Privacy Policies
We strive to clearly and accessibly explain which personal data we collect from you and how we use each piece of information. Below, we highlight the key points, which you can review in more detail in our Privacy Notice.
We are always available to answer your questions via email at [email protected]. For specific inquiries about your personal data, please contact us at [email protected].
Who is responsible for data processing?
We are the controllers of our customers’ personal data. This means that when you choose our services, we request some information and make decisions to provide the best and safest service possible.
As processors, we handle third-party personal data entered into our solutions by customers, following their decisions as controllers.
Additionally, DIGISAC may work with third-party processors, such as legal advisors and technology partners, to assist in data processing.
It is important to note that WhatsApp and other channels are independent and not linked to this document. Therefore, we recommend that you read the terms of use and privacy policies of these platforms before using our services.
How do we ensure the security of your data?
At DIGISAC, the security of your personal data is a priority. We implement all measures recommended by the National Data Protection Authority (ANPD), in accordance with the Guidance Guide for Small Data Processing Agents. These practices include technologies and procedures that help protect your information.
To ensure a secure environment, we use Amazon Web Services and DigitalOcean servers, which have restricted access. These servers may involve international data transfers to the United States, where they are located.
What data is required to use our platform?
For registration and use of our services, we request:
✔ Collaborator user: Name and CPF (Brazilian ID)
✔ Administrator user: Name, CPF, email, company brand, corporate name, address, and phone number
For what purposes do we use your personal data?
We process your data in compliance with the General Data Protection Law (LGPD) for the following purposes:
✔ Providing services
✔ Offering customer support and service
✔ Sending sales and marketing communications
✔ Promoting our products and services
With whom do we share your personal data?
We do not share your data with third parties, except in the cases specified in our Privacy Notice, with user consent or as required by law/judicial order.
Will your access logs be collected?
Yes, we collect access logs, including date and time of platform usage from a specific IP address. These records are stored securely for at least six months, in accordance with Law No. 12.965/2014 and Law No. 13.709/18.
Will personal data be collected indirectly?
Yes, in addition to access logs, some information may be collected indirectly, in accordance with our Cookie Policy.
Will communication records be stored?
We store conversations conducted through our communication channels to improve and make customer service more efficient. Without this history, you would need to repeat information every time you contact us.
What are your rights as a user?
You have the right to request the following actions at any time:
✔ Confirmation of data processing
✔ Access to your data
✔ Correction of incomplete or outdated data
✔ Anonymization, blocking, or deletion of unnecessary or improperly processed data
✔ Portability of data to another provider
✔ Deletion of data processed with consent, except when required by law
✔ Information on entities with whom DIGISAC has shared your data
✔ Awareness of the consequences of not providing consent
✔ Withdrawal of consent
What is included in the Privacy Notice?
The Privacy Notice is structured as follows:
- Date of Availability
- Explanation of Technical or Foreign Language Terms
- Data Processing Agents
- Information Security
- Data Collection
- Personal Data Processing
- Account Cancellation and Data Deletion
- User Rights
- Privacy Notice Updates
- Privacy Communication Channel
- General Contact Information
Privacy Notice
Before accessing the DIGISAC platform, it is essential that you read, understand, and freely accept this Privacy Notice.
DIGISAC is owned and operated by E.M. SOLUCOES INTEGRADAS DE SISTEMAS LTDA, registered under CNPJ 18.716.151/0001-06, located at Rua Sérgio Arcangelo, 1-49, Jardim Nicéia, Bauru/SP, ZIP Code 17.047-430.
This document provides information about the collection, use, and storage (“processing”) of user data, in compliance with Law No. 12.965/2014 and Law No. 13.709/18.
These terms apply only to data processing in the WhatsApp integration solution. For other solutions, please refer to: Privacy Policies.
Date of Document Availability
This document was drafted and made available on 01/20/2023.
2. Explanation of Technical Terms or Foreign Language Terms
2.1 Below are the meanings of technical terms and English-language terms:
API: A set of routines and programming standards for accessing an application or web-based platform. The acronym API translates to “Application Programming Interface.”
Controller: A natural or legal person, public or private, responsible for decisions regarding the processing of personal data.
