External Privacy Policy

Here at CAF, we have a responsibility to take care of your data and also your privacy. We want you to have the security of having your data protected and also of exercising your rights. For this, we created a communication channel directly with us, allowing you to choose between the possibilities of requests. Click below and follow the step by step!

TALK TO THE DPO: Submit your request

  1.  Purpose and Scope

ACOMBATEAFRAUDE TECNOLOGIA DA INFORMAÇÃO SA (referred to simply as "CAF” or “us” for the purposes of this Policy), registered under CNPJ nº 34.102.645/0001-57, is responsible for taking care of your Personal Data and your privacy and, therefore, we follow the best practices in the protection of personal data and guidelines of the Brazilian General Data Protection Law - LGPD (Law No. 13,709/18) and other applicable regulations.

CAF offers, through its Platform, several Products aimed at combating fraud and identity verification, and which may involve the use of Personal Data. In view of this, we have prepared this Privacy Policy in order to affirm our commitment to comply with the applicable legislation and to clarify how the Personal Data of Customer representatives, Persons of Interest and Visitors who access our website (in all cases, “you”) may be collected, used and stored by us.

 

  1. Definitions

Some definitions are important for you to understand this Privacy Policy:

  1. “Data” or “Personal Data” is all information capable of identifying or making an individual identifiable. In our activities, we may process Personal Data of Customer representatives, Persons of Interest and Visitors.
  2. “Visitor” is the person accessing the CAF website.
  3. “Customer” is the legal entity that contracts and uses CAF solutions, with which CAF has established a commercial relationship.
  4. “Person of Interest” is anyone who has some type of relationship with our Clients (whether a potential employee, supplier, partner, end customer, etc.) and whose Personal Data is processed by CAF on behalf of the Client.
  5. “Subject” is the person to whom the Personal Data refers. Customer Representatives, Persons of Interest and Visitors are entitled.
  6. “Platform” means CAF's software through which the Customer can access CAF Products.
  7. “Products” are the solutions developed by CAF and used by Clients to optimize processes through assertive decision-making, risk assessment and monitoring of results.
  8. “Processing” or “Processing” means any and all activities carried out with Personal Data, such as collection, analysis, storage, among others.
  9. Controller means the entity (or other person) that makes the main decisions related to the processing of Personal Data.
  10. Processor means the entity (or other person) that processes Personal Data on behalf of a controller.
  1. Personal Data and Purpose of Processing

CAF may collect Personal Data about you in different situations. In general, it is possible that you provide Data directly or that Data about you is collected through publicly accessible sources. It is also possible that Data about your interactions with us will be recorded in our systems, or that your use of our Products will also generate records about your activities on our Platform.

In practice, the type, quantity and manner in which we collect your Personal Data depends on your relationship with CAF. To make these differences clearer, we have listed below some situations in which your Data may be used depending on your category of Personal Data Subject and the type of interaction you have with us.

3.1 Visitors

When you visit our website, it is possible that certain Personal Data is collected. Some of these situations include:

  Data Goal
Business contact form Full name; corporate email; telephone; company To contact you
Site navigation

Data collected through cookies, including IP; date and time of access; geographic location; browser type; duration of visit; visited pages.

Activate essential functionality of the website; understand your browsing behavior and how the site is being used to improve your experience.

 

We use cookies to ensure that our website is operating to the best performance standards you expect. If you want to know which cookies are installed on your device, or if you want to delete or restrict them, you can change your browser settings to refuse all cookies or to indicate when a cookie is being sent. You will find further explanations on how to proceed by clicking on the links below:

Remember that the use of cookies allows us to offer you a better experience during your navigation. If cookies are deleted or restricted, CAF may not be able to guarantee the correct functioning of all the functionalities of our website. Also, it is likely that certain functions and pages will not work properly.

CAF is not responsible for the use of cookies by third parties. Be aware that cookies placed by third parties may eventually continue to monitor your online activities even after you have left the website. 

3.2 Customers

To enable access to CAF’s Platform by Clients, it is necessary to register the users authorized by the Client. It is possible to organize such an activity as follows:

 

  Data Goal
Customer representative registration

Full name; corporate email; Login; password.

