Chris Cintos de Segurança Ltda. (“Chris Cintos”) values the protection of the data of the people with whom it interacts and works to protect the privacy of the company and its employees. It has created this Privacy Policy to demonstrate its commitment to privacy and the protection of personal data it processes, in accordance with Law No. 13.709/2018 – General Data Protection Law (“LGPD”) and other applicable laws on the subject.
When interacting with Chris Cintos, accessing and/or using the website, the personal data subject must be at least 18 (eighteen) years old and have full and express capacity to accept this Privacy Policy. It is emphasized that Chris Cintos does not conduct business with minors, except for apprentices hired by us with the consent of their guardian.
If you do not fit the above description and/or do not agree, even partially, with the terms and conditions contained in this Privacy Policy, you should not access the website, and we will have to evaluate the possibility of maintaining your relationship with Chris Cintos.
It is important to inform that when we mention in this Policy “Chris Cintos”, “we”, “our” or “us”, we are referring to Chris Cintos de Segurança Ltda., and when we mention “you”, “your”, “yours”, we are referring to you, the Personal Data subject, who may be:
(i) a visitor to the company or our website;
(ii) a contact person at a client, client or potential client;
(iii) a contact person at a supplier, supplier or potential supplier;
(iv) a job, temporary work or apprenticeship candidate;
(v) general employees;
(vi) people with whom we have a contractual relationship;
(vii) people in general who contact us through our service channels or headquarters.
Please read this entire content before accessing our website or providing any personal data through our communication channels.
1. Purpose
1.1. This Privacy Policy (“Policy”) aims to inform about the activities of Chris Cintos that involve the processing of personal data, respecting the rights of the data subjects and complying with the principles of good faith, purpose, adequacy, necessity, free access, data quality, transparency, security, prevention, non-discrimination, accountability, and responsibility, in accordance with the LGPD.
1.2. Personal data (“personal data”) is any information related to an identified or identifiable natural person (“data subject”). A natural person is understood as any human being, without discrimination of any kind such as: age, gender, color, ethnicity, nationality, health, etc.
1.3. The LGPD provides the right to facilitate access to information about the processing of your data, which must be made available in a clear, adequate, and well-known manner, fulfilling the principle of free access to your personal data.
2. Why and what data we collect
2.1. We obtain contact, identification and other information normally provided voluntarily by the data subject on our website and other communication channels.
2.2. Personal data are processed for the following purposes:
a) identification to resolve doubts, respond to criticisms, complaints, and suggestions on our “Contact Us” portal;
b) execution of Chris Cintos’ activities;
c) internal and external communication;
d) access to Chris Cintos by visitors;
e) recruitment processes;
f) relationship with employees and execution of the Employment Contract;
g) commercial and institutional relationships and activities between Chris Cintos, clients, suppliers, and partners.
3. How we process your personal data
3.1. We recognize the value of your personal data and use it in our systems in accordance with this Policy. We implement and maintain processes and controls aimed at protecting the personal data you have shared with us, with the objective that they are processed with security, transparency, and responsibility, ensuring your rights as a data subject.
3.2. Your personal data will be stored in a way that allows the identification of the subjects related to it and only for as long as necessary (limited storage).
3.3. In particular cases, we may share your personal data with other companies involved in our operations, including international transfer. As the responsible company, we will require this third party (other companies, service providers, co-controllers, operators, or any other natural and/or legal person who is not Chris Cintos or you) to comply with the LGPD and will make the corresponding assessment to ensure the correct and complete processing of personal data, always adopting the corresponding security measures.
3.4. The processing of your personal data may occur based notably on the following grounds, in accordance with the law:
a) compliance with legal or regulatory obligations – procedures determined by legislation or regulatory bodies that Chris Cintos must observe;
b) execution of a contract or preliminary procedures – in relationships established by contract;
c) regular exercise of rights – in judicial, administrative, or arbitration proceedings;
d) protection of the life or physical safety of the data subject or third parties;
e) health protection – in procedures carried out by health professionals;
f) credit protection – in commercial or contractual relationships;
g) legitimate interest – to support and promote Chris Cintos’ activities, services that benefit the data subject, audits and corporate investigations, and other legitimate purposes;
h) consent – the purposes for the use of your personal data will be specific and highlighted in your consent, and you may choose to accept or not the use of personal data for the informed purposes; if you do not accept, Chris Cintos will assess the feasibility of continuing the relationship with you.