Cookies: Small text files stored on the user’s computer that can be retrieved by the website that sent them during navigation. They are mainly used to identify and store user information.
Encryption: A set of principles and techniques for encrypting writing, making it unintelligible to those who do not have access to the agreed conventions.
Personal Data: Information related to an identified or identifiable natural person.
Sensitive Personal Data: Personal data concerning racial or ethnic origin, religious belief, political opinions, trade union membership, or membership in a religious, philosophical, or political organization, data regarding health or sexual life, genetic or biometric data when linked to a natural person.
Data Protection Officer (DPO): The person designated by the controller and operator to act as a communication channel between the controller, data subjects, and the National Data Protection Authority (ANPD).
IP (Internet Protocol): A unique identifier for each computer connected to a network.
Processor: A natural or legal person, public or private, who processes personal data on behalf of the controller.
Data Processing: Any operation performed with personal data, such as collection, production, reception, classification, use, access, reproduction, transmission, distribution, processing, archiving, storage, elimination, evaluation, modification, communication, transfer, dissemination, or extraction.
User(s): Those who use the platform’s services.
2.2 Types of Platform Users:
Administrator User: The person responsible for the company on the platform, who will register the Collaborator Users.
Collaborator User: Employees or general collaborators of the contracting company of the platform.
3. Data Processing Agents
3.1 We are controllers of personal data processing regarding Users, meaning that once a User registers on our platform or uses our tools, we will collect some information and make decisions to provide our service in the best and safest way possible.
3.2 We are processors of third-party personal data entered into our solutions by the contracting company, meaning that we process data based on our clients’ decisions as controllers.
3.2.1 The contracting company using DIGISAC services acts as the controller of the data of individuals the User contacts via the platform. In other words, they are responsible for decisions regarding personal data processing.
3.2.2 DIGISAC does not have access to Users’ conversations with third parties and is not responsible for the data processing carried out by Users, the proper collection of information, the legality of contact, conversation content, or any action taken by Users.
3.3 Some processors are necessary for the platform’s availability. Therefore, they will have access to Users’ data for the following purposes:
3.3.1 Amazon Web Services: As the personal data is stored on its servers.
3.3.2 DigitalOcean: As the personal data is stored on its servers.
3.4 WhatsApp, as well as other channels used by the User, are independent platforms and are not related to this document. Therefore, we recommend reading the terms of use and privacy policies of these platforms before using our services.
3.5 Our contracts always prioritize the secure processing of User information. Therefore, from the moment these companies access this data, they become responsible for its security, processing, and appropriate sharing. They may not disclose it for other purposes in non-compliance with current legislation or this Privacy Notice, under penalty of being subject to all punishments, especially those of a civil, criminal, or regulatory nature imposed by the National Data Protection Authority.
3.6 International Transfer: DIGISAC uses servers equipped with mechanisms to ensure the security of your data. These servers are located outside Brazil, specifically in the United States, and are used to enable DIGISAC to execute its service adequately, as determined by Article 33, IX, of Law No. 13.709/18.
4. Information Security
4.1 DIGISAC takes the security of your personal data very seriously. Therefore, we implement all measures suggested by the National Data Protection Authority (ANPD) in its Guidance Guide for Small-Scale Data Processors, which includes a variety of security technologies and procedures to help protect your information.
4.1.1 Additionally, we have effective measures and controls to prevent or reduce information security risks, adopting a principle-based approach to prevent, detect, respond to, and recover quickly from threats, ensuring the confidentiality, integrity, and availability of technological assets and information.
4.2 All access records, which include information about the date and time of using a given internet application from a specific IP address, will be kept by DIGISAC confidentially in a controlled and secure environment for a minimum period of six (6) months, pursuant to Law No. 12.965/2014 and Article 7, II, of Law No. 13.709/18.
4.3 DIGISAC is committed to preserving the stability, security, and functionality of the platform through technical measures compatible with international standards and by encouraging the use of best practices. However, no online service is fully guaranteed against unauthorized access. In cases where unauthorized third parties illegally access the system, DIGISAC will diligently work to identify those responsible but does not assume responsibility for any damages they may cause.
