Budget

General Information

This Privacy Policy contains information about how we process, fully or partially, in an automated or non-automated manner, the personal data of users who access Vittia’s online services or communication channels.

The purpose is to inform users about the types of data collected, the reasons for the collection, and how they can update, manage or delete this information.

This Privacy Policy has been prepared in accordance with the Brazilian General Data Protection Law (Federal Law No. 13.709, of August 14, 2018).

By using our Online Services, the user accepts and agrees with all the terms and conditions in effect on the date of use.

We emphasize that these terms and conditions may be changed at any time by Vittia, due to legislative updates, service adjustments, the adoption of new technological tools or whenever, at Vittia’s sole discretion, such changes are deemed necessary.

The use of Vittia’s online services by any user implies the express acceptance of these Terms and Conditions of Use.

User Rights


Vittia is committed to complying with the rules established by the General Data Protection Law, respecting the following principles:

  • User personal data will be processed lawfully, fairly and transparently (lawfulness, fairness and transparency);
  • User personal data will be collected only for specific, explicit and legitimate purposes, and will not be further processed in a way that is incompatible with these purposes (purpose limitation);
  • User personal data will be collected in an adequate, relevant and limited manner to what is necessary for the purposes for which it is processed (data minimization);
  • User personal data will be accurate and kept up to date whenever necessary, ensuring that inaccurate data is deleted or corrected when possible (accuracy);
  • User personal data will be stored in a way that allows identification only for the period necessary for the purposes for which it is processed (storage limitation);
  • User personal data will be processed securely and protected against unauthorized or unlawful processing, as well as against accidental loss, destruction or damage, through appropriate technical measures (integrity and confidentiality).

Users have the following rights, granted by the General Data Protection Law:

  • Right to confirmation and access: the right to obtain confirmation of whether their personal data is being processed, and, if so, to access it;
  • Right to rectification: the right to obtain, without undue delay, the correction of inaccurate personal data;
  • Right to deletion (right to be forgotten): the right to have their data deleted from the website’s systems or database;
  • Right to restriction of processing: the right to limit the processing of their data when contesting accuracy, when processing is unlawful, when Vittia no longer needs the data for its purposes, or when the user objects to the processing, including in cases involving unnecessary data;
  • Right to object: the right to object, at any time and for reasons related to their particular situation, to the processing of personal data, including its use for marketing profiling;
  • Right to data portability: the right to receive personal data previously provided, in a structured, commonly used and machine-readable format, and to transmit such data to another service;
  • Right not to be subject to automated decisions: the right not to be subject to decisions solely based on automated processing, including profiling, which may affect the user’s legal rights or significantly impact them;
  • Right to anonymization: the right to have excessive or unnecessary personal data anonymized or deleted;
  • Right to information on data sharing: the right to receive information about public or private entities with which their personal data is shared.

Users may exercise their rights through written communication sent by e-mail with the subject “LGPD-”, specifying:

  • Full name or company name, CPF or CNPJ number, and email address of the user or their representative;
  • The specific right they wish to exercise;
  • Date of the request and user’s signature;
  • Any document that can demonstrate or justify the exercise of their right.

Requests must be sent to the email: seginfo@vittia.com.br, or by mail to the following address:

Vittia
Avenida Marginal Esquerda, 2000
Via Anhanguera Km 383
São Joaquim da Barra – SP
ZIP code: 14620-000

All requests will be received, reviewed and, if necessary, forwarded to the controller responsible for the processed data (usually a Vittia business partner), who must respond without undue delay or within the timeframe required by the national supervisory authority.

The average response time is 72 hours. All requests are registered in a ticketing system, which allows the inclusion of evidence (photos, images, and attachments) and complete tracking from start to completion.

Requests will not be fulfilled in the following cases:

  • Request submitted by an entity that is not the Controller;
  • Request for deletion of data while the user’s contract is still active;
  • Data not found in Vittia’s systems;
  • Data provided does not match existing records in Vittia’s systems;
  • Data provided does not allow user identification.

Duty not to provide third-party data

When using our service channels, and in order to safeguard and protect the rights of third parties, the user must provide only their own personal data, and not data belonging to others.

Collected information

User data collection will occur in accordance with this Privacy Policy and will depend on the user’s consent, which is dispensable only in the situations provided for in Article 11, item II, of the General Data Protection Law.

Types of data collected

The information we collect includes, but is not limited to:

Full name
Email address
City
State
Telephone numbers
Résumé data: Work experience, academic and educational background
Preferences and behaviors related to our services
Information about the device’s operating system and browser
IP address
Accessed services and interactions performed

Sensitive data

Sensitive personal data will not be collected, defined as those listed in Articles 11 and following of the General Data Protection Law. Therefore, among others, the following data will not be collected:

data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or union membership;
genetic data;
biometric data used to uniquely identify a person;
health-related data;
data related to a person’s sex life or sexual orientation;
data regarding criminal convictions, offenses or related security measures.

Collection of data not expressly provided for

Occasionally, other types of data not expressly listed in this Privacy Policy may be collected, provided they are supplied with the user’s consent, or if the collection is permitted or required by law.

