Here at CAF, we have a responsibility to take care of your data and also your privacy. We want you to have the security of having your data protected and also of exercising your rights. For this, we created a communication channel directly with us, allowing you to choose between the possibilities of requests. Click below and follow the step by step!
TALK TO THE DPO: Submit your request
- Purpose and Scope
ACOMBATEAFRAUDE TECNOLOGIA DA INFORMAÇÃO SA (referred to simply as "CAF” or “us” for the purposes of this Policy), registered under CNPJ nº 34.102.645/0001-57, is responsible for taking care of your Personal Data and your privacy and, therefore, we follow the best practices in the protection of personal data and guidelines of the Brazilian General Data Protection Law - LGPD (Law No. 13,709/18) and other applicable regulations.
- “Data” or “Personal Data” is all information capable of identifying or making an individual identifiable. In our activities, we may process Personal Data of Customer representatives, Persons of Interest and Visitors.
- “Visitor” is the person accessing the CAF website.
- “Customer” is the legal entity that contracts and uses CAF solutions, with which CAF has established a commercial relationship.
- “Person of Interest” is anyone who has some type of relationship with our Clients (whether a potential employee, supplier, partner, end customer, etc.) and whose Personal Data is processed by CAF on behalf of the Client.
- “Subject” is the person to whom the Personal Data refers. Customer Representatives, Persons of Interest and Visitors are entitled.
- “Platform” means CAF's software through which the Customer can access CAF Products.
- “Products” are the solutions developed by CAF and used by Clients to optimize processes through assertive decision-making, risk assessment and monitoring of results.
- “Processing” or “Processing” means any and all activities carried out with Personal Data, such as collection, analysis, storage, among others.
- Controller means the entity (or other person) that makes the main decisions related to the processing of Personal Data.
- Processor means the entity (or other person) that processes Personal Data on behalf of a controller.
- Personal Data and Purpose of Processing
CAF may collect Personal Data about you in different situations. In general, it is possible that you provide Data directly or that Data about you is collected through publicly accessible sources. It is also possible that Data about your interactions with us will be recorded in our systems, or that your use of our Products will also generate records about your activities on our Platform.
In practice, the type, quantity and manner in which we collect your Personal Data depends on your relationship with CAF. To make these differences clearer, we have listed below some situations in which your Data may be used depending on your category of Personal Data Subject and the type of interaction you have with us.
When you visit our website, it is possible that certain Personal Data is collected. Some of these situations include:
To enable access to CAF’s Platform by Clients, it is necessary to register the users authorized by the Client. It is possible to organize such an activity as follows:
3.3 People of Interest
For the provision of our solutions, we may receive Personal Data from Persons of Interest through our Clients, partners and suppliers, all of whom are subject to confidentiality obligations and always complying with the requirements of the applicable legislation, as well as we may collect Personal Data from publicly available sources.
We use Data to generate intelligence and help our Clients make strategic and informed decisions. To achieve our goals, we aggregate Data from various publicly and privately accessible sources and perform analyzes to improve our Clients' understanding of People of Interest, facilitating decision-making. Such practices allow us to improve the security of our services and the assertiveness of our Products.
The description of the Personal Data processed depends on the Products contracted by the Customer. Within the scope of analysis provided by CAF in our Products, registration data, professional data, equity data, corporate data, procedural data contained in public records and other data necessary for CAF to meet customer requests. In certain cases, CAF may carry out the processing of biometric Personal Data, depending on the scope of the Product contracted by the Customer, always in compliance with the applicable legislation. For more details on the data processed in the operation of the Products, you can contact our Supervisor/DPO, which is available at the following contact address:[email protected]
- Sharing of Personal Data
CAF partners with several companies and organizations to support its activities. In this way, CAF may share Personal Data with third parties, maintaining the highest security standards, seeking to preserve your privacy as much as possible and, whenever possible, in anonymized form. We may share Data in the following situations and within the limits required and authorized by law:
- International Transfer
CAF is headquartered in Brazil and its Data processing activities are, as a general rule, governed by Brazilian law. However, in certain situations, the Data we process may be stored in a database provided by third parties and whose infrastructure is located, for the most part, in the State of Northern Virginia, in the United States. This Data may be subject to local legislation and rules.
- Period of Processing of Personal Data
The security of Personal Data is one of CAF’s priorities. We seek to constantly improve our processes and the best information security practices to protect the Data we have access to.
The period during which the Data is stored varies according to the purpose for which it was collected, the amount, nature and sensitivity of the Data, whether we can achieve our purposes through other means and the legal requirements applicable to the treatment in question.
After all the purposes that justify the processing of the Data in our systems have ended, they will be eliminated or anonymized, observing the technical means available, unless maintenance is necessary to comply with legal, contractual, accountability obligations or requests of competent authorities.
- Security measures
CAF is committed to ensuring the confidentiality, integrity, availability and security of Personal Data, through the implementation of appropriate technical and organizational measures to protect Personal Data against any form of undue or unlawful treatment and against any accidental loss or destruction. We follow industry standard frameworks to ensure that personal data under our custody is not accessed only by authorized persons.
Among the measures adopted to protect data are:
- Encryption in transit and storage;
- Access to environments controlled only by VPN;
- Context-based access;
- Robust password policy with MFA;
- Use of state-of-the-art EDR;
- Control of authorized software;
- Segregation of administrator accounts;
- Procedures, management policies and training;
- Personal Data Corporate Governance Regulations.
CAF is fully committed to complying with Data Protection Regulations, which is why we are constantly updating our personal data security and privacy procedures in compliance with all applicable data protection laws in the countries where we provide services.
Our customers' data is stored in one of the largest Cloud providers in the world, Amazon Web Service - AWS. Data may be hosted on servers located in the N. Virginia, United States (us-east-1) and São Paulo, Brazil (sa-east-1) regions.
We have a security team dedicated to monitoring and responding to security incidents, creating policies and training, and constantly improving our controls.
We consider our employees to be a critical line of defense in protecting our company's and our customers' data, which is why our training and awareness programs range from initial training for new employees to constant content on security and protection of personal data for our entire team. .
If you identify or become aware of something that compromises the security of the Platform, the Products and/or CAF, please contact us via email [email protected].
- Rights of the Personal Data Subject
You, as the Subject of Personal Data, have rights relating to the privacy and protection of your Data.
In most situations, CAF handles Personal Data as the Data Processor, i.e., we process the Data on behalf of our Customer, who is the controller. In view of this, we recommend that you always try to contact the company with which you have a relationship in order to fulfill your rights as a Subject.
If your request is related to the position of CAF as controller of the Personal Data, we will respond directly to your request within the established legal deadlines. If your request is related to the position of CAF as an Processor of Personal Data on behalf of a controller, we will endeavor to, if you contact us, direct your request to the responsible controller.
According to the LGPD, the Subject of Personal Data has the following rights:
For your security, when you file a request to exercise your rights, CAF may request some additional information and/or documents so that we can prove your identity. We do this to prevent fraud and to ensure your security and privacy by not disclosing Personal Data to unauthorized persons.
Also, some requests may not be responded to immediately, but CAF undertakes to respond to all requests within a reasonable time and always in compliance with applicable law.
If you would like to exercise any rights or if you believe that your Personal Data has been used in a manner inconsistent with this Policy, or if you have any questions, comments or suggestions regarding this Policy, please feel free to contact us. We have We have an exclusive form for receiving requests from data subjects (HERE) or you can reach out our DPO who is available at the following contact address: [email protected]
- Final dispositions
- Version History
To access previous versions of this Policy, please contact the address: [email protected]
To access the Portuguese version of this Policy, CLICK HERE.