5. Data Collection
5.1 To register and use DIGISAC services, the following information is required:
5.1.1 For the Collaborator User: Name and CPF.
5.1.2 For the Administrator User: Name, CPF, Email, Company Brand, Corporate Name, Address, and Phone Number.
5.2 Contact History: DIGISAC stores information about all interactions made through the WhatsApp application, messages, and emails to improve and make customer service more efficient. Without this history, users would likely have to repeat previous information each time they contact us.
5.3 Indirectly Collected Information: In addition to access records, we may also collect some information indirectly, as specified in our Cookie Policies.
6. Personal Data Processing
6.1 By accepting this Privacy Notice, the User understands that the collection and processing of personal data are necessary for the execution of the contract with DIGISAC, as presented below.
| Tipo de Dado Pessoal | Base Legal | Finalidade |
|---|---|---|
| Nome | Necessário para a execução de contrato ou de procedimentos preliminares relacionados a contrato do qual seja parte o titular, a pedido do titular dos dados (Art. 7º, V, Lei n.º 13.709/2018). | Identificação do Usuário. Trata-se de dado pessoal essencial para que seja possível entrar em contato com o Usuário, para atender às suas solicitações e fornecer respostas direcionadas. |
| CPF | Necessário para a execução de contrato ou de procedimentos preliminares relacionados a contrato do qual seja parte o titular, a pedido do titular dos dados (Art. 7º, V, Lei n.º 13.709/2018). | Utilizado para elaborar o contrato de prestação de serviços da plataforma e para o controle antifraude. |
| a) Necessário para a execução de contrato ou de procedimentos preliminares relacionados a contrato do qual seja parte o titular, a pedido do titular dos dados (Art. 7º, V, Lei nº 13.709/2018). b) Necessário para atender aos interesses legítimos do controlador ou de terceiro (Art. 7º, IX, Lei nº 13.709/2018). | a) Utilizado como meio de comunicação com o Usuário, para contatos e interações ao longo da jornada de uso da Plataforma. b) Utilizado para envio de e-mails de marketing e e-mails de notícias, classificados e Newsletter. | |
| Marca da empresa / Razão Social | Necessário para a execução de contrato ou de procedimentos preliminares relacionados a contrato do qual seja parte o titular, a pedido do titular dos dados (Art. 7º, V, Lei nº 13.709/2018). | Necessário para poder prestar o serviço, já que atende pessoas jurídicas. |
| Dados bancários | Necessário para a execução de contrato ou de procedimentos preliminares relacionados a contrato do qual seja parte o titular, a pedido do titular dos dados (Art. 7º, V, Lei nº 13.709/2018). | Coletado apenas do Usuário Administrador. É utilizado para elaborar o contrato de prestação de serviços e processar o pagamento relativo ao uso do serviço da plataforma, este pagamento é geralmente via API da IUGU. |
| IP (Internet Protocol), Localização, Fonte de referência, Tipo de navegador, Duração da visita, Páginas visitadas | Cumprimento de obrigação legal ou regulatória pelo controlador (Art. 7º, II, Lei n.º 13.709/2018). | Obediência ao artigo 15 da Lei n.º 12.965/2014, que impõe o dever da DIGISAC de manter os respectivos registros de acesso a aplicações de internet, sob sigilo, em ambiente controlado e de segurança, pelo prazo de 6 (seis) meses. |
7. Cancellation of the platform, accounts, access, and data deletion
7.1. Account cancellation by DIGISAC: DIGISAC may, at its sole discretion, block, restrict, disable, or prevent any User’s access to the platform whenever inappropriate conduct is detected.
7.2. Account cancellation by the User: To cancel the services and request the deletion of the access account, the User must submit a request via email at [email protected].
7.3. Once the purpose of data processing is concluded or upon request via email at [email protected], the User will have all their data deleted immediately and permanently, except for data whose retention is mandatory by law or regulation, as well as data necessary for the regular exercise of rights in judicial, administrative, or arbitration proceedings. Access records will be kept confidential, in a controlled and secure environment, in accordance with Law No. 12.965/2014 and with the legal basis of Article 7, II, of Law No. 13.709/18.