Legal basis for the processing of personal data

By using Vittia’s services, the user consents to this Privacy Policy.

The user has the right to withdraw their consent at any time, without affecting the legality of the processing carried out before withdrawal.

Consent may be withdrawn by emailing: seginfo@vittia.com.br.

Consent from individuals who are relatively or absolutely incapable, especially children under 16 years old, must be given with proper assistance or representation.

The processing of personal data without the user’s consent will only occur when justified by legitimate interest or under the circumstances provided by law, such as:

  • to comply with a legal or regulatory obligation by the controller;
  • for research studies conducted by research institutions, ensuring anonymization whenever possible;
  • when necessary for the execution of a contract or preliminary procedures related to a contract of which the user is a party, at the request of the data subject;
  • for the regular exercise of rights in judicial, administrative or arbitration proceedings (the latter as per Law No. 9.307/1996 – Arbitration Law);
  • to protect the life or physical safety of the data subject or a third party;
  • for health protection, in procedures carried out by health professionals or health entities;
  • when necessary to meet the legitimate interests of the controller or a third party, except when fundamental rights and freedoms of the data subject require protection of personal data;
    for credit protection, including as provided in relevant legislation.

Purposes of processing personal data

Under the General Data Protection Law, Vittia processes your personal data for specific purposes and in accordance with the legal bases provided for in the law, such as:

  • To prepare budgets and commercial proposals for Vittia products;
  • For recruitment and selection processes for new employees;
  • To properly identify and authenticate users;
  • To adequately respond to user requests and inquiries;
  • To keep records updated for contact purposes via phone, email, SMS, direct mail or other communication channels;
  • To comply with legal and regulatory obligations, exercise legal rights and protect or recover credit;
  • To execute contracts signed with clients or to meet the legitimate interests of Vittia, its clients or third parties;
  • To facilitate, expedite and fulfill commitments established with business partners who have existing contracts with the data subject;
  • To share and transfer collected data to business partners for the specific purpose of enriching their databases and preventing fraud and associated risks;
  • To personalize the content offered to the user and to support the system or website in improving service quality and performance;
  • For any other purpose for which the data subject’s consent is required, processing will depend on the free, informed and unequivocal expression of consent.

Processing of personal data for purposes not listed in this Privacy Policy will only occur after prior communication to the user, and in all cases, the rights and obligations set forth herein will remain applicable.

Storage of personal data

Data is stored in a secure and controlled environment and may be kept on our own servers or on servers owned by third-party providers, located in Brazil or abroad, in accordance with applicable legislation. Data may also be stored using cloud computing technologies and/or other technologies developed in the future, always seeking to improve and enhance our services.

Retention period of personal data

Personal data will be retained for no longer than necessary to fulfill the purposes for which it was processed.

The retention period is defined based on the following criteria:

  • Data will be stored in our systems during the term of the contract with the client, and after cancellation, the data will be deleted.
  • Data collected through the contact form will be used to establish a commercial relationship with the individual or company that initiated the contact. These data will be deleted after the response process is completed.
  • User personal data may be retained after the end of processing in the following situations:
    • to comply with legal or regulatory obligations;
    • for research purposes, ensuring data anonymization whenever possible;
    • for transfer to third parties, provided legal requirements for data processing are met;
    • for exclusive use by the controller, with no access allowed to third parties and provided the data is anonymized.

Recipients and transfer of personal data

In certain circumstances, Vittia may share or transfer personal data, as necessary or appropriate, to government authorities, business partners or other third parties in order to comply with applicable law, with a court order or subpoena, or if Vittia believes in good faith that such action is necessary to:

  • Comply with legal obligations requiring disclosure;
  • Investigate, prevent or take action regarding suspected or actual illegal activities, cooperate with public authorities or protect national security;
  • Execute its contracts;
  • Investigate and defend against third-party claims or allegations;
  • Protect the security or integrity of the services (for example, sharing data with companies facing similar threats);
  • Exercise or protect the rights, property and safety of Vittia and its affiliated companies;
  • Protect the personal safety of its employees, users or the public;
  • In case of sale, purchase, merger, reorganization, liquidation or dissolution of Vittia.

Vittia will notify users of any legal demands that result in the disclosure of personal information, unless such notification is prohibited by law, court order or if the request is urgent. Vittia may challenge such demands if it deems them excessive, vague or issued by authorities without proper jurisdiction.

Roles and Responsibilities

Data Controller

The controller, responsible for processing the user’s personal data, is the natural or legal person, public authority, agency or other body which, individually or jointly with others, determines the purposes and means of processing personal data.

According to the General Data Protection Law, Vittia is considered the “Controller” of the data it collects from its clients and employees.

Data Protection Officer (DPO)

The Data Protection Officer is the professional responsible for informing, advising and supervising the data controller and any subcontracted data processors, as well as the employees who process data, regarding their obligations under the Personal Data Protection Law and all national and international data protection regulations, in cooperation with the competent supervisory authority.

