Here at CAF, we have a responsibility to take care of your data and also your privacy. We want you to have the security of having your data protected and also of exercising your rights. For this, we created a communication channel directly with us, allowing you to choose between the possibilities of requests. Click below and follow the step by step!
TALK TO THE DPO
COMBATEAFRAUDE TECNOLOGIA DA INFORMAÇÃO SA, a limited liability company, duly constituted and existing in accordance with the laws of Brazil, registered with the CNPJ under nº 34.102.645/0001-57, headquartered at Rua Tiradentes, nº 1077 - 5th floor - Centro, Venâncio Aires - RS, CEP 95800-000, represented in accordance with the terms of its constitutive documents.
- COMBATE A FRAUD offers, through the website (“Platform”), a Software that allows the performance of services aimed at data analysis to combat irregularities and fraud.
Using our Platforms, filling out our forms and providing data, directly or indirectly, implies knowing and accepting the conditions of this Policy, the General Terms, Policies and Conditions of Use and any other specific terms, policies and conditions related to the services subscribed. When subscribing to our services, carefully read the respective terms and conditions.
- The personal data we collect;
- How and for what reasons (purposes) we use them;
- To whom we disclose them;
- Rights of Holders of Personal Data;
- Legal basis of treatment;
- How we protect your privacy and that of your USERS when you use our services or visit our platforms;
- Your responsibility when sharing third party data with COMBATE A FRAUD;
- Contact with our DPO (Personal Data Protection Officer);
- Among other information listed below.
PROCESSED PERSONAL DATA
Below is a list of some data that may appear in our databases when we carry out our searches:
- When COMBATE A FRAUD carries out analyzes for the provision of services, data such as name, parental affiliation, date of birth, registration of profession, contact data (e-mail address, telephone number, postal address), data contained in public records and other necessary data so that the best possible probability can be obtained of the authenticity of the document or query requested to COMBAT FRAUD by the USER.
- The transmission of some of this data is mandatory, so if they are not provided, COMBATE A FRAUD will not be able to provide the requested product or service. In these cases, the USER will always be duly informed of the obligation to provide this data to continue the process.
- COMBATE A FRAUD may receive other personal data through partners and public websites or private websites that provide a public service. Thus, in order for us to process this data, we at COMBATE A FRAUDE use clauses in our service provision contracts so that our USERS who contract our services obtain specific consent for sharing personal data with COMBATE A FRAUDE in order to use them in our services to investigate irregularities and fraud. There may be other legal bases for us to carry out the treatment, mainly the legal basis for contractual compliance or legitimate interest of COMBATE A FRAUD.
- We request that our USERS provide in their contracts with data subjects that their personal data may be verified for the purposes mentioned here. We also ask that our USERS keep their privacy policies up to date, stating the purpose of treatment with COMBATE A FRAUD in a clear, transparent and objective manner so that holders can be properly aware of the whereabouts of their personal data.
- The description of the personal data collected depends on the services contracted and/or made available to the USER. The list of personal data that can be processed can be accessed through the link: https://docs.combateafraude.com/docs/api/secoes-validacoes/background-checking-pf/#certid%C3%A3o-de- criminal-background-pf2
- COMBATE A FRAUD does not process sensitive personal data about your racial or ethnic origin, religious conviction, political opinion, union membership or religious, philosophical or political organization, data regarding your health or your sex life.
- COMBATE A FRAUD handles sensitive biometric personal data within the scope of services, if hired by the USER.
- COMBATE A FRAUD only processes data that is strictly necessary to prevent fraud and combat irregularities.
LEGAL BASIS USED
COMBAT A FRAUD has legal bases and uses them to collect, produce, receive, classify, use, access, reproduce, transmit, distribute, process, archive, store, eliminate, evaluate or control information, modify, communicate, transfer, disseminate or extract personal data, according to the service provision contract and/or agreed with the USER.
- The legal bases include consent for specific sharing to FIGHT AGAINST FRAUD, contracts and preliminary contractual procedures (where processing is necessary to enter into a contract with the USER) and legitimate interest, provided that such processing does not violate rights and freedoms.
- The holder has the right to deny or withdraw the consent given to COMBATE A FRAUD and/or its USERS, when this is the legal basis for processing personal data, and COMBATE A FRAUD may terminate the performance of its services for this user in the hypothesis of occurrence of such request, EXCEPT there is a legal exception for its maintenance.