8. User data sharing
8.1. Only individuals strictly necessary for service provision will have internal access to Users’ information.
8.2. Users’ data will not be shared by DIGISAC with third parties. However, the Administrator User of each company will be responsible for collecting the data and registering their employees on the platform.
8.3. If the Administrator User decides to share personal data stored in DIGISAC with third parties, such as independent APIs, they must fully assume responsibility for informing data subjects about this sharing, ensuring that the third party complies with the General Data Protection Law, and handling any security incidents that occur after the transfer of personal information. DIGISAC is only responsible for its platform, while the third-party API will be responsible for operations following the data transfer.
8.3.1. The User is informed that, when integrating via API, the external software may access data under their control, with the option to revoke such access later.
8.4. From the moment Users, WhatsApp, Telegram, SMS, Web Chat, email, AWS, Digital Ocean, and third-party APIs access this data, they become responsible for the security, processing, and proper sharing of such information. They are prohibited from disclosing it for other purposes in violation of current legislation and this Privacy Notice, under penalty of all applicable sanctions, particularly civil and criminal penalties and those imposed by the National Data Protection Authority.
8.5. The User acknowledges that they must comply with the terms of WhatsApp, as well as other channels they use, especially regarding the sending of automated messages and the collection of third-party data through the platform.
8.6. DIGISAC will not share Users’ confidential data with third parties, except as required by law or court order.
9. Data subject rights
9.1. The data subject has the right to request from the controller, at any time and upon request, information regarding the processing of their data:
Confirmation of the existence of data processing.
Access to data.
Correction of incomplete, inaccurate, or outdated data.
Anonymization, blocking, or deletion of unnecessary, excessive, or unlawfully processed data.
Portability of data to another service or product provider, upon express request, in accordance with national authority regulations, subject to commercial and industrial secrets.
Deletion of data processed with the data subject’s consent, except in cases provided for in Law No. 13.709/2018.
Information on public and private entities with which DIGISAC has shared data.
Information about the possibility of not providing consent and the consequences of refusal.
Withdrawal of consent.
9.2. Regarding data of individuals contacted by the User through the platform, such as conversation history, requests to exercise data subject rights must be made directly to the controller.
10. Changes to the privacy notice
10.1. DIGISAC may unilaterally add and/or modify any clause contained in this Privacy Notice. The updated version will be valid for the use of the platform from its publication. Continued access or use of the platform after disclosure will confirm the Users’ acceptance of the new Privacy Notice.
10.2. If a change requires the User’s consent, the option to freely, unequivocally, and knowingly accept the new text or refuse it will be presented.
10.3. If the User does not agree with the change, they may decline consent for specific actions or terminate their relationship with DIGISAC. However, such termination will not exempt the User from fulfilling all obligations assumed under previous versions of the Privacy Notice.
11. Privacy communication channel and Data Protection Officer
11.1. DIGISAC appoints Mr. William Oliveira da Silva, registered under CPF No. 094.913.069-95, with email address [email protected], as the Data Protection Officer, in accordance with Article 41 of the General Data Protection Law, to receive complaints and communications from data subjects and the National Data Protection Authority, provide clarifications, and take necessary actions.
11.2. DIGISAC has a specific document regulating the license of use, rights, duties, guarantees, and general provisions: the Terms of Use. All these documents are inseparably part of this Privacy Notice.
12. General contact information
DIGISAC provides the following channel for receiving all communications that Users wish to make: via email at [email protected].
This platform, named DIGISAC, is owned, maintained, and operated by E.M. SOLUCOES INTEGRADAS DE SISTEMAS LTDA, registered under CNPJ No. 18.716.151/0001-06, located at Rua Sérgio Arcangelo, No. 1-49, Jardim Nicéia, Bauru/SP, ZIP Code: 17.047-430.
This document aims to provide information about the collection, use, and storage (“processing”) of data provided by Users and is in compliance with Law No. 12.965/2014 (Marco Civil da Internet) and Law No. 13.709/18 (General Data Protection Law).
Furthermore, these terms of use regulate the processing of personal data on the DIGISAC platform solely concerning the WhatsApp integration solution. If you are a User of other solutions, please refer to the relevant document: https://digisac.com.br/politicasdeprivacidade.html.
Ready to Transform Your Customer Service?
Join us and transform your communication!