3.5. You have the right to deny or withdraw the consent given to Chris Cintos, when consent is the only legal basis for processing your personal data. That is, if Chris Cintos needs to process your data in a legal manner, your consent will not be necessary.
3.6. We may store your personal data throughout the entire period of the contractual, commercial, employment, or other relationship that justifies such storage. After the limitation periods, the personal data will be discarded, except for those personal data that, due to legal or regulatory obligation, regular exercise of rights, and other legitimate interests, need to be kept for a longer period, in accordance with the LGPD. Once the periods and the need to maintain the personal data have ended, they will be deleted using secure disposal methods.
4. Your rights
4.1. The LGPD ensures certain rights to the natural person regarding their personal data, guaranteeing the rights of freedom, intimacy, and privacy. You have the right to request from Chris Cintos the:
a) confirmation of the existence of processing of your personal data;
b) access to your personal data;
c) correction of incomplete, inaccurate, or outdated personal data;
d) anonymization of your personal data when applicable;
e) blocking or deletion of unnecessary data or data processed in noncompliance with the law;
f) portability of personal data upon express request when applicable, after regulation by the national authority;
g) information about public and private entities with which Chris Cintos has shared use of your personal data;
h) information about the possibility of not providing consent and the consequences of refusal, as well as the revocation of consent, when applicable.
4.2. For any requests regarding your personal data, you must provide us with your identification information (name, e-mail, among other information that confirms your identity), through the e-mail lgpd@chriscintos.com.br, which will be answered within up to 15 (fifteen) days, or it may be addressed to: Chris Cintos de Segurança Ltda., Av. Atlântica, 997 – Socorro, São Paulo – SP – ZIP Code 04768-000, to the attention of the Data Protection Officer.
5. Use of cookies
5.1. The Chris Cintos website does not use Cookies, as it is a static page with institutional data.
6. Personal data security
6.1. Information security and confidentiality
6.1.1. Chris Cintos has an Information Security Policy and maintains information technology mechanisms aligned with technical and regulatory market standards aimed at ensuring the integrity and protection of your personal data, with policies, security solutions in hardware and software, monitoring reports and internal audits that help identify and mitigate potential risks in the process. In addition, Chris Cintos regularly trains its employees in its internal policies, aiming to ensure, through administrative measures, the security and confidentiality of your data.
6.2. Transparency
6.2.1. You, as the data subject, have the right to know what procedures Chris Cintos has adopted in processing your personal data, through transparent information regarding the purpose of the processing, the origin of the data, and the criteria used.
6.3. Security Incident Notification
6.3.1. If Chris Cintos becomes aware of a security incident that may result in any breach of information system security, including intrusions, data leaks, or any other occurrences that may pose a relevant risk or harm to data subjects, within a reasonable period, it will notify the National Data Protection Authority (ANPD) when required and, if applicable, notify the data subject with information about the affected data, technical and security measures used for data protection, and to mitigate the effects of the incident.
6.3.2. All other security incidents that, at the discretion of the Privacy Committee, do not represent relevant risk or harm to data subjects will be handled internally by the Data Protection Officer and the Privacy Committee.
7. Contact (channel for communications about your Data)
7.1. To exercise your rights as a data subject, resolve doubts, make suggestions about this Policy, or report security incidents, Chris Cintos provides contact with the Data Protection Officer:
• Anne Joyce Angher
• E-mail: lgpd@chriscintos.com.br
• Address: Av. Atlântica, 997 – Socorro, São Paulo – SP – ZIP Code 04768-000.
8. Privacy Policy Updates
8.1. This Policy was approved by the Privacy Committee and enters into force as of this date, for an indefinite period, until a resolution to the contrary, and can be consulted on the company’s website: https://www.chriscintos.com.br.
8.2. This Policy is governed by Brazilian law and may be updated to reflect the data processing carried out on our platforms, so it is recommended that you access it periodically.
São Paulo, June 21, 2023.
Revision Control
Revision Date Responsible Reason for Revision
Rev. 1 – 06/21/2023 – DPO – Update of item 5.