Allow the use of the Platform by the Client.
Use of the Platform

Device IP, history of activities carried out within the Platform

Compliance with contractual obligations and information security measures

 

3.3 People of Interest

For the provision of our solutions, we may receive Personal Data from Persons of Interest through our Clients, partners and suppliers, all of whom are subject to confidentiality obligations and always complying with the requirements of the applicable legislation, as well as we may collect Personal Data from publicly available sources.

We use Data to generate intelligence and help our Clients make strategic and informed decisions. To achieve our goals, we aggregate Data from various publicly and privately accessible sources and perform analyzes to improve our Clients' understanding of People of Interest, facilitating decision-making. Such practices allow us to improve the security of our services and the assertiveness of our Products.

The description of the Personal Data processed depends on the Products contracted by the Customer. Within the scope of analysis provided by CAF in our Products, registration data, professional data, equity data, corporate data, procedural data contained in public records and other data necessary for CAF to meet customer requests. In certain cases, CAF may carry out the processing of biometric Personal Data, depending on the scope of the Product contracted by the Customer, always in compliance with the applicable legislation. For more details on the data processed in the operation of the Products, you can contact our Supervisor/DPO, which is available at the following contact address:[email protected] 

As a general rule, CAF acts as an Processor of the Personal Data in the Products offered, carrying out its activities according to the decisions of the Clients, contracting the Products, who are the controllers.



  1.  Sharing of Personal Data

CAF partners with several companies and organizations to support its activities. In this way, CAF may share Personal Data with third parties, maintaining the highest security standards, seeking to preserve your privacy as much as possible and, whenever possible, in anonymized form. We may share Data in the following situations and within the limits required and authorized by law:

Customers: For the purpose of providing the services established in the contract with the Customer, CAF can share with its Clients the results of the analysis carried out on the contracted Products;

Suppliers and partners: We have a series of suppliers and partners for the development of our activities (such as information technology service providers, accounting, among others). So, CAF may share Data with these partners to the extent that such information is necessary to provide the service in question. We always seek to carefully evaluate our partners and suppliers and enter into contractual obligations for information security and protection of Personal Data with them;

Companies of the same economic group: Data may be shared with companies that are part of the same economic group and/or corporate structure of CAF, provided that such sharing is necessary for the purposes of operation, maintenance and/or improvement in the provision of the services offered. In this context, any company that may have access to the Data must adopt at least the same security levels used and guaranteed by CAF; 

Public Authorities: We may share Data when necessary as a result of legal obligation, determination of competent authority or court decision. Furthermore, if a competent authority requires CAF certain Personal Data to, for example, support an ongoing investigation, we may also be required to share. 

  1.  International Transfer

CAF is headquartered in Brazil and its Data processing activities are, as a general rule, governed by Brazilian law. However, in certain situations, the Data we process may be stored in a database provided by third parties and whose infrastructure is located, for the most part, in the State of Northern Virginia, in the United States. This Data may be subject to local legislation and rules.

  1.  Period of Processing of Personal Data

The security of Personal Data is one of CAF’s priorities. We seek to constantly improve our processes and the best information security practices to protect the Data we have access to.

The period during which the Data is stored varies according to the purpose for which it was collected, the amount, nature and sensitivity of the Data, whether we can achieve our purposes through other means and the legal requirements applicable to the treatment in question.

After all the purposes that justify the processing of the Data in our systems have ended, they will be eliminated or anonymized, observing the technical means available, unless maintenance is necessary to comply with legal, contractual, accountability obligations or requests of competent authorities.

  1.  Security measures

CAF is committed to ensuring the confidentiality, integrity, availability and security of Personal Data, through the implementation of appropriate technical and organizational measures to protect Personal Data against any form of undue or unlawful treatment and against any accidental loss or destruction. We follow industry standard frameworks to ensure that personal data under our custody is not accessed only by authorized persons.