- COMBATE A FRAUD only processes Personal Data in situations where it is authorized or with the express and unequivocal consent of the owner provided by him to our USERS (consent to share data with third parties).
- Within the scope of the provision of COMBATE A FRAUD services, we use, by default, the legal basis of legitimate interest for all our services provided. It should be noted that, when COMBATE A FRAUD is the controller of personal data, it may define a legal basis different from those used by the USER accessing our Platform, since USERS may have different purposes for processing the personal data consulted. Therefore, the legal basis for the processing of legal data by COMBATE A FRAUD may have a legal basis and purposes different from those used by the USER.
- COMBATE A FRAUD does not have control mechanisms under the purposes used by USERS, as well as having knowledge if these are legitimate and in compliance with the LGPD. Therefore, it is up to the USER to use the information consulted respecting privacy and within the legal dictates. COMBATE A FRAUD is not responsible if the shared data is used illegitimately and illegally by the USER, as these are legal entities and have a legal duty and zeal to comply with the provisions of the applicable legislation.
- For the processing of personal data considered sensitive, which in the case of COMBATE A FRAUD involves the processing of biometric data, we use the legal exception for consent provided for in article 11, II, g, of Law 13.709/18, which expressly mentions that sensitive personal data may be processed without prior consent in the cases of combating fraud and others, provided for in this paragraph.
PROCESSING PERSONAL DATA
The holder's data is collected to prevent fraud, by collecting data and comparing it with his document or information sent by the USER. COMBATE A FRAUD searches its own databases or those of third-party providers in order to deliver the result of a particular query requested by the USER.
- We use data contained in external sources. Therefore, some data collected is from sources whose responsibility are third parties. COMBATE A FRAUD only uses such data to provide its services within the purpose of preventing fraud.
- COMBATE A FRAUD uses personal data in third-party services to deliver the best resolution for the demand, as well as verify the document or object that is passed to us for verification in the best possible way. Thus, we consult personal data in public and private databases, as an example - DENATRAN, SPC, Serasa, Federal Revenue of Brazil, among others.
- The personal data contained in third-party servers are not the responsibility of COMBATE A FRAUD, since we only operate/search the data contained therein to verify the veracity of the information of the objects analyzed by our services.
- The personal data shared by the USER are used within the scope of the provision and management of contracted, subscribed or reserved services, as well as for the study, improvement and adaptation of the services to their interests and needs, and to speed up the processes of FIGHTING FRAUD and validation /authentication information.
- We work through some personal data provided by our USERS duly agreed in our Service Provision Agreement and/or in documents that precede it. We use the data provided by USERS to cross check with the data we have in our personal databases and partner databases only for the purpose of identifying fraud and attesting to the validity of the document or object submitted to us for analysis in accordance with the agreed services. with USER.
- With each new USER, we align our contracts with updates to better comply with the legislation on the protection of personal data.
- Important note: Personal data will never be shared with other companies for marketing purposes.
- We also use personal data to improve our services and fulfill our administrative and commercial purposes.
- The business purposes for which we use shared personal data include, but are not limited to, accounting, billing and auditing, credit card or other verification, fraud analysis, security, legal and procedural effects, statistical studies and systems development and maintenance.
- Comply with our legal obligations such as the obligation to provide your personal data to the authorities and others brought by legislation.
- The Legal Entities that contract with COMBATE A FRAUD provide guarantees that they are respecting the rights of the holders of personal data that are contained in their databases, requesting specific consent for the sharing of this data with us, according to legal bases, or exceptions provided for by law for sharing such data.
- By sharing personal data with us, the USER ensures that the rights and obligations with the holder of the personal data have been respected to authorize the collection, treatment, use and disclosure of the same in accordance with the rules defined herein, as well as in the respective contracts signed between a FIGHT AGAINST FRAUD and the USER.
- When we identify and materialize a query, the personal data used is stored in our database so that COMBATE A FRAUD has its own solid base to use it in order to optimize and increase the assertiveness of queries made by USERS.
- The USER and COMBATE A FRAUD share the personal database with each other. We are based on the interest of cross-referencing the data in these databases with partner databases in the best possible way in order to provide the most correct service possible to combat fraud and irregularities.
