2. In order to carry out these Transactions, it will be necessary to collect the following Data: (i) full name; (ii) date of birth; (iii) document number of identity; (iv) registration number in the National Registry of Individuals (“CPF”); (v) complete address; (vi) cell phone number and (vii) email address of user.
3.3. All Data will be collected, stored and shared solely for the purpose of operating/using the functions made available within the solutions GOLD PAY.
4. WHAT ARE YOUR RIGHTS?
The User has the holder rights provided for in article 18 of the General Law of Protection of Data. This way, you can, free of charge and at any time:
• Confirm the existence of data processing;
• Access your data;
• Request correction of your data;
• Limit your data when unnecessary, excessive or treated in non-compliance with legislation through anonymization, blocking or elimination.
• Request the portability of your data;
• Eliminate your processed data based on your consent, except in cases provided for by law.
• Revoke your consent, disallowing the processing of your data.
• Find out about the possibility of not providing your consent and about the consequences of the denial.
5. HOW CAN YOU EXERCISE YOUR HOLDER RIGHTS?
5.1. To exercise your rights as a holder, you must contact us via e-mail via email contato@i2020.digital.
5.2. In order to guarantee your correct identification as the holder of personal data object of the request, it is possible that we request documents or other evidence that can prove your identity, in this case, you will be previously informed.
6. HOW AND FOR HOW LONG WILL YOUR DATA BE STORED?
6.1. Your Data will be used and stored for as long as necessary for the provision of the service or for the purposes listed in this Policy are achieved, considering the rights of data subjects and controllers.
6.2. In general, your Data will be kept as long as the relationship between you and the controller last. After the period of storage of personal data, these will be excluded from our databases or anonymized, subject to the hypotheses legally provided for in article 16 general data protection law, the to know:
I – Compliance with a legal or regulatory obligation by the controlling shareholder;
II – Study by research body, ensuring, whenever possible, the anonymization of personal data;
III – Transfer to a third party, provided that the treatment requirements are respected of data provided in this Law; or
IV – Exclusive use of the controller, access by third parties is forbidden, and provided that anonymized the data.
6.3. That is, personal information about you that is essential for the compliance with legal, judicial and administrative determinations and/or for the exercise of the right of defense in judicial and administrative proceedings will be maintained, despite the exclusion of other data.
6.4. The storage of collected data reflects the commitment to security and privacy of your data. Measures and technical solutions will be used to
protection capable of guaranteeing the confidentiality, integrity and inviolability of the your data. In addition, it will also have appropriate security measures for risks and with access control to stored information.
7. WHAT DO WE DO TO KEEP YOUR DATA SECURE?
7.1. To keep your personal information secure, tools are used physical, electronic and managerial oriented to the protection of your privacy.
7.2. Tools will be applied taking into account the nature of the data personal data collected, the context and purpose of the treatment and the risks that possible violations would generate for the rights and freedoms of the data subject collected and processed. Among the measures we adopt, we highlight the following:
• Only authorized persons have access to your personal data.
• Access to your personal data is only done after the commitment to confidentiality.
• Your personal data is stored in a safe and suitable environment.
7.3. The controller and operator undertake to adopt the best postures for prevent security incidents. However, it is necessary to point out that none of the virtual page is entirely secure and risk-free. It is possible that, despite all of our security protocols, problems blame solely on
third parties occur, such as cybernetic attacks by hackers, or also in as a result of negligence or imprudence by the User/customer.
7.4 In case of security incidents that may generate risk or relevant damage for the User, the controller will carry out to those affected and the National Authority of Data Protection about what happened, in accordance with the provisions of the Law General Data Protection.
8. WITH WHOM MAY YOUR DATA BE SHARED?
8.1. In order to preserve your privacy, no sharing your personal data with any unauthorized third party.
8.2. Your Data may be shared for money laundering investigation purposes. money and corruption, for more information the User must carry out the reading of the Money Laundering Prevention Policy Terrorism.
8.3. These receive your data only to the extent necessary for the provision of contracted services and our contracts are guided by the norms of
data protection of the Brazilian legal system.
8.4. However, our partners have their own Privacy Policies, which may deviate from this, and therefore we recommend reading these documents.
8.5. In addition, there are also other hypotheses in which your data may be shared, which are:
I – Legal determination, application, requisition or court order, with competent judicial, administrative or governmental authorities.
II – Case of corporate movements, such as merger, acquisition and incorporation, automatically.
III – Protection of the controller’s rights in any type of conflict, including of judicial content.
9. INTERNATIONAL DATA TRANSFER
9.1. Some of the third parties with whom we share Data can be located or have facilities located in foreign countries. Under these conditions, of
In any case, your personal data will be subject to the General Law for the Protection of Data and other Brazilian data protection legislation
9.2. In this sense, the controller and the operator undertake to always adopt efficient standards of cyber security and data protection, in best efforts to ensure and comply with legislative requirements.
9.3. By agreeing to this Policy, you consent to this sharing, which will be carried out according to the purposes described in this instrument.
10. AMENDMENT TO THIS POLICY
10.1. The current version of the Policy was last formulated and updated on: 16.03.2021.
10.2. We reserve the right to modify this Policy at any time, in particular depending on the adaptation to any changes made to our website or in legislative scope. We recommend that you review it frequently.
10.3. Any changes will come into effect as of their publication on our website and We will always notify you of any changes that have occurred.
10.4. When using our services and providing your personal data after such modifications, you consent to them.
11. LIABILITY
11.1. The LGPD provides for the responsibility of agents who act in the processes of data processing, in accordance with articles 42 to 45 of the General Law on Data Protection.
11.2. We undertake to keep this Policy up to date, observing its provisions and ensuring their compliance.
11.3. In addition, we are also committed to seeking technical conditions and organizational structures securely able to protect the entire data processing process data.
11.4. If the National Data Protection Authority requires the adoption of measures in relation to the data processing carried out by the controller, we undertake to us to follow them.
12. DISCLAIMER OF LIABILITY
12.1. As mentioned in Topic 7, although we adopt high standards of security in order to avoid incidents, there is no virtual page entirely risk free. In this sense, the controller and operator are not responsible per:
I – Any consequences arising from negligence, recklessness or User’s incompetence in relation to their individual data. just being It is the responsibility of the controller and operator to ensure the safety of data processing processes and fulfillment of the purposes described in this instrument.
12.1.2. We emphasize that the responsibility regarding the confidentiality of the Access data belongs to the User.
II – Malicious actions by third parties, such as hacker attacks, unless proven culpable or deliberate conduct by the controller and/or operator. 12.1.3. We point out that in case of security incidents that may generate risk or relevant damage to any of the User, we will communicate to the
affected and the National Data Protection Authority about what happened and we will take the necessary steps.
III – Inaccuracy of the information entered by the User in the records necessary for the use of ORO PAY; any consequences arising from false information or inserted in bad faith are entirely User’s responsibility.
Last Update: 03/18/2021 – V1.