Privacy Policy

PRIVACY POLICY – CARE (OGP INFORMATION SOLUTIONS LTDA – EPP)

             
              CARE values the privacy of its users and created this Privacy Policy to demonstrate its commitment to protecting your privacy and personal data, in accordance with the General Data Protection Law, ISO 27001 and 27701, and other laws on the subject, as well as to describe how your privacy is protected by CARE when collecting, processing and storing your personal information. 

              CARE follows the Code of Conduct that represents the mission, vision and values, created with the objective of guiding and portraying the priority values of this company since its conception, always aiming for ethical performance by all its employees.      



  1. COLLECTION OF PERSONAL DATA BY CARE

                         
           CARE collects your personal data through its website, under the "Contacts" tab. The data collected by CARE, including your full name and email address, is for the purpose of enabling you to contact CARE and respond to requests submitted by the respective personal data owner.   

           CARE collects only the personal data strictly necessary for the intended purposes, in accordance with the ISO 27701 data minimization principle.  


  1. PROCESSING OF PERSONAL DATA


              The information provided is for the exclusive use of CARE. Under no circumstances will individual user data be sold or made available to third parties without the user's authorization.

              The data collected is used exclusively for commercial purposes and to provide information regarding CARE's services. Therefore, all personal data collected and its purposes are available in CARE's General Data Protection Map, and the data subject may request the available information at any time they deem necessary. The company also documents data processing operations in accordance with ISO 27701 requirements, maintaining an updated Processing Activity Log. The company has three business days to provide all information.


  1. LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA

              The processing of personal data is legally based on the execution of a contract or preliminary procedures related to a contract to which the data subject is a party, at the request of the data subject, under the terms of article 7, V of the General Data Protection Law – LGPD. 
              If data is collected and processed for other purposes, consent will be requested in advance, following the principle of legality of ISO 27701.            


  1. HOW CAN THE HOLDER EXERCISE HIS RIGHTS?

 
              The rights of personal data subjects, as set forth in Article 18 of the General Data Protection Law (LGPD), are guaranteed by CARE. Requests for confirmation of processing, access to personal data, and correction of personal data can be made via the email address at the end of this privacy policy.

              Furthermore, CARE provides clear and easy mechanisms for exercising data subjects' rights, as required by ISO 27701, in order to ensure transparency in the data protection process.

 

  1. PERSONAL DATA SECURITY


              CARE is committed to making every effort to protect data subjects, including employee training and compliance monitoring, as well as the following security measures:

  • Use of security certificate;
  • Firewall;
  • Data encryption;
  • Access controlled by user profile;
  • AWS datacenter hosting;
  • Backup and DR (disaster recovery) policies, among others.      

              In compliance with ISO 27701, CARE also implements regular reviews of security controls to ensure the integrity, confidentiality and availability of the personal data processed.          

              Although CARE is committed to adopting all possible measures to prevent security incidents, no data storage or transmission on the internet is 100% secure, and if a leak occurs caused exclusively by a third party – such as in the case of hacker attacks – or even through the exclusive fault of the user (which occurs, for example, when the user shares their data with third parties), we will notify those affected and the National Data Protection Authority about the incident, in accordance with the provisions of the General Data Protection Law and will provide all necessary support.  

  1. POLICY REVIEWS

CARE may change its privacy policy, and in this case, it will notify its users through this same page. If the change implies a higher level of personal data exposure, affected users will be notified promptly.
              Revisions will follow ISO 27701 guidelines, and previous versions of this Privacy Policy will be available for consultation, ensuring the traceability of changes.

 

  1. USE OF COOKIES

       Cookies are small text files placed on your device to store data that can be remembered by a web server in the domain that placed the cookie. CARE clarifies that it only uses session cookies to store and remember your preferences and settings, allow you to log in, combat fraud, analyze the performance of our services, and fulfill other legitimate purposes.
              In compliance with ISO 27701, we ensure that users can manage their cookie preferences through configurable privacy controls on our website.


  1. FINAL PROVISIONS

              Finally, CARE informs that Eric Domingos is the Personal Data Protection Officer, responsible for acting as a communication channel between the controller, data subjects and the National Data Protection Authority (ANPD), responding to requests and questions sent to the contact below:
E-mail: eric.domingos@care-business.com        
Postal address: St. John's Avenue, 2375, Room 2007, Garden of the Hills, St. Joseph of Campos – SP



Date

Revision

History

10/06/2022

01

Initial approval

30/09/2024

02

Review – Adjustments to items 3, 5 and 6

30/09/2025

03

DPO Update