- COMBAT A FRAUD only stores the strictly necessary and adequate data so that it can be obtained with maximum precision if the document or object that is requested from us the information is analyzed correctly.
- COMBAT A FRAUD does not keep excessive or unused data. We use all data for validation.
- The data subject may notify our USERS to exercise their rights and they will notify us of such requirements so that we can process the request. We suggest that the USER inform the contact of our DPO to the data subject.
INFORMATION STORAGE TIME
The personal data collected are treated in compliance with the applicable legislation and kept in specific databases created for this purpose.
- The period of time during which the data is stored varies depending on the purpose for which it was collected, if there is no specific legal requirement. COMBATE A FRAUD may keep your Personal Data after receiving the deletion request to guarantee the necessary deadlines to comply with legal obligations, resolve disputes, maintain security, prevent fraud and abuse and ensure compliance with contracts.
- Personal data that are stored after their elimination from the main treatment systems (Amazon Web Service) are kept in separate spaces.
PERSON RESPONSIBLE FOR PROCESSING PERSONAL DATA
COMBATE A FRAUD may treat the personal data shared as a controller, that is, come to make decisions about the purpose and for which purposes the data collected will be used internally by COMBATE A FRAUD if this is not prohibited by USERS in a way expressly and by mutual agreement.
- If requested by the USER, FIGHT AGAINST FRAUD can only assume the position of operator of personal data in relation to the data shared by its USERS.
- COMBATE A FRAUD is committed to respecting legislation on privacy protection, as well as acting ethically and in good faith. COMBATE A FRAUD is attentive to act in accordance with the legal bases and purposes of combating irregularities, thus, there is legal justification for the processing of the personal data that we have.
SHARING WITH THIRD PARTIES
COMBATE A FRAUD may disclose the Personal Data collected to third parties, in the following situations and within the limits required and authorized by law:
(i) With its USERS when necessary and/or appropriate for the provision of related services;
(ii) With COMBATE A FRAUD service providers and individuals hired to perform certain activities and services on behalf of COMBATE A FRAUD;
(iii) With suppliers and partners to provide the services contracted with COMBATE A FRAUD (such as information technology, accounting, among others);
(iv) For organizational administrative purposes such as: research, planning, service development, security and risk management;
(v) When necessary as a result of legal obligation, determination of competent authority, or court decision.
PERSONAL DATA HOLDER'S RIGHTS
The holder of personal data has the right to request from COMBATE A FRAUD, when it is in the condition of controller of the respective personal data, at any time, through DPO Tiago Borre, e-mail: [email protected], the following rights:
(i) confirmation of the existence of treatment;
(ii) access to data held by the controller;
(iii) the correction of incomplete, inaccurate or outdated data;
(iv) the anonymization, blocking or deletion of data, provided they are considered unnecessary, excessive or treated in breach of the provisions of the LGPD;
(v) the portability of your personal data to another service provider;
(vi) deletion of personal data when previously given consent is withdrawn;
(vii) the relationship with whom your data was shared;
(viii) the information that you can refuse consent and what its consequences are;
(xi) the revocation of consent, when this is the legal basis used.
- In no way and under no circumstances does the person transfer the condition of owner of personal data to another, since these data belong exclusively to their holders.
- The controller may keep the data necessary for the execution of the service if there is a legal basis for the continuity of the processing of personal data. The necessary data that has been deleted will no longer be processed by COMBATE A FRAUD.
- The deleted data are removed from the network used for the processing of personal data and transferred to a secondary/alternative network that were stored only to comply with legislation, regulations and court decisions for the time defined by these decisions.
CORPORATE GOVERNANCE OF PERSONAL DATA
COMBATE A FRAUD together with its legal department and DPO (person in charge of personal data) completed the preparation of its Regulations for Corporate Governance of Personal Data that bases the treatment within the internal scope of COMBATE A FRAUD. This document deals with the personal data of USERS, collaborators, partners, employees, among others who have some relationship with COMBATE A FRAUD.
- This document aims to adapt the best practices for the treatment of personal data that we have in our scope of operation to FIGHT AGAINST FRAUD. The aforementioned regulation complies with the provisions of article 50, caput, and its paragraphs, on governance and good practices in the protection of personal data.