Among the measures adopted to protect data are:

  • Encryption in transit and storage;
  • Access to environments controlled only by VPN;
  • Context-based access;
  • Robust password policy with MFA;
  • Use of state-of-the-art EDR;
  • Control of authorized software;
  • Segregation of administrator accounts;
  • Procedures, management policies and training;
  • Personal Data Corporate Governance Regulations.

CAF is fully committed to complying with Data Protection Regulations, which is why we are constantly updating our personal data security and privacy procedures in compliance with all applicable data protection laws in the countries where we provide services.

Our customers' data is stored in one of the largest Cloud providers in the world, Amazon Web Service - AWS. Data may be hosted on servers located in the N. Virginia, United States (us-east-1) and São Paulo, Brazil (sa-east-1) regions.

We have a security team dedicated to monitoring and responding to security incidents, creating policies and training, and constantly improving our controls.

We consider our employees to be a critical line of defense in protecting our company's and our customers' data, which is why our training and awareness programs range from initial training for new employees to constant content on security and protection of personal data for our entire team. .

If you identify or become aware of something that compromises the security of the Platform, the Products and/or CAF, please contact us via email [email protected].

  1.  Rights of the Personal Data Subject

You, as the Subject of Personal Data, have rights relating to the privacy and protection of your Data.

In most situations, CAF handles Personal Data as the Data Processor, i.e., we process the Data on behalf of our Customer, who is the controller. In view of this, we recommend that you always try to contact the company with which you have a relationship in order to fulfill your rights as a Subject.

If your request is related to the position of CAF as controller of the Personal Data, we will respond directly to your request within the established legal deadlines. If your request is related to the position of CAF as an Processor of Personal Data on behalf of a controller, we will endeavor to, if you contact us, direct your request to the responsible controller.

According to the LGPD, the Subject of Personal Data has the following rights:

Right

Explanation

Request for access to your Personal Data

This right allows you to obtain information about how your Personal Data is used, with whom they are shared and to request a copy from the controller, respecting any intellectual property rights.

Request for rectification of your Personal Data

This right allows you, at any time, to request the correction and rectification of your Personal Data to the controller, if you identify that some of them are incorrect.

Request for deletion or cancellation of your Personal Data

This right allows you to request the deletion of your Personal Data from the controller, unless there is any other reason for maintaining it, such as a possible legal obligation to retain Data or the need to preserve them to protect rights.

Right to object to the processing of Personal Data

You also have the right to object in which context the controller processes your Personal Data for different purposes.

In certain situations, the controller can demonstrate that it has legitimate reasons to process your Data.

Request portability

You have the right to ask the controller to deliver your Personal Data to you, or to third parties you choose, in a structured and interoperable format, respecting any intellectual property rights.

Right to withdraw consent at any time

You have the right to withdraw your consent from the controller, however, this will not affect the legality of any treatment carried out before you withdraw it. If you withdraw your consent, certain services may be stopped.

Right to review automated decisions

You also have the right to ask the controller to review decisions made solely on the basis of automated processing of your Personal Data that affect your interests.

For your security, when you file a request to exercise your rights, CAF may request some additional information and/or documents so that we can prove your identity. We do this to prevent fraud and to ensure your security and privacy by not disclosing Personal Data to unauthorized persons.

Also, some requests may not be responded to immediately, but CAF undertakes to respond to all requests within a reasonable time and always in compliance with applicable law.

If you would like to exercise any rights or if you believe that your Personal Data has been used in a manner inconsistent with this Policy, or if you have any questions, comments or suggestions regarding this Policy, please feel free to contact us. We have We have an exclusive form for receiving requests from data subjects (HERE) or you can reach out our DPO who is available at the following contact address: [email protected]

  1.  Final dispositions

As we are always looking to improve our products, this Privacy Policy may be updated to reflect improvements made. Therefore, we recommend that you periodically visit this page so that you are aware of the changes made. For your convenience, we indicate below the date of the last updates of this document.

  1.  Version History

Version

Date

Description Changes 

Produced By

2.0

17/07/2023

Initial Release

Legal & Privacy

GRC

Information Security

1.0

05/04/2021

Previous Version

Privacy

To access previous versions of this Policy, please contact the address: [email protected]

To access the Portuguese version of this Policy, CLICK HERE.