Vittia’s Data Protection Officer (DPO) is Mr. André Luiz Rodrigues Ferreira, who may be contacted at the email seginfo@vittia.com.br or at the following address:

Vittia
Avenida Marginal Esquerda, 2000
Via Anhanguera Km 383
São Joaquim da Barra – SP
ZIP code: 14620-000

Security in the processing of users’ personal data

Vittia is committed to applying controls to protect personal data from unauthorized access, destruction, loss, alteration, communication or disclosure.

To ensure security, solutions will be adopted that consider: appropriate technologies, implementation costs, the nature, scope, context and purposes of processing, and the risks to the user’s rights and freedoms.

Measures include:

  • Use of encryption when collecting or transferring information. Our systems use SSL (Secure Socket Layer) certificates to ensure that personal data is transmitted securely and confidentially, so data transfer between server and user occurs fully encrypted.
  • Definition of data security protections to ensure the continuous security, integrity, availability and resilience of processing systems and services.
  • Limiting physical access to our facilities.
  • Limiting access to the information we collect about you.
  • Verifying and monitoring that our business partners have appropriate technical and organizational security measures to protect your personal information.
  • Destruction or anonymization of personal information when required by law.

Vittia is not responsible for incidents caused exclusively by third parties, such as hacker or cracker attacks, nor for incidents caused exclusively by the user, such as when the user shares their data with third parties.

However, Vittia is committed to informing the user within a reasonable time if a breach of their personal data occurs that may pose a high risk to their rights and freedoms.

A personal data breach is a security failure that results, accidentally or unlawfully, in the destruction, loss, alteration, disclosure or unauthorized access to personal data transmitted, stored or subject to any type of processing.

Finally, Vittia undertakes to process user personal data confidentially, within legal limits.

If third-party companies process any data collected through our services, they must respect the conditions established in this Policy as well as Vittia’s Information Security standards.

Browsing data (cookies)

Cookies are small text files sent by the application to the user’s computer, where they are stored with information related to browsing activities.

Through cookies, small amounts of information are stored in the user’s browser so that our server can read them later. For example, data about the user’s device, as well as their location and time of access to the application, may be stored.

Cookies do not allow any files or information to be extracted from the user’s hard drive, nor do they allow access to personal information that has not been voluntarily provided by the user or generated through their use of the application’s features.

It is important to note that not every cookie contains information capable of identifying the user. Some types of cookies are used simply to allow the application to load correctly or for its functionalities to operate as expected.

Any information stored in cookies that allows user identification is considered personal data; therefore, all rules established in this Privacy Policy also apply to such data.

Cookie management and browser settings

The user may opt out of the application’s cookie storage by disabling this option in their browser or device settings.

However, disabling cookies may affect the availability of certain tools and functionalities of the system, compromising its proper performance. Another possible consequence is the removal of saved user preferences, affecting the browsing experience.

Essential Cookies

These cookies are strictly necessary for the website to function and deliver consistent, relevant content. They cannot be disabled in our systems. They are usually set in response to actions taken by the user that amount to service requests, such as setting privacy preferences, filling out forms, keeping items in the cart or displaying content in the user’s preferred language. You may configure your browser to block or alert you about these cookies, but some parts of the website may not function properly. We use the following cookies:

  • Cookie Bar, SmartApp banner – Configuration
  • Adobe Experience Cloud
  • Google Analytics

Analytical Cookies

These cookies allow us to count visits and traffic sources so we can measure and improve our website’s performance. They help us identify which pages are most and least popular and understand how visitors navigate the site. All information collected by these cookies is aggregated and therefore anonymous. If you do not allow these cookies, we will not know when you visited our site and we will be unable to monitor its performance. We use the following cookies:

  • Hotjar

It is stored until expiration: 1 year.

Marketing Cookies

These cookies may be set on our site by our advertising partners. They may be used by those companies to build a profile of your interests and display relevant ads on other websites. They do not store personal information directly; instead, they are based on the unique identification of your browser and device. If you block these cookies, you will receive less targeted advertising. We use the following cookies:

  • Bing Ads
  • Commission Junction
  • DoubleClick
  • Eloqua
  • Facebook
  • Google Ads
  • Lead Forensics
  • LinkedIn
  • Responsus

Complaint to a supervisory authority

Without prejudice to any other administrative or judicial remedy, all data subjects have the right to lodge a complaint with a supervisory authority. The complaint may be submitted to the National Data Protection Authority (ANPD) or to the authority of the user’s habitual residence, workplace, or the place where the alleged violation occurred.

Amendments

This version of the Privacy Policy was last updated on: 08/01/2021.

It is recommended that this document undergo annual reviews. However, the publisher reserves the right to modify these rules at any time, especially to adapt them to system or website developments, whether through the introduction of new functionalities or the removal or modification of existing ones.

Users will be explicitly notified on our website if this policy is amended.

By continuing to use the service after any modifications, the user indicates agreement with the new terms. Should the user disagree with any changes, they may submit a reservation to the customer service team, if desired.

Applicable law and jurisdiction

Brazilian law shall apply fully to resolve disputes arising from this document.

Any legal action must be filed in the competent court where Vittia’s headquarters is located.

Talk to us

Fill out the form beside and receive all the latest news from our Newsletter.