- COMBATE A FRAUD has other policies that are analyzed together in terms of good practices and governance, such as the documents: (i) Information Security Policy; (ii) Business Continuity Plan; (iii) Regulations for Response to Information Security Incidents; (iv) Access Control; (v) Clear Screen/Desk Policy; (vi) Encryption Policy; (vii) Backup Policy; (viii) BYOD policy; (ix) Remote Access Policy; (x) Regulatory use of Acceptable Use of Information Assets; (xi) Malicious Code Protection Policy; (xii) E-mail Services Usage Policy; (xiii) other policies under development.
- COMBATE A FRAUD has an internal General Information Security Committee (CGSI) and the General Committee for the Protection of Personal Data (CGPD), which have duties in accordance with the above Personal Data Governance Regulations to better protect and respond to correct and safer processing of personal data with internal members related to the functions performed by the committees.
- COMBATE A FRAUD also has solid governance in IT (information technology) so that our professionals are educated about privacy protection when implementing and protecting our network architecture and computer services from leaks of personal data. of the Amazon Web Service (AWS) system, by itself, is already an effective mechanism for complying with good privacy and information security practices.
SAFETY MEASURES ADOPTED
COMBATE A FRAUD is committed to ensuring the confidentiality, protection and security of personal data, through the implementation of appropriate technical and organizational measures to protect them against any form of undue or illegitimate treatment and against any accidental loss or destruction thereof.
- We have systems and teams that guarantee data security, creating and constantly updating our governance, policies and procedures that prevent unauthorized access, accidental loss and/or destruction of personal data.
- All Personal Data will be stored in the COMBATE A FRAUD database or in a database maintained “in the cloud” by the contracted service providers, having as its main storage base the Amazon Web Service (AWS) service, which are duly in accordance with current data legislation.
- Always committing to comply with the legislation relating to the protection of personal data shared by USERS, COMBATE A FRAUD ensures that it treats these data only for the purposes of combating fraud and irregularities, with the guarantee that they are processed with the security levels and appropriate confidentiality.
- We are aware of the importance of this fundamental right of holders of personal data, which is why we disclose this Personal Data Protection Policy and other materials to our employees, so that they are aware of their obligations in this matter.
- COMBATE A FRAUD also constantly conducts training, lectures and security measures with its employees so that they can be instructed and educated in the best possible way about the processing of personal data.
- Although COMBATE A FRAUD uses security measures and monitors its system to check for vulnerabilities and attacks to protect its Personal Data against unauthorized disclosure, misuse or alteration, the USER understands and agrees that there are no guarantees that the information will not be accessible. , disclosed, altered or destroyed for breach of any of the physical, technical or administrative safeguards.
COMBATE A FRAUD values the security and privacy of the USER and the holders of personal data in our services and applications available. We use the following security measures:
(ii) Use of VPN;
(iii) Access control;
(iv) Procedures, management policies and training;
(v) Rules on Corporate Governance of Personal Data;
(vi) Protection Mechanisms Contained in Amazon Web Service (AWS).
- Among other technical and administrative measures.
- COMBATE A FRAUD does not anonymize personal data, since knowledge of the information is necessary for the result of the query. All data used are necessary for the correct identification and assertiveness of the query requested by the USER.
- Here at COMBATE A FRAUD, we respect and carry out the best practices in terms of security and protection of personal data, promoting actions and improving systems to effectively protect all the data that the USER makes available to us.
- The USER can instruct his browser to refuse all cookies or to indicate when a cookie is being sent.
- The USER can contact us for more information about cookies and their elimination.
SPECIFIC CLAUSES FOR PERSONAL DATA PROTECTION IN OUR CONTRACTS
We enter into a Service Provision Agreement with our USERS in which our legal department is involved to insert contractual clauses and share guarantees for the best and legal development of this service. We inform you about the General Law for the Protection of Personal Data, as well as we write clauses so that our USERS provide the necessary guarantees so that we can share personal data in order to prevent fraud.
PERSONAL DATA PROTECTION OFFICER (DPO)
- COMBATE A FRAUD has also appointed a Data Protection Officer (DPO), to monitor compliance with applicable policies and regulations regarding the protection of personal data. Contact with the DPO will be made via email